八字解析_1.21 (8千字)
=======================================================================================
Yy[CCG] => 演算法分析 => 國貨:某某某析
註冊形式:機器碼/註冊碼 限制:頻繁跳出註冊視窗要價一百大元
難度點評:初級(雜亂無章到處亂CALL)
=======================================================================================
旁白:略
=======================================================================================
:004E6494 8D45E8
lea eax, dword ptr [ebp-18]
:004E6497 50
push eax
:004E6498 6A00
push 00000000
:004E649A 68E7000000 push 000000E7
<= 計算常量
:004E649F 6A00
push 00000000
:004E64A1 68AC000000
push 000000AC <= 計算常量
:004E64A6 8D45E0
lea eax, dword ptr [ebp-20]
:004E64A9 E816FFFFFF call
004E63C4
:004E64AE 8B45E0
mov eax, dword ptr [ebp-20]
:004E64B1 E8FA30F2FF
call 004095B0 <= 機器碼變換==演算法1
:004E64B6 E825F6F1FF call 00405AE0
<= 機器碼變換==演算法1
:004E64BB E8FCF5F1FF
call 00405ABC <= 機器碼變換==演算法1
:004E64C0 52
push edx
:004E64C1
50
push eax
:004E64C2 8D45E4
lea eax, dword ptr [ebp-1C]
:004E64C5 E85E30F2FF
call 00409528 <= 演算法2
:004E64CA
8B45E4 mov eax,
dword ptr [ebp-1C]
:004E64CD B902000000
mov ecx, 00000002
:004E64D2 8BD3
mov edx, ebx
:004E64D4 E8B7E9F1FF
call 00404E90 <= 演算法2
:004E64D9
8B45E8 mov eax,
dword ptr [ebp-18]
:004E64DC E87B30F2FF
call 0040955C
:004E64E1 83F83E
cmp eax, 0000003E <= 密碼字串長度
:004E64E4
7F6D jg 004E6553
<= 大於就跳走
:004E64E6 8D45DC
lea eax, dword ptr [ebp-24]
:004E64E9 50
push eax
:004E64EA
8D45D8 lea eax,
dword ptr [ebp-28]
:004E64ED 50
push eax
:004E64EE 6A00
push 00000000
:004E64F0
68E7000000 push 000000E7 <=
計算常量
:004E64F5 6A00
push 00000000
:004E64F7 68AC000000
push 000000AC <= 計算常量
:004E64FC 8D45D0
lea eax, dword ptr [ebp-30]
:004E64FF E8C0FEFFFF call 004E63C4
:004E6504 8B45D0
mov eax, dword ptr [ebp-30]
:004E6507 E8A430F2FF
call 004095B0
:004E650C E8CFF5F1FF
call 00405AE0
:004E6511 E8A6F5F1FF
call 00405ABC
:004E6516 52
push edx
:004E6517
50
push eax
:004E6518 8D45D4
lea eax, dword ptr [ebp-2C]
:004E651B E80830F2FF
call 00409528
:004E6520 8B45D4
mov eax, dword ptr [ebp-2C]
:004E6523 B902000000 mov ecx,
00000002
:004E6528 8BD3
mov edx, ebx
:004E652A E861E9F1FF
call 00404E90
:004E652F 8B45D8
mov eax, dword ptr [ebp-28]
:004E6532
E82530F2FF call 0040955C <=
演算法3
:004E6537 8BD0
mov edx, eax
:004E6539 B901000000
mov ecx, 00000001
:004E653E 8B45F8
mov eax, dword ptr [ebp-08]
:004E6541 E84AE9F1FF call 00404E90
<= 演算法3
:004E6546 8B55DC
mov edx, dword ptr [ebp-24]
:004E6549 8D45F4
lea eax, dword ptr [ebp-0C]
:004E654C E8EFE6F1FF call
00404C40 <= 演算法3
:004E6551 EB7E
jmp 004E65D1
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004E64E4(C)
|
:004E6553 8D45CC
