天網防火牆個人版2.0(beta)的破解!!! (20千字)
大家最近是不是冬眠了呀,好像很少有人寫教程了,唉!就讓小弟辛苦一下吧!希望大家支援!
BTW:誰能夠寫一篇 Grduw3.13(其它版本也行)的破解教程呀?我一直沒能將它破掉,KeyFile保護的.
目標軟體:天網防火牆個人版2.0(beta)
保護方式:序列號
破解方法:暴力破解
破解人:TAE! (初學者)
說明:此軟體可以免費在其網站獲得註冊碼,但這次為了練習一下,還是將其解掉吧,畢竟對我有百利而無一害.
先執行一下,發現啟動時讓你輸入註冊名,註冊碼.
按取消後,正常執行,沒有功能限制.
首先,試著用 TRW 找出它的註冊碼,但由於本人功力太弱,沒能破解掉.
所以就想想別的方法咯,用W32dasm反彙編它!選擇 String data references(字串資料參考),找啊,找啊...猜我找到了什麼?
* Referenced by a CALL at Address:
|:00403CD4
|
:00405F1C 55
push ebp
:00405F1D 8BEC
mov ebp, esp
:00405F1F 83C4B4
add esp, FFFFFFB4
:00405F22 53
push ebx
:00405F23 56
push esi
:00405F24 57
push edi
:00405F25 8BD8
mov ebx, eax
:00405F27 8D75B4
lea esi, dword ptr [ebp-4C]
:00405F2A B8580A4C00 mov eax,
004C0A58
:00405F2F E80C8B0900 call
0049EA40
:00405F34 66C746100800 mov [esi+10],
0008
:00405F3A 33D2
xor edx, edx
:00405F3C 33C9
xor ecx, ecx
:00405F3E 8955FC
mov dword ptr [ebp-04], edx
:00405F41 BA2DFD4B00 mov edx,
004BFD2D
:00405F46 FF461C
inc [esi+1C]
:00405F49 8D45EC
lea eax, dword ptr [ebp-14]
:00405F4C 66C746101400 mov [esi+10],
0014
:00405F52 66C746102000 mov [esi+10],
0020
:00405F58 894DF8
mov dword ptr [ebp-08], ecx
:00405F5B FF461C
inc [esi+1C]
:00405F5E 66C746101400 mov [esi+10],
0014
:00405F64 66C746102C00 mov [esi+10],
002C
:00405F6A E8F5680B00 call
004BC864
:00405F6F FF461C
inc [esi+1C]
:00405F72 8D55E8
lea edx, dword ptr [ebp-18]
:00405F75 8B08
mov ecx, dword ptr [eax]
:00405F77 33C0
xor eax, eax
:00405F79 51
push ecx
:00405F7A 8945E8
mov dword ptr [ebp-18], eax
:00405F7D 52
push edx
* Possible StringData Ref from Data Obj ->"UserName"*********
|
:00405F7E BA24FD4B00 mov edx,
004BFD24
:00405F83 FF461C
inc [esi+1C]
:00405F86 8D45F0
lea eax, dword ptr [ebp-10]
:00405F89 E8D6680B00 call
004BC864
:00405F8E FF461C
inc [esi+1C]
* Possible StringData Ref from Data Obj ->"Register"*********
|
:00405F91 BA1BFD4B00 mov edx,
004BFD1B
:00405F96 8B08
mov ecx, dword ptr [eax]
:00405F98 8D45F4
lea eax, dword ptr [ebp-0C]
:00405F9B 51
push ecx
:00405F9C E8C3680B00 call
004BC864
:00405FA1 FF461C
inc [esi+1C]
:00405FA4 8B10
mov edx, dword ptr [eax]
:00405FA6 8B8300030000 mov eax, dword
ptr [ebx+00000300]
:00405FAC 59
pop ecx
:00405FAD 8B38
mov edi, dword ptr [eax]
:00405FAF FF17
call dword ptr [edi]
:00405FB1 8D55E8
lea edx, dword ptr [ebp-18]
:00405FB4 8D45FC
lea eax, dword ptr [ebp-04]
:00405FB7 E8F4690B00 call
004BC9B0
:00405FBC FF4E1C
dec [esi+1C]
:00405FBF 8D45E8
lea eax, dword ptr [ebp-18]
:00405FC2 BA02000000 mov edx,
00000002
:00405FC7 E8B4690B00 call
004BC980
:00405FCC FF4E1C
dec [esi+1C]
:00405FCF 8D45EC
lea eax, dword ptr [ebp-14]
:00405FD2 BA02000000 mov edx,
00000002
:00405FD7 E8A4690B00 call
004BC980
:00405FDC FF4E1C
dec [esi+1C]
:00405FDF 8D45F0
lea eax, dword ptr [ebp-10]
:00405FE2 BA02000000 mov edx,
00000002
:00405FE7 E894690B00 call
004BC980
:00405FEC FF4E1C
