天網防火牆個人版2.0(beta)的破解!!! (20千字)
大家最近是不是冬眠了呀,好像很少有人寫教程了,唉!就讓小弟辛苦一下吧!希望大家支援!
BTW:誰能夠寫一篇 Grduw3.13(其它版本也行)的破解教程呀?我一直沒能將它破掉,KeyFile保護的.
目標軟體:天網防火牆個人版2.0(beta)
保護方式:序列號
破解方法:暴力破解
破解人:TAE! (初學者)
說明:此軟體可以免費在其網站獲得註冊碼,但這次為了練習一下,還是將其解掉吧,畢竟對我有百利而無一害.
先執行一下,發現啟動時讓你輸入註冊名,註冊碼.
按取消後,正常執行,沒有功能限制.
首先,試著用 TRW 找出它的註冊碼,但由於本人功力太弱,沒能破解掉.
所以就想想別的方法咯,用W32dasm反彙編它!選擇 String data references(字串資料參考),找啊,找啊...猜我找到了什麼?
* Referenced by a CALL at Address:
|:00403CD4
|
:00405F1C 55
push ebp
:00405F1D 8BEC
mov ebp, esp
:00405F1F 83C4B4
add esp, FFFFFFB4
:00405F22 53
push ebx
:00405F23 56
push esi
:00405F24 57
push edi
:00405F25 8BD8
mov ebx, eax
:00405F27 8D75B4
lea esi, dword ptr [ebp-4C]
:00405F2A B8580A4C00 mov eax,
004C0A58
:00405F2F E80C8B0900 call
0049EA40
:00405F34 66C746100800 mov [esi+10],
0008
:00405F3A 33D2
xor edx, edx
:00405F3C 33C9
xor ecx, ecx
:00405F3E 8955FC
mov dword ptr [ebp-04], edx
:00405F41 BA2DFD4B00 mov edx,
004BFD2D
:00405F46 FF461C
inc [esi+1C]
:00405F49 8D45EC
lea eax, dword ptr [ebp-14]
:00405F4C 66C746101400 mov [esi+10],
0014
:00405F52 66C746102000 mov [esi+10],
0020
:00405F58 894DF8
mov dword ptr [ebp-08], ecx
:00405F5B FF461C
inc [esi+1C]
:00405F5E 66C746101400 mov [esi+10],
0014
:00405F64 66C746102C00 mov [esi+10],
002C
:00405F6A E8F5680B00 call
004BC864
:00405F6F FF461C
inc [esi+1C]
:00405F72 8D55E8
lea edx, dword ptr [ebp-18]
:00405F75 8B08
mov ecx, dword ptr [eax]
:00405F77 33C0
xor eax, eax
:00405F79 51
push ecx
:00405F7A 8945E8
mov dword ptr [ebp-18], eax
:00405F7D 52
push edx
* Possible StringData Ref from Data Obj ->"UserName"*********
|
:00405F7E BA24FD4B00 mov edx,
004BFD24
:00405F83 FF461C
inc [esi+1C]
:00405F86 8D45F0
lea eax, dword ptr [ebp-10]
:00405F89 E8D6680B00 call
004BC864
:00405F8E FF461C
inc [esi+1C]
* Possible StringData Ref from Data Obj ->"Register"*********
|
:00405F91 BA1BFD4B00 mov edx,
004BFD1B
:00405F96 8B08
mov ecx, dword ptr [eax]
:00405F98 8D45F4
lea eax, dword ptr [ebp-0C]
:00405F9B 51
push ecx
:00405F9C E8C3680B00 call
004BC864
:00405FA1 FF461C
inc [esi+1C]
:00405FA4 8B10
mov edx, dword ptr [eax]
:00405FA6 8B8300030000 mov eax, dword
ptr [ebx+00000300]
:00405FAC 59
pop ecx
:00405FAD 8B38
mov edi, dword ptr [eax]
:00405FAF FF17
call dword ptr [edi]
:00405FB1 8D55E8
lea edx, dword ptr [ebp-18]
:00405FB4 8D45FC
lea eax, dword ptr [ebp-04]
:00405FB7 E8F4690B00 call
004BC9B0
:00405FBC FF4E1C
dec [esi+1C]
:00405FBF 8D45E8
lea eax, dword ptr [ebp-18]
:00405FC2 BA02000000 mov edx,
00000002
:00405FC7 E8B4690B00 call
004BC980
:00405FCC FF4E1C
dec [esi+1C]
:00405FCF 8D45EC
lea eax, dword ptr [ebp-14]
:00405FD2 BA02000000 mov edx,
00000002
:00405FD7 E8A4690B00 call
004BC980
:00405FDC FF4E1C
dec [esi+1C]
:00405FDF 8D45F0
lea eax, dword ptr [ebp-10]
:00405FE2 BA02000000 mov edx,
00000002
:00405FE7 E894690B00 call
004BC980
:00405FEC FF4E1C
