破解accoustica 2.21(帶序號產生器)----讓高手見笑了:) (11千字)
accoustica 2.21註冊碼演算法模組分析
=================================
軟體簡介:
Acoustica是一個強大的聲音編輯程式,它擁
有對聲音進行動態處理,實施降噪,格式轉換,時
標調整,均衡,加入合唱效果、混響效果等等一些
功能。用它配合其他工具軟體可以做出很不錯的卡
拉OK,對於效果不好聲音或卡拉OK進行處理後,可以
達到很專業的水平!可以說是Cool
edit pro的精簡
版!!新版本修正了一些BUG!
================================
破解工具:SOFTICE,W32DASM
註冊碼驗證方式:用GETDLGITEMTEXT()函式取得使用者名稱,公司名和註冊碼,然後在登錄檔的適當位置建立 Name,Company,Key三個鍵分別存放使用者名稱公司名和註冊碼,再從登錄檔中將各項值取出進 行運算得出真正的註冊碼並與使用者輸入的註冊碼進行比較,不同則彈出註冊失敗對話方塊。
================================
分析:
用BPX REGQUARYVALUEEXA設斷,使用者名稱:alpha
公司名:ckck 註冊碼:98765432
攔截後跟蹤至:
* Possible StringData
Ref from Data Obj ->"Company"
|
:0044AA08
68F7EA4900 push 0049EAF7
* Possible StringData Ref from Data Obj ->"RegisterInfo"
|
:0044AA0D 68EAEA4900
push 0049EAEA
:0044AA12 50
push eax
:0044AA13 E8E4A6FCFF
call 004150FC
:0044AA18 83C418
add esp, 00000018
:0044AA1B 8D950CFFFFFF lea edx, dword
ptr [ebp+FFFFFF0C]
:0044AA21 8B0DEED54A00
mov ecx, dword ptr [004AD5EE]
:0044AA27 6A50
push 00000050
* Possible Reference
to Dialog:
|
:0044AA29
6811EB4900 push 0049EB11
:0044AA2E 52
push edx
* Possible StringData Ref from Data Obj ->"Key"
|
:0044AA2F 680DEB4900
push 0049EB0D
* Possible StringData Ref
from Data Obj ->"RegisterInfo"
|
:0044AA34 6800EB4900 push
0049EB00
:0044AA39 51
push ecx
:0044AA3A E8BDA6FCFF
call 004150FC
:0044AA3F 83C418
add esp, 00000018
:0044AA42 8D45AC
lea eax, dword ptr [ebp-54]
:0044AA45 50
push eax
:0044AA46 E81DE20300
call 00488C68 <<-----------判斷是否有使用者名稱
:0044AA4B 59
pop ecx
:0044AA4C 8D955CFFFFFF
lea edx, dword ptr [ebp+FFFFFF5C]
:0044AA52 52
push edx
:0044AA53
E810E20300 call 00488C68 <<-----------判斷是否有公司名
:0044AA58 59
pop ecx
==============================
以上為註冊資訊的初始化
繼續跟蹤,來到:
以下便是使用者名稱的演算法:
:0044AA59 BB01000000
mov ebx, 00000001 <<---------EBX賦初值,此時ESI=0x3AC7(初始值,與使用者名稱,公司名無關)
:0044AA5E 8D7DAC
lea edi, dword ptr [ebp-54] <<---------使用者名稱首地址->EDI
:0044AA61 EB13
jmp 0044AA76
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044AA82(C)
|
:0044AA63 0FBE07
movsx eax, byte ptr [edi] <<--------使用者名稱第一個字元->EAX
:0044AA66 8BD3
mov edx, ebx
:0044AA68 83E203
and edx, 00000003
:0044AA6B 0FBE4C15FC
movsx ecx, byte ptr [ebp+edx-04] <<-----相關數字{0xEB,0x7B,0x11,0x22}依次送入ECX(每次迴圈按順序送入一個,四次之後再從頭開始)
:0044AA70 F7E9
imul ecx
:0044AA72 03F0
add esi, eax
:0044AA74 43
inc ebx
:0044AA75 47
inc edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044AA61(U)
|
:0044AA76 8D45AC
lea eax, dword ptr [ebp-54] <<---------使用者名稱首地址->EAX
:0044AA79 50
push eax
:0044AA7A E805570300
call 00480184
<<---------取得使用者名稱的長度並送入EAX
:0044AA7F 59
pop ecx
:0044AA80 3BD8
cmp ebx, eax <<----------使用者名稱長度與迴圈次數比較
:0044AA82 76DF
jbe 0044AA63 <<----------不大於則跳回
==================================
下面開始運算公司名
* Possible Ref to Menu: MenuID_0064, Item: "鑄笙蚩(C)..."
