Nktools(手機工具箱)註冊碼計算處,請高手指點~~~~ (15千字)
請高手指點
軟體名稱:Nktools(手機工具箱) 繁體版 441KB
軟體功能:Nokia 手機工具箱程式,v1.1.9,繁體中文未註冊版。集合設
置中文電話簿,中文簡訊,備忘錄,開工控模式,修改待機、分
組圖案,自定鈴聲,設定手機時間、鬧鈴時間,修改PIN1碼為一
體的Nokia手機程式。 支援手機連線線、電腦紅外線。支援手機
型別:3210、3310、5110、5130、6110、6138、6150、8210、
8250、8810、8850。未註冊版有功能限制,如工程模式、開機畫
面、鈴聲等不能使用,但可以用中文電本功能
註冊形式:要求輸入註冊碼,與手機的串號(IMEI)運算得出想應串號
(IMEI) ,註冊不成功不會出現出錯資訊,它會將註冊碼存放在
軟體目錄的regcode.txt裡,此類軟體應該都是即時檢測註冊碼
的,而且每個功能都會檢測註冊碼,所以如果要暴力的話很多地
方要改,最好可以找到真註冊碼並寫出序號產生器(具體是如何運算我
還搞不清楚)
下載地址:http://go.163.com/~nokiaz/software/NKToolSetup.exe
不知大家有誰是用諾基亞的手機,nokia只有3310和8250是可以用中文電話本的,但現在還有很多人都是用6110、6150、8210的,用了上面的軟體就可以讓這些手機都能用上中文電話本,而且還有很多其它功能,有興趣的人試試吧,此軟體要用紅外線或者資料線。
此軟體用upx 0.93壓縮過,解壓後反彙編,因為是繁體的所以我找不到有用的東西,但我找到個“autoregister”我設了中斷後程式會自動中斷,就算不作任何動作都會中斷,所以我想程式是在即時檢測註冊碼,但我跟下去卻找不到關鍵地方(我只是個新手,功力0.5級),以下的地方是我用trw200除錯時找到的,我作了些註解,不知其它地方還有沒有計算註冊碼的地方,在以下的過程中,我發現程式用我輸入的假註冊碼和"060347221N”字串作了運算,不知此字串是不是程式將我的手機串號計算而來的,所以請大家幫驗證一下,我只追到了程式的41A90C處到了後面我就暈掉了(我的彙編知識太菜了),而且我也沒追到“060347221N”是如何來的,所以請各位朋友幫個忙如果可以做個序號產生器出來就太好啦,實在不行也請幫忙在下面寫一些註解吧!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A734(C)
|
:0041A739 C1FA02
sar edx, 02
:0041A73C 8955BC
mov dword ptr [ebp-44], edx
:0041A73F 33C9
xor ecx, ecx
:0041A741 894DB0
mov dword ptr [ebp-50], ecx
:0041A744 8B45B0
mov eax, dword ptr [ebp-50]
:0041A747 3B45BC
cmp eax, dword ptr [ebp-44]
:0041A74A 0F8DC1000000 jnl 0041A811
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A80B(C)
|
:0041A750 8B55C8
mov edx, dword ptr [ebp-38]
:0041A753 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A756 8A048A
mov al, byte ptr [edx+4*ecx] <------假註冊碼首位數
:0041A759 04D0
add al, D0
:0041A75B 8B55C8
mov edx, dword ptr [ebp-38]
:0041A75E 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A761 8A548A01
mov dl, byte ptr [edx+4*ecx+01]<----假註冊碼第二位
:0041A765 80C2D0
add dl, D0
:0041A768 C1E206
shl edx, 06
:0041A76B 0AC2
or al, dl
:0041A76D 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A770 8D0C49
lea ecx, dword ptr [ecx+2*ecx]
:0041A773 8B55C0
mov edx, dword ptr [ebp-40]
:0041A776 88040A
mov byte ptr [edx+ecx], al <---結果寫入此地址
:0041A779 8B45BC
mov eax, dword ptr [ebp-44]
:0041A77C 85C0
test eax, eax
:0041A77E 7903
jns 0041A783
:0041A780 83C003
add eax, 00000003
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A77E(C)
|
:0041A783 C1F802
sar eax, 02
:0041A786 8D0C40
lea ecx, dword ptr [eax+2*eax]
:0041A789 41
inc ecx
:0041A78A 83C104
add ecx, 00000004
:0041A78D 894D9C
mov dword ptr [ebp-64], ecx
:0041A790 33C0
xor eax, eax
:0041A792 8945A0
mov dword ptr [ebp-60], eax
:0041A795 DF6D9C
fild qword ptr [ebp-64] -----|此處何解
:0041A798 DC0524AA4100 fadd qword
ptr [0041AA24] |是否浮點
:0041A79E DD5DA4
fstp qword ptr [ebp-5C] -----|運算??
