《中華壓縮 6.01》註冊碼破解及序號產生器 (14千字)
《中華壓縮 6.01》註冊碼破解及序號產生器
小弟最近在學做序號產生器,所以看到論壇上有位大哥貼出它的註冊碼,並且說它very easy!所以小弟就想試試看了!如果這位大哥覺得我做的有不妥的地方,請呼我(QQ:15319522),小弟一定賠罪!
作者:RATARICE
工具:FI、BW2000、TRW2000 1.23、W32DSM89、TC 2.0
過程:
一、 用FI檢查軟體,發現是用ASPack v2.001加的殼。再用prodump和caspr脫殼無果好,想起大哥們的教誨,
於是用BW2000找到它的入口是:4FD8A4。好了,啟動TRW,下BPX 4FD8A4,PDUMP。OK!
二、 經過本人的一通折騰才找到註冊的程式碼,如下:
:004F3D27 90
nop
:004F3D28 55
push ebp
:004F3D29 8BEC
mov ebp, esp
:004F3D2B 33C9
xor ecx, ecx
:004F3D2D 51
push ecx
:004F3D2E 51
push ecx
:004F3D2F 51
push ecx
:004F3D30 51
push ecx
:004F3D31 53
push ebx
:004F3D32 8BD8
mov ebx, eax
:004F3D34 33C0
xor eax, eax
:004F3D36 55
push ebp
:004F3D37 68203E4F00 push 004F3E20
:004F3D3C 64FF30
push dword ptr fs:[eax]
:004F3D3F 648920
mov dword ptr fs:[eax], esp
:004F3D42 8D55F8
lea edx, dword ptr [ebp-08]
:004F3D45 8B83E4020000 mov eax, dword
ptr [ebx+000002E4]
:004F3D4B E840F2F3FF call 00432F90
:004F3D50 8B45F8
mov eax, dword ptr [ebp-08]
:004F3D53 50
push eax
:004F3D54 8D55F0
lea edx, dword ptr [ebp-10]
:004F3D57 8B83E0020000 mov eax, dword
ptr [ebx+000002E0]
:004F3D5D E82EF2F3FF call 00432F90
:004F3D62 8B55F0
mov edx, dword ptr [ebp-10]
:004F3D65 8D4DF4
lea ecx, dword ptr [ebp-0C]
:004F3D68 8BC3
mov eax, ebx
:004F3D6A E8C9010000 call 004F3F38
------------------->計算註冊碼,要追進去!
:004F3D6F 8B55F4
mov edx, dword ptr [ebp-0C]
:004F3D72 58
pop eax
:004F3D73 E8A403F1FF call 0040411C
:004F3D78 7576
jne 004F3DF0 -------------------->很明顯,跳就完蛋了!
:004F3D7A B201
mov dl, 01
將這裡nop掉,就可爆破!
:004F3D7C A174654700 mov eax,
dword ptr [00476574]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F3D12(C)
|
:004F3D81 E8EE28F8FF call 00476674
:004F3D86 8945FC
mov dword ptr [ebp-04], eax
:004F3D89 33C0
xor eax, eax
:004F3D8B 55
push ebp
:004F3D8C 68E93D4F00 push 004F3DE9
:004F3D91 64FF30
push dword ptr fs:[eax]
:004F3D94 648920
mov dword ptr fs:[eax], esp
:004F3D97 B101
mov cl, 01
* Possible StringData Ref from Code Obj ->"Software\XDZHAN\ChinaZip"
|
:004F3D99 BA343E4F00 mov edx,
004F3E34
:004F3D9E 8B45FC
mov eax, dword ptr [ebp-04]
:004F3DA1 E8B22AF8FF call 00476858
* Possible StringData Ref from Code Obj ->"Real Programmers Use Pascal!"
|
:004F3DA6 B9583E4F00 mov ecx,
004F3E58
* Possible StringData Ref from Code Obj ->"Key"
|
:004F3DAB BA803E4F00 mov edx,
004F3E80
:004F3DB0 8B45FC
mov eax, dword ptr [ebp-04]
:004F3DB3 E8E42EF8FF call 00476C9C
* Possible StringData Ref from Code Obj ->"軟體註冊成功,謝謝您的支援!"