lea eax, dword ptr [ebp-34]
:004E6556 50
push eax
:004E6557 8D45C4
lea eax, dword ptr [ebp-3C]
:004E655A 50
push eax
:004E655B 6A00
push 00000000
:004E655D 68E7000000
push 000000E7
:004E6562 6A00
push 00000000
:004E6564 68AC000000
push 000000AC
:004E6569 8D45BC
lea eax, dword ptr [ebp-44]
:004E656C E853FEFFFF call
004E63C4
:004E6571 8B45BC
mov eax, dword ptr [ebp-44]
:004E6574 E83730F2FF
call 004095B0 <= 機器碼變換==演算法1
:004E6579 E862F5F1FF call 00405AE0
<= 機器碼變換==演算法1
:004E657E E839F5F1FF
call 00405ABC <= 機器碼變換==演算法1
:004E6583 52
push edx
:004E6584
50
push eax
:004E6585 8D45C0
lea eax, dword ptr [ebp-40]
:004E6588 E89B2FF2FF
call 00409528 <= 演算法2
:004E658D
8B45C0 mov eax,
dword ptr [ebp-40]
:004E6590 B902000000
mov ecx, 00000002
:004E6595 8BD3
mov edx, ebx
:004E6597 E8F4E8F1FF
call 00404E90
:004E659C 8B45C4
mov eax, dword ptr [ebp-3C]
:004E659F E8B82FF2FF call
0040955C
:004E65A4 83E83E
sub eax, 0000003E <= 減去密碼字串長度
:004E65A7 8D55C8
lea edx, dword ptr [ebp-38]
:004E65AA E8492FF2FF call
004094F8
:004E65AF 8B45C8
mov eax, dword ptr [ebp-38]
:004E65B2 E8A52FF2FF
call 0040955C
:004E65B7 8BD0
mov edx, eax
:004E65B9
B901000000 mov ecx, 00000001
:004E65BE 8B45F8
mov eax, dword ptr [ebp-08]
:004E65C1 E8CAE8F1FF
call 00404E90
:004E65C6 8B55CC
mov edx, dword ptr [ebp-34]
:004E65C9
8D45F4 lea eax,
dword ptr [ebp-0C]
:004E65CC E86FE6F1FF
call 00404C40
* Referenced by a (U)nconditional or (C)onditional
Jump at Address:
|:004E6551(U)
|
:004E65D1 43
inc ebx
:004E65D2
4E
dec esi
:004E65D3 0F85BBFEFFFF jne
004E6494
* Referenced by a (U)nconditional or (C)onditional Jump at
Address:
|:004E6489(C)
|
:004E65D9 8D55B8
lea edx, dword ptr [ebp-48]
:004E65DC
8B45FC mov eax,
dword ptr [ebp-04]
:004E65DF 8B80F4020000
mov eax, dword ptr [eax+000002F4]
:004E65E5 E8462BF6FF
call 00449130
:004E65EA 8B45B8
mov eax, dword ptr [ebp-48]
:004E65ED 8B55F4
mov edx, dword ptr [ebp-0C] <== 註冊碼(記憶體序號產生器)
:004E65F0 E887E7F1FF
call 00404D7C
:004E65F5 7542
jne 004E6639 <==
跳走就失敗
=======================================================================================
演算法分析:
1:機器碼 s[]="255920796" 取機器碼長度作為迴圈數 迴圈轉換字串值為長整形值
for(i=1;i<strlen(s);i++)
if(i==1) {k=s[i-1]-'0';k*=0xA;k+=s[i]-'0';kk=k;}
else {kk*=0xA;kk+=s[i]-'0';}
kk/=0xAC; <= 0xf410a9c
kk*=0xE7;
<= 0x147c8f3
2:迴圈計算並轉換長整形值(0x147c8f3)為字串值 s1[]="343707441"
for(i=strlen(s)-1;i>=0;i--)
{j=kk%0xA;s1[i]='0'+j;kk/=0xA;}
s1[strlen(s)]='\0';
3:迴圈取值查密碼字串得到註冊碼
"loveyoupasymtlyju6r8y3w4xcwqam5mnbvcdxmokjhg7f821q8w9eiudhuiop"
<--62 (0x3E)
b--34
h--43
d--37
p--08 <= 0x46-0x3E
u--07
m--12 <= 0x4A-0x3E
g--44
k--41