:0041A7A1 8B55C8
mov edx, dword ptr [ebp-38]
:0041A7A4 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7A7 33C0
xor eax, eax
:0041A7A9 8A448A01
mov al, byte ptr [edx+4*ecx+01]
:0041A7AD 83C0D0
add eax, FFFFFFD0
:0041A7B0 C1F802
sar eax, 02
:0041A7B3 8B55C8
mov edx, dword ptr [ebp-38]
:0041A7B6 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7B9 8A548A02
mov dl, byte ptr [edx+4*ecx+02]
:0041A7BD 80C2D0
add dl, D0
:0041A7C0 C1E204
shl edx, 04
:0041A7C3 0AC2
or al, dl
:0041A7C5 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7C8 8D0C49
lea ecx, dword ptr [ecx+2*ecx]
:0041A7CB 8B55C0
mov edx, dword ptr [ebp-40]
:0041A7CE 88440A01
mov byte ptr [edx+ecx+01], al
:0041A7D2 8B45C8
mov eax, dword ptr [ebp-38]
:0041A7D5 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7D8 0FB6448802 movzx
eax, byte ptr [eax+4*ecx+02]
:0041A7DD 83C0D0
add eax, FFFFFFD0
:0041A7E0 C1F804
sar eax, 04
:0041A7E3 8B55C8
mov edx, dword ptr [ebp-38]
:0041A7E6 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7E9 8A548A03
mov dl, byte ptr [edx+4*ecx+03]
:0041A7ED 80C2D0
add dl, D0
:0041A7F0 C1E202
shl edx, 02
:0041A7F3 0AC2
or al, dl
:0041A7F5 8B4DB0
mov ecx, dword ptr [ebp-50]
:0041A7F8 8D0C49
lea ecx, dword ptr [ecx+2*ecx]
:0041A7FB 8B55C0
mov edx, dword ptr [ebp-40]
:0041A7FE 88440A02
mov byte ptr [edx+ecx+02], al
:0041A802 FF45B0
inc [ebp-50]
:0041A805 8B45B0
mov eax, dword ptr [ebp-50]
:0041A808 3B45BC
cmp eax, dword ptr [ebp-44]
:0041A80B 0F8C3FFFFFFF jl 0041A750
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A74A(C)
|
:0041A811 8B4DBC
mov ecx, dword ptr [ebp-44]
:0041A814 8D0C49
lea ecx, dword ptr [ecx+2*ecx]
:0041A817 894DBC
mov dword ptr [ebp-44], ecx
:0041A81A 8B45B8
mov eax, dword ptr [ebp-48]
:0041A81D 0345BC
add eax, dword ptr [ebp-44]
:0041A820 8945B4
mov dword ptr [ebp-4C], eax
:0041A823 8B55B4
mov edx, dword ptr [ebp-4C]
:0041A826 4A
dec edx
:0041A827 8955B0
mov dword ptr [ebp-50], edx
:0041A82A 837DB000
cmp dword ptr [ebp-50], 00000000
:0041A82E 0F8CC4000000 jl 0041A8F8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A8F2(C)
|
:0041A834 33C9
xor ecx, ecx
:0041A836 894DAC
mov dword ptr [ebp-54], ecx
:0041A839 EB36
jmp 0041A871
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A878(C)
|
:0041A83B 8B45AC
mov eax, dword ptr [ebp-54]
:0041A83E 0345B0
add eax, dword ptr [ebp-50]
:0041A841 99
cdq
:0041A842 F77DB8
idiv [ebp-48]
:0041A845 8B4DC4
mov ecx, dword ptr [ebp-3C]
