Adult PDF Password Recovery v2.1註冊演算法(簡單)

看雪資料發表於2015-11-15
演算法

PDF密碼破解工具,針對那些設定使用者密碼,無法編輯或更改、列印、複製文字或圖片,增加註釋等等方面,它可以輕鬆的解除這些限制。

源程式Adult PDF Password Recovery.exe用Aspack加殼,脫殼後,W32Dasm反彙編

註冊碼演算法

* Referenced by a CALL at Addresses:
|:004041C1   , :00404940   
|
:004049AC 56                      push esi
:004049AD 8BF2                    mov esiedx
:004049AF 85F6                    test esiesi                            註冊碼是否為空
:004049B1 7504                    jne 004049B7                                   不空跳轉
:004049B3 33C0                    xor eaxeax
:004049B5 5E                      pop esi
:004049B6 C3                      ret

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004049B1(C)
|
:004049B7 803E00                  cmp byte ptr [esi], 00
:004049BA 7504                    jne 004049C0
:004049BC 33C0                    xor eaxeax
:004049BE 5E                      pop esi
:004049BF C3                      ret

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004049BA(C)
|
:004049C0 56                      push esi
:004049C1 E82A4B0C00              call 004C94F0                      獲取註冊碼長度入EAX
:004049C6 59                      pop ecx
:004049C7 83F810                  cmp eax, 00000010                長度是否為h10(十六位)
:004049CA 7404                    je 004049D0                              是跳轉,否出錯
:004049CC 33C0                    xor eaxeax
:004049CE 5E                      pop esi
:004049CF C3                      ret

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004049CA(C)
|
:004049D0 33D2                    xor edxedx
:004049D2 8BC6                    mov eaxesi

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004049EA(C)
|
這段程式碼用來測試註冊碼的每一位屬於A~Z之間
:004049D4 0FBE08                  movsx ecxbyte ptr [eax]
:004049D7 83F941                  cmp ecx, 00000041                         A的ASCII值
:004049DA 7C05                    jl 004049E1
:004049DC 83F95A                  cmp ecx, 0000005A                         Z的ASCII值
:004049DF 7E04                    jle 004049E5

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004049DA(C)
|
:004049E1 33C0                    xor eaxeax
:004049E3 5E                      pop esi
:004049E4 C3                      ret

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004049DF(C)
|
:004049E5 42                      inc edx                                       edx=edx+1
:004049E6 40                      inc eax
:004049E7 83FA10                  cmp edx, 00000010     edx是否等於h10,即是否每位測試到
:004049EA 7CE8                    jl 004049D4

:004049EC 0FBE5609                movsx edxbyte ptr [esi+09]  edx=註冊碼的09偏移(第10位)的ASCII值
:004049F0 0FBE4E0C                movsx ecxbyte ptr [esi+0C]  ecx=註冊碼的0C偏移(第13位)的ASCII值
:004049F4 03D1                    add edxecx                  edx=edx+ecx
:004049F6 81FA9B000000            cmp edx, 0000009B             edx是否等於9B
:004049FC 7404                    je 00404A02                   是跳轉,否出錯
:004049FE 33C0                    xor eaxeax
:00404A00 5E                      pop esi
:00404A01 C3                      ret

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004049FC(C)
|
:00404A02 B001                    mov al, 01
:00404A04 5E                      pop esi
:00404A05 C3                      ret

總結如下:
Email地址任意,註冊碼需16位,全部為大寫字母(A~Z),其中第10位和13位的ASCII值相加等於9B即可。

註冊檔案格式如下:
檔名:系統system目錄下的adultpdf_Decrypt_reg.ini
[Decrypt_Register]
Mail=Coldeye@Crack.cn           Eamil地址任意
Serial=COLDEYECRACKZZCN                 註冊碼

相關文章