Nktools(手機工具箱)註冊碼計算處,請高手指點~~~~ (15千字)
請高手指點
軟體名稱:Nktools(手機工具箱) 繁體版 441KB
軟體功能:Nokia 手機工具箱程式,v1.1.9,繁體中文未註冊版。集合設
置中文電話簿,中文簡訊,備忘錄,開工控模式,修改待機、分
組圖案,自定鈴聲,設定手機時間、鬧鈴時間,修改PIN1碼為一
體的Nokia手機程式。 支援手機連線線、電腦紅外線。支援手機
型別:3210、3310、5110、5130、6110、6138、6150、8210、
8250、8810、8850。未註冊版有功能限制,如工程模式、開機畫
面、鈴聲等不能使用,但可以用中文電本功能
註冊形式:要求輸入註冊碼,與手機的串號(IMEI)運算得出想應串號
(IMEI) ,註冊不成功不會出現出錯資訊,它會將註冊碼存放在
軟體目錄的regcode.txt裡,此類軟體應該都是即時檢測註冊碼
的,而且每個功能都會檢測註冊碼,所以如果要暴力的話很多地
方要改,最好可以找到真註冊碼並寫出序號產生器(具體是如何運算我
還搞不清楚)
下載地址:http://go.163.com/~nokiaz/software/NKToolSetup.exe
不知大家有誰是用諾基亞的手機,nokia只有3310和8250是可以用中文電話本的,但現在還有很多人都是用6110、6150、8210的,用了上面的軟體就可以讓這些手機都能用上中文電話本,而且還有很多其它功能,有興趣的人試試吧,此軟體要用紅外線或者資料線。
此軟體用upx 0.93壓縮過,解壓後反彙編,因為是繁體的所以我找不到有用的東西,但我找到個“autoregister”我設了中斷後程式會自動中斷,就算不作任何動作都會中斷,所以我想程式是在即時檢測註冊碼,但我跟下去卻找不到關鍵地方(我只是個新手,功力0.5級),以下的地方是我用trw200除錯時找到的,我作了些註解,不知其它地方還有沒有計算註冊碼的地方,在以下的過程中,我發現程式用我輸入的假註冊碼和"060347221N”字串作了運算,不知此字串是不是程式將我的手機串號計算而來的,所以請大家幫驗證一下,我只追到了程式的41A90C處到了後面我就暈掉了(我的彙編知識太菜了),而且我也沒追到“060347221N”是如何來的,所以請各位朋友幫個忙如果可以做個序號產生器出來就太好啦,實在不行也請幫忙在下面寫一些註解吧!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A734(C)
|
:0041A739 C1FA02
sar edx, 02
:0041A73C 8955BC
mov dword ptr [ebp-44], edx
:0041A73F 33C9
xor ecx, ecx
:0041A741 894DB0
mov dword ptr [ebp-50], ecx
:0041A744 8B45B0
mov eax, dword ptr [ebp-50]
:0041A747 3B45BC
cmp eax, dword ptr [ebp-44]
:0041A74A 0F8DC1000000 jnl 0041A811
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A80B(C)
|
:0041A750 8B55C8
mov edx, dword ptr [ebp-38]
:0041A753 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A756 8A048A
mov al, byte ptr [edx+4*ecx] <------假註冊碼首位數
:0041A759 04D0
add al, D0
:0041A75B 8B55C8
mov edx, dword ptr [ebp-38]
:0041A75E 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A761 8A548A01
mov dl, byte ptr [edx+4*ecx+01]<----假註冊碼第二位
:0041A765 80C2D0
add dl, D0
:0041A768 C1E206
shl edx, 06
:0041A76B 0AC2
or al, dl
:0041A76D 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A770 8D0C49
lea ecx, dword ptr [ecx+2*ecx]
:0041A773 8B55C0
mov edx, dword ptr [ebp-40]
:0041A776 88040A
mov byte ptr [edx+ecx], al <---結果寫入此地址
:0041A779 8B45BC
mov eax, dword ptr [ebp-44]
:0041A77C 85C0
test eax, eax
:0041A77E 7903
jns 0041A783
:0041A780 83C003
add eax, 00000003
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A77E(C)
|
:0041A783 C1F802
sar eax, 02
:0041A786 8D0C40
lea ecx, dword ptr [eax+2*eax]
:0041A789 41
inc ecx
:0041A78A 83C104
add ecx, 00000004
:0041A78D 894D9C
mov dword ptr [ebp-64], ecx
:0041A790 33C0
xor eax, eax
:0041A792 8945A0
mov dword ptr [ebp-60], eax
:0041A795 DF6D9C
fild qword ptr [ebp-64] -----|此處何解
:0041A798 DC0524AA4100 fadd qword
ptr [0041AA24] |是否浮點
:0041A79E DD5DA4
fstp qword ptr [ebp-5C] -----|運算??
