簡單演算法――暴風共享軟體管理器I V1.0
標 題:簡單演算法——暴風共享軟體管理器I V1.0
發信人:fly
時 間:2003/04/11 10:07am
詳細資訊:
下載頁面:
http://www.skycn.com/soft/10315.html
軟體大小:
378 KB
軟體語言: 簡體中文
軟體類別: 國產軟體 / 共享版 / 雜類工具
應用平臺: Win9x/NT/2000/XP
加入時間:
2003-01-05 09:01:25
下載次數: 383
推薦等級: ***
開 發 商: http://www.380000.com/
【軟體簡介】:
《暴風共享軟體管理器I》是一款專業的共享軟體管理工具,它能幫助你方便地管理你的共享軟體。《暴風共享軟體管理器I》利用“介面式動態連結庫註冊碼自動生成系統”可以自動用你提供的演算法算出相應的註冊碼;可以畫出各產品銷售額、利潤、銷售量的統計圖形;採用適合中國共享軟體銷售方式的定單式管理風格。《暴風共享軟體管理器I》必將成為你管理共享軟體的好幫手。
【軟體限制】:30天試用。
【作者宣告】:初學Crack,只是感興趣,沒有其它目的。失誤之處敬請諸位大俠賜教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、PEiD、W32Dasm 10修改版
―――――――――――――――――――――――――――――――――
【過 程】:
暴風共享軟體管理器I.exe
無殼。Visual C++ 6.0編寫。
呵呵,分析完了後看到newlaos兄寫的《奇門遁甲演義V6.3》,發覺演算法很相似,再看看軟體的開發公司,哦,是一家的,“共享”了一套註冊演算法。看來 函式影像大師、鼠到擒來 等等同門軟體也是差不多了。
雖然註冊碼很長,但演算法基本的流程是一樣的,變換了引數而得到其它幾組註冊碼,所以我只是記錄了第一組的演算法過程。
使用者名稱:fly
試煉碼:12345-67890-ABCDE-FGHIJ-KLMNO
反彙編,看看參考,很容易就能找到下面的核心。
―――――――――――――――――――――――――――――――――
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00408C13(C)
|
:00408C21 8D44242C
lea eax, dword ptr [esp+2C]
:00408C25
6A1E push
0000001E
:00408C27 50
push eax
:00408C28 8D8E0C010000
lea ecx, dword ptr [esi+0000010C]
:00408C2E E88D350000
call 0040C1C0
:00408C33 8D4C240C
lea ecx, dword ptr [esp+0C]
:00408C37
6A1E push
0000001E
:00408C39 51
push ecx
:00408C3A 8D8E1C010000
lea ecx, dword ptr [esi+0000011C]
:00408C40 E87B350000
call 0040C1C0
:00408C45 8D7C242C
lea edi, dword ptr [esp+2C]
:00408C49
83C9FF or ecx, FFFFFFFF
:00408C4C
33C0 xor
eax, eax
:00408C4E F2
repnz
:00408C4F AE
scasb
:00408C50 F7D1
not ecx
:00408C52 49
dec ecx
:00408C53
7511 jne
00408C66
====>填使用者名稱了嗎?
:00408C55 6A10 push 00000010
* Possible
StringData Ref from Data Obj ->"錯誤"
|
:00408C57 680CC24200 push
0042C20C
* Possible
StringData Ref from Data Obj ->"沒有使用者名稱!"
|
:00408C5C 68F0C34200
push 0042C3F0
:00408C61 E983000000
jmp 00408CE9
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408C53(C)
|
:00408C66
8D7C240C lea edi, dword
ptr [esp+0C]
:00408C6A 83C9FF
or ecx, FFFFFFFF
:00408C6D 33C0
xor eax, eax
:00408C6F F2
repnz
:00408C70 AE
scasb
:00408C71
F7D1 not
ecx
:00408C73 49
dec ecx
:00408C74 7512
jne 00408C88
====>填註冊碼了嗎?
