2018湖湘杯 | Stay foolish,stay hungry!

reverse_哈希爆破

呵呵，这比赛歧视穷人，台式爆破十分钟，笔记本一个小时

#include "stdafx.h"
#include<stdio.h>
#include<windows.h>
#include<string.h>
typedef __int64 (* main_t)(__int64 a,int b);
#define TIME_IAT 0x17A0
//#define CHECK_IAT 0x2268
//#define CHAT_1 0x5020
//int the_time=1526720400;


//__time64_t mygets(__time64_t *the_time_tmp)
//{
//	return the_time;
//}
/*void changeIAT(UINT64* iat, UINT64 newVal) //64位的函数实际地址为8字节，ida里time最后是[0x40a38c]里存着这个实际地址
{
	DWORD oldProtect;
	VirtualProtect(iat, sizeof(DWORD), PAGE_EXECUTE_READWRITE, &oldProtect);//保护内容就4字节
	*iat = newVal;
	VirtualProtect(iat, sizeof(DWORD), oldProtect, &oldProtect);
}*/
int main()
{
	printf("ok?");
	char chat_tmp[256]={0};
	HMODULE hMod = LoadLibraryA("reverse.dll");
	PBYTE pBase=(PBYTE)hMod;
	//memcpy(chat_tmp,pBase+CHAT_1,256);
	if (pBase == NULL)
	{
		printf("cannot LoadLibrary");
		auto err = GetLastError();
		printf("%d",err); //193错误就是dll错误，有可能是位数不对 ，126错误是找不到dll
		return -1;
		
	}

	//UINT64* timeiat = (UINT64* )(pBase + TIME_IAT);
	//changeIAT(timeiat, (UINT64)&mygets);
    
	main_t check_time=(main_t)(pBase + TIME_IAT);
	char time[10]={0};
	for (time[0]='0';time[0]<='9';time[0]++)
		for (time[1]='0';time[1]<='9';time[1]++)
			for (time[2]='0';time[2]<='9';time[2]++)
				for (time[3]='0';time[3]<='9';time[3]++)
					for (time[4]='0';time[4]<='9';time[4]++)
						for (time[5]='0';time[5]<='9';time[5]++)
							for (time[6]='0';time[6]<='9';time[6]++)
								for (time[7]='0';time[7]<='9';time[7]++)
									for (time[8]='0';time[8]<='9';time[8]++)
										for (time[9]='0';time[9]<='9';time[9]++)

										{
											//printf("%d\n",check_time((__int64)time,10));
		//printf("%d\n",the_time);
		if (check_time((__int64)time,10) ==0x42100A76DD5BEDC0)
		{
			printf("%s",time);
		}
	
										}
	
	getchar();
	system("pause");
	return 0;
}