l--01 <= 以密碼字串第一位
'l' 補位
註冊碼 <= bhdpumgkl
=======================================================================================
序號產生器:
#include <stdio.h>
#include <string.h>
void jm(char *p,int k)
{
char sm[]="&loveyoupasymtlyju6r8y3w4xcwqam5mnbvcdxmokjhg7f821q8w9eiudhuiop";
*p=sm[k];
}
main()
{
long i,j,k,l;
long kk=0;
char s[18],s1[18],s2[18],*p;
printf("input--機器碼:\n");
gets(s);
for(i=1;i<strlen(s);i++)
if(i==1) {k=s[i-1]-'0';k*=0xA;k+=s[i]-'0';kk=k;}
else {kk*=0xA;kk+=s[i]-'0';}
kk/=0xAC;
kk*=0xE7;
for(i=strlen(s)-1;i>=0;i--)
{j=kk%0xA;s1[i]='0'+j;kk/=0xA;}
s1[strlen(s)]='\0';
for(l=0,i=1;i<strlen(s1);i++)
{
j=s1[i-1]-'0';j*=10;k=j+(s1[i]-'0');
if(k<=0x3E) {jm(p,k);s2[l++]=*p;}
else {k-=0x3E;jm(p,k);s2[l++]=*p;}
if(i==strlen(s1)-1) {jm(p,1);s2[l++]=*p;}
}
s2[l]='\0';
printf("註冊碼:%s\n",s2);
}
=======================================================================================
--------------------
Yy
--------------------
China Cracking Group
--------------------
----------
2002.11.07
----------
=======================================================================================
相關文章
- EbookMaker 1.21 inc c++ source keygen
(4千字)2002-04-18C++
- 菜鳥破解錄(19)之 XMLwriter 1.21 (9千字)2000-08-08XML
- 如何破解Cool ASCII Art Maker V1.21註冊碼 (2千字)2001-05-03ASCII
- 俠客系統修改器 V1.21 序號產生器 (2千字)2001-09-01
- winimage完全破解 (8千字)2001-07-04
- 初學者(8) (4千字)2000-05-07
- 初學者(10) (8千字)2000-05-14
- 俠客系統修改器1.212015-11-15
- Go 1.21的2個語言變化2023-02-18Go
- ACProtect 1.21專業版主程式的脫殼2015-11-15
- Java 程式的破解方法 (8千字)2002-08-15Java
- 我的破解心得(8) (2千字)2001-03-13
- 1.21 JQuery4:滑鼠事件與滾動事件2018-11-11jQuery事件
- ThemeFreak V1.6破解 (8千字)2001-03-07
- 炒股理財1.65破解方法 (8千字)2001-04-13
- Trojan Remover 4.3.0破解手記 (8千字)2001-08-31REM
- UNPack CommView v.3.0 (8千字)2001-09-01View
- 破解GIF Movie Gear 3.01 (8千字)2002-03-13
- winxp總管破解筆記(一) (8千字)2002-10-07筆記
- 贏家股票盤後分析1.2 (8千字)2001-07-07
- 破解WS_FTP Pro 7.02 (8千字)2001-10-28FTP
- SeaMoon Pic Hunter 1.2破解手記 (8千字)2015-11-15
- 爆破MD5加密程式――驅動之加 1.21 [VB]2015-11-15加密
- JDK8中Stream使用解析2021-06-06JDK
- java8Stream原理深度解析2019-01-14Java
- Yolov8-原始碼解析-四十-2024-09-05YOLO原始碼
- Yolov8-原始碼解析-一-2024-09-05YOLO原始碼
- Password Keeper v6.3破解過程 (8千字)2002-04-12
- 破解華琦庫管精靈1.2.4 (8千字)2000-09-11
- PwlTool的功能限制的破解---DDXia[CCG] (8千字)2001-03-10
- crackcode程式碼分享筆記(一) (8千字)2001-08-09筆記
- 使用KERNEL32.DLL破解???(譯文)
(8千字)2000-08-29
- Update NOW 2000 暴力破解方法! (8千字)2001-02-11
- 如何完美破解winhex9.73的功能限制! (8千字)2001-03-13
- Embird32 防破解技術的分析 (8千字)2001-04-29
- MP3 to EXE v 2.6破解手記 (8千字)2001-09-08
- 用W32DASM破解JPEG Optimizer 4.0 (8千字)2000-02-21ASM
- 乾涸的(Asp maker version 2.2 破解手記) (8千字)2015-11-15