dec [esi+1C]
:00405FEF 8D45F4
lea eax, dword ptr [ebp-0C]
:00405FF2 BA02000000 mov edx,
00000002
:00405FF7 E884690B00 call
004BC980
:00405FFC 66C746103800 mov [esi+10],
0038
:00406002 BA43FD4B00 mov edx,
004BFD43
:00406007 8D45DC
lea eax, dword ptr [ebp-24]
:0040600A E855680B00 call
004BC864
:0040600F FF461C
inc [esi+1C]
:00406012 8D55D8
lea edx, dword ptr [ebp-28]
:00406015 8B08
mov ecx, dword ptr [eax]
:00406017 33C0
xor eax, eax
:00406019 51
push ecx
:0040601A 8945D8
mov dword ptr [ebp-28], eax
:0040601D 52
push edx
* Possible StringData Ref from Data Obj ->"RegisterKey"*********
|
:0040601E BA37FD4B00 mov edx,
004BFD37
:00406023 FF461C
inc [esi+1C]
:00406026 8D45E0
lea eax, dword ptr [ebp-20]
:00406029 E836680B00 call
004BC864
:0040602E FF461C
inc [esi+1C]
* Possible StringData Ref from Data Obj ->"Register"*********
|
:00406031 BA2EFD4B00 mov edx,
004BFD2E
:00406036 8B08
mov ecx, dword ptr [eax]
:00406038 8D45E4
lea eax, dword ptr [ebp-1C]
:0040603B 51
push ecx
:0040603C E823680B00 call
004BC864
:00406041 FF461C
inc [esi+1C]
:00406044 8B10
mov edx, dword ptr [eax]
:00406046 8B8300030000 mov eax, dword
ptr [ebx+00000300]
:0040604C 59
pop ecx
:0040604D 8B38
mov edi, dword ptr [eax]
:0040604F FF17
call dword ptr [edi]
:00406051 8D55D8
lea edx, dword ptr [ebp-28]
:00406054 8D45F8
lea eax, dword ptr [ebp-08]
:00406057 E854690B00 call
004BC9B0
:0040605C FF4E1C
dec [esi+1C]
:0040605F 8D45D8
lea eax, dword ptr [ebp-28]
:00406062 BA02000000 mov edx,
00000002
:00406067 E814690B00 call
004BC980
:0040606C FF4E1C
dec [esi+1C]
:0040606F 8D45DC
lea eax, dword ptr [ebp-24]
:00406072 BA02000000 mov edx,
00000002
:00406077 E804690B00 call
004BC980
:0040607C FF4E1C
dec [esi+1C]
:0040607F 8D45E0
lea eax, dword ptr [ebp-20]
:00406082 BA02000000 mov edx,
00000002
:00406087 E8F4680B00 call
004BC980
:0040608C FF4E1C
dec [esi+1C]
:0040608F 8D45E4
lea eax, dword ptr [ebp-1C]
:00406092 BA02000000 mov edx,
00000002
:00406097 E8E4680B00 call
004BC980
:0040609C 8B4DF8
mov ecx, dword ptr [ebp-08]
:0040609F 8B55FC
mov edx, dword ptr [ebp-04]
:004060A2 8BC3
mov eax, ebx
:004060A4 E85FFCFFFF call
00405D08
:004060A9 888305030000 mov byte ptr
[ebx+00000305], al
:004060AF BA02000000 mov edx,
00000002
:004060B4 8A8305030000 mov al, byte
ptr [ebx+00000305]
:004060BA 50
push eax
:004060BB 8D45F8
lea eax, dword ptr [ebp-08]
:004060BE FF4E1C
dec [esi+1C]
:004060C1 E8BA680B00 call
004BC980
:004060C6 FF4E1C
dec [esi+1C]
:004060C9 8D45FC
lea eax, dword ptr [ebp-04]
:004060CC BA02000000 mov edx,
00000002
:004060D1 E8AA680B00 call
004BC980
:004060D6 58
pop eax
:004060D7 8B16
mov edx, dword ptr [esi]
:004060D9 64891500000000 mov dword ptr fs:[00000000],
edx
:004060E0 5F
pop edi
:004060E1 5E
pop esi
:004060E2 5B
pop ebx
:004060E3 8BE5
mov esp, ebp
:004060E5 5D
pop ebp
:004060E6 C3
ret
喔~,看到勝利之神在向我招手了!
