Guitar Pro v3.0 的破文 (11千字)
下載:http://211.152.134.220/guitarpp/yu/GuitarPro300.zip
用 dede 找出“確定”按鈕的地址 004CEC8C 用 trw2k 下斷,
輸入註冊資訊,使用者名稱:LANCELOT[CCG] 註冊碼:12345-67890-434343
按確定到這裡
=================================================================================================
004CEC8C 55
push ebp
004CEC8D 8BEC
mov ebp, esp
004CEC8F 81C4E8FEFFFF add
esp, $FFFFFEE8
004CEC95 53
push ebx
004CEC96 56
push esi
004CEC97 57
push edi
004CEC98 33C9
xor ecx, ecx
004CEC9A 898DECFEFFFF mov
[ebp+$FFFFFEEC], ecx
004CECA0 898DE8FEFFFF mov
[ebp+$FFFFFEE8], ecx
004CECA6 894DFC
mov [ebp-$04], ecx
004CECA9 894DF8
mov [ebp-$08], ecx
004CECAC 894DF4
mov [ebp-$0C], ecx
004CECAF 894DF0
mov [ebp-$10], ecx
004CECB2 8BD8
mov ebx, eax
004CECB4 33C0
xor eax, eax
004CECB6 55
push ebp
* Possible String Reference to: '檑G?脎_^[]?
|
004CECB7 68FCEE4C00 push
$004CEEFC
***** TRY
|
004CECBC 64FF30
push dword ptr fs:[eax]
004CECBF 648920
mov fs:[eax], esp
004CECC2 8D55F8
lea edx, [ebp-$08]
* Reference to control TFLicence.Cle1 : TEdit
|
004CECC5 8B83E4020000 mov
eax, [ebx+$02E4]
* Reference to: controls.TControl.GetText(TControl):System.String;<-------讀取註冊碼的第1段
|
12345
004CECCB E81C74F6FF call
004360EC
004CECD0 FF75F8
push dword ptr [ebp-$08]
004CECD3 8D55F4
lea edx, [ebp-$0C]
* Reference to control TFLicence.Cle2 : TEdit
|
004CECD6 8B83EC020000 mov
eax, [ebx+$02EC]
* Reference to: controls.TControl.GetText(TControl):System.String;<-------讀取註冊碼的第2段
|
67890
004CECDC E80B74F6FF call
004360EC
004CECE1 FF75F4
push dword ptr [ebp-$0C]
004CECE4 8D55F0
lea edx, [ebp-$10]
* Reference to control TFLicence.Cle3 : TEdit
|
004CECE7 8B83F4020000 mov
eax, [ebx+$02F4]
* Reference to: controls.TControl.GetText(TControl):System.String;<-------讀取註冊碼的第3段
|
43434
004CECED E8FA73F6FF call
004360EC
004CECF2 FF75F0
push dword ptr [ebp-$10]
004CECF5 8D45FC
lea eax, [ebp-$04]
004CECF8 BA03000000 mov
edx, $00000003
* Reference to: system.@LStrCatN;<----------------------------------------連線在一起
|
123456789043434
004CECFD E8DA52F3FF call
00403FDC
004CED02 8B45FC
mov eax, [ebp-$04]
004CED05 50
push eax
004CED06 8D55F8
lea edx, [ebp-$08]
* Reference to control TFLicence.Nom : TLabel
|
004CED09 8B83CC020000 mov
eax, [ebx+$02CC]
* Reference to: controls.TControl.GetText(TControl):System.String;<--------讀取使用者名稱
|
004CED0F E8D873F6FF call
004360EC
004CED14 8B45F8
mov eax, [ebp-$08]
004CED17 B92C010000 mov
ecx, $0000012C
004CED1C 5A
pop edx
|
004CED1D E8EECC0800 call
0055BA10<-------------------------核心計算,跟進去
