|
論壇說明 |
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
|
主題工具 | 顯示模式 |
2003-12-12, 03:31 AM | #1 |
榮譽會員
|
File Shredder 2000破解筆記及註冊算法
破解對像:File Shredder 2000一款不錯的清理工具
工具:trw2000,wd32asm黃金版,fi 程序如下: 用wd32asm反彙編搜尋 String Resource ID=05001: "Software registration was successfully completed. Thank you" 得到: * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00402718(U), :00402724(C) | :0040273F 8B550C mov edx, dword ptr [ebp+0C] :00402742 83C232 add edx, 00000032 :00402745 52 push edx :00402746 8B450C mov eax, dword ptr [ebp+0C] :00402749 50 push eax :0040274A E8613B0000 call 004062B0;計算註冊碼 :0040274F 83C408 add esp, 00000008 :00402752 3985F8FEFFFF cmp dword ptr [ebp+FFFFFEF8], eax;關鍵比較, 在此下斷點可看到註冊碼 :00402758 741B je 00402775; ;正確跳到註冊成功 :0040275A 68CFEA0000 push 0000EACF 下面是註冊碼運算程序: * Referenced by a CALL at Addresses: |:00402479 , :0040270A , :00402731 , :0040274A , :0040518D | :004062B0 8B442404 mov eax, dword ptr [esp+04];輸入的用戶名 :004062B4 56 push esi :004062B5 8B35D4FE4100 mov esi, dword ptr [0041FED4] ;一個常數:95989598 :004062BB 50 push eax :004062BC 81CE78030000 or esi, 00000378 :004062C2 E869020000 call 00406530 ;第一步計算 :004062C7 8B4C2410 mov ecx, dword ptr [esp+10];輸入的公司名 :004062CB 03F0 add esi, eax :004062CD 51 push ecx :004062CE E85D020000 call 00406530 ;第二步計算 :004062D3 83C408 add esp, 00000008 :004062D6 03C6 add eax, esi;eax=註冊碼 :004062D8 5E pop esi :004062D9 C3 ret 下面是整個上面兩個運算註冊碼的程序: * Referenced by a CALL at Addresses: |:004026C4 , :004062C2 , :004062CE | :00406530 51 push ecx :00406531 53 push ebx :00406532 8B5C240C mov ebx, dword ptr [esp+0C] :00406536 56 push esi :00406537 33F6 xor esi, esi :00406539 53 push ebx :0040653A 8974240C mov dword ptr [esp+0C], esi * Reference To: KERNEL32.lstrlenA, Ord:0308h | :0040653E FF15D4414100 Call dword ptr [004141D4] :00406544 85DB test ebx, ebx :00406546 744F je 00406597 :00406548 85C0 test eax, eax :0040654A 744B je 00406597 :0040654C 33D2 xor edx, edx :0040654E 85C0 test eax, eax :00406550 7E45 jle 00406597 :00406552 55 push ebp :00406553 57 push edi * Possible StringData Ref from Data Obj ->"|b!pz*ls;rn|lf$vi^Axpe)rx5aic&9/2m5lsi4@0dmZw9" ->"4cmqpfhw" | :00406554 BE24774100 mov esi, 00417724 :00406559 BF01000000 mov edi, 00000001 :0040655E 2BF3 sub esi, ebx :00406560 8BCB mov ecx, ebx :00406562 2BFB sub edi, ebx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040658D(C) | :00406564 0FBE1C0E movsx ebx, byte ptr [esi+ecx];系統給定的一串字母就在上面 :00406568 0FBEAC10EC764100 movsx ebp, byte ptr [eax+edx+004176EC];系統給定的一串字母 :00406570 0FAFDD imul ebx, ebp :00406573 8D2C0F lea ebp, dword ptr [edi+ecx];ebp=第幾次循環 :00406576 0FAFDD imul ebx, ebp :00406579 0FBE29 movsx ebp, byte ptr [ecx];你輸入的姓名或公司名 的ASCII碼值按字元取 :0040657C 0FAFDD imul ebx, ebp :0040657F 8B6C2410 mov ebp, dword ptr [esp+10] :00406583 03EB add ebp, ebx;累加直到結束 :00406585 42 inc edx :00406586 41 inc ecx :00406587 3BD0 cmp edx, eax :00406589 896C2410 mov dword ptr [esp+10], ebp :0040658D 7CD5 jl 00406564 :0040658F 8BC5 mov eax, ebp :00406591 5F pop edi :00406592 5D pop ebp :00406593 5E pop esi :00406594 5B pop ebx :00406595 59 pop ecx :00406596 C3 ret 以上算法總結如下,並附VB6程序一個供參考。 這是乘數集合: #serB&nz|mfM1/5(!sd$Mq.{s]+sFjtKpzSdtzoXqmb^Al@dv:s?x/ 這是被乘數集合: |b!pz*ls;rn|lf$vi^Axpe)rx5aic&9/2m5lsi4@0dmZw94cmqpfhw 算法如下: 先計算姓名的位數i,然後用被乘數*乘數(開始的是乘數的第i位)再乘以 第幾次循環再乘以姓名的ASCII碼,進行累加。 計算結束加上一個常量a=959897f8 然後計算公司名的位數j,用同樣的運算方法 最後都加到a上即可! vb6程序 Dim beichengshu As String Dim chengshu As String Dim mima Dim xingming As String Dim gongsiming As String Dim c Private Sub Command1_Click() a = Len(Text1.Text) b = Len(Text2.Text) If a Or b = "" Then MsgBox "請輸入你的姓名和公司名", vbOKOnly End If xingming = Text1.Text gongsiming = Text2.Text For i = 1 To a c = Asc(Mid$(beichengshu, i, 1)) * Asc(Mid$(chengshu, i + a, 1)) * i * Asc(Mid$(xingming, i, 1)) mima = mima + c Next i mima = mima + 2509805560# For i = 1 To b c = Asc(Mid$(beichengshu, i, 1)) * Asc(Mid$(chengshu, i + b, 1)) * i * Asc(Mid$(gongsiming, i, 1)) mima = mima + c Next i Text3.Text = mima End Sub Private Sub Command2_Click() Unload Me End End Sub Private Sub Form_Load() mima = 0 beichengshu = "|b!pz*ls;rn|lf$vi^Axpe)rx5aic&9/2m5lsi4@0dmZw94cmqpfhw" chengshu = "#serB&nz|mfM1/5(!sd$Mq.{s]+sFjtKpzSdtzoXqmb^Al@dv:s?x/" End Sub 以上程序經過VB6偵錯 |
送花文章: 3,
|