:0041A848 8B45C0
mov eax, dword ptr [ebp-40]
:0041A84B 8B5DAC
mov ebx, dword ptr [ebp-54]
:0041A84E 0FB6441801 movzx
eax, byte ptr [eax+ebx+01]
:0041A853 0FAF45B0
imul eax, dword ptr [ebp-50]
:0041A857 8B5DC0
mov ebx, dword ptr [ebp-40]
:0041A85A 8B75AC
mov esi, dword ptr [ebp-54]
:0041A85D 8A1C33
mov bl, byte ptr [ebx+esi]
:0041A860 2AD8
sub bl, al
:0041A862 2A1C11
sub bl, byte ptr [ecx+edx]
:0041A865 8B45C0
mov eax, dword ptr [ebp-40]
:0041A868 8B55AC
mov edx, dword ptr [ebp-54]
:0041A86B 881C10
mov byte ptr [eax+edx], bl
:0041A86E FF45AC
inc [ebp-54]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A839(U)
|
:0041A871 8B4DBC
mov ecx, dword ptr [ebp-44]
:0041A874 49
dec ecx
:0041A875 3B4DAC
cmp ecx, dword ptr [ebp-54]
:0041A878 7FC1
jg 0041A83B
:0041A87A 8B45BC
mov eax, dword ptr [ebp-44]
:0041A87D 85C0
test eax, eax
:0041A87F 7903
jns 0041A884
:0041A881 83C003
add eax, 00000003
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A87F(C)
|
:0041A884 C1F802
sar eax, 02
:0041A887 8D1440
lea edx, dword ptr [eax+2*eax]
:0041A88A 42
inc edx
:0041A88B 83C204
add edx, 00000004
:0041A88E 89559C
mov dword ptr [ebp-64], edx
:0041A891 33C9
xor ecx, ecx
:0041A893 894DA0
mov dword ptr [ebp-60], ecx
:0041A896 DF6D9C
fild qword ptr [ebp-64]
:0041A899 DC0524AA4100 fadd qword
ptr [0041AA24]
:0041A89F DD5DA4
fstp qword ptr [ebp-5C]
:0041A8A2 8B45BC
mov eax, dword ptr [ebp-44]
:0041A8A5 48
dec eax
:0041A8A6 8945AC
mov dword ptr [ebp-54], eax
:0041A8A9 837DAC00
cmp dword ptr [ebp-54], 00000000
:0041A8AD 7E3C
jle 0041A8EB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A8E9(C)
|
:0041A8AF 8B45AC
mov eax, dword ptr [ebp-54]
:0041A8B2 0345B0
add eax, dword ptr [ebp-50]
:0041A8B5 99
cdq
:0041A8B6 F77DB8
idiv [ebp-48]
:0041A8B9 8B4DC4
mov ecx, dword ptr [ebp-3C]
:0041A8BC 8B45C0
mov eax, dword ptr [ebp-40]
:0041A8BF 8B5DAC
mov ebx, dword ptr [ebp-54]
:0041A8C2 0FB64418FF movzx
eax, byte ptr [eax+ebx-01]
:0041A8C7 0FAF45B0
imul eax, dword ptr [ebp-50]
:0041A8CB 8B5DC0
mov ebx, dword ptr [ebp-40]
:0041A8CE 8B75AC
mov esi, dword ptr [ebp-54]
:0041A8D1 8A1C33
mov bl, byte ptr [ebx+esi]
:0041A8D4 2AD8
sub bl, al
:0041A8D6 2A1C11
sub bl, byte ptr [ecx+edx]
:0041A8D9 8B45C0
mov eax, dword ptr [ebp-40]
:0041A8DC 8B55AC
mov edx, dword ptr [ebp-54]
:0041A8DF 881C10
mov byte ptr [eax+edx], bl
:0041A8E2 FF4DAC
dec [ebp-54]
:0041A8E5 837DAC00
cmp dword ptr [ebp-54], 00000000
:0041A8E9 7FC4