:0041A7A1 8B55C8
mov edx, dword ptr [ebp-38]
:0041A7A4 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7A7 33C0
xor eax, eax
:0041A7A9 8A448A01
mov al, byte ptr [edx+4*ecx+01]
:0041A7AD 83C0D0
add eax, FFFFFFD0
:0041A7B0 C1F802
sar eax, 02
:0041A7B3 8B55C8
mov edx, dword ptr [ebp-38]
:0041A7B6 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7B9 8A548A02
mov dl, byte ptr [edx+4*ecx+02]
:0041A7BD 80C2D0
add dl, D0
:0041A7C0 C1E204
shl edx, 04
:0041A7C3 0AC2
or al, dl
:0041A7C5 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7C8 8D0C49
lea ecx, dword ptr [ecx+2*ecx]
:0041A7CB 8B55C0
mov edx, dword ptr [ebp-40]
:0041A7CE 88440A01
mov byte ptr [edx+ecx+01], al
:0041A7D2 8B45C8
mov eax, dword ptr [ebp-38]
:0041A7D5 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7D8 0FB6448802 movzx
eax, byte ptr [eax+4*ecx+02]
:0041A7DD 83C0D0
add eax, FFFFFFD0
:0041A7E0 C1F804
sar eax, 04
:0041A7E3 8B55C8
mov edx, dword ptr [ebp-38]
:0041A7E6 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7E9 8A548A03
mov dl, byte ptr [edx+4*ecx+03]
:0041A7ED 80C2D0
add dl, D0
:0041A7F0 C1E202
shl edx, 02
:0041A7F3 0AC2
or al, dl
:0041A7F5 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7F8 8D0C49
lea ecx, dword ptr [ecx+2*ecx]
:0041A7FB 8B55C0
mov edx, dword ptr [ebp-40]
:0041A7FE 88440A02
mov byte ptr [edx+ecx+02], al
:0041A802 FF45B0
inc [ebp-50]
:0041A805 8B45B0
mov eax, dword ptr [ebp-50]
:0041A808 3B45BC
cmp eax, dword ptr [ebp-44]
:0041A80B 0F8C3FFFFFFF jl 0041A750
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A74A(C)
|
:0041A811 8B4DBC
mov ecx, dword ptr [ebp-44]
:0041A814 8D0C49
lea ecx, dword ptr [ecx+2*ecx]
:0041A817 894DBC
mov dword ptr [ebp-44], ecx
:0041A81A 8B45B8
mov eax, dword ptr [ebp-48]
:0041A81D 0345BC
add eax, dword ptr [ebp-44]
:0041A820 8945B4
mov dword ptr [ebp-4C], eax
:0041A823 8B55B4
mov edx, dword ptr [ebp-4C]
:0041A826 4A
dec edx
:0041A827 8955B0
mov dword ptr [ebp-50], edx
:0041A82A 837DB000
cmp dword ptr [ebp-50], 00000000
:0041A82E 0F8CC4000000 jl 0041A8F8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A8F2(C)
|
:0041A834 33C9
xor ecx, ecx
:0041A836 894DAC
mov dword ptr [ebp-54], ecx
:0041A839 EB36
jmp 0041A871
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A878(C)
|
:0041A83B 8B45AC
mov eax, dword ptr [ebp-54]
:0041A83E 0345B0
add eax, dword ptr [ebp-50]
:0041A841 99
cdq
:0041A842 F77DB8
idiv [ebp-48]
:0041A845 8B4DC4
mov ecx, dword ptr [ebp-3C]