|
:004F3DB8 B88C3E4F00 mov eax,
004F3E8C
:004F3DBD E8E243F6FF call 004581A4
:004F3DC2 A16C005000 mov eax,
dword ptr [0050006C]
:004F3DC7 8B00
mov eax, dword ptr [eax]
* Possible StringData Ref from Code Obj ->"中華壓縮(ChinaZip)―註冊版"
|
:004F3DC9 BAB03E4F00 mov edx,
004F3EB0
:004F3DCE E8EDF1F3FF call 00432FC0
:004F3DD3 33C0
xor eax, eax
:004F3DD5 5A
pop edx
:004F3DD6 59
pop ecx
:004F3DD7 59
pop ecx
:004F3DD8 648910
mov dword ptr fs:[eax], edx
:004F3DDB 68FA3D4F00 push 004F3DFA
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F3DEE(U)
|
:004F3DE0 8B45FC
mov eax, dword ptr [ebp-04]
:004F3DE3 E8DCF2F0FF call 004030C4
:004F3DE8 C3
ret
:004F3DE9 E936FAF0FF jmp 00403824
:004F3DEE EBF0
jmp 004F3DE0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F3D78(C)
|
* Possible StringData Ref from Code Obj ->"註冊碼不正確,無法註冊!"
|
:004F3DF0 B8D43E4F00 mov eax,
004F3ED4
:004F3DF5 E8AA43F6FF call 004581A4
:004F3DFA 33C0
xor eax, eax
:004F3DFC 5A
pop edx
:004F3DFD 59
pop ecx
:004F3DFE 59
pop ecx
:004F3DFF 648910
mov dword ptr fs:[eax], edx
:004F3E02 68273E4F00 push 004F3E27
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F3E25(U)
|
:004F3E07 8D45F0
lea eax, dword ptr [ebp-10]
:004F3E0A E87DFFF0FF call 00403D8C
:004F3E0F 8D45F4
lea eax, dword ptr [ebp-0C]
:004F3E12 E875FFF0FF call 00403D8C
:004F3E17 8D45F8
lea eax, dword ptr [ebp-08]
:004F3E1A E86DFFF0FF call 00403D8C
:004F3E1F C3
ret
:004F3E20 E9FFF9F0FF jmp 00403824
:004F3E25 EBE0
jmp 004F3E07
:004F3E27 5B
pop ebx
:004F3E28 8BE5
mov esp, ebp
:004F3E2A 5D
pop ebp
:004F3E2B C3
ret
************************追入CALL 004F3F38*************************
* Referenced by a CALL at Address:
|:004F3D6A
|
:004F3F38 55
push ebp
:004F3F39 8BEC
mov ebp, esp
:004F3F3B 6A00
push 00000000
:004F3F3D 6A00
push 00000000
:004F3F3F 6A00
push 00000000
:004F3F41 6A00
push 00000000
:004F3F43 6A00
push 00000000
:004F3F45 6A00
push 00000000
:004F3F47 6A00
push 00000000
:004F3F49 53
push ebx
:004F3F4A 56
push esi
:004F3F4B 57
push edi
:004F3F4C 894DF8
mov dword ptr [ebp-08], ecx
:004F3F4F 8955FC
mov dword ptr [ebp-04], edx
:004F3F52 8B45FC
mov eax, dword ptr [ebp-04]
:004F3F55 E86602F1FF call 004041C0
:004F3F5A 33C0
xor eax, eax
:004F3F5C 55
push ebp
:004F3F5D 6823404F00 push 004F4023
:004F3F62 64FF30
push dword ptr fs:[eax]
:004F3F65 648920
mov dword ptr fs:[eax], esp
:004F3F68 33F6
xor esi, esi
:004F3F6A 8D45F4
lea eax, dword ptr [ebp-0C]
:004F3F6D 8B55FC
mov edx, dword ptr [ebp-04]
:004F3F70 E8AFFEF0FF call 00403E24
:004F3F75 8B45F4
mov eax, dword ptr [ebp-0C]
:004F3F78 E88F00F1FF call 0040400C
-------------------->計算名字的長度
:004F3F7D 8BF8
mov edi, eax
:004F3F7F 85FF
test edi, edi -------------------->檢查長度是否等於0
:004F3F81 7E5A
jle 004F3FDD --------------------->等於就完蛋了!