===============================================================================================
0055BA10 55
push ebp
0055BA11 8BEC
mov ebp, esp
0055BA13 83C4EC
add esp, -$14
0055BA16 53
push ebx
0055BA17 56
push esi
0055BA18 57
push edi
0055BA19 33DB
xor ebx, ebx
0055BA1B 895DF0
mov [ebp-$10], ebx
0055BA1E 895DEC
mov [ebp-$14], ebx
0055BA21 894DF4
mov [ebp-$0C], ecx
0055BA24 8955F8
mov [ebp-$08], edx
0055BA27 8945FC
mov [ebp-$04], eax
0055BA2A 8B45FC
mov eax, [ebp-$04]
* Reference to: system.@LStrAddRef;
|
0055BA2D E89E86EAFF call
004040D0
0055BA32 8B45F8
mov eax, [ebp-$08]
* Reference to: system.@LStrAddRef;
|
0055BA35 E89686EAFF call
004040D0
0055BA3A 33C0
xor eax, eax
0055BA3C 55
push ebp
0055BA3D 68D7BC5500 push
$0055BCD7
***** TRY
|
0055BA42 64FF30
push dword ptr fs:[eax]
0055BA45 648920
mov fs:[eax], esp
0055BA48 33DB
xor ebx, ebx
0055BA4A 837DFC00 cmp
dword ptr [ebp-$04], +$00
0055BA4E 740D
jz 0055BA5D
0055BA50 8B45F8
mov eax, [ebp-$08]
* Reference to: system.@LStrLen:Integer;
| or: system.@DynArrayLength;
| or: system.DynArraySize(Pointer):Integer;
|
0055BA53 E8C484EAFF call
00403F1C
0055BA58 83F80F
cmp eax, +$0F
0055BA5B 7407
jz 0055BA64
0055BA5D 33DB
xor ebx, ebx
0055BA5F E94B020000 jmp
0055BCAF
0055BA64 33FF
xor edi, edi
0055BA66 8B45FC
mov eax, [ebp-$04]
* Reference to: system.@LStrLen:Integer;
| or: system.@DynArrayLength;
| or: system.DynArraySize(Pointer):Integer;
|
0055BA69 E8AE84EAFF call
00403F1C
0055BA6E 8BF0
mov esi, eax
0055BA70 85F6
test esi, esi
0055BA72 7E21
jle 0055BA95
0055BA74 B901000000 mov
ecx, $00000001
0055BA79 8B45FC
mov eax, [ebp-$04]
0055BA7C 0FB64408FF movzx
eax, byte ptr [eax+ecx-$01]<-------使用者名稱的第一個字 L==0x4c
0055BA81 F7E9
imul ecx<-------------------------------乘上序號
0055BA83 03F8
add edi, eax<--------------------------和加上edi中的值
0055BA85 8BC7
mov eax, edi
0055BA87 BFE8030000 mov
edi, $000003E8
0055BA8C 99
cdq
0055BA8D F7FF
idiv edi<-------------------------------和除去 0x3e8
0055BA8F 8BFA
mov edi, edx<--------------------------餘數放到edi
0055BA91 41
inc ecx
0055BA92 4E
dec esi
0055BA93 75E4
jnz 0055BA79<--------------------------迴圈計算,使用者名稱的13個字母
0055BA95 85FF
test edi, edi
0055BA97 7505
jnz 0055BA9E
0055BA99 BF01000000 mov
edi, $00000001
0055BA9E 8B45F4
mov eax, [ebp-$0C]<---------------------0x12c
0055BAA1 2DDC000000 sub
eax, $000000DC<---------------------0x12c-0xdc==0x50
0055BAA6 03C7
add eax, edi<---------------------------0x50+0x15==0x65
0055BAA8 40
inc eax<--------------------------------0x65+0x1==0x66