jg 0041A8AF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A8AD(C)
|
:0041A8EB FF4DB0
dec [ebp-50]
:0041A8EE 837DB000
cmp dword ptr [ebp-50], 00000000
:0041A8F2 0F8D3CFFFFFF jnl 0041A834
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A82E(C)
|
:0041A8F8 6A04
push 00000004
:0041A8FA FF75C0
push [ebp-40]
:0041A8FD 8D4DB8
lea ecx, dword ptr [ebp-48]
:0041A900 51
push ecx
:0041A901 E812BF0800 call
004A6818 <-----此call將運算結果放到另一地址
:0041A906 83C40C
add esp, 0000000C
:0041A909 8B45B8
mov eax, dword ptr [ebp-48]
:0041A90C 3B45BC
cmp eax, dword ptr [ebp-44]<--此處和下面的比較不知是否
:0041A90F 7E08
jle 0041A919
是關鍵,我改動後沒結果
:0041A911 8B55BC
mov edx, dword ptr [ebp-44]
:0041A914 8955B8
mov dword ptr [ebp-48], edx
:0041A917 EB0B
jmp 0041A924
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A90F(C)
|
:0041A919 837DB800
cmp dword ptr [ebp-48], 00000000
:0041A91D 7D05
jge 0041A924
:0041A91F 33C9
xor ecx, ecx
:0041A921 894DB8
mov dword ptr [ebp-48], ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041A917(U), :0041A91D(C)
|
:0041A924 8B45C0
mov eax, dword ptr [ebp-40]
:0041A927 8B55B8
mov edx, dword ptr [ebp-48]
:0041A92A C644100400 mov [eax+edx+04],
00
:0041A92F 66C745DC2000 mov [ebp-24],
0020
:0041A935 DD45A4
fld qword ptr [ebp-5C]
:0041A938 DC0D1CAA4100 fmul qword
ptr [0041AA1C]
:0041A93E DD5DA4
fstp qword ptr [ebp-5C]
:0041A941 66C745DC2C00 mov [ebp-24],
002C
:0041A947 8B55C0
mov edx, dword ptr [ebp-40]
:0041A94A 83C204
add edx, 00000004
:0041A94D 8D45F4
lea eax, dword ptr [ebp-0C]
:0041A950 E857900900 call
004B39AC
:0041A955 FF45E8
inc [ebp-18]
:0041A958 8D55F4
lea edx, dword ptr [ebp-0C]
:0041A95B 8B4508
mov eax, dword ptr [ebp+08]
:0041A95E E8C5910900 call
004B3B28
:0041A963 FF4DE8
dec [ebp-18]
:0041A966 8D45F4
lea eax, dword ptr [ebp-0C]
:0041A969 BA02000000 mov edx,
00000002
:0041A96E E885910900 call
004B3AF8
:0041A973 66C745DC0800 mov [ebp-24],
0008
:0041A979 EB3C
jmp 0041A9B7
:0041A97B 66C745DC3800 mov [ebp-24],
0038
:0041A981 BA820C4C00 mov edx,
004C0C82
:0041A986 8D45F0
lea eax, dword ptr [ebp-10]
:0041A989 E81E900900 call
004B39AC
:0041A98E FF45E8
inc [ebp-18]
:0041A991 8D55F0
lea edx, dword ptr [ebp-10]
:0041A994 8B4508
mov eax, dword ptr [ebp+08]
:0041A997 E88C910900 call
004B3B28
:0041A99C FF4DE8
dec [ebp-18]
:0041A99F 8D45F0
lea eax, dword ptr [ebp-10]
:0041A9A2 BA02000000 mov edx,
00000002
:0041A9A7 E84C910900 call
004B3AF8
:0041A9AC 66C745DC2800 mov [ebp-24],