:0041A848 8B45C0
mov eax, dword ptr [ebp-40]
:0041A84B 8B5DAC
mov ebx, dword ptr [ebp-54]
:0041A84E 0FB6441801 movzx
eax, byte ptr [eax+ebx+01]
:0041A853 0FAF45B0
imul eax, dword ptr [ebp-50]
:0041A857 8B5DC0
mov ebx, dword ptr [ebp-40]
:0041A85A 8B75AC
mov esi, dword ptr [ebp-54]
:0041A85D 8A1C33
mov bl, byte ptr [ebx+esi]
:0041A860 2AD8
sub bl, al
:0041A862 2A1C11
sub bl, byte ptr [ecx+edx]
:0041A865 8B45C0
mov eax, dword ptr [ebp-40]
:0041A868 8B55AC
mov edx, dword ptr [ebp-54]
:0041A86B 881C10
mov byte ptr [eax+edx], bl
:0041A86E FF45AC
inc [ebp-54]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A839(U)
|
:0041A871 8B4DBC
mov ecx, dword ptr [ebp-44]
:0041A874 49
dec ecx
:0041A875 3B4DAC
cmp ecx, dword ptr [ebp-54]
:0041A878 7FC1
jg 0041A83B
:0041A87A 8B45BC
mov eax, dword ptr [ebp-44]
:0041A87D 85C0
test eax, eax
:0041A87F 7903
jns 0041A884
:0041A881 83C003
add eax, 00000003
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A87F(C)
|
:0041A884 C1F802
sar eax, 02
:0041A887 8D1440
lea edx, dword ptr [eax+2*eax]
:0041A88A 42
inc edx
:0041A88B 83C204
add edx, 00000004
:0041A88E 89559C
mov dword ptr [ebp-64], edx
:0041A891 33C9
xor ecx, ecx
:0041A893 894DA0
mov dword ptr [ebp-60], ecx
:0041A896 DF6D9C
fild qword ptr [ebp-64]
:0041A899 DC0524AA4100 fadd qword
ptr [0041AA24]
:0041A89F DD5DA4
fstp qword ptr [ebp-5C]
:0041A8A2 8B45BC
mov eax, dword ptr [ebp-44]
:0041A8A5 48
dec eax
:0041A8A6 8945AC
mov dword ptr [ebp-54], eax
:0041A8A9 837DAC00
cmp dword ptr [ebp-54], 00000000
:0041A8AD 7E3C
jle 0041A8EB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A8E9(C)
|
:0041A8AF 8B45AC
mov eax, dword ptr [ebp-54]
:0041A8B2 0345B0
add eax, dword ptr [ebp-50]
:0041A8B5 99
cdq
:0041A8B6 F77DB8
idiv [ebp-48]
:0041A8B9 8B4DC4
mov ecx, dword ptr [ebp-3C]
:0041A8BC 8B45C0
mov eax, dword ptr [ebp-40]
:0041A8BF 8B5DAC
mov ebx, dword ptr [ebp-54]
:0041A8C2 0FB64418FF movzx
eax, byte ptr [eax+ebx-01]
:0041A8C7 0FAF45B0
imul eax, dword ptr [ebp-50]
:0041A8CB 8B5DC0
mov ebx, dword ptr [ebp-40]
:0041A8CE 8B75AC
mov esi, dword ptr [ebp-54]
:0041A8D1 8A1C33
mov bl, byte ptr [ebx+esi]
:0041A8D4 2AD8
sub bl, al
:0041A8D6 2A1C11
sub bl, byte ptr [ecx+edx]
:0041A8D9 8B45C0
mov eax, dword ptr [ebp-40]
:0041A8DC 8B55AC
mov edx, dword ptr [ebp-54]
:0041A8DF 881C10
mov byte ptr [eax+edx], bl
:0041A8E2 FF4DAC
dec [ebp-54]
:0041A8E5 837DAC00
cmp dword ptr [ebp-54], 00000000
:0041A8E9 7FC4
