Becky! Internet Mail Ver.2.05.2
簡單演算法――Becky! Internet Mail Ver.2.05.2
【軟體簡介】:Becky是一款由日本人編制的郵件軟體, 此是著名漢化人小魚兒製作的完美漢化版本。它具備比OE更為強大的功能,可以完美支援多內碼,可以完美支援微軟Hotmail郵箱(包括髮送,這點可是別的E-mail工具所不具備的),完美無缺的遠端郵箱管理(可選擇性地下載其中某個附件)功能等諸多功能。
【軟體限制】:30天試用。其實機子裡有OE、FoxMail,不會用它的。^-^
【作者宣告】:初學Crack,只是感興趣,沒有其它目的。失誤之處敬請諸位大俠賜教!
―――――――――――――――――――――――――――――――――
【過 程】:很久以前寫的,呵呵,索性也貼上來吧。
B2.exe無殼,可能讓漢化者脫了?Visual
C++ 6.0編寫。
填好試煉資訊:
名稱:fly
註冊的通行碼:9912-4444-WXYZ
E-Mail:fly4099@sohu.com
反彙編後的提示很多亂碼,所以我立即祭出屠龍刀TRW2000!
填好註冊資訊後,CTR+N,下BPX
HMEMCPY,F5返回,點“確定”,被攔。
PMODULE直達程式領空。BD,暫停斷點。F12三次,F10至525CB4。
―――――――――――――――――――――――――――――――――
:00525CB4 A1F02D5B00 mov eax,
dword ptr [005B2DF0]
====>停在這兒!
F10一直走。
* Possible Reference to String Resource
ID=00010: "蕙1%"
|
:00525D37
6A0A push
0000000A
:00525D39 52
push edx
:00525D3A 8BCB
mov ecx, ebx
:00525D3C E8FEDD0200
call 00553B3F
*
Possible StringData Ref from Data Obj ->"RBK"
|
:00525D41 6880975A00
push 005A9780
:00525D46 8D4C2420
lea ecx, dword ptr [esp+20]
:00525D4A E854690300
call 0055C6A3
:00525D4F 53
push ebx
:00525D50
8D442420 lea eax, dword
ptr [esp+20]
* Possible
StringData Ref from Data Obj ->"--"
|
:00525D54 68A0DE5A00 push
005ADEA0
:00525D59 8D4C2420
lea ecx, dword ptr [esp+20]
:00525D5D 50
push eax
:00525D5E 51
push ecx
:00525D5F
E84B6A0300 call 0055C7AF
:00525D64
8D542414 lea edx, dword
ptr [esp+14]
:00525D68 50
push eax
:00525D69 52
push edx
:00525D6A E8DA690300
call 0055C749
:00525D6F 8D4C2418
lea ecx, dword ptr [esp+18]
:00525D73
E8A2670300 call 0055C51A
:00525D78
51 push
ecx
:00525D79 8D442414 lea
eax, dword ptr [esp+14]
:00525D7D 8BCC
mov ecx, esp
:00525D7F 50
push eax
:00525D80 E80A650300
call 0055C28F
====>取得註冊資訊
:00525D85
E8E6F6EEFF call 00415470
====>關鍵CALL!
:00525D8A
85C0 test
eax, eax
====>EAX為0則註冊成功!
:00525D8C
0F85E5000000 jne 00525E77
====>跳則OVER!
:00525D92
8B2F mov
ebp, dword ptr [edi]
:00525D94 E838F10400
call 00574ED1
:00525D99 8B4004
mov eax, dword ptr [eax+04]
:00525D9C 55
push ebp
*
Possible StringData Ref from Data Obj ->"User"
|
:00525D9D 6870995A00
push 005A9970
*
Possible StringData Ref from Data Obj ->"License"
|
:00525DA2 68089A5A00
push 005A9A08
:00525DA7 8BC8
mov ecx, eax
:00525DA9 E80E100400
call 00566DBC
:00525DAE E81EF10400
call 00574ED1
:00525DB3 8B4C2410
mov ecx, dword ptr [esp+10]
:00525DB7
8B4004 mov eax,
dword ptr [eax+04]
:00525DBA 51
push ecx
*
Possible StringData Ref from Data Obj ->"Code"
|
:00525DBB 6868995A00
push 005A9968
* Possible StringData Ref from Data Obj ->"License"
―――――――――――――――――――――――――――――――――
F8進入關鍵CALL: 00525D85 call 00415470
:00415470
8B442404 mov eax, dword
ptr [esp+04]
====>過此D EAX=RBK-9912-4444-WXYZ
假碼前加RBK-
:00415474 83EC14
sub esp, 00000014
:00415477 8B48F8
mov ecx, dword ptr [eax-08]
:0041547A 57
push edi
:0041547B
33FF xor
edi, edi
:0041547D 83F912
cmp ecx, 00000012
====>比較是否為18位,即
註冊碼=18-4=14位!
