冰楓論壇

標題: Tw_Bnb_v110_CRC_bypass [打印本頁]

作者: BNB_ASM 時間: 2017-10-15 21:00
標題: Tw_Bnb_v110_CRC_bypass
//Tw_Bnb_v110_CRC_bypass
//Author: alanlei
[enable]
Alloc(original,18000000)
LoadBinary(original,C:\\twbnbv110.CEM)
Alloc(CRC1st,128)
Label(CRC1st_ret)

Alloc(CRC2nd,128)
Label(CRC2nd_ret)

Alloc(CRC3rd,128)
Label(CRC3rd_ret)
Label(CRC3rd_ret2)

Define(CRC1,00A29DD4)
Define(CRC2,012FE30F)
Define(CRC3,01220B42)
Define(CRC3_jmp,0121CC73)
Define(CRC_Start,00401000)
Define(CRC_End,01400000)

CRC1:
jmp CRC1st

CRC2:
jmp CRC2nd

CRC3:
jmp CRC3rd
nop
nop

CRC1st:
cmp ecx,CRC_Start
jbe CRC1st_ret
cmp ecx,CRC_End
jae CRC1st_ret
sub ecx,CRC_Start
add ecx,original
jmp CRC1st_ret

CRC1st_ret:
mov dl,[ecx]
add dl,01
jmp CRC1+5

CRC2nd:
cmp edx,CRC_Start
jbe CRC2nd_ret
cmp edx,CRC_End
jae CRC2nd_ret
sub edx,CRC_Start
add edx,original
jmp CRC2nd_ret

CRC2nd_ret:
add al,[edx]
pop edx
pop ebx
push edx
jmp CRC2+5

CRC3rd:
cmp edx,CRC1-4
jbe CRC3rd_ret2
cmp edx,CRC2+4
jae CRC3rd_ret2
cmp edx,CRC1+4
jbe CRC3rd_ret
cmp edx,CRC2-4
jae CRC3rd_ret
jmp CRC3rd_ret2

CRC3rd_ret2:
push [edx]
jmp CRC3_jmp

CRC3rd_ret:
sub edx,CRC_Start
add edx,original
push [edx]
jmp CRC3_jmp
[disable]

作者: lingba_song 時間: 2017-10-19 01:57
為什麼一開就崩潰惹

作者: lingba_song 時間: 2017-10-19 05:43
可以了感謝

作者: t00923 時間: 2018-1-14 12:40
請問這樣怎麼過 by pass

作者: 翔羽翼 時間: 2018-1-17 19:17
你好想詢問，我其他代碼可以打勾唯獨PASS不能，我有丟V110的ECM，不管是CE6.多版或是UCE都無法，有解決方案嗎

歡迎光臨冰楓論壇 (https://bingfong.com/)