:004F3F83 BB01000000 mov ebx,
00000001
~~~~~~~~~~~~~~~~~~~~~~~~~~~~開始計算~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F3FDB(C)
|
:004F3F88 8B45F4
mov eax, dword ptr [ebp-0C] ------>將名字的地址給EAX
:004F3F8B 8A4418FF mov
al, byte ptr [eax+ebx-01] ---->依次取出一個名字的程式碼
:004F3F8F E858FFFFFF call 004F3EEC
-------------------->計算該程式碼是不是質數
:004F3F94 84C0
test al, al ---------------------->是則al=1,反之al=0
:004F3F96 7425
je 004F3FBD ---------------------->不是質數就跳轉
:004F3F98 8D45E8
lea eax, dword ptr [ebp-18]-------
:004F3F9B 8B55F4
mov edx, dword ptr [ebp-0C] |
:004F3F9E 8A541AFF mov
dl, byte ptr [edx+ebx-01] |
:004F3FA2 E88DFFF0FF call 00403F34
| 如果是質數,將該程式碼轉化
:004F3FA7 8B45E8
mov eax, dword ptr [ebp-18] | 成大寫,若本來就是大寫則
:004F3FAA 8D55EC
lea edx, dword ptr [ebp-14] | 不變
:004F3FAD E8FA48F1FF call 004088AC
|
:004F3FB2 8B55EC
mov edx, dword ptr [ebp-14] |
:004F3FB5 8D45F0
lea eax, dword ptr [ebp-10] |
:004F3FB8 E85700F1FF call 00404014
--------------------
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F3F96(C)
|
:004F3FBD 83FB01
cmp ebx, 00000001 ---------------->看取的是不是第一個程式碼
:004F3FC0 740A
je 004F3FCC ---------------------->是就跳
:004F3FC2 8B45F4
mov eax, dword ptr [ebp-0C] ------>將名字的地址給EAX
:004F3FC5 0FB64418FE movzx eax,
byte ptr [eax+ebx-02] ->去前一個程式碼
:004F3FCA EB06
jmp 004F3FD2
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F3FC0(C)
|
:004F3FCC 8B45F4
mov eax, dword ptr [ebp-0C] ------| 若是第一個
:004F3FCF 0FB600
movzx eax, byte ptr [eax]---------| 則直接取得
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F3FCA(U)
|
:004F3FD2 8DB486A8000000 lea esi, dword ptr
[esi+4*eax+000000A8] ->將程式碼乘4加A8再
:004F3FD9 43
inc ebx
加ESI
:004F3FDA 4F
dec edi
:004F3FDB 75AB
jne 004F3F88 ---------------------------->迴圈直到把名字都
取完
~~~~~~~~~~~~~~~~~~~~~~~~~~~到這結束計算~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F3F81(C)
|
:004F3FDD 8D55E4
lea edx, dword ptr [ebp-1C]
:004F3FE0 8BC6
mov eax, esi
:004F3FE2 E8894CF1FF call 00408C70
-------------------->將ESI中的數轉為十進位制(2)
:004F3FE7 8B4DE4
mov ecx, dword ptr [ebp-1C] ------>轉化的結果
:004F3FEA 8D45F4
lea eax, dword ptr [ebp-0C]
:004F3FED 8B55F0
mov edx, dword ptr [ebp-10] ------>名字中為質數的大寫排列(1)
:004F3FF0 E86300F1FF call 00404058
-------------------->將(1)+(2)= 真註冊碼
:004F3FF5 8B45F8
mov eax, dword ptr [ebp-08] ------>假註冊碼
:004F3FF8 8B55F4
mov edx, dword ptr [ebp-0C] ------>真註冊碼
:004F3FFB E8E0FDF0FF call 00403DE0
:004F4000 33C0
xor eax, eax
:004F4002 5A
pop edx
:004F4003 59
pop ecx
:004F4004 59
pop ecx
:004F4005 648910
mov dword ptr fs:[eax], edx
:004F4008 682A404F00 push 004F402A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F4028(U)
|
:004F400D 8D45E4
lea eax, dword ptr [ebp-1C]
:004F4010 BA05000000 mov edx,
00000005
:004F4015 E896FDF0FF call 00403DB0
:004F401A 8D45FC
lea eax, dword ptr [ebp-04]
:004F401D E86AFDF0FF call 00403D8C
:004F4022 C3
ret
:004F4023 E9FCF7F0FF jmp 00403824
:004F4028 EBE3
jmp 004F400D
:004F402A 5F
pop edi
:004F402B 5E
pop esi
:004F402C 5B
pop ebx
:004F402D 8BE5
mov esp, ebp
:004F402F 5D
pop ebp
:004F4030 C3
ret
:004F4031 8D4000
lea eax, dword ptr [eax+00]
:004F4034 55
push ebp
:004F4035 8BEC
mov ebp, esp
:004F4037 33C0
xor eax, eax
:004F4039 55
push ebp
:004F403A 6859404F00 push 004F4059
:004F403F 64FF30
push dword ptr fs:[eax]
:004F4042 648920
mov dword ptr fs:[eax], esp
:004F4045 FF0518855200 inc dword ptr
[00528518]
:004F404B 33C0
xor eax, eax
:004F404D 5A
pop edx
:004F404E 59
pop ecx
:004F404F 59
pop ecx
:004F4050 648910
mov dword ptr fs:[eax], edx
:004F4053 6860404F00 push 004F4060
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004F405E(U)
|
:004F4058 C3
ret
:004F4059 E9C6F7F0FF jmp 00403824
:004F405E EBF8
jmp 004F4058
:004F4060 5D
pop ebp
:004F4061 C3
ret
:004F4062 8BC0
mov eax, eax
:004F4064 832D1885520001 sub dword ptr [00528518],
00000001
:004F406B C3
ret
三、既然已經瞭解了它的演算法就做它的序號產生器吧!由於C是自學的,所以底子不是很好,有什麼不對的地方還 請大哥們多指教了!!!