jg 0041A8AF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A8AD(C)
|
:0041A8EB FF4DB0
dec [ebp-50]
:0041A8EE 837DB000
cmp dword ptr [ebp-50], 00000000
:0041A8F2 0F8D3CFFFFFF jnl 0041A834
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A82E(C)
|
:0041A8F8 6A04
push 00000004
:0041A8FA FF75C0
push [ebp-40]
:0041A8FD 8D4DB8
lea ecx, dword ptr [ebp-48]
:0041A900 51
push ecx
:0041A901 E812BF0800 call
004A6818 <-----此call將運算結果放到另一地址
:0041A906 83C40C
add esp, 0000000C
:0041A909 8B45B8
mov eax, dword ptr [ebp-48]
:0041A90C 3B45BC
cmp eax, dword ptr [ebp-44]<--此處和下面的比較不知是否
:0041A90F 7E08
jle 0041A919
是關鍵,我改動後沒結果
:0041A911 8B55BC
mov edx, dword ptr [ebp-44]
:0041A914 8955B8
mov dword ptr [ebp-48], edx
:0041A917 EB0B
jmp 0041A924
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A90F(C)
|
:0041A919 837DB800
cmp dword ptr [ebp-48], 00000000
:0041A91D 7D05
jge 0041A924
:0041A91F 33C9
xor ecx, ecx
:0041A921 894DB8
mov dword ptr [ebp-48], ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041A917(U), :0041A91D(C)
|
:0041A924 8B45C0
mov eax, dword ptr [ebp-40]
:0041A927 8B55B8
mov edx, dword ptr [ebp-48]
:0041A92A C644100400 mov [eax+edx+04],
00
:0041A92F 66C745DC2000 mov [ebp-24],
0020
:0041A935 DD45A4
fld qword ptr [ebp-5C]
:0041A938 DC0D1CAA4100 fmul qword
ptr [0041AA1C]
:0041A93E DD5DA4
fstp qword ptr [ebp-5C]
:0041A941 66C745DC2C00 mov [ebp-24],
002C
:0041A947 8B55C0
mov edx, dword ptr [ebp-40]
:0041A94A 83C204
add edx, 00000004
:0041A94D 8D45F4
lea eax, dword ptr [ebp-0C]
:0041A950 E857900900 call
004B39AC
:0041A955 FF45E8
inc [ebp-18]
:0041A958 8D55F4
lea edx, dword ptr [ebp-0C]
:0041A95B 8B4508
mov eax, dword ptr [ebp+08]
:0041A95E E8C5910900 call
004B3B28
:0041A963 FF4DE8
dec [ebp-18]
:0041A966 8D45F4
lea eax, dword ptr [ebp-0C]
:0041A969 BA02000000 mov edx,
00000002
:0041A96E E885910900 call
004B3AF8
:0041A973 66C745DC0800 mov [ebp-24],
0008
:0041A979 EB3C
jmp 0041A9B7
:0041A97B 66C745DC3800 mov [ebp-24],
0038
:0041A981 BA820C4C00 mov edx,
004C0C82
:0041A986 8D45F0
lea eax, dword ptr [ebp-10]
:0041A989 E81E900900 call
004B39AC
:0041A98E FF45E8
inc [ebp-18]
:0041A991 8D55F0
lea edx, dword ptr [ebp-10]
:0041A994 8B4508
mov eax, dword ptr [ebp+08]
:0041A997 E88C910900 call
004B3B28
:0041A99C FF4DE8
dec [ebp-18]
:0041A99F 8D45F0
lea eax, dword ptr [ebp-10]
:0041A9A2 BA02000000 mov edx,
00000002
:0041A9A7 E84C910900 call
004B3AF8
:0041A9AC 66C745DC2800 mov [ebp-24],
0028
:0041A9B2 E87F610900 call
004B0B36