0028
:0041A9B2 E87F610900 call
004B0B36
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041A979(U)
|
:0041A9B7 DD45A4
fld qword ptr [ebp-5C]
:0041A9BA DC052CAA4100 fadd qword
ptr [0041AA2C]
:0041A9C0 DD5DA4
fstp qword ptr [ebp-5C]
:0041A9C3 FF75C0
push [ebp-40]
:0041A9C6 E835B20800 call
004A5C00
:0041A9CB 59
pop ecx
:0041A9CC FF75C8
push [ebp-38]
:0041A9CF E82CB20800 call
004A5C00
:0041A9D4 59
pop ecx
:0041A9D5 FF4DE8
dec [ebp-18]
:0041A9D8 8D45F8
lea eax, dword ptr [ebp-08]
:0041A9DB BA02000000 mov edx,
00000002
:0041A9E0 E813910900 call
004B3AF8
:0041A9E5 FF4DE8
dec [ebp-18]
:0041A9E8 8D450C
lea eax, dword ptr [ebp+0C]
:0041A9EB BA02000000 mov edx,
00000002
:0041A9F0 E803910900 call
004B3AF8
:0041A9F5 8B4DCC
mov ecx, dword ptr [ebp-34]
:0041A9F8 64890D00000000 mov dword ptr fs:[00000000],
ecx
:0041A9FF 5F
pop edi
:0041AA00 5E
pop esi
:0041AA01 5B
pop ebx
:0041AA02 8BE5
mov esp, ebp
:0041AA04 5D
pop ebp
:0041AA05 C3
ret
相關文章
- 央視新聞《 大⃞發註冊碼邀請 》手機搜狐網2022-03-22
- 計算機網路基礎知識點快速複習手冊2019-02-18計算機網路
- 手機號碼簡訊驗證註冊2020-12-20
- 央視新聞《推薦彩神官方註冊邀請碼 》手機搜狐網2022-03-22
- 央視新聞《彩神註冊最高邀請碼下載 》手機搜狐網2022-03-22
- 央視新聞《鳳凰娛樂app註冊邀請碼 》手機搜狐網2022-03-22APP
- Nacos - 服務端處理註冊請求2021-01-05服務端
- 央視新聞《彩神8III邀請碼註冊下載 》手機搜狐網2022-03-22
- 央視新聞《彩神註冊邀請瑪最新》手機搜狐網2022-03-22
- 《新聞聯播》 推薦彩神彩神註冊邀請碼有哪些《手機搜狐網》2022-03-22
- 彩88APP通用註冊邀請碼2021-01-12APP
- 更新計算機處理器微碼2019-02-03計算機
- 央視新聞《 大⃞發平臺最高註冊邀請瑪 》手機搜狐網2022-03-22
- day79:luffy:註冊之對手機號的驗證&實現基本的註冊功能邏輯&點選獲取驗證碼&redis2020-10-30Redis
- 彩88APP通用註冊邀請碼是多少2021-01-12APP
- 央視新聞《穩定大⃞發最高註冊邀請瑪多少》手機搜狐網2022-03-22
- 央視新聞《正規大⃞發平臺註冊邀請瑪》手機搜狐網2022-03-22
- VMware註冊碼2018-10-18
- PhpStorm註冊碼2020-04-07PHPORM
- 購物商城註冊手機格式如何改成國際手機號格式2020-11-29
- 央視新聞《 大⃞發彩⃞票註冊的邀請瑪是多少 》手機搜狐網2022-03-22
- Navicat 15 最新破解版下載 永 久啟用註冊碼2023-12-08
- MaxCompute 圖計算使用者手冊(下)2019-04-19
- MaxCompute 圖計算使用者手冊(上)2019-04-19
- Viscosity for Mac 註冊碼:2019-09-19Mac
- Navicat for MySQL註冊碼2020-04-07MySql
- ShadowDefender 註冊碼 分析2024-08-17
- 【SpringBoot】服務對註冊中心的註冊時機2024-05-25Spring Boot
- 華為申請註冊METAVISION商標2022-03-13
- OpenCV計算機視覺學習(15)——淺談影像處理的飽和運算和取模運算2024-01-13OpenCV計算機視覺
- 《碼處高效:Java開發手冊》之程式碼風格2022-04-10Java
- 註冊中心 Eureka 原始碼解析 —— 應用例項註冊發現(一)之註冊2019-03-03原始碼
- 註冊頁面測試點2018-08-07
- SpringMVC原始碼之Handler註冊、獲取以及請求controller中方法2020-11-18SpringMVC原始碼Controller
- JavaScript 註冊事件處理函式2018-09-22JavaScript事件函式
- uniapp手機號認證註冊的一個頁面2024-06-18APP
- Abp 實現通過手機號註冊使用者2022-04-11
- 央視新聞《最新註冊快盈》手機搜狐網2022-03-22
- 計算機面試重難點之計算機網路2021-08-03面試計算機網路