:00408C76
8B460C mov eax,
dword ptr [esi+0C]
:00408C79 6A10
push 00000010
*
Possible StringData Ref from Data Obj ->"錯誤"
|
:00408C7B 680CC24200
push 0042C20C
*
Possible StringData Ref from Data Obj ->"沒有註冊碼!"
|
:00408C80 68E0C34200
push 0042C3E0
:00408C85 50
push eax
:00408C86 EB65
jmp 00408CED
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408C74(C)
|
:00408C88
8B8E08010000 mov ecx, dword ptr [esi+00000108]
:00408C8E
E8DD84FFFF call 00401170
:00408C93
84C0 test
al, al
:00408C95 7412
je 00408CA9
====>註冊過了嗎?呵呵,挺逗。
:00408C97
8B4E0C mov ecx,
dword ptr [esi+0C]
:00408C9A 6A40
push 00000040
*
Possible StringData Ref from Data Obj ->"你已經註冊過了。"
|
:00408C9C 6898C34200
push 0042C398
*
Possible StringData Ref from Data Obj ->"你已經註冊過了。"
|
:00408CA1 6898C34200
push 0042C398
:00408CA6 51
push ecx
:00408CA7 EB44
jmp 00408CED
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408C95(C)
|
:00408CA9
8B8E08010000 mov ecx, dword ptr [esi+00000108]
:00408CAF
8D54240C lea edx, dword
ptr [esp+0C]
====>EDX=12345-67890-ABCDE-FGHIJ-KLMNO
:00408CB3
8D44242C lea eax, dword
ptr [esp+2C]
====>EAX=fly
使用者名稱
:00408CB7
52 push
edx
:00408CB8 50
push eax
:00408CB9 E88286FFFF
call 00401340
:00408CBE 8B8E08010000
mov ecx, dword ptr [esi+00000108]
:00408CC4 E8A784FFFF
call 00401170
====>關鍵CALL!進入!
:00408CC9
84C0 test
al, al
:00408CCB 6A40
push 00000040
:00408CCD 7410
je 00408CDF
====>跳則OVER!
:00408CCF 8B4E0C mov ecx, dword ptr [esi+0C]
*
Possible StringData Ref from Data Obj ->"成功"
====>呵呵,勝利女神!
:00408CD2
68D8C34200 push 0042C3D8
*
Possible StringData Ref from Data Obj ->"註冊將在重啟後生效!"
|
:00408CD7 68C0C34200
push 0042C3C0
:00408CDC 51
push ecx
:00408CDD EB0E
jmp 00408CED
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408CCD(C)
|
*
Possible StringData Ref from Data Obj ->"失敗"
|
:00408CDF 68B8C34200
push 0042C3B8
*
Possible StringData Ref from Data Obj ->"非法註冊碼"
====>BAD BOY!
:00408CE4
68ACC34200 push 0042C3AC
―――――――――――――――――――――――――――――――――
進入關鍵CALL:408CC4
call 00401170
*
Referenced by a CALL at Addresses:
|:00403D92 , :00408B93 , :00408C8E
, :00408CC4
…… ……省 略…… ……
:00401223
8A4C2425 mov cl, byte ptr
[esp+25]
:00401227 B02D
mov al, 2D
====>AL=2D
即:-
:00401229
3AC8 cmp
cl, al
====>比較註冊碼第6個字元是否是 -
:0040122B
7572 jne
0040129F
:0040122D 3844242B
cmp byte ptr [esp+2B], al
====>比較註冊碼第12個字元是否是
-
:00401231 756C
jne 0040129F
:00401233
38442431 cmp byte ptr [esp+31],
al
====>比較註冊碼第18個字元是否是 -
:00401237
7566 jne
0040129F
:00401239 38442437
cmp byte ptr [esp+37], al
====>比較註冊碼第24個字元是否是
-
:0040123D 7560
jne 0040129F
:0040123F
33FF xor
edi, edi
:00401241 8D742422
lea esi, dword ptr [esp+22]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401294(C)
|
:00401245
8D4C2418 lea ecx, dword
ptr [esp+18]
:00401249 8D542440
lea edx, dword ptr [esp+40]
====>EDX=fly
:0040124D
51 push
ecx
:0040124E 57
push edi
:0040124F 52
push edx
:00401250 8BCD
mov ecx, ebp
:00401252 E859000000
call 004012B0
====>演算法CALL!進入!
====>下面是逐位比較!有一處不同就OVER了!
