Learning RE with HAWKE
In this post i will tell a simple reverse engineering with app called HAWKE.Which you can download from here.
- Sandwich.app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if ([codes length] == 0x13) { | |
| code = [codes componentsSeparatedByString:@"-"]; | |
| if (([code count] != 0x4) || ([[code objectAtIndex:0x0] length] != 0x4)){ | |
| eax = 0x0; | |
| } | |
| else { | |
| if (([[code objectAtIndex:0x1] length] != 0x4) || | |
| ([[code objectAtIndex:0x2] length] != 0x4)) { | |
| eax = 0x0; | |
| } | |
| else { | |
| if ([[code objectAtIndex:0x3] length] == 0x4) { | |
| index0 = [[code objectAtIndex:0x0] intValue]; | |
| sum = [[code objectAtIndex:0x1] intValue] + index0; | |
| index3 = [[code objectAtIndex:0x3] intValue]; | |
| LOBYTE(eax) = 0x19c5 - (SAR(sum, 0x2)) == index3 ? 0x1 : 0x0; | |
| } | |
| else { | |
| eax = 0x0; | |
| } | |
| } | |
| } | |
| } | |
| else { | |
| eax = 0x0; | |
| } | |
| return eax; |
LOBYTE(eax) = 0x19c5 - (SAR(sum, 0x2)) == index3 ? 0x1 : 0x0;SAR is shift aritmetic right. It means the index3 must be equal to sum after shift right. Which i can write simple python code for it.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import random | |
| def main(): | |
| A1 = random.randrange(1111,9999) | |
| A2 = random.randrange(1111,9999) | |
| A3 = 1111 | |
| A4 = 6597 - ((A1+A2) >> 2) | |
| print "{0}-{1}-{2}-{3}".format(A1,A2,A3,A4) | |
| if __name__ == '__main__': | |
| main() |
- Unicorn.app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$1" ] | |
| then | |
| echo "usage: $0 name" | |
| exit | |
| fi | |
| md5 -q -s "$1+unicorn" | tr 'a-z' 'A-Z' | cut -c 1-20 |
- Fox.app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$1" ] | |
| then | |
| echo "usage: $0 name" | |
| exit | |
| fi | |
| echo -n "$1" | openssl sha1 | tr 'a-z' 'A-Z' |
- Socks.app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| def validate(name): | |
| list = [] | |
| with open('Socks.app/Contents/Resources/sf', 'r') as f: | |
| first_line = f.readline() | |
| list.extend(first_line.split(',')) | |
| eax = len(name) | |
| i0 = (eax * 8) + 178 | |
| i1 = eax + (eax * 4) + 455 | |
| i2 = (eax * 3) + 100 | |
| print "scks-{0}-{1}-{2}".format(list[i2],list[i1],list[i0]) | |
| if __name__ == '__main__': | |
| import sys | |
| try: | |
| name = sys.argv[1] | |
| except IndexError: | |
| sys.exit( 'usage: python sox.py name' ) | |
| print name | |
| validate(name) |
Langganan:
Posting Komentar
(
Atom
)
Tidak ada komentar :
Posting Komentar