dec [esi+1C]
:00405FEF 8D45F4
lea eax, dword ptr [ebp-0C]
:00405FF2 BA02000000 mov edx,
00000002
:00405FF7 E884690B00 call
004BC980
:00405FFC 66C746103800 mov [esi+10],
0038
:00406002 BA43FD4B00 mov edx,
004BFD43
:00406007 8D45DC
lea eax, dword ptr [ebp-24]
:0040600A E855680B00 call
004BC864
:0040600F FF461C
inc [esi+1C]
:00406012 8D55D8
lea edx, dword ptr [ebp-28]
:00406015 8B08
mov ecx, dword ptr [eax]
:00406017 33C0
xor eax, eax
:00406019 51
push ecx
:0040601A 8945D8
mov dword ptr [ebp-28], eax
:0040601D 52
push edx
* Possible StringData Ref from Data Obj ->"RegisterKey"*********
|
:0040601E BA37FD4B00 mov edx,
004BFD37
:00406023 FF461C
inc [esi+1C]
:00406026 8D45E0
lea eax, dword ptr [ebp-20]
:00406029 E836680B00 call
004BC864
:0040602E FF461C
inc [esi+1C]
* Possible StringData Ref from Data Obj ->"Register"*********
|
:00406031 BA2EFD4B00 mov edx,
004BFD2E
:00406036 8B08
mov ecx, dword ptr [eax]
:00406038 8D45E4
lea eax, dword ptr [ebp-1C]
:0040603B 51
push ecx
:0040603C E823680B00 call
004BC864
:00406041 FF461C
inc [esi+1C]
:00406044 8B10
mov edx, dword ptr [eax]
:00406046 8B8300030000 mov eax, dword
ptr [ebx+00000300]
:0040604C 59
pop ecx
:0040604D 8B38
mov edi, dword ptr [eax]
:0040604F FF17
call dword ptr [edi]
:00406051 8D55D8
lea edx, dword ptr [ebp-28]
:00406054 8D45F8
lea eax, dword ptr [ebp-08]
:00406057 E854690B00 call
004BC9B0
:0040605C FF4E1C
dec [esi+1C]
:0040605F 8D45D8
lea eax, dword ptr [ebp-28]
:00406062 BA02000000 mov edx,
00000002
:00406067 E814690B00 call
004BC980
:0040606C FF4E1C
dec [esi+1C]
:0040606F 8D45DC
lea eax, dword ptr [ebp-24]
:00406072 BA02000000 mov edx,
00000002
:00406077 E804690B00 call
004BC980
:0040607C FF4E1C
dec [esi+1C]
:0040607F 8D45E0
lea eax, dword ptr [ebp-20]
:00406082 BA02000000 mov edx,
00000002
:00406087 E8F4680B00 call
004BC980
:0040608C FF4E1C
dec [esi+1C]
:0040608F 8D45E4
lea eax, dword ptr [ebp-1C]
:00406092 BA02000000 mov edx,
00000002
:00406097 E8E4680B00 call
004BC980
:0040609C 8B4DF8
mov ecx, dword ptr [ebp-08]
:0040609F 8B55FC
mov edx, dword ptr [ebp-04]
:004060A2 8BC3
mov eax, ebx
:004060A4 E85FFCFFFF call
00405D08
:004060A9 888305030000 mov byte ptr
[ebx+00000305], al
:004060AF BA02000000 mov edx,
00000002
:004060B4 8A8305030000 mov al, byte
ptr [ebx+00000305]
:004060BA 50
push eax
:004060BB 8D45F8
lea eax, dword ptr [ebp-08]
:004060BE FF4E1C
dec [esi+1C]
:004060C1 E8BA680B00 call
004BC980
:004060C6 FF4E1C
dec [esi+1C]
:004060C9 8D45FC
lea eax, dword ptr [ebp-04]
:004060CC BA02000000 mov edx,
00000002
:004060D1 E8AA680B00 call
004BC980
:004060D6 58
pop eax
:004060D7 8B16
mov edx, dword ptr [esi]
:004060D9 64891500000000 mov dword ptr fs:[00000000],
edx
:004060E0 5F
pop edi
:004060E1 5E
pop esi
:004060E2 5B
pop ebx
:004060E3 8BE5
mov esp, ebp
:004060E5 5D
pop ebp
:004060E6 C3
ret
喔~,看到勝利之神在向我招手了!
