《teleport pro 1.28》破解實錄 !!高手莫進!! (5千字)
《teleport pro 1.28》破解實錄
破解人:RATARICE
工具:W32DSM89,TRW1.22,ULTRAEDIT-32
一、執行teleport pro(下簡稱tp),點help-->register...
your:RATARICE
company:peNcil grOup
sn:87654321 (都是瞎填的)
點OK!記下“we're sorry!”
二、執行W32DSM89,找到上面的話!摘抄的程式在下!
:0040E3D5 E8F6D60000 call 0041BAD0
:0040E3DA 83C404
add esp, 00000004
:0040E3DD 3BC5
cmp eax, ebp
:0040E3DF 0F85B2000000 jne 0040E497
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^------------------>909090909090
:0040E3E5 6AFF
push FFFFFFFF
:0040E3E7 53
push ebx
* Possible Reference to String Resource ID=03022: "Thank you! Your copy
of Teleport Pro is now registered. Al"
|
:0040E3E8 68CE0B0000 push 00000BCE
:0040E3ED E87C190500 call 0045FD6E
:0040E3F2 A18CA24800 mov eax,
dword ptr [0048A28C]
:0040E3F7 8898A4020000 mov byte ptr
[eax+000002A4], bl
:0040E3FD A18CA24800 mov eax,
dword ptr [0048A28C]
:0040E402 8898A5020000 mov byte ptr
[eax+000002A5], bl
:0040E408 391DC4114900 cmp dword ptr
[004911C4], ebx
:0040E40E 740B
je 0040E41B
:0040E410 A1C4114900 mov eax,
dword ptr [004911C4]
:0040E415 8898520F0000 mov byte ptr
[eax+00000F52], bl
.
.
.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040E3DF(C)
^^^^^^^^
|
:0040E497 8B07
mov eax, dword ptr [edi]
:0040E499 8378F800 cmp
dword ptr [eax-08], 00000000
:0040E49D 7513
jne 0040E4B2
:0040E49F 6A00
push 00000000
:0040E4A1 6A00
push 00000000
* Possible StringData Ref from Data Obj ->"You must enter your username in "
->"the Name field,
exactly as you "
->"spelled it
when you registered, "
->"in order for
the registration "
->"code to work."
|
:0040E4A3 688CB04800 push 0048B08C
:0040E4A8 E8A2180500 call 0045FD4F
:0040E4AD 5D
pop ebp
:0040E4AE 5F
pop edi
:0040E4AF 5E
pop esi
:0040E4B0 5B
pop ebx
:0040E4B1 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040E49D(C)
^^^^^^^^
|
:0040E4B2 50
push eax
:0040E4B3 E818D60000 call 0041BAD0
:0040E4B8 83C404
add esp, 00000004
:0040E4BB 85C0
test eax, eax
:0040E4BD 7513
jne 0040E4D2
:0040E4BF 6A00
push 00000000
:0040E4C1 6A00
push 00000000
* Possible StringData Ref from Data Obj ->"You haven't entered a valid username.
"
->" Your username
must be at least "
->"six letters
long."
|
:0040E4C3 6834B04800 push 0048B034
:0040E4C8 E882180500 call 0045FD4F
:0040E4CD 5D
pop ebp
:0040E4CE 5F
pop edi
:0040E4CF 5E
pop esi
:0040E4D0 5B
pop ebx
:0040E4D1 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040E4BD(C)
^^^^^^^^
|
:0040E4D2 6AFF
push FFFFFFFF
:0040E4D4 6A00
push 00000000
* Possible Reference to String Resource ID=03023: "We're sorry! The registration
number you entered appears to"
|
:0040E4D6 68CF0B0000 push 00000BCF
:0040E4DB E88E180500 call 0045FD6E
用ULTRAEDIT改完後,執行,提示“thank you...”,但下次執行時還需註冊!
由於本人學藝不精,找不到標記點!又想將其註冊為之己用,遂叫出TRW2000!