:00415480
0F85AC010000 jne 00415632
====>跳則OVER!
:00415486
8A5003 mov dl, byte
ptr [eax+03]
:00415489 B12D
mov cl, 2D
====>
- 移入CL
:0041548B 3AD1
cmp dl, cl
====>比較第四位(RBK“-”)是否為-
:0041548D
0F859F010000 jne 00415632
====>這次當然不跳了,它自己加的嘛
:00415493
384808 cmp byte
ptr [eax+08], cl
====>比較第九位(RBK-9912“-”)是否為-
:00415496
0F8596010000 jne 00415632
====>跳則OVER!
:0041549C
38480D cmp byte
ptr [eax+0D], cl
====>比較第十四位(-4444“-”)是否為-
:0041549F
0F858D010000 jne 00415632
====>跳則OVER!
:004154A5
53 push
ebx
:004154A6 56
push esi
:004154A7 8D442418
lea eax, dword ptr [esp+18]
*
Possible Reference to Dialog: DialogID_006B, CONTROL_ID:0003, "h??&L)"
|
:004154AB 6A03
push 00000003
:004154AD 50
push eax
:004154AE
8D4C242C lea ecx, dword
ptr [esp+2C]
:004154B2 E89AE71300
call 00553C51
*
Possible Reference to String Resource ID=00004: ">................"
|
:004154B7 6A04
push 00000004
:004154B9 8D4C2414
lea ecx, dword ptr [esp+14]
*
Possible Reference to String Resource ID=00004: ">................"
|
:004154BD 6A04
push 00000004
:004154BF 51
push ecx
:004154C0
8D4C2430 lea ecx, dword
ptr [esp+30]
:004154C4 E876E61300
call 00553B3F
*
Possible Reference to String Resource ID=00004: ">................"
|
:004154C9 6A04
push 00000004
:004154CB 8D542418
lea edx, dword ptr [esp+18]
*
Possible Reference to Dialog: DialogID_00A5, CONTROL_ID:0009, ""
|
*
Possible Reference to String Resource ID=00009: "蕙蝥?
|
:004154CF 6A09
push 00000009
:004154D1 52
push edx
:004154D2 8D4C2430
lea ecx, dword ptr [esp+30]
:004154D6
E864E61300 call 00553B3F
*
Possible Reference to String Resource ID=00004: ">................"
|
:004154DB 6A04
push 00000004
:004154DD 8D442410
lea eax, dword ptr [esp+10]
*
Possible Reference to String Resource ID=00014: " "
|
:004154E1 6A0E
push 0000000E
:004154E3 50
push eax
:004154E4 8D4C2430
lea ecx, dword ptr [esp+30]
:004154E8
E852E61300 call 00553B3F
*
Possible StringData Ref from Data Obj ->"RBK"
|
:004154ED BE80975A00
mov esi, 005A9780
:004154F2 8B442418
mov eax, dword ptr [esp+18]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00415518(C)
|
:004154F6
8A10 mov
dl, byte ptr [eax]
:004154F8 8A1E
mov bl, byte ptr [esi]
:004154FA 8ACA
mov cl, dl
:004154FC
3AD3 cmp
dl, bl
:004154FE 751E
jne 0041551E
:00415500 84C9
test cl, cl
:00415502 7416
je 0041551A
:00415504
8A5001 mov dl, byte
ptr [eax+01]
:00415507 8A5E01
mov bl, byte ptr [esi+01]
:0041550A 8ACA
mov cl, dl
:0041550C 3AD3
cmp dl, bl
:0041550E
750E jne
0041551E
:00415510 83C002
add eax, 00000002
:00415513 83C602
add esi, 00000002
:00415516 84C9
test cl, cl
:00415518
75DC jne
004154F6
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00415502(C)
|
:0041551A
33C0 xor
eax, eax
:0041551C EB05
jmp 00415523
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004154FE(C),
:0041550E(C)
|
:0041551E 1BC0
sbb eax, eax
:00415520 83D8FF
sbb eax, FFFFFFFF
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041551C(U)
|
:00415523
85C0 test
eax, eax
:00415525 0F85DA000000 jne
00415605
:0041552B 8D44241C
lea eax, dword ptr [esp+1C]
:0041552F 6A02
push 00000002
:00415531 50
push eax
:00415532
8D4C2418 lea ecx, dword
ptr [esp+18]
:00415536 E89AE61300
call 00553BD5
:0041553B 8B00
mov eax, dword ptr [eax]
:0041553D 50
push eax
:0041553E
E8C2D21200 call 00542805
:00415543
83C404 add esp,
00000004
:00415546 8D4C241C
lea ecx, dword ptr [esp+1C]
:0041554A 8BF0
mov esi, eax
:0041554C E8C96F1400
call 0055C51A
:00415551 8B4C2410
mov ecx, dword ptr [esp+10]
:00415555
51 push
ecx
====>D ECX=9912
:00415556
E8AAD21200 call 00542805
====>檢測假碼前4位是否為數字?且3、4位要大於00
:0041555B
83C404 add esp,
00000004
:0041555E 85C0
test eax, eax
:00415560 0F849F000000
je 00415605
====>不能跳!
