16进制转10进制算法的一个CRACKME

这个CRACKME：

00401262  |.  8D4424 04     lea eax,dword ptr ss:[esp+0x4]
00401266  |.  6A 0A         push 0xA                                   ; /Count = A (10.)
00401268  |.  50            push eax                                   ; |Buffer
00401269  |.  51            push ecx                                   ; |hWnd => 02F5035E (class='Edit',parent=028E0306)
0040126A  |.  FF15 64204000 call dword ptr ds:[<&USER32.GetWindowTextA>; GetWindowTextA
00401270  |.  68 10304000   push CrackMe3.00403010                     ;  Iceberg
00401275  |.  E8 96FEFFFF   call CrackMe3.00401110			;加密 Iceberg 得到

00401110  /$  8B5424 04     mov edx,dword ptr ss:[esp+0x4]  算法  
00401114  |.  33C0          xor eax,eax
00401116  |.  8A0A          mov cl,byte ptr ds:[edx]
00401118  |.  84C9          test cl,cl
0040111A  |.  74 1A         je XCrackMe3.00401136
0040111C  |>  80F9 41       /cmp cl,0x41
0040111F  |.  7C 15         |jl XCrackMe3.00401136
00401121  |.  80F9 5A       |cmp cl,0x5A
00401124  |.  0FBEC9        |movsx ecx,cl
00401127  |.  7E 03         |jle XCrackMe3.0040112C
00401129  |.  83E9 20       |sub ecx,0x20
0040112C  |>  03C1          |add eax,ecx
0040112E  |.  8A4A 01       |mov cl,byte ptr ds:[edx+0x1]
00401131  |.  42            |inc edx
00401132  |.  84C9          |test cl,cl
00401134  |.^ 75 E6         jnz XCrackMe3.0040111C
00401136  |>  35 78560000   xor eax,0x5678

00401261  |.  56            push esi
00401262  |.  8D4424 04     lea eax,dword ptr ss:[esp+0x4]
00401266  |.  6A 0A         push 0xA                                   ; /Count = A (10.)
00401268  |.  50            push eax                                   ; |Buffer
00401269  |.  51            push ecx                                   ; |hWnd => 02F5035E (class='Edit',parent=028E0306)
0040126A  |.  FF15 64204000 call dword ptr ds:[<&USER32.GetWindowTextA>; GetWindowTextA
00401270  |.  68 10304000   push CrackMe3.00403010                     ;  Iceberg
00401275  |.  E8 96FEFFFF   call CrackMe3.00401110
0040127A  |.  8D5424 08     lea edx,dword ptr ss:[esp+0x8]
0040127E  |.  8BF0          mov esi,eax
00401280  |.  52            push edx
00401281  |.  E8 BAFEFFFF   call CrackMe3.00401140
00401286  |.  83C4 08       add esp,0x8
00401289  |.  3BF0          cmp esi,eax
0040128B  |.  5E            pop esi
0040128C  |.  75 0E         jnz XCrackMe3.0040129C
0040128E  |.  A1 20304000   mov eax,dword ptr ds:[0x403020]
00401293  |.  6A 01         push 0x1                                   ; /Enable = TRUE
00401295  |.  50            push eax                                   ; |hWnd => NULL
00401296  |.  FF15 5C204000 call dword ptr ds:[<&USER32.EnableWindow>] ; EnableWindow







16进制转10进制算法：

00401140  /$  8B5424 04     mov edx,dword ptr ss:[esp+0x4]
00401144  |.  33C0          xor eax,eax
00401146  |.  8A0A          mov cl,byte ptr ds:[edx]
00401148  |.  84C9          test cl,cl
0040114A  |.  74 11         je XCrackMe3.0040115D
0040114C  |>  0FBEC9        /movsx ecx,cl
0040114F  |.  8D0480        |lea eax,dword ptr ds:[eax+eax*4]
00401152  |.  42            |inc edx
00401153  |.  8D4441 D0     |lea eax,dword ptr ds:[ecx+eax*2-0x30]
00401157  |.  8A0A          |mov cl,byte ptr ds:[edx]
00401159  |.  84C9          |test cl,cl
0040115B  |.^ 75 EF         jnz XCrackMe3.0040114C
这个明显就是算法 草  我居然没看出来···················


int __cdecl sub_401140(int a1)
{
  int v1; // edx@1
  int v2; // eax@1
  char i; // cl@1


  v1 = a1;
  v2 = 0;
  for ( i = *(_BYTE *)a1; *(_BYTE *)v1; i = *(_BYTE *)v1 )
  {
    ++v1;
    v2 = i + 10 * v2 - 48;
  }
  return v2 ^ 0x1234;
}