這分明就是檔案中存放註冊資訊的標誌字串(可以這麼叫嗎?)
什麼,聽不懂?舉個例子吧!
有的軟體將註冊資訊放在一個檔案裡,通常是<軟體名>.ini 或<軟體名>.dat 中,如:WinZip Self-Extract 2.2.
你註冊後,那麼在天網防火牆的 .ini 檔案,也就是配置檔案中就應該有以下幾項:
[register]
username=你的註冊名
registerkey=您的註冊碼
想想看,所以軟體每次啟動的時候都會讀取.ini中有沒有這幾項,若有就檢查註冊名和你的註冊碼是不是匹配;
若沒有發現這幾項,就直接判斷您還沒有註冊,就跳出提示框啦!
所以我們可以從這裡入手,向上看發現它是 00403CD4 Call 過來的.
於是我來到了這裡:
果然是將註冊資訊放在了 SNFW.INI 檔案中!
* Possible StringData Ref from Data Obj ->"SNFW.INI"
|
:00403C50 BA2BFB4B00 mov edx,
004BFB2B
:00403C55 8D45F0
lea eax, dword ptr [ebp-10]
:00403C58 E8078C0B00 call
004BC864
:00403C5D FF45D4
inc [ebp-2C]
:00403C60 33C0
xor eax, eax
:00403C62 8945EC
mov dword ptr [ebp-14], eax
:00403C65 8D55F0
lea edx, dword ptr [ebp-10]
:00403C68 FF45D4
inc [ebp-2C]
:00403C6B 8D4DEC
lea ecx, dword ptr [ebp-14]
:00403C6E 58
pop eax
:00403C6F E8648D0B00 call
004BC9D8
:00403C74 8D4DEC
lea ecx, dword ptr [ebp-14]
:00403C77 8B09
mov ecx, dword ptr [ecx]
:00403C79 B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"胤C"
|
:00403C7B A110B14300 mov eax,
dword ptr [0043B110]
:00403C80 E83B010000 call
00403DC0
:00403C85 898300030000 mov dword
ptr [ebx+00000300], eax
:00403C8B FF4DD4
dec [ebp-2C]
:00403C8E 8D45EC
lea eax, dword ptr [ebp-14]
:00403C91 BA02000000 mov edx,
00000002
:00403C96 E8E58C0B00 call
004BC980
:00403C9B FF4DD4
dec [ebp-2C]
:00403C9E 8D45F0
lea eax, dword ptr [ebp-10]
:00403CA1 BA02000000 mov edx,
00000002
:00403CA6 E8D58C0B00 call
004BC980
:00403CAB FF4DD4
dec [ebp-2C]
:00403CAE 8D45F4
lea eax, dword ptr [ebp-0C]
:00403CB1 BA02000000 mov edx,
00000002
:00403CB6 E8C58C0B00 call
004BC980
:00403CBB FF4DD4
dec [ebp-2C]
:00403CBE 8D45F8
lea eax, dword ptr [ebp-08]
:00403CC1 BA02000000 mov edx,
00000002
:00403CC6 E8B58C0B00 call
004BC980
:00403CCB C6830503000000 mov byte ptr [ebx+00000305],
00
:00403CD2 8BC3
mov eax, ebx
:00403CD4 E843220000 call
00405F1C \<------來到了這兒
:00403CD9 84C0
test al, al - 咦!很眼熟喔.