:00415566
83FE01 cmp esi,
00000001
:00415569 0F8C96000000 jl
00415605
:0041556F 83FE0C
cmp esi, 0000000C
====>比較第三、四位是否小於
或 等於“12”
:00415572 0F8F8D000000
jg 00415605
====>不能跳!
:00415578 8B442414 mov eax, dword ptr [esp+14]
* Possible
StringData Ref from Data Obj ->"3437"
|
:0041557C BE78975A00 mov
esi, 005A9778
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:004155A3(C)
|
:00415581
8A10 mov
dl, byte ptr [eax]
====>D EAX=4444
:00415583
8A1E mov
bl, byte ptr [esi]
====>D ESI=3437
第2組數固定為3437
:00415585 8ACA
mov cl, dl
:00415587 3AD3
cmp dl, bl
====>逐位比較。 因此:改4444為3437
:00415589
751E jne
004155A9
:0041558B 84C9
test cl, cl
:0041558D 7416
je 004155A5
:0041558F 8A5001
mov dl, byte ptr [eax+01]
:00415592
8A5E01 mov bl, byte
ptr [esi+01]
:00415595 8ACA
mov cl, dl
:00415597 3AD3
cmp dl, bl
:00415599 750E
jne 004155A9
:0041559B 83C002
add eax, 00000002
:0041559E
83C602 add esi,
00000002
:004155A1 84C9
test cl, cl
:004155A3 75DC
jne 00415581
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041558D(C)
|
:004155A5
33C0 xor
eax, eax
:004155A7 EB05
jmp 004155AE
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00415589(C),
:00415599(C)
|
:004155A9 1BC0
sbb eax, eax
:004155AB 83D8FF
sbb eax, FFFFFFFF
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004155A7(U)
|
:004155AE
85C0 test
eax, eax
:004155B0 7553
jne 00415605
:004155B2 8B44240C
mov eax, dword ptr [esp+0C]
:004155B6 0FBE4801
movsx ecx, byte ptr [eax+01]
:004155BA
51 push
ecx
====> ? ECX=58 即:X
:004155BB
E8E6D61200 call 00542CA6
====>檢測第十六位(即真碼第12位)是否為數字?
:004155C0
83C404 add esp,
00000004
:004155C3 85C0
test eax, eax
:004155C5 743E
je 00415605
====>不能跳! r fl z
:004155C7
8B54240C mov edx, dword
ptr [esp+0C]
:004155CB 0FBE4202
movsx eax, byte ptr [edx+02]
:004155CF 50
push eax
====> ? EAX=59 即:Y
:004155D0
E8D1D61200 call 00542CA6
====>檢測第十七位(即真碼第13位)是否為數字?
:004155D5
83C404 add esp,
00000004
:004155D8 85C0
test eax, eax
:004155DA 7429
je 00415605
====>不能跳! r fl z
:004155DC
8B4C240C mov ecx, dword
ptr [esp+0C]
:004155E0 0FBE5103
movsx edx, byte ptr [ecx+03]
:004155E4 52
push edx
====>?EDX=5a 即:Z
:004155E5
E8BCD61200 call 00542CA6
====>檢測第十八位(即真碼第14位)是否為數字?
:004155EA
83C404 add esp,
00000004
:004155ED 85C0
test eax, eax
:004155EF 7414
je 00415605
====>不能跳! r fl z
:004155F1
8B44240C mov eax, dword
ptr [esp+0C]
:004155F5 0FBE08
movsx ecx, byte ptr [eax]
:004155F8 51
push ecx
====> ?ECX=57 即:W
:004155F9
E852D61200 call 00542C50
====>檢測第十五位(即真碼第11位)是否為字母?
:004155FE
83C404 add esp,
00000004
:00415601 85C0
test eax, eax
:00415603 7505
jne 0041560A
====>正確則跳!!