0055BAA9 B9E8030000 mov
ecx, $000003E8
0055BAAE 99
cdq
0055BAAF F7F9
idiv ecx
0055BAB1 8BFA
mov edi, edx<-------------------------- 0x66
0055BAB3 8D45F0
lea eax, [ebp-$10]
0055BAB6 8B55F8
mov edx, [ebp-$08]
0055BAB9 8A520A
mov dl, byte ptr [edx+$0A]<--------------註冊碼的第11位
* Reference to: system.@LStrFromChar(String;Char);
| or: system.@LStrFromWChar(String;WideChar);
| or: system.@WStrFromChar(WideString;Char);
| or: system.@WStrFromWChar(WideString;WideChar);
|
0055BABC E88383EAFF call
00403E44
0055BAC1 8B45F0
mov eax, [ebp-$10]
0055BAC4 50
push eax
0055BAC5 8D45EC
lea eax, [ebp-$14]
0055BAC8 8B55F8
mov edx, [ebp-$08]
0055BACB 8A12
mov dl, byte ptr [edx]<--------------註冊碼的第1位
* Reference to: system.@LStrFromChar(String;Char);
| or: system.@LStrFromWChar(String;WideChar);
| or: system.@WStrFromChar(WideString;Char);
| or: system.@WStrFromWChar(WideString;WideChar);
|
0055BACD E87283EAFF call
00403E44
0055BAD2 8B45EC
mov eax, [ebp-$14]
* Reference to: sysutils.StrToInt(System.AnsiString):System.Integer;
|
0055BAD5 E8CAD4EAFF call
00408FA4
0055BADA 8BF0
mov esi, eax
0055BADC 8D45EC
lea eax, [ebp-$14]
0055BADF 8B55F8
mov edx, [ebp-$08]
0055BAE2 8A5201
mov dl, byte ptr [edx+$01]<--------------註冊碼的第2位
* Reference to: system.@LStrFromChar(String;Char);
| or: system.@LStrFromWChar(String;WideChar);
| or: system.@WStrFromChar(WideString;Char);
| or: system.@WStrFromWChar(WideString;WideChar);
|
0055BAE5 E85A83EAFF call
00403E44
0055BAEA 8B45EC
mov eax, [ebp-$14]
* Reference to: sysutils.StrToInt(System.AnsiString):System.Integer;
|
0055BAED E8B2D4EAFF call
00408FA4
0055BAF2 03F0
add esi, eax<--------------註冊碼的第1,2位之和
0055BAF4 8BC6
mov eax, esi
0055BAF6 F7EF
imul edi<-------------------乘上0x66
0055BAF8 B90A000000 mov
ecx, $0000000A<--------除與 0xa
0055BAFD 99
cdq
0055BAFE F7F9
idiv ecx
0055BB00 8BC2
mov eax, edx<-------------餘數放在eax
0055BB02 8D55EC
lea edx, [ebp-$14]
* Reference to: sysutils.IntToStr(System.Integer):System.AnsiString;overload;
|
0055BB05 E836D4EAFF call
00408F40
0055BB0A 8B55EC
mov edx, [ebp-$14]
0055BB0D 58
pop eax
* Reference to: system.@LStrCmp;<-------------------------------餘數在與註冊碼的第10位比較
|
0055BB0E E81985EAFF call
0040402C
0055BB13 0F8596010000 jnz
0055BCAF<-------------不想等就完蛋了
下面迴圈計算略
=================================================================================================
總結一下:
1) 使用者名稱:LANCELOT[CCG]==>0x4c,0x41,0x4e,0x43,0x45,0x4c,0x4f,0x54,0x5b,0x43,0x43,0x47,0x5d
2) (0x4c*0x1+0x0 ) % 0x3e8==0x4c
(0x41*0x2+0x4c ) % 0x3e8==0xce