三、執行TRW2000,再執行TELEPORT,填好註冊專案。
ctrl+N, bpx hmemcpy ,ctrl+N
點OK,彈出TRW,下bd *,pmodule,按3次F12(4次出錯)。
按F10,下F9設斷!程式如下:
015F:0040E397 FLD TWORD [EDX+01]
015F:0040E39A CALL 0045944B
015F:0040E39F PUSH BYTE +0A
015F:0040E3A1 MOV EAX,[ESI+DD]
015F:0040E3A7 PUSH EBX
015F:0040E3A8 PUSH EAX
015F:0040E3A9 CALL 00442800
015F:0040E3AE ADD ESP,BYTE +0C
015F:0040E3B1 MOV EBP,EAX
015F:0040E3B3 MOV EAX,[0048A28C]
015F:0040E3B8 CMP [EAX+02A4],BL
015F:0040E3BE JZ NEAR 0040E48B
015F:0040E3C4 TEST EBP,EBP
015F:0040E3C6 JZ NEAR 0040E48B
015F:0040E3CC LEA EDI,[ESI+D5]
015F:0040E3D2 MOV EAX,[EDI]
015F:0040E3D4 PUSH EAX
015F:0040E3D5 CALL 0041BAD0
015F:0040E3DA ADD ESP,BYTE +04
015F:0040E3DD CMP EAX,EBP
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 下?eax 可看到真註冊碼
下?ebp 可看到假註冊碼
015F:0040E3DF JNZ NEAR 0040E497
015F:0040E3E5 PUSH BYTE -01
四、總結
1、 爆破法:將0F85B2000000――――――――――>909090909090 (但每次啟動仍需註冊)
2、 註冊碼:
本人的為:your: RATARICE
company:
peNcil grOup
registration: 1156637346
相關文章
- Teleport Pro破解實戰錄 (6千字)2000-05-28
- RegHance v1.1破解實錄 (5千字)2001-03-26
- 某電子書註冊破解實錄,高手莫入。 (6千字)2002-10-05
- 破解實錄(四)之 NoteTab Pro Trial 4.81 (3千字)2000-07-18
- 菜鳥破解實錄 之Terrapin FTP Browser (5千字)2000-09-09APIFTP
- 菜鳥破解錄(17)之 BackupXpress Pro (3千字)2000-08-05
- 破解XFtpSvr =====> 請進 (5千字)2001-07-01FTPVR
- 菜鳥破解實錄(16)之 CD Box Labeler Pro (4千字)2000-08-03
- see This 破解實戰! (5千字)2000-06-26
- iTime 破解實錄 (15千字)2001-04-26
- 瘋狂單詞破解實錄(初學者請進!) (9千字)2000-08-24
- Gifline破解實錄 (4千字)2001-08-05
- Icontoy3.1破解紀錄(上) (5千字)2000-12-29
- NetTalk破解與序號產生器(高手勿進) (10千字)2001-09-20
- **********.exe註冊碼演算法分析--高手莫笑 (31千字)2015-11-15演算法
- crackme破解教程(續) (高手莫入) (2千字)2001-03-17
- *****管理專家 V1.05版破解實錄 ,敬請高手指點,謝謝!!!
(12千字)2002-10-16
- PolyView 破解 (5千字)2000-12-31View
- 破解MyMahj (5千字)2001-06-20
- 詞彙終結者破解實錄 (7千字)2000-08-13
- 為Asp-Loader增加命令列功能,高手莫笑 (7千字)2002-10-15命令列
- vfp&exe加密程式破解實錄 (1千字)2001-08-17加密
- KeyGhost V3.2 破解實錄 (11千字)2000-08-17
- 破解TurboLaunch 4.04 (5千字)2001-06-06
- Teleport
pro 演算法簡單分析2004-07-15演算法
- 異想天開的打狗記錄(高手免進) (12千字)2002-07-17
- 破解實戰(三)之 WinZip8.0 (5千字)2000-07-17
- Vopt99另類破解實戰錄
(3千字)2000-09-27
- 破解實錄(六)之 1toX 1.63 (6千字)2000-07-20
- 破解 周公解夢2.11 實戰錄 (3千字)2000-08-22
- 破解WS_FTP Pro 7.02 (8千字)2001-10-28FTP
- 破解入門5 (3千字)2000-09-23
- duelist crackme 1 破解 (5千字)2000-10-16
- IPTools 1.10 破解 (5千字)2001-02-11
- 如何破解CuteFTP 4.0 (5千字)2000-07-20FTP
- 《ICONSCAN 2.4》註冊碼破解 高手莫入! (3千字)2001-05-06
- 《MAGICWIN RELEASE 1.2》註冊碼破解 高手莫入! (2千字)2001-05-07
- 再談小李登錄檔大師 v1.11的註冊以及另類序號產生器的編寫 -高手莫進 (4千字)2001-10-07