* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00489017(C)
|
:00488FE5 8B45F4 mov eax, dword ptr [ebp-0C]
:00488FE8 8A4418FF mov al, byte ptr [eax+ebx-01]
:00488FEC 3C30 cmp al, 30
:00488FEE 7225 jb 00489015
:00488FF0 8B55F4 mov edx, dword ptr [ebp-0C]
:00488FF3 3C39 cmp al, 39
:00488FF5 771E ja 00489015
:00488FF7 8D45EC lea eax, dword ptr [ebp-14]
:00488FFA 50 push eax
:00488FFB B901000000 mov ecx, 00000001
:00489000 8BD3 mov edx, ebx
:00489002 8B45F4 mov eax, dword ptr [ebp-0C]
:00489005 E88AAEF7FF call 00403E94
:0048900A 8B55EC mov edx, dword ptr [ebp-14]
:0048900D 8D45F8 lea eax, dword ptr [ebp-08]
:00489010 E883ACF7FF call 00403C98
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00488FEE(C), :00488FF5(C)
|
:00489015 43 inc ebx
:00489016 4E dec esi
:00489017 75CC jne 00488FE5
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00488FE0(C)
|
:00489019 8D55F0 lea edx, dword ptr [ebp-10]
:0048901C 8B45FC mov eax, dword ptr [ebp-04]
:0048901F 8B80E0020000 mov eax, dword ptr [eax+000002E0]
:00489025 E8065CFAFF call 0042EC30
:0048902A 8B45F0 mov eax, dword ptr [ebp-10]
:0048902D 8D55EC lea edx, dword ptr [ebp-14]
:00489030 E83BFEFFFF call 00488E70-------------------------->算法关键CALL
:00489035 8B45EC mov eax, dword ptr [ebp-14]------------>错误的注册码
:00489038 8B55F8 mov edx, dword ptr [ebp-08]------------>正确的注册码
:0048903B E860ADF7FF call 00403DA0-------------------------->比较
:00489040 0F8556010000 jne 0048919C--------------------------->不跳就成功
* Possible StringData Ref from Code Obj ->"注册成功!请重新启动浪漫情书……"
==================================================================================
F8进入算法关键CALL................
:00488E7E 8BF2 mov esi, edx
:00488E80 8945FC mov dword ptr [ebp-04], eax
:00488E83 8B45FC mov eax, dword ptr [ebp-04]
:00488E86 E8B9AFF7FF call 00403E44
:00488E8B 33C0 xor eax, eax
:00488E8D 55 push ebp
:00488E8E 68118F4800 push 00488F11
:00488E93 64FF30 push dword ptr fs:[eax]
:00488E96 648920 mov dword ptr fs:[eax], esp
:00488E99 33DB xor ebx, ebx
:00488E9B 8D55F8 lea edx, dword ptr [ebp-08]
:00488E9E A1E4784A00 mov eax, dword ptr [004A78E4]
:00488EA3 8B00 mov eax, dword ptr [eax]
:00488EA5 E8D2D70000 call 0049667C
:00488EAA 8B55F8 mov edx, dword ptr [ebp-08]------------>EDX=‘502057’
:00488EAD 8D45FC lea eax, dword ptr [ebp-04]------------>
:00488EB0 8B4DFC mov ecx, dword ptr [ebp-04]------------>ECX='powerboy'
:00488EB3 E824AEF7FF call 00403CDC-------------------------->将EDX和ECX叠加
:00488EB8 8B45FC mov eax, dword ptr[ebp-04]------------->EAX="EDX+ECX"
:00488EBB E8D0ADF7FF call 00403C90 生成新字符串N为'502057powerboy'
:00488EC0 8BD0 mov edx, eax
:00488EC2 85D2 test edx, edx
:00488EC4 7C17 jl 00488EDD
:00488EC6 42 inc edx
:00488EC7 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00488EDB(C)
|
:00488EC9 8B4DFC mov ecx, dword ptr [ebp-04]----------->ECX='N'
:00488ECC 0FB64C01FF movzx ecx, byte ptr [ecx+eax-01]------>ECX取'N'的每一位
:00488ED1 8D7803 lea edi, dword ptr [eax+03]----------->EDI=EAX+3
:00488ED4 0FAFCF imul ecx, edi------------------------->ECX=ECX*EDI
:00488ED7 03D9 add ebx, ecx-------------------------->EBX=EBX+ECX
:00488ED9 40 inc eax------------------------------->EAX=EAX+1
:00488EDA 4A dec edx------------------------------->EDX=EDX-1
:00488EDB 75EC jne 00488EC9-------------------------->不为0则循环
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00488EC4(C)
|
:00488EDD 8BC3 mov eax, ebx-------------------------->EAX=EBX
:00488EDF 99 cdq----------------------------------->EDX=0
:00488EE0 33C2 xor eax, edx-------------------------->EAX=EAX XOR EDX
:00488EE2 2BC2 sub eax, edx-------------------------->EAX=EAX - EDX
:00488EE4 69C0C9430000 imul eax, 000043C9-------------------->EAX=EAX*&H43C9
:00488EEA 05BBEF9505 add eax, 0595EFBB--------------------->EAX=EAX+&H595EFBB
:00488EEF 8BD6 mov edx, esi
:00488EF1 E80AF0F7FF call 00407F00
:00488EF6 33C0 xor eax, eax
:00488EF8 5A pop edx
:00488EF9 59 pop ecx
:00488EFA 59 pop ecx
:00488EFB 648910 mov dword ptr fs:[eax], edx
:00488EFE 68188F4800 push 00488F18
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00488F16(U)
|
:00488F03 8D45F8 lea eax, dword ptr [ebp-08]
:00488F06 BA02000000 mov edx, 00000002
:00488F0B E828ABF7FF call 00403A38
:00488F10 C3 ret
=============================================
算法整理:
1.软件自产生一个机器码A;
2.我们输入一个用户名B;
3.将A与B顺序相加生成C
4.ECX=取C的每位ASCII码;初始值:EAX=1,EBX=0,EDX=C的长度;
EDI=EAX+3
ECX=ECX*EDI
EBX=EBX+ECX
EAX=EAX+1
EDX=EDX-1
当EDX=0时就结束循环
这样就得到一个EBX值;
5.EAX=EBX
EAX=EAX*&H43C9
EAX=EAX+&H595EFBB
6.将EAX转换成十进制数;
=============================================
以我的机器码与用户名为例:
机器码:502057 用户名:powerboy
ECX= 35 30 32 30 35 37 70 6F 77 65 72 62 6F 79
EDI= 4 5 6 7 8 9 A B C D E F 10 11
ECX= D4 F0 12C 150 1A8 1EF 460 4C5 594 521 63C 5BE 6F0 809
EBX= D4 1C4 2F0 440 5E8 707 C37 10FC 1690 1BB1 21ED 27AB 2E9B 36A4
EAX= 2 3 4 5 6 7 8 9 A B C D E F
EAX=EBX=&H36A4
EAX=EAX*&H43C9=&HE77D2C4
EAX=EAX+&H595EFBB=&H140DC27F
将&H140DC27F变成十进制为:336446079
=============================================
结束收工!!!!!!!!!!
由于写的仓促,分析的不是很细请大家原谅!!
只作技术研究,不要向外部发布!!!谢谢!!
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据
人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>