(0x4e*0x3+0xce ) % 0x3e8==0x1b8
(0x43*0x4+0x1b8) % 0x3e8==0x2c4
(0x45*0x5+0x2c4) % 0x3e8==0x35
(0x4c*0x6+0x35 ) % 0x3e8==0x1fd
(0x4f*0x7+0x1fd) % 0x3e8==0x3e
(0x54*0x8+0x3e ) % 0x3e8==0x2de
(0x5b*0x9+0x2de) % 0x3e8==0x229
(0x43*0xa+0x229) % 0x3e8==0xdf
(0x43*0xb+0xdf ) % 0x3e8==0x3c0
(0x47*0xc+0x3c0) % 0x3e8==0x32c
(0x5d*0xd+0x32c) % 0x3e8==0x15<-------這個值如果為0,就用1代入
3) (0x12c-0xdc+0x15+0x1) % 0x3e8==0x66
4) 註冊碼:123456789043434
5) ((0x1+0x2)*0x66) % 0xa==0x6<----------註冊碼的第11位
((0x3+0x4)*0x66) % 0xa==0x4<----------註冊碼的第12位
((0x5+0x6)*0x66) % 0xa==0x2<----------註冊碼的第13位
((0x7+0x8)*0x66) % 0xa==0x0<----------註冊碼的第14位
((0x9+0x0)*0x66) % 0xa==0x8<----------註冊碼的第15位
所以:
使用者名稱:LANCELOT[CCG] 註冊碼: 12345-67890-64208
Crack by lancelot[CCG][FCG]
2001.09.08
相關文章
- Guitar Pro v3.0 的破文-----這一回真的破了 (12千字)2001-09-14GUI
- 脫殼IglooFTP PRO v3.0的詳細過程 (11千字)2001-09-14FTP
- 用DeDe破解------Ativa Pro v3.18 的破文 (8千字)2001-08-29
- 講解Guitar Pro如何編輯琵音2020-11-26GUI
- 我的第2篇破文 高手莫入!! (3千字)2001-11-11
- 分析Guitar Pro 7如何實現切音效果2020-11-09GUI
- 破文三,高手莫入,非常簡單 (2千字)2001-08-01
- 菜弟破文之二(速存QuickSave) (3千字)2001-09-21UI
- Outlook Express Backup v3.0 (9千字)2001-09-26Express
- WindowBlinds v3.0 enhanced 破解 (17千字)2002-02-28
- 一個遊戲的破解,SolSuite 2002。破文處女篇 (3千字)2002-03-26遊戲UI
- image optimizer v3.0之暴力破解 (6千字)2000-10-12
- VoxPhone Pro V3.0 Build 36所用的Rsagnt32.dll2015-11-15UI
- The Works 全攻略-破文第二篇(初學者適用) (3千字)2015-11-15
- 無名小兵V1.45
VB5 PCODE的破文一篇 (16千字)2002-07-06
- 破文一篇:易經八卦占卜程式7.0的破解(高手莫入) (8千字)2001-08-31
- 我的第一篇破文easyoffice 2001 高手莫入!! (1千字)2001-11-04
- 我的第3篇破文 cr--CJSFormater 高手請指導、指導!! (4千字)2001-11-24JSORM
- 某國產彩票V3.0軟體的演算法分析
(22千字)2015-11-15演算法
- 《AceReader V4.5》破文+序號產生器原始碼 (12千字)2015-11-15原始碼
- 我的第一篇破文,獻給看學學院的!^_^高手免進! (10千字)2015-11-15
- 網路螞蟻 [netant]1.25去廣告的兩種方法 破文一篇 (1千字)2002-06-22
- 我的第一篇破文,獻給看學學院! 高手免進! (2千字)2002-06-29
- WinRAR v3.0 Beta 4 破解^程-我是@悠 (3千字)2002-03-07
- 打字高手V3.0前兩天有人問 (4千字)2000-08-05
- Screen Demo Maker
V3.0註冊演算法分析 (8千字)2002-09-10演算法
- 幻影2003 V3.0註冊碼分析
(12千字)2003-01-25
- *輔助工具 1.0 Encrypt by Stkman
完美暴破(應該只能用暴力了) (11千字)2002-04-03
- 申請加入CNCG破文-小李登錄檔大師D註冊碼法 (2千字)2001-11-07
- 小小助手V2.01的破解過程-----算是我留給初學者的一偏破文
(7千字)2015-11-15
- 螢幕錄影專家 V3.0 演算法分析
(13千字)2003-04-08演算法
- 申請加入BCG第三篇破文:鬧鐘&笑話1.0破解過程 (2千字)2001-08-01
- 淺析FoxMail 3.11 及其密文解碼公式 (4千字)2001-01-02AI公式
- 加入FCG的見面破文,初學者可以看 小球 peterchen 偽裝者等等不許看!! (4千字)2001-06-22
- 破traceboy2.0 高手勿看! (9千字)2001-01-29
- 脫Advanced Email Extractor PRO的殼 (19千字)2001-08-19AI
- VB黑客程式的暴破(修改)一例 (9千字)2003-02-06黑客
- 用ISDCC2破KPT 6的安裝 (8千字)2001-04-17