:00403CDB 7541
jne 00403D1E /
:00403CDD 33C9
xor ecx, ecx
:00403CDF B201
mov dl, 01
* Possible StringData Ref from Data Obj ->"@F"
|
:00403CE1 A1DC304C00 mov eax,
dword ptr [004C30DC]
:00403CE6 E8D1700000 call
0040ADBC
:00403CEB 8BF8
mov edi, eax
:00403CED 8BC7
mov eax, edi
:00403CEF 8B10
mov edx, dword ptr [eax]
:00403CF1 FF92D8000000 call dword
ptr [edx+000000D8]
:00403CF7 8BF7
mov esi, edi
:00403CF9 8975E4
mov dword ptr [ebp-1C], esi
:00403CFC 85F6
test esi, esi
:00403CFE 741E
je 00403D1E
:00403D00 8B06
mov eax, dword ptr [esi]
:00403D02 8945E8
mov dword ptr [ebp-18], eax
:00403D05 66C745C82C00 mov [ebp-38],
002C
:00403D0B BA03000000 mov edx,
00000003
:00403D10 8B45E4
mov eax, dword ptr [ebp-1C]
:00403D13 8B08
mov ecx, dword ptr [eax]
:00403D15 FF51FC
call [ecx-04]
:00403D18 66C745C82000 mov [ebp-38],
0020
試著將 :00403CDB jne 00403D1E
改為 :00403CDB je 00403D1E
也就是將 7541
改為 7441
執行一下,嗯!很好,那個討厭的註冊提示框再也不會出現了.
這應該是我的第一篇破解教程,唉!我終於體會到各位大哥的辛苦了,寫這東西的確耗時間.我可是用拼音輸入法打的喔!
在此,感謝:
看雪,Icebird,Icebird,冰毒,DDxia,ErrorFree,tKC,EGis
帶我進入了破解世界.
相關文章
- 天網防火牆個人版2.0.2.98(beta)的破解,參考TAE!的破解。
(5千字)2001-02-10防火牆
- 使用DEDE破解天網防火牆 2.46! (2千字)2001-11-01防火牆
- 瑞星個人防火牆1.1版破解手記 (3千字)2001-11-25防火牆
- 瑞星個人防火牆及瑞星2002防毒通用破解 (1千字)2001-09-29防火牆防毒
- 天網防火牆的配置方法2016-10-19防火牆
- 改一個位元組使天網防火牆2.4.6永不過期. (6千字)2001-11-26防火牆
- 對個人防火牆XFilter的感受 (轉)2007-08-17防火牆Filter
- 個人防火牆的原理及選擇(轉)2007-08-12防火牆
- SitMan v2.0 beta版的序號產生器(TC2.0編譯) (3千字)2001-10-28編譯
- Unfoxall 2.0 增強版完美破解方法 (2千字)2000-05-17
- 破解魔法轉換 v2.1 Beta 2 測試版 (11千字)2001-10-28
- serv-u 3.0 beta破解 (2千字)2001-04-20
- 《Quick View Plus 5.0》30天試用版的破解 (5千字)2001-07-24UIView
- 最多 200 美元,黑客就能用微型晶片破解硬體防火牆2019-10-14黑客晶片防火牆
- 防火牆 | 網路協議2020-11-09防火牆協議
- rmi、防火牆與網閘2008-07-21防火牆
- 網路防火牆的配置與管理2017-11-17防火牆
- 相容M/intel電腦的防火牆軟體:Radio Silence for mac 中文破解版2023-12-11Intel防火牆Mac
- WAb防火牆與傳統防火牆2022-12-30防火牆
- Linux個人防火牆的設計與實現(轉)2007-08-11Linux防火牆
- 全面分析防火牆及防火牆的滲透(轉)2007-08-13防火牆
- 內網滲透-防火牆資訊2020-12-06內網防火牆
- 網路安全——防火牆詳解2023-03-07防火牆
- 江蘇南京-山石網科防火牆2010-06-02防火牆
- WAF與網路防火牆的區別2023-02-20防火牆
- 網閘原理和防火牆的區別2007-10-26防火牆
- 破解心得之CDRWin 4.0A BETA篇 (18千字)2001-04-24
- 九宮八陣圖之天覆陣——防火牆2011-09-01防火牆
- 華為ensp防火牆6000啟動失敗#######的個人解決方法2020-09-27防火牆
- linux系統中個人防火牆iptables的詳細教程2008-03-05Linux防火牆
- SentinelDOG 破解監理通2000單機版,及網路版 ((1千字)2001-05-04
- 天翼雲Web應用防火牆(邊緣雲版)通過首批可信認證2022-06-27Web防火牆
- 天翼雲Web應用防火牆(邊緣雲版)攔截WordPress Elementor漏洞的說明2022-04-25Web防火牆
- 蘋果Mac電腦簡單好用的防火牆:Radio Silence註冊碼破解版最新2023-12-29蘋果Mac防火牆
- Nginx + Lua 搭建網站WAF防火牆2019-08-05Nginx網站防火牆
- 防火牆的分類2023-03-07防火牆
- 防火牆(firewall)2023-03-07防火牆
- SQL防火牆2017-08-10SQL防火牆