檔案密使2.0暴力破解及序號產生器的編寫―好久沒寫過東西了。 (11千字)
檔案密使2.0暴力破解及序號產生器
說明:如何保護資訊的安全使之不被竊取,而造成損失,密碼是有效而且可行的辦法。檔案密使就是在這種理念下產生的一個對計算機資訊進行加密的工具。
下載:http://www.esoftware.com.cn/oload.php?url=http://ftp.eware.com.cn/pub/fmanager/encrypt/jiamiV2.0.exe
一、暴力破解法
很簡單,只用wdasm893即可,用那個可以反編譯漢字的版本。
查詢“檔案密使2.0 - ”,可找到2處,該字串是顯示在窗體的標題欄的。其中一處是啟動時判斷有沒有註冊後顯示的;一處是註冊成功後顯示的。
下面是啟動時判斷註冊成功後顯示處:
* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:004080DE E8D5290100 Call 0041AAB8
:004080E3 8BCD
mov ecx, ebp
:004080E5 E8069F0000 call 00411FF0
**進去便是判斷註冊的程式**
:004080EA 33C9
xor ecx, ecx
:004080EC 3BC1
cmp eax, ecx
:004080EE 7454
je 00408144 **該處便是跳到顯示未註冊處程式碼**
**只要講該處的程式碼NOP掉就可以了**
:004080F0 B801000000 mov eax,
00000001
:004080F5 57
push edi
:004080F6 894668
mov dword ptr [esi+68], eax
:004080F9 898630130000 mov dword ptr
[esi+00001330], eax
:004080FF 8986E4280000 mov dword ptr
[esi+000028E4], eax
:00408105 8D442418 lea
eax, dword ptr [esp+18]
* Possible StringData Ref from Data Obj ->"檔案密使2.0 - "
|
:00408109 681C854200 push 0042851C
:0040810E 50
push eax
* Reference To: MFC42.Ordinal:039E, Ord:039Eh
|
:0040810F E8722B0100 Call 0041AC86
:00408114 8B00
mov eax, dword ptr [eax]
:00408116 8BCE
mov ecx, esi
:00408118 50
push eax
:00408119 C78424C001000004000000 mov dword ptr [esp+000001C0], 00000004
若有人想來個完美的暴破,也可以到下處:
* Reference To: MFC42.Ordinal:0217, Ord:0217h
|
:00415CB5 E8FE4D0000 Call 0041AAB8
:00415CBA 8D8E50160000 lea ecx, dword
ptr [esi+00001650]
:00415CC0 E82BC3FFFF call 00411FF0
:00415CC5 85C0
test eax, eax
:00415CC7 752E
jne 00415CF7 **將此處跳過即可任意註冊**
**其實只是在登錄檔內填了個註冊名罷了8-)**
:00415CC9 6A40
push 00000040
* Possible StringData Ref from Data Obj ->"warning"
|
:00415CCB 6890814200 push 00428190
* Possible StringData Ref from Data Obj ->"註冊碼錯誤,請重新輸入"
|
:00415CD0 68008F4200 push 00428F00
:00415CD5 8BCB
mov ecx, ebx
總結一下:
1、:004080EE 7454 ---->9090
2、:00415CC7 752E ---->eb2e
二、序號產生器的編寫
此處便是:004080E5處 call 00411FF0裡面的內容,該處的內容在啟動和註冊時都要用到。
是判斷的核心。
:00411FF0 6AFF
push FFFFFFFF
:00411FF2 6878E04100 push 0041E078
:00411FF7 64A100000000 mov eax, dword
ptr fs:[00000000]
:00411FFD 50
push eax
:00411FFE 64892500000000 mov dword ptr fs:[00000000],
esp
:00412005 83EC24
sub esp, 00000024
:00412008 55
push ebp
:00412009 56
push esi
:0041200A 57
push edi
:0041200B 8B7C2440 mov
edi, dword ptr [esp+40]
:0041200F 33ED
xor ebp, ebp
:00412011 896C240C mov
dword ptr [esp+0C], ebp