這分明就是檔案中存放註冊資訊的標誌字串(可以這麼叫嗎?)
什麼,聽不懂?舉個例子吧!
有的軟體將註冊資訊放在一個檔案裡,通常是<軟體名>.ini 或<軟體名>.dat 中,如:WinZip Self-Extract 2.2.
你註冊後,那麼在天網防火牆的 .ini 檔案,也就是配置檔案中就應該有以下幾項:
[register]
username=你的註冊名
registerkey=您的註冊碼
想想看,所以軟體每次啟動的時候都會讀取.ini中有沒有這幾項,若有就檢查註冊名和你的註冊碼是不是匹配;
若沒有發現這幾項,就直接判斷您還沒有註冊,就跳出提示框啦!
所以我們可以從這裡入手,向上看發現它是 00403CD4 Call 過來的.
於是我來到了這裡:
果然是將註冊資訊放在了 SNFW.INI 檔案中!
* Possible StringData Ref from Data Obj ->"SNFW.INI"
|
:00403C50 BA2BFB4B00 mov edx,
004BFB2B
:00403C55 8D45F0
lea eax, dword ptr [ebp-10]
:00403C58 E8078C0B00 call
004BC864
:00403C5D FF45D4
inc [ebp-2C]
:00403C60 33C0
xor eax, eax
:00403C62 8945EC
mov dword ptr [ebp-14], eax
:00403C65 8D55F0
lea edx, dword ptr [ebp-10]
:00403C68 FF45D4
inc [ebp-2C]
:00403C6B 8D4DEC
lea ecx, dword ptr [ebp-14]
:00403C6E 58
pop eax
:00403C6F E8648D0B00 call
004BC9D8
:00403C74 8D4DEC
lea ecx, dword ptr [ebp-14]
:00403C77 8B09
mov ecx, dword ptr [ecx]
:00403C79 B201
mov dl, 01
* Possible StringData Ref from Code Obj ->"胤C"
|
:00403C7B A110B14300 mov eax,
dword ptr [0043B110]
:00403C80 E83B010000 call
00403DC0
:00403C85 898300030000 mov dword
ptr [ebx+00000300], eax
:00403C8B FF4DD4
dec [ebp-2C]
:00403C8E 8D45EC
lea eax, dword ptr [ebp-14]
:00403C91 BA02000000 mov edx,
00000002
:00403C96 E8E58C0B00 call
004BC980
:00403C9B FF4DD4
dec [ebp-2C]
:00403C9E 8D45F0
lea eax, dword ptr [ebp-10]
:00403CA1 BA02000000 mov edx,
00000002
:00403CA6 E8D58C0B00 call
004BC980
:00403CAB FF4DD4
dec [ebp-2C]
:00403CAE 8D45F4
lea eax, dword ptr [ebp-0C]
:00403CB1 BA02000000 mov edx,
00000002
:00403CB6 E8C58C0B00 call
004BC980
:00403CBB FF4DD4
dec [ebp-2C]
:00403CBE 8D45F8
lea eax, dword ptr [ebp-08]
:00403CC1 BA02000000 mov edx,
00000002
:00403CC6 E8B58C0B00 call
004BC980
:00403CCB C6830503000000 mov byte ptr [ebx+00000305],
00
:00403CD2 8BC3
mov eax, ebx
:00403CD4 E843220000 call
00405F1C \<------來到了這兒
:00403CD9 84C0
test al, al - 咦!很眼熟喔.