|
* Possible Reference to String
Resource ID=00001: "e?痼蚩"
|
:0044AA84
BB01000000 mov ebx, 00000001 <<-----------初始化EBX,此時ESI的值為使用者名稱運算後的結果
:0044AA89 8DBD5CFFFFFF lea edi,
dword ptr [ebp+FFFFFF5C] <<---公司名首地址->EDI
:0044AA8F EB13
jmp 0044AAA4
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:0044AAB3(C)
|
:0044AA91 0FBE07
movsx eax, byte ptr [edi] <<-----------公司名的第一個字元
:0044AA94
8BD3 mov
edx, ebx
:0044AA96 83E203
and edx, 00000003
:0044AA99 0FBE4C15FC
movsx ecx, byte ptr [ebp+edx-04]<<-----{0xEB,0x7B,0x11,0x22}
:0044AA9E F7E9
imul ecx
:0044AAA0 03F0
add esi, eax
:0044AAA2 43
inc ebx
:0044AAA3 47
inc edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044AA8F(U)
|
:0044AAA4 8D855CFFFFFF
lea eax, dword ptr [ebp+FFFFFF5C]
:0044AAAA 50
push eax
:0044AAAB
E8D4560300 call 00480184 <<--------取得公司名的長度並送入EAX
:0044AAB0 59
pop ecx
:0044AAB1 3BD8
cmp ebx, eax
:0044AAB3 76DC
jbe 0044AA91
:0044AAB5 8BC6
mov eax, esi
:0044AAB7 B9A0860100 mov ecx,
000186A0 <<-------常量0x186A0->ECX
:0044AABC 33D2
xor edx, edx
:0044AABE F7F1
div ecx
<<------- 求餘->EDX
:0044AAC0 8BDA
mov ebx, edx
:0044AAC2 8D85BCFEFFFF
lea eax, dword ptr [ebp+FFFFFEBC]
:0044AAC8 53
push ebx
<<-------儲存EBX
* Possible
Reference to Dialog:
|
:0044AAC9
6812EB4900 push 0049EB12
字首“AC210-”入棧
:0044AACE 50
push eax
:0044AACF E8608E0300
call 00483934 <<------將最終運算結果轉為字串並與“AC210-”連線,成為正確註冊碼
:0044AAD4 83C40C
add esp, 0000000C
:0044AAD7 8D950CFFFFFF
lea edx, dword ptr [ebp+FFFFFF0C] <<-------輸入的註冊碼的首地址->EDX
:0044AADD
52
push edx
:0044AADE 8D8DBCFEFFFF
lea ecx, dword ptr [ebp+FFFFFEBC] <<-------字首為“AC210-“的正確的註冊碼的首地址->ECX
:0044AAE4 51
push ecx
* Reference To: KERNEL32.lstrcmpA, Ord:0000h
|
:0044AAE5 E8344C0400
Call 0048F71E <<--------字串比較函式
:0044AAEA 85C0
test eax, eax
:0044AAEC 7504
jne 0044AAF2 <<---------不同則跳
:0044AAEE
B001 mov
al, 01
:0044AAF0 EB32
jmp 0044AB24
* Referenced by a (U)nconditional or (C)onditional
Jump at Address:
|:0044AAEC(C)
|
:0044AAF2 53
push ebx
* Possible
StringData Ref from Data Obj ->"AC220-%d"
|
:0044AAF3 681BEB4900 push
0049EB1B <<------字首“AC220-”入棧
:0044AAF8 8D95BCFEFFFF
lea edx, dword ptr [ebp+FFFFFEBC]
:0044AAFE 52
push edx
:0044AAFF E8308E0300 call
00483934
:0044AB04 83C40C
add esp, 0000000C