:00412015 8B77F8
mov esi, dword ptr [edi-08] **註冊名長度**
:00412018 85F6
test esi, esi
:0041201A 7527
jne 00412043
:0041201C 8D4C2440 lea
ecx, dword ptr [esp+40]
:00412020 C7442438FFFFFFFF mov [esp+38], FFFFFFFF
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:00412028 E895890000 Call 0041A9C2
:0041202D 5F
pop edi
:0041202E 5E
pop esi
:0041202F 33C0
xor eax, eax
:00412031 5D
pop ebp
:00412032 8B4C2424 mov
ecx, dword ptr [esp+24]
:00412036 64890D00000000 mov dword ptr fs:[00000000],
ecx
:0041203D 83C430
add esp, 00000030
:00412040 C20800
ret 0008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041201A(C)
|
:00412043 83FE20
cmp esi, 00000020 **長度與32比較**
:00412046 7E05
jle 0041204D
:00412048 BE20000000 mov esi,
00000020
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00412046(C)
|
:0041204D 33C0
xor eax, eax
:0041204F 85F6
test esi, esi
:00412051 7E14
jle 00412067
:00412053 8D4C2410 lea
ecx, dword ptr [esp+10]
:00412057 2BF9
sub edi, ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00412065(C)
|
:00412059 8D540410 lea
edx, dword ptr [esp+eax+10]
:0041205D 40
inc eax
:0041205E 3BC6
cmp eax, esi
:00412060 8A0C17
mov cl, byte ptr [edi+edx]
:00412063 880A
mov byte ptr [edx], cl **將名字放入[edx]處**
:00412065 7CF2
jl 00412059
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00412051(C)
|
:00412067 83FE20
cmp esi, 00000020
:0041206A 53
push ebx
:0041206B 8BCE
mov ecx, esi
:0041206D 7D30
jge 0041209F
:0041206F 8D7C2414 lea
edi, dword ptr [esp+14]
:00412073 8D6C2414 lea
ebp, dword ptr [esp+14]
:00412077 4F
dec edi
:00412078 2BEF
sub ebp, edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00412099(C)
|
:0041207A 8A1C0F
mov bl, byte ptr [edi+ecx] **取名字最後一位**
:0041207D 8D340F
lea esi, dword ptr [edi+ecx]
:00412080 8BC3
mov eax, ebx
:00412082 25FF000000 and eax,
000000FF
:00412087 99
cdq
:00412088 F7F9
idiv ecx
:0041208A 8BD0
mov edx, eax
:0041208C 8AC3
mov al, bl
:0041208E F6E9
imul cl
:00412090 02D0
add dl, al
:00412092 41
inc ecx
:00412093 83F920
cmp ecx, 00000020
:00412096 88142E
mov byte ptr [esi+ebp], dl
:00412099 7CDF
jl 0041207A
此處以上為取名字最後一位,做運算,再用運算結果重複運算,每運算一次生成一個數寫入到名字後面的記憶體中,生成一張表,加上名字共32個位元組。
:0041209B 8B6C2410 mov
ebp, dword ptr [esp+10]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041206D(C)
|
:0041209F 33FF
xor edi, edi
:004120A1 33F6
xor esi, esi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004120D6(C)