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00415525(C),
:00415560(C), :00415569(C), :00415572(C), :004155B0(C)
|:004155C5(C), :004155DA(C),
:004155EF(C)
|
:00415605 BF01000000
mov edi, 00000001
====>EDI置1。暴力破解改此處
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00415603(C)
|
:0041560A
8D4C240C lea ecx, dword
ptr [esp+0C]
:0041560E E8076F1400
call 0055C51A
:00415613 8D4C2414
lea ecx, dword ptr [esp+14]
:00415617 E8FE6E1400
call 0055C51A
:0041561C 8D4C2410
lea ecx, dword ptr [esp+10]
:00415620
E8F56E1400 call 0055C51A
:00415625
8D4C2418 lea ecx, dword
ptr [esp+18]
:00415629 E8EC6E1400
call 0055C51A
:0041562E 5E
pop esi
:0041562F 5B
pop ebx
:00415630 EB05
jmp 00415637
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00415480(C),
:0041548D(C), :00415496(C), :0041549F(C)
|
:00415632 BF01000000
mov edi, 00000001
====>EDI置1。暴力破解改此處!
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00415630(U)
|
:00415637
8D4C241C lea ecx, dword
ptr [esp+1C]
:0041563B E8DA6E1400
call 0055C51A
:00415640 8BC7
mov eax, edi
:00415642 5F
pop edi
:00415643 83C414
add esp, 00000014
:00415646
C20400 ret 0004
―――――――――――――――――――――――――――――――――
【總 結】:
註冊碼共14位,與名稱、E-Mail無關。形式為:??12-3437-????
第1、2位為數字。3、4位介於00-13之間。3437固定。第11位為字母。第12、13、14位為數字。
一個可用之註冊碼:9912-3437-X444
―――――――――――――――――――――――――――――――――
【註冊資訊儲存】:
REGEDIT4
[HKEY_CURRENT_USER\Software\RimArts\B2\License]
"Agreed"=dword:00000001
"User"="fly"
"Code"="RBK-9912-3437-X444"
"EMail"="fly4099@sohu.com"
―――――――――――――――――――――――――――――――――
【完美 爆破】:
用HIEW吧!F5去修改地址,F3進入修改狀態,直接改完後F9儲存,F10退出。爽!
1、00415605
BF01000000 mov edi, 00000001<----EDI置1
修改為:
MOV EDI,00000000 BF01000000 改為BF00000000
2、00415632
BF01000000 mov edi, 00000001<----EDI置1
修改為:
MOV EDI,00000000 BF01000000 改為BF00000000
―――――――――――――――――――――――――――――――――
Cracked By 巢水工作坊――fly
2002-9-10
相關文章
- mail2010-06-23AI
- You have new mail in /var/spool/mail/root2018-05-20AI
- Send Mail2019-01-13AI
- mail with attachment2011-07-15AI
- Mail To Syntax2012-02-04AI
- System.Net.Mail和System.Web.Mail2009-10-28AIWeb
- oracle send mail2019-04-27OracleAI
- Internet協議2017-11-10協議
- Others_2_Mail2020-03-08AI
- 6.12.Mail2017-12-27AI
- drupal7 mail2016-08-01AI
- awr 自動mail2011-08-03AI
- utl_mail package2006-03-02AIPackage
- 163mail2007-03-16AI
- centos 老出現You have new mail in /var/spool/mail/root 解決2014-12-08CentOSAI
- 去掉linux中"You have new mail in /var/spool/mail/root"的提示2010-09-24LinuxAI
- nagios mail告警通知2020-12-01iOSAI
- django send_mail功能2018-02-01DjangoAI
- oracle mail utl_smtp2007-01-25OracleAI
- Jbpm3.2 傳送郵件需要修改org.jbpm.mail.Mail類2011-02-18AI
- 利用spring-mail 寫的超級smart-mail傳送器2007-12-04SpringAI
- internet 協議入門2016-11-05協議
- Web已死 Internet永生2014-11-25Web
- win7 Internet Time2013-07-29Win7
- Maintain Internet Transaction Server (ITS)2007-09-21AIServer
- Internet連線共享(轉)2007-08-11
- golang mail、shell、cookie、uuid2020-10-13GolangAICookieUI
- PEM (Privacy Enhanced Mail) Encoding2015-07-22AIEncoding
- [Developer] Oracle send mail procedure(2)2016-04-03DeveloperOracleAI
- com.sun.mail.smtp Description2007-10-28AI
- mail can't send title on Solaris2010-01-19AI
- ICMP Internet控制資訊協議2022-01-08協議
- 網路語言(Internet Slang)2007-02-18
- Internet worm入門教程 (轉)2007-12-13Worm
- Flask 外掛系列 - Flask-Mail2016-11-07FlaskAI
- C# mail pop3 client2013-11-27C#AIclient
- 《web-Mail服務的搭建》2014-06-18WebAI
- 利用msmtp+mutt 傳送mail2013-10-24AI