:0044AB07 8D8D0CFFFFFF
lea ecx, dword ptr [ebp+FFFFFF0C] <<------輸入的註冊碼的首地址->ECX
:0044AB0D 51
push ecx
:0044AB0E 8D85BCFEFFFF
lea eax, dword ptr [ebp+FFFFFEBC] <<------字首為“AC220-”的正確的註冊碼的首地址->EAX
:0044AB14 50
push eax
* Reference To: KERNEL32.lstrcmpA, Ord:0000h
|
:0044AB15 E8044C0400
Call 0048F71E <<-------字串比較函式
:0044AB1A 85C0
test eax, eax
:0044AB1C 7504
jne 0044AB22 <<--------不同則跳走
:0044AB1E
B001 mov
al, 01
:0044AB20 EB02
jmp 0044AB24
============================最後來到:
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044B20E(C)
|
:0044B2ED 68C8000000
push 000000C8
:0044B2F2 8D9FB6000000
lea ebx, dword ptr [edi+000000B6]
:0044B2F8 53
push ebx
* Possible
Reference to String Resource ID=09141: "@ 革
9M."
|
:0044B2F9 68B5230000
push 000023B5
:0044B2FE 8D4704
lea eax, dword ptr [edi+04]
:0044B301
50
push eax
:0044B302 E8D6B80200
call 00476BDD
:0044B307 83C410
add esp, 00000010
:0044B30A 8BD3
mov edx, ebx
:0044B30C 8B4F66
mov ecx, dword ptr [edi+66]
:0044B30F 8B01
mov eax, dword ptr [ecx]
:0044B311 6A00
push 00000000
* Possible Reference
to Dialog:
|
:0044B313
6893EB4900 push 0049EB93
:0044B318 52
push edx
:0044B319 8B500C
mov edx, dword ptr [eax+0C]
:0044B31C 52
push edx
:0044B31D
8B4868 mov ecx,
dword ptr [eax+68]
:0044B320 51
push ecx
:0044B321 E818DA0100
call 00468D3E <<------註冊失敗對話方塊
:0044B326 83C414
add esp, 00000014
==============================
此軟體的註冊碼演算法很簡單,它將使用者名稱與公司名進行相同的運算後得出真正的註冊碼(有兩個,不知有什麼區別),其中用到了五個數字常量:{0xEB,0x7B,0x11,0x2A}和0x186A0,還有一個初始值為0x3AC7的變數。
==============================
附:序號產生器源程式(偷了點懶的^_^)
#include<iostream.h>
#include<string.h>
#include<math.h>
#include<stdlib.h>
void main()
{
int N[4]={-21,123,17,42},temp1=0,temp2=0,Name,Company,RegistCode=15047,count1,count2,LengthOftempName,LengthOftempCompany;
char tempName[80],tempCompany[80];
cout<<"
KeyGen for Acoustica V2.21(Made
by alpha)"<<endl;
cout<<"Your Name:";
while(cin.getline(tempName,80))
{
LengthOftempName=strlen(tempName);
for(count1=0;count1<LengthOftempName;count1++)
{
if(temp1==4)
temp1=0;
Name=tempName[count1];
// cout<<Name[count1]<<endl;
Name*=N[temp1];
// cout<<N[temp1]<<endl;
RegistCode+=Name;
temp1++;
}
break;
}
cout<<endl;
cout<<"Your Company:";
while(cin.getline(tempCompany,80))