|
:004120A3 8BC6
mov eax, esi
:004120A5 33C9
xor ecx, ecx
:004120A7 99
cdq
:004120A8 83E203
and edx, 00000003
:004120AB C6443C1000 mov [esp+edi+10],
00
:004120B0 03C2
add eax, edx
:004120B2 C1F802
sar eax, 02
:004120B5 8D440414 lea
eax, dword ptr [esp+eax+14]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004120CA(C)
|
:004120B9 8A1408
mov dl, byte ptr [eax+ecx]**依次取剛才生成
:004120BC 8A5C3C10 mov
bl, byte ptr [esp+edi+10] 的表的各位元組**
:004120C0 32DA
xor bl, dl **倆倆異或**
:004120C2 41
inc ecx
:004120C3 83F908
cmp ecx, 00000008
:004120C6 885C3C10 mov
byte ptr [esp+edi+10], bl
:004120CA 7CED
jl 004120B9
:004120CC 83C620
add esi, 00000020
:004120CF 47
inc edi
:004120D0 81FE80000000 cmp esi, 00000080
:004120D6 7CCB
jl 004120A3
此前一小段是將該記憶體表的各位元組8個一組,依次異或,共生成4個數,依次填到名字前的四個位元組中。將該四個數倒過來(即離名字最近的一位為高位),轉為10進位制即是註冊碼。
:004120D8 B803000000 mov eax,
00000003
:004120DD 5B
pop ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004120EE(C)
|
:004120DE 33C9
xor ecx, ecx
:004120E0 8A4C040C mov
cl, byte ptr [esp+eax+0C]
:004120E4 03E9
add ebp, ecx
:004120E6 85C0
test eax, eax
:004120E8 7406
je 004120F0
:004120EA C1E508
shl ebp, 08
:004120ED 48
dec eax
:004120EE 79EE
jns 004120DE
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004120E8(C)
|
:004120F0 8B542444 mov
edx, dword ptr [esp+44]
:004120F4 8D4C2440 lea
ecx, dword ptr [esp+40]
:004120F8 2BEA
sub ebp, edx
:004120FA C7442438FFFFFFFF mov [esp+38], FFFFFFFF
:00412102 F7DD
neg ebp
:00412104 1BED
sbb ebp, ebp
:00412106 45
inc ebp
:00412107 8BF5
mov esi, ebp
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:00412109 E8B4880000 Call 0041A9C2
:0041210E 8B4C2430 mov
ecx, dword ptr [esp+30]
:00412112 8BC6
mov eax, esi
:00412114 5F
pop edi
:00412115 5E
pop esi
:00412116 5D
pop ebp
:00412117 64890D00000000 mov dword ptr fs:[00000000],
ecx
:0041211E 83C430
add esp, 00000030
:00412121 C20800
ret 0008
上面主要是討論了名字長度不大於32位的時候,若大於則只取前32位,便用該32位做表,以後過程與小於32位的相同。
下面是序號產生器,用TC2寫的,我的C很爛,所以估計很難看懂8-)。
main()
{int i,k,num1,num2,num3,a[32];long num4,b[4];
char name[32];
printf("Jiami v2.0 Keymaker by KanKer.\n");
printf("\n*********************************\n");
printf("\nWelcome to visit my homepage:\nhttp://kanker.ccoo.com.");
printf("\n\n**********************************\n");
printf("\nPlease input your name(length<=32):");
gets(name);
i=strlen(name);
if (i<0x20)