:00401257 8A46FE
mov al, byte ptr [esi-02]
====>[esi-02]=12345
:0040125A
8A4C2418 mov cl, byte ptr
[esp+18]
====>[esp+18]=1E9TT
第一個大迴圈得出:1E9TT
第二個大迴圈得出:5GDGG
第三個大迴圈得出:72WW8
第四個大迴圈得出:72WR9
第五個大迴圈得出:11MGG
:0040125E
3AC1 cmp
al, cl
:00401260 753D
jne 0040129F
:00401262 8A4EFF
mov cl, byte ptr [esi-01]
:00401265 8A442419
mov al, byte ptr [esp+19]
:00401269
3AC8 cmp
cl, al
:0040126B 7532
jne 0040129F
:0040126D 8A16
mov dl, byte ptr [esi]
:0040126F 8A44241A
mov al, byte ptr [esp+1A]
:00401273
3AD0 cmp
dl, al
:00401275 7528
jne 0040129F
:00401277 8A4601
mov al, byte ptr [esi+01]
:0040127A 8A4C241B
mov cl, byte ptr [esp+1B]
:0040127E
3AC1 cmp
al, cl
:00401280 751D
jne 0040129F
:00401282 8A4E02
mov cl, byte ptr [esi+02]
:00401285 8A44241C
mov al, byte ptr [esp+1C]
:00401289
3AC8 cmp
cl, al
:0040128B 7512
jne 0040129F
:0040128D 47
inc edi
:0040128E 83C606
add esi, 00000006
:00401291 83FF05
cmp edi, 00000005
:00401294
7CAF jl 00401245
:00401296
5F pop
edi
:00401297 5E
pop esi
:00401298 B001
mov al, 01
====>置1則OK!
:0040129A
5D pop
ebp
:0040129B 83C454
add esp, 00000054
:0040129E C3
ret
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401221(C),
:0040122B(C), :00401231(C), :00401237(C), :0040123D(C)
|:00401260(C), :0040126B(C),
:00401275(C), :00401280(C), :0040128B(C)
|
:0040129F 5F
pop edi
:004012A0 5E
pop
esi
:004012A1 32C0
xor al, al
====>清0則OVER!
:004012A3
5D pop
ebp
:004012A4 83C454
add esp, 00000054
:004012A7 C3
ret
―――――――――――――――――――――――――――――――――
進入演算法CALL:401252 call 004012B0
*
Referenced by a CALL at Address:
|:00401252
|
:004012B0 8B4C2408
mov ecx, dword ptr [esp+08]
:004012B4
8B542404 mov edx, dword
ptr [esp+04]
====>EDX=fly
:004012B8
03D1 add
edx, ecx
:004012BA 83EC0C
sub esp, 0000000C
:004012BD B801000000
mov eax, 00000001
:004012C2 8A0A
mov cl, byte ptr [edx]
====>CL=66
:004012C4
56 push
esi
:004012C5 84C9
test cl, cl
:004012C7 7413
je 004012DC
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004012DA(C)
|
:004012C9
0FBEC9 movsx ecx,
cl
1、 ====>ECX=CL=66
2、
====>ECX=6C
3、 ====>ECX=79
:004012CC
8BF1 mov
esi, ecx
:004012CE 0FAFF1
imul esi, ecx
1、 ====>ESI=66 * 66=28A4
2、 ====>ESI=6C * 6C=2D90
3、
====>ESI=79 * 79=3931
:004012D1
8A4A01 mov cl, byte
ptr [edx+01]
1、 ====>CL=6C
:004012D4
0FAFC6 imul eax,
esi
1、 ====>EAX=01 * 28A4=28A4
2、 ====>EAX=28A4 * 2D90=073BB040
3、
====>EAX=073BB040 * 3931=ACAAFC40
:004012D7
42 inc
edx
:004012D8 84C9
test cl, cl
:004012DA 75ED
jne 004012C9
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004012C7(C)
|
:004012DC
8B74241C mov esi, dword
ptr [esp+1C]
:004012E0 33C9
xor ecx, ecx
:004012E2 8BD6
mov edx, esi
:004012E4 6A24
push 00000024
:004012E6
3517108519 xor eax, 19851017
====>EAX=ACAAFC40 XOR 19851017=B52FEC57
:004012EB
890A mov
dword ptr [edx], ecx
:004012ED 66894A04
mov word ptr [edx+04], cx
:004012F1 8D4C2408
lea ecx, dword ptr [esp+08]
:004012F5
51 push
ecx
:004012F6 50
push eax
:004012F7 E8C70B0200
call 00421EC3
====>又是一個子運算CALL!進入!
:004012FC
8D542410 lea edx, dword
ptr [esp+10]
====>EDX=1e9ttnb
:00401300 52 push edx
* Possible StringData
Ref from Data Obj ->"%.5s"
|
:00401301
681CC14200 push 0042C11C
:00401306
56 push
esi
:00401307 E8BC730100 call
004186C8
====>此CALL將上面所得字元擷取前5位!