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A979(U)
|
:0041A9B7 DD45A4
fld qword ptr [ebp-5C]
:0041A9BA DC052CAA4100 fadd qword
ptr [0041AA2C]
:0041A9C0 DD5DA4
fstp qword ptr [ebp-5C]
:0041A9C3 FF75C0
push [ebp-40]
:0041A9C6 E835B20800 call
004A5C00
:0041A9CB 59
pop ecx
:0041A9CC FF75C8
push [ebp-38]
:0041A9CF E82CB20800 call
004A5C00
:0041A9D4 59
pop ecx
:0041A9D5 FF4DE8
dec [ebp-18]
:0041A9D8 8D45F8
lea eax, dword ptr [ebp-08]
:0041A9DB BA02000000 mov edx,
00000002
:0041A9E0 E813910900 call
004B3AF8
:0041A9E5 FF4DE8
dec [ebp-18]
:0041A9E8 8D450C
lea eax, dword ptr [ebp+0C]
:0041A9EB BA02000000 mov edx,
00000002
:0041A9F0 E803910900 call
004B3AF8
:0041A9F5 8B4DCC
mov ecx, dword ptr [ebp-34]
:0041A9F8 64890D00000000 mov dword ptr fs:[00000000],
ecx
:0041A9FF 5F
pop edi
:0041AA00 5E
pop esi
:0041AA01 5B
pop ebx
:0041AA02 8BE5
mov esp, ebp
:0041AA04 5D
pop ebp
:0041AA05 C3
ret
相關文章
- FINAL DATA註冊碼計算 (2千字)2000-07-24
- vfp&exe1.70註冊碼計算 (2千字)2001-06-04
- Folder Browser Control v1.0.10註冊碼的計算 (15千字)2001-06-02
- 請教關於DremEdit2.28如何算註冊碼? (3千字)2000-07-13REM
- IP搜尋客 1.61 註冊碼計算 (2千字)2000-05-16
- FolderView註冊部分的計算 (13千字)2001-05-27View
- getPassword2.3註冊碼計算分析過程 (3千字)2001-11-07
- 計算占星軟體Numerology Star Reader (version
15.0)註冊碼 (4千字)2000-10-02
- 如何計算 “IQ網際搜尋家99” 註冊碼 (4千字)2000-05-15
- 《APIS32》的註冊碼演算法 還請各位大俠幫忙寫一下注冊機!!!! (15千字)2001-08-07APIS3演算法
- 央視新聞《鳳凰娛樂app註冊邀請碼 》手機搜狐網2022-03-22APP
- 請高手指點2004-12-24
- 如何計算 批量檔案設定器 2.05 的註冊碼 (6千字)2000-04-24
- 計算機網路基礎知識點快速複習手冊2019-02-18計算機網路
- 《奧數2000》註冊碼的計算(VB5程式)
(6千字)2015-11-15
- 初學者請進,看far.exe的註冊碼! (7千字)2001-04-24
- 求教,請高手指點!2004-04-08
- 註冊,人人都有一臺超級計算機2011-07-02計算機
- 標 題:DirectMediaXtra.x32 V2.01 註冊碼的計算 (13千字)2015-11-15
- 註冊時間差計算2017-06-13
- 註冊碼演算法 (2千字)2001-01-14演算法
- Nacos - 服務端處理註冊請求2021-01-05服務端
- Flash ActionScript Tool 的註冊碼! (22千字)2001-05-04
- 《TxEdit 4.6》的註冊碼破解 (11千字)2001-07-28
- Regediter 1.3 破解(得到註冊碼) (9千字)2002-01-23
- 社群遊戲伴侶
V1.0註冊碼的計算,序號產生器 (30千字)2003-05-09遊戲
- 【sqlserver】更改資料庫註冊的計算機名稱2012-08-31SQLServer資料庫計算機
- 財智證券結算軟體2.5 破解註冊碼分析!使用ollydbg 破解註冊動畫!高手莫入! (1千字)2001-11-20動畫
- 求解決方案!!請高手指點2004-12-21
- estiprojm 註冊 (12千字)2001-11-08
- PCPro(PigChamp Pro) v3.0.23註冊碼的計算(VB程式,非常簡單) (3千字)2001-10-08GC
- 一種非明碼比較程式的註冊------NS-SHAFT註冊碼破解 (9千字)2015-11-15
- CPUCOOL 5.1000註冊碼分析 (6千字)2001-01-19
- IconToy 3.1 註冊碼快速破解 (11千字)2001-03-02
- BabyGame 破解方法及註冊碼錶 (1千字)2001-07-04GAM
- winimp1.11註冊碼破解 (2千字)2000-07-16
- 央視新聞《 大⃞發平臺最高註冊邀請瑪 》手機搜狐網2022-03-22
- 彩88APP通用註冊邀請碼2021-01-12APP