{num4=name[i-1];
for(k=i;k<0x20;k++)
{num1=num4;
num1=num1&0xff;
num2=num1/k;
num3=(num1*k)%0x100;
num4=num2+num3;
a[k]=num4%0x100;
}
}
for(k=0;k<i;k++)
a[k]=name[k];
/**************************/
num4=1;
for(i=0;i<4;i++)
{
num3=0;
for(k=8*i;k<8*i+8;k++)
{num1=num3;
num2=a[k];
num3=num2^num1;
}
b[i]=num3*num4;
num4=num4*0x100;
}
num4=0;
for(i=3;i>=0;i--)
num4=num4+b[i];
printf("Your regcode is: %ld",num4);}
但用此序號產生器注出來有很多是負數,這在程式註冊時是輸不進去的,大概是原程式本身的問題吧?所以只能找個能注出正數的名字來註冊了,呵呵。
Cracked by KanKer
http://kanker.ccoo.com
相關文章
- AlgoLab PtVector的破解及序號產生器的編寫 (17千字)2001-05-04Go
- hellfire2000破解過程及序號產生器的編寫(上) (4千字)2001-01-19
- 美萍安全衛士V8.45序號產生器制作分析過程,及序號產生器! (11千字)2001-10-28
- 好久沒來,貼個安全衛士序號產生器(masm6.0) (10千字)2001-12-05ASM
- Kalua Cocktails 1.1完全破解,內附彙編序號產生器(用序號產生器編寫器,並有它的使用教程)
(22千字)2002-02-27AI
- 用C++編寫序號產生器的一點技巧2015-11-15C++
- 製作mIRC6.02序號產生器(給別人寫的初學者序號產生器教材) (14千字)2015-11-15
- 菜鳥 學序號產生器編寫之 Android app2015-06-23AndroidAPP
- SitMan v2.0 beta版的序號產生器(TC2.0編譯) (3千字)2001-10-28編譯
- 破解QQ圖形留言器3.0(不是OICQ圖形留言系統)及序號產生器編寫!! (6千字)2001-07-15
- 序號產生器寫作教學。奉賢給想加入CCG和BCG的朋友。 (11千字)2001-10-21
- winzip序號產生器 (1千字)2001-04-12
- 再談小李登錄檔大師 v1.11的註冊以及另類序號產生器的編寫 -高手莫進 (4千字)2001-10-07
- 我來寫UltraEdit 9.00 簡繁雙語第二版的破解過程,誰來寫序號產生器 (3千字)2002-01-26
- winzip的通用序號產生器 (2千字)2001-12-10
- 音樂處理acoustica2.0註冊碼破解及序號產生器 (8千字)2002-04-06
- 序號產生器制分析: (1千字)2001-11-19
- 續未完成破解,寫出它的序號產生器,3k。。。 (8千字)2001-07-09
- BadCopy99V2.0序號產生器(MASM版) --by fpx
(4千字)2002-07-22ASM
- Resource
Builder 1.1.0 完全破解~~附彙編序號產生器 (10千字)2015-11-15UI
- 翻譯一篇寫序號產生器的教程!大俠就不要看了 (5千字)2001-07-18
- 我寫了一個Winzip8.0的序號產生器供大家參考 (225字)2001-04-09
- 破解accoustica
2.21(帶序號產生器)----讓高手見笑了:) (11千字)2002-03-31
- 序號產生器合集2024-03-17
- supercapture3.0的版序號產生器!
(4千字)2002-04-23APT
- Audio compositor註冊碼及序號產生器 (5千字)2002-04-06
- mIRC v5.81版註冊碼演算法分析和序號產生器編寫2000-12-11演算法
- UltraEdit-32 8.10.1.0的破解及序號產生器的生成 (15千字)2001-05-15
- Gif2Swf Ver 2.1 TC20序號產生器 && MASM32序號產生器 (4千字)2001-12-10ASM
- 網頁加密器(HTMLEncryptor1.1)破解及序號產生器 (1千字)2001-04-22網頁加密HTML
- NetTerm 4.2.c註冊過程分析及序號產生器制作SBS (6千字)2015-11-15
- EmEditor V3.29和它的序號產生器 (12千字)2015-11-15
- “我們都愛背單詞”簡易破解及序號產生器的寫法 (608字)2001-04-25
- GetSmart暴力破解手記-----有誰願意寫追註冊碼和序號產生器!下載http://sffs.6to23.com
(6千字)2001-02-07HTTP
- 密碼擷取網路版1.0序號產生器(VB寫的) (345字)2001-04-28密碼
- IrfanView 序號產生器分析(初級版)
(13千字)2015-11-15View
- 我貼出程式碼段。。不再寫序號產生器了,演算法很簡單,你看看應該就會了 (7千字)2001-01-04演算法
- 好久沒有寫部落格了,發現Live Writer也更新了2014-03-06