====>ESI=1e9tt
:0040130C
83C418 add esp,
00000018
:0040130F 33C9
xor ecx, ecx
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040132F(C)
|
:00401311
8A0431 mov al, byte
ptr [ecx+esi]
:00401314 3C61
cmp al, 61
:00401316 7C0B
jl 00401323
:00401318 3C7A
cmp al, 7A
:0040131A
7F07 jg 00401323
:0040131C
2C20 sub
al, 20
:0040131E 880431
mov byte ptr [ecx+esi], al
:00401321 EB08
jmp 0040132B
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00401316(C),
:0040131A(C)
|
:00401323 84C0
test al, al
:00401325 7504
jne 0040132B
:00401327 C6043130
mov byte ptr [ecx+esi],
30
* Referenced by a
(U)nconditional or (C)onditional Jump at Addresses:
|:00401321(U), :00401325(C)
|
:0040132B
41 inc
ecx
:0040132C 83F905
cmp ecx, 00000005
:0040132F 7CE0
jl 00401311
====>這個小迴圈是將1e9tt中的小寫字母轉換為大寫字母!
====>ESI=1e9tt 轉換為 1E9TT
:00401331
5E pop
esi
:00401332 83C40C
add esp, 0000000C
:00401335 C20C00
ret 000C
―――――――――――――――――――――――――――――――――
進入子運算CALL:004012F7
call 00421EC3
再進入:00421EE0 call 00421E67
*
Referenced by a CALL at Addresses:
|:00421E5A , :00421EE0
|
:00421E67
55 push
ebp
:00421E68 8BEC
mov ebp, esp
:00421E6A 837D1400
cmp dword ptr [ebp+14], 00000000
:00421E6E 8B4D0C
mov ecx, dword ptr [ebp+0C]
:00421E71
53 push
ebx
:00421E72 56
push esi
:00421E73 57
push edi
:00421E74 740B
je 00421E81
:00421E76 8B7508
mov esi, dword ptr
[ebp+08]
:00421E79 C6012D
mov byte ptr [ecx], 2D
:00421E7C 41
inc ecx
:00421E7D F7DE
neg esi
:00421E7F
EB03 jmp
00421E84
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00421E74(C)
|
:00421E81
8B7508 mov esi,
dword ptr [ebp+08]
====>ESI=B52FEC57
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00421E7F(U)
|
:00421E84
8BF9 mov
edi, ecx
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00421EAA(C)
|
:00421E86
8BC6 mov
eax, esi
:00421E88 33D2
xor edx, edx
:00421E8A F77510
div [ebp+10]
====>[ebp+10]=24
1、 ====>EDX=B52FEC57 % 24=0B
2、
====>EDX=0508713B % 24=17
3、
====>EDX=0023CA41 % 24=1D
4、 ====>EDX=0000FE81
% 24=1D
5、 ====>EDX=00000711 %
24=09
6、 ====>EDX=00000032 % 24=0E
7、 ====>EDX=00000001 % 24=01
:00421E8D
8BC6 mov
eax, esi
:00421E8F 8BDA
mov ebx, edx
:00421E91 33D2
xor edx, edx
:00421E93 F77510
div [ebp+10]
1、
====>EAX=B52FEC57 / 24=0508713B
2、
====>EAX=0508713B / 24=0023CA41
3、
====>EAX=0023CA41 / 24=0000FE81
4、
====>EAX=0000FE81 / 24=00000711
5、
====>EAX=00000711 / 24=00000032
6、
====>EAX=00000032 / 24=00000001
7、
====>EAX=00000001 / 24=00000000
:00421E96
83FB09 cmp ebx,
00000009
:00421E99 8BF0
mov esi, eax
====>ESI=EAX
:00421E9B
7605 jbe
00421EA2
:00421E9D 80C357
add bl, 57
1、 ====>BL=0B + 57=62
即字元:b
2、 ====>BL=17 + 57=6E
即字元:n
3、 ====>BL=1D + 57=74
即字元:t
4、 ====>BL=1D + 57=74
即字元:t
6、 ====>BL=0E + 57=65
即字元:e
:00421EA0 EB03 jmp 00421EA5
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00421E9B(C)
|
:00421EA2
80C330 add bl, 30
5、 ====>BL=09 + 30=39 即字元:9
7、 ====>BL=01 + 30=31 即字元:1
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00421EA0(U)
|
:00421EA5
8819 mov
byte ptr [ecx], bl
====>BL 入 [ecx]處
☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆
迴圈結束後[ECX]記憶體中的值:
006DEE3C
62 6E 74 74 39 65 31
bntt9e1
☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆☆
:00421EA7
41 inc
ecx
:00421EA8 85F6
test esi, esi
:00421EAA 77DA
ja 00421E86
====>迴圈!