:00403CDB 7541
jne 00403D1E /
:00403CDD 33C9
xor ecx, ecx
:00403CDF B201
mov dl, 01
* Possible StringData Ref from Data Obj ->"@F"
|
:00403CE1 A1DC304C00 mov eax,
dword ptr [004C30DC]
:00403CE6 E8D1700000 call
0040ADBC
:00403CEB 8BF8
mov edi, eax
:00403CED 8BC7
mov eax, edi
:00403CEF 8B10
mov edx, dword ptr [eax]
:00403CF1 FF92D8000000 call dword
ptr [edx+000000D8]
:00403CF7 8BF7
mov esi, edi
:00403CF9 8975E4
mov dword ptr [ebp-1C], esi
:00403CFC 85F6
test esi, esi
:00403CFE 741E
je 00403D1E
:00403D00 8B06
mov eax, dword ptr [esi]
:00403D02 8945E8
mov dword ptr [ebp-18], eax
:00403D05 66C745C82C00 mov [ebp-38],
002C
:00403D0B BA03000000 mov edx,
00000003
:00403D10 8B45E4
mov eax, dword ptr [ebp-1C]
:00403D13 8B08
mov ecx, dword ptr [eax]
:00403D15 FF51FC
call [ecx-04]
:00403D18 66C745C82000 mov [ebp-38],
0020
試著將 :00403CDB jne 00403D1E
改為 :00403CDB je 00403D1E
也就是將 7541
改為 7441
執行一下,嗯!很好,那個討厭的註冊提示框再也不會出現了.
這應該是我的第一篇破解教程,唉!我終於體會到各位大哥的辛苦了,寫這東西的確耗時間.我可是用拼音輸入法打的喔!
在此,感謝:
看雪,Icebird,Icebird,冰毒,DDxia,ErrorFree,tKC,EGis
帶我進入了破解世界.
相關文章
- 相容M/intel電腦的防火牆軟體:Radio Silence for mac 中文破解版2023-12-11Intel防火牆Mac
- 20條IPTables防火牆規則用法!2022-10-19防火牆
- 防火牆 | 網路協議2020-11-09防火牆協議
- 蘋果Mac電腦簡單好用的防火牆:Radio Silence註冊碼破解版最新2023-12-29蘋果Mac防火牆
- WAb防火牆與傳統防火牆2022-12-30防火牆
- 防火牆2024-11-01防火牆
- WAF與網路防火牆的區別2023-02-20防火牆
- 網路安全——防火牆詳解2023-03-07防火牆
- 最多 200 美元,黑客就能用微型晶片破解硬體防火牆2019-10-14黑客晶片防火牆
- 華為ensp防火牆6000啟動失敗#######的個人解決方法2020-09-27防火牆
- 防火牆的分類2023-03-07防火牆
- Nginx + Lua 搭建網站WAF防火牆2019-08-05Nginx網站防火牆
- 內網滲透-防火牆資訊2020-12-06內網防火牆
- 防火牆入侵於檢測——————3、思科 PIX 防火牆和 ASA 防火牆產品線2018-06-20防火牆
- 天翼雲Web應用防火牆(邊緣雲版)攔截WordPress Elementor漏洞的說明2022-04-25Web防火牆
- iptables防火牆2024-05-22防火牆
- 防火牆配置2024-07-19防火牆
- 防火牆iptables2024-12-05防火牆
- 防火牆(firewall)2023-03-07防火牆
- 天翼雲Web應用防火牆(邊緣雲版)通過首批可信認證2022-06-27Web防火牆
- 網閘與防火牆的區別是什麼2021-06-25防火牆
- win10 防火牆設定方法_win10怎麼設定網路防火牆2020-06-30Win10防火牆
- 什麼是防火牆?防火牆能發揮什麼樣的作用?2022-07-22防火牆
- Ceph 和防火牆的故事2018-08-31防火牆
- CentOS 7.0防火牆2018-03-20CentOS防火牆
- Linux防火牆命令2024-03-10Linux防火牆
- CentOS 防火牆操作2019-12-26CentOS防火牆
- Linux配置防火牆2024-07-13Linux防火牆
- 防火牆部署案例2024-06-29防火牆
- 防火牆介紹2023-03-07防火牆
- LINUX 防火牆 firewalld2022-12-28Linux防火牆
- win10如何關閉域防火牆_win10域網路防火牆關閉方法2020-09-06Win10防火牆
- 【網路安全】什麼Web應用防火牆?它與雲防火牆有什麼差異?2022-02-17Web防火牆
- 怎麼重置win10防火牆_win10防火牆重置的方法2020-01-07Win10防火牆
- Mac有防火牆嗎?關於Mac防火牆常見的問題解答2020-09-28Mac防火牆
- 防火牆(360天堤)雙因素身份認證解決方案2020-09-25防火牆
- ubuntu 關閉防火牆命令 ubuntu怎樣關閉防火牆2022-02-16Ubuntu防火牆
- windows10網路防火牆在哪裡設定 windows10自帶網路防火牆怎麼設定2020-10-16Windows防火牆
- 網站安全公司對waf防火牆作用分析2020-04-04網站防火牆