{
LengthOftempCompany=strlen(tempCompany);
for(count2=0;count2<LengthOftempCompany;count2++)
{
if(temp2==4)
temp2=0;
Company=tempCompany[count2];
Company*=N[temp2];
RegistCode+=Company;
temp2++;
}
break;
}
cout<<endl;
cout<<"Your Registration Code is:"<<"AC210-"<<RegistCode<<endl;
cout<<"
or:"<<"AC220-"<<RegistCode<<endl;
cout<<"\nPress any key to terminate...";
while(cin.get())
exit(0);
}
======================
源程式在VC++6.0下編譯透過
CrAcKeD BY alphakk(alpha)
相關文章
- NetTalk破解與序號產生器(高手勿進) (10千字)2001-09-20
- winzip序號產生器 (1千字)2001-04-12
- 美萍安全衛士V8.45序號產生器制作分析過程,及序號產生器! (11千字)2001-10-28
- 用keymake制序號產生器實戰~高手莫入~~ (1千字)2001-09-30
- 序號產生器制分析: (1千字)2001-11-19
- Resource
Builder 1.1.0 完全破解~~附彙編序號產生器 (10千字)2015-11-15UI
- 網頁加密器(HTMLEncryptor1.1)破解及序號產生器 (1千字)2001-04-22網頁加密HTML
- 繼續破解Screen logger manager v1.01,序號產生器如下: (11千字)2001-07-14
- AlgoLab PtVector的破解及序號產生器的編寫 (17千字)2001-05-04Go
- 一個CrackMe的破解以及序號產生器的製作
(4千字)2001-08-16
- 文書處理大師 3.0 破解~~~附序號產生器 (17千字)2002-03-24
- 3DAxy貪吃蛇 AxySnake 破解與序號產生器 (21千字)2015-11-153D
- winzip的通用序號產生器 (2千字)2001-12-10
- Kalua Cocktails 1.1完全破解,內附彙編序號產生器(用序號產生器編寫器,並有它的使用教程)
(22千字)2002-02-27AI
- xplorer2之破解和序號產生器2004-12-05
- 010
Editorv1.3破解(序號產生器)2004-05-17
- 序號產生器合集2024-03-17
- SWF探索者XP 1.2(swfexplorer)破解+分析+序號產生器
(18千字)2002-04-14
- UltraEdit-32 8.10.1.0的破解及序號產生器的生成 (15千字)2001-05-15
- KEYGENNING4NEWBIES #7破解過程+序號產生器 (6千字)2001-08-21
- Gif2Swf Ver 2.1 TC20序號產生器 && MASM32序號產生器 (4千字)2001-12-10ASM
- 貼彩虹狗破解工具的序號產生器 (727字)2001-07-01
- Pexplorer 1.70 完全破解(KeyFile&Name+Code),附序號產生器~~~~~~~~~
(17千字)2002-04-03
- 《中華壓縮 6.01》註冊碼破解及序號產生器 (14千字)2001-08-19
- supercapture3.0的版序號產生器!
(4千字)2002-04-23APT
- IrfanView 序號產生器分析(初級版)
(13千字)2015-11-15View
- 製作mIRC6.02序號產生器(給別人寫的初學者序號產生器教材) (14千字)2015-11-15
- 音樂處理acoustica2.0註冊碼破解及序號產生器 (8千字)2002-04-06
- 續未完成破解,寫出它的序號產生器,3k。。。 (8千字)2001-07-09
- EmEditor V3.29和它的序號產生器 (12千字)2015-11-15
- Myeclipse 6.5 序號產生器2020-04-06Eclipse
- hellfire2000破解過程及序號產生器的編寫(上) (4千字)2001-01-19
- MP3 explorer 破解和序號產生器的製作2015-11-15
- 檔案密使2.0暴力破解及序號產生器的編寫―好久沒寫過東西了。 (11千字)2001-07-10
- HappyIcon序號產生器TC原始碼 (1千字)2001-04-08APP原始碼
- 橋牌軟體Deep Finesse的序號產生器 (1千字)2015-11-15
- 用KEYMAKE製作記憶體序號產生器特殊一例
(11千字)2015-11-15記憶體
- 分享一個navicat序號產生器2024-04-02