:00421EAC
802100 and byte
ptr [ecx], 00
:00421EAF 49
dec ecx
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00421EBC(C)
|
:00421EB0
8A17 mov
dl, byte ptr [edi]
:00421EB2 8A01
mov al, byte ptr [ecx]
:00421EB4 8811
mov byte ptr [ecx], dl
:00421EB6
8807 mov
byte ptr [edi], al
:00421EB8 49
dec ecx
:00421EB9 47
inc edi
:00421EBA 3BF9
cmp edi, ecx
:00421EBC
72F2 jb 00421EB0
====>這個小迴圈是將bntt9e1倒序為:1e9ttnb
:00421EBE
5F pop
edi
:00421EBF 5E
pop esi
:00421EC0 5B
pop ebx
:00421EC1 5D
pop ebp
:00421EC2 C3
ret
―――――――――――――――――――――――――――――――――
【完 美 爆 破】:
呵呵,完美爆破很簡單。
004012A1
32C0 xor
al, al
改為: B001
mov al, 01 就OK了!與401298處相映成趣!
―――――――――――――――――――――――――――――――――
【註冊資訊儲存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\SsmI]
"User
Name"=hex:66,6c,79,00,4c,ef,6d,00,80,ef,6d,00,18,02,00,00,37,01,00,00,17,\
03,00,00,fd,01,00,00,8f,03
"Register Code"=hex:31,45,39,54,54,2d,35,47,44,47,47,2d,37,32,57,57,38,2d,37,\
32,57,52,39,2d,31,31,4d,47,47,00
―――――――――――――――――――――――――――――――――
【整 理】:
使用者名稱:fly
註冊碼:1E9TT-5GDGG-72WW8-72WR9-11MGG
―――――――――――――――――――――――――――――――――
Cracked By
巢水工作坊――fly【OCN】
2003-10-10 21:21
相關文章
- 共享軟體中註冊部分的簡單實現(轉)2007-08-15
- 新華社:約會軟體將掀起下一場“社交網路風暴”2014-02-17
- 簡單演算法――飄雪PXQQ
V1.0(Softsentry保護)2015-11-15演算法
- DDD事件風暴研討會備忘單2019-04-23事件
- 企業級軟體市場的暴風雨 CIO須未卜先知2017-01-17
- 檔案管理軟體管理大師演算法簡析!(簡單浮點)2015-11-15演算法
- VNC共享桌面軟體,VNC共享桌面軟體下載!2020-06-04VNC
- Mac極簡軟體清單2019-01-15Mac
- KISS:使重要軟體簡單2010-06-07
- 漫畫|面試風暴2021-09-05面試
- 暴風魔鏡4效果怎麼樣暴風魔鏡4評測2016-07-11
- 事件風暴 vs 事件建模2021-07-22事件
- 暴風科技釋出可升級超體電視2015-12-03
- [原創]簡單分析暴風影音讀取m3u格式檔案漏洞(0day)2010-05-09
- mac檔案管理器軟體2021-10-29Mac
- scoop-軟體包管理器2024-06-10OOP
- choco-軟體包管理器2024-06-10
- 繪製流程圖的簡單軟體2019-10-28流程圖
- 桌布軟體Irvue,換桌布如此簡單2020-12-30Vue
- 簡單分析軟體專案成本管理2022-03-18
- 簡單介紹redux的中介軟體2018-04-05Redux
- 簡單安全的u盤防毒軟體2012-09-10防毒
- Typora:一款極簡風格Markdown寫作軟體2022-05-24
- VM軟體建立共享磁碟2011-08-01
- VNC共享桌面軟體下載,VNC共享桌面軟體下載安裝教程!2020-06-06VNC
- 今天開始頭腦風暴2024-04-26
- 大局事件風暴:尋找差距2024-03-18事件
- 軟體編寫風格2018-10-27
- 軟體工程課程專案“物品復活“軟體開發v1.02024-11-03軟體工程
- MIDI軟體COMPOSER2.0暴破2002-01-14
- 軟體架構風格——倉庫風格2024-03-25架構
- 【記錄】簡單的跨域中介軟體2019-06-20跨域
- 工控機的軟體的簡單介紹2018-09-21
- 簡單好用的截圖軟體Snipaste for mac2023-02-08ASTMac
- websphere6如何簡單部署_中介軟體2013-05-22Web
- 讓辦公軟體簡單消費薦2011-11-28
- 電腦風扇控制軟體有沒有?風扇控制軟體推薦!2023-05-09
- 共享軟體幽默廣告獎 (轉)2007-12-12