main()
{char a[30];
int i,b,c,esi=0,eax;
clrscr();
printf("********************The Chinazip 6.01 crack by RATARICE");
printf("********************\n\n");
printf("Please input your register name : \n");
gets(a);
printf("\n");
printf("You register code is : \n");
c=strlen(a);
for(i=0;i<c;i++)
{
for (b=2;b {if(a[i]%b==0) goto end;
else b++;}
if(a[i]<=122&&a[i]>=97) printf("%c",a[i]-32);
else printf("%c",a[i]);
end:;
}
i=0;
eax=a[0];
esi=eax*4+168;
for(i=1;i<c;i++)
{eax=a[i-1];
esi=esi+eax*4+168;
}
printf("%d\n",esi);
}
另外、當註冊成功後,它在登錄檔裡的
[HKEY_CURRENT_USER\Software\XDZHAN\ChinaZip]
填了這個:"Key"="Real Programmers Use Pascal!"
總算好了,大功告成!!!
相關文章
- 序號產生器給Keil註冊:ERROR R206: NO REGISTRY ACCESS, ADMINISTRATION RIGHTS REQUIRED2018-10-23ErrorUI
- Navicat序號產生器2018-08-20
- 序號產生器合集2024-03-17
- autocad2014序號產生器win10註冊不了最佳解決方法2020-09-17Win10
- Moho Pro 14 序號產生器啟用 附 安裝教程2023-11-22
- Myeclipse 6.5 序號產生器2020-04-06Eclipse
- vos3000 2.1.1.5 安裝包及序號產生器2019-04-04S3
- 2D動畫製作軟體:Moho Pro 14 for Mac 附序號產生器 圖文完整破解教程2023-11-27動畫Mac
- vmware12及vmware14註冊碼2020-04-06
- 分享一個navicat序號產生器2024-04-02
- win10如何執行序號產生器_win10怎麼執行序號產生器2020-08-28Win10
- 蘋果專用解壓縮:BetterZip 5 中文註冊安裝版(含註冊碼)2024-11-10蘋果
- WebStorm註冊碼+WebStorm破解版漢化最新「相容macos14」2023-12-26WebORMMac
- 密碼學-軟體加密技術和序號產生器制2020-04-06密碼學加密
- 最新JProfiler 14 Mac破解版 附註冊碼 完整圖文安裝教程2023-11-06Mac
- 好用的專案流程管理 OmniPlan Pro 4序號產生器破解版v4.62023-12-19
- Photoshop破解版百度網盤(百度雲)資源附序號產生器2022-01-09
- Navicat Premiumx64 使用序號產生器啟用2018-11-12REM
- SAP CRM One Order的事件序號產生器制2020-02-11事件
- Tower 最新註冊碼 Tower 破解下載2023-09-28
- 怎麼註冊華納賬號-191881908072021-04-18
- 華納賬號註冊-l84698718712021-04-17
- sublime text破解漢化版+sublime text註冊碼金鑰「支援最新mac14」2023-11-09Mac
- SAP CRM呼叫中心裡的事件序號產生器制2020-03-10事件
- 專業十六進位制編輯器推薦 010 Editor 序號產生器破解版最新v14.02023-11-27
- JS壓縮方法及批量壓縮2022-07-15JS
- 某穿牆輔助的註冊碼破解2018-03-10
- sublime text最新註冊碼 「sublime text中文破解版下載」相容最新macos142023-11-02Mac
- Jutoh 3.03.10中文版 電子書製作工具(序號產生器)2020-12-18
- 華納娛樂怎麼註冊賬號-191881908072021-04-18
- 華納平臺怎麼註冊賬號-191881937892021-04-17
- autocad2008序號產生器在win10中不能用怎麼解決2020-03-06Win10
- 破解某美容美髮管理系統加密狗、註冊碼、序列號的研究分析2018-06-14加密
- 最新JProfiler 14 Mac破解版(Java開發分析工具) 附註冊碼+完整圖文安裝教程2023-11-06MacJava
- BetterZip 5 for Mac(蘋果專用解壓縮軟體)5.3.4中文註冊版2023-11-24Mac蘋果
- 2D動畫製作軟體:Moho Pro 14 for Mac 附序號產生器v14.1啟用版2023-11-23動畫Mac
- 蘋果Mac壓縮解壓工具:Archiver 4 for Mac v4.0.0註冊啟用版2023-11-16蘋果MacHive
- jar包+註冊碼 破解Jetbrains IDEA 2017.2.1版本2018-05-14JARAIIdea
- IntelliJ IDEA 2023註冊碼漢化破解版最新2023-12-05IntelliJIdea