史萊姆論壇

返回   史萊姆論壇 > 教學文件資料庫 > Hacker/Cracker 及加解密技術文件
忘記密碼?
論壇說明 標記討論區已讀

歡迎您來到『史萊姆論壇』 ^___^

您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的!

請點擊這裡:『註冊成為我們的一份子!』

Google 提供的廣告


 
 
主題工具 顯示模式
舊 2003-12-12, 01:00 PM   #1
psac
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設 書香XX 算法分析 + 無註冊機

書香門第 V1.30 Build 1732

軟體大小: 720 KB
軟體語言: 簡體中文
軟體類別: 大陸開發軟體 / 共享版 / 電子閱讀
套用平台: Win9x/NT/2000/XP
界面預覽:
加入時間: 2003-09-30 09:47:24
下載次數: 12748
推薦等級: ***

聯 系 人: gentlebreeze@vip.163.com
開 發 商: http://www.gentle-breeze.com/

軟體介紹:
《書香門第》是一款適合於真正讀書迷的電子小說、文本閱讀軟體,它外表並不花哨,但對於長時間、大量閱讀的讀書迷,卻最舒適、體貼、細緻,因為它具有十二個鮮明特點:1. 多達27種各種質感的視窗背景、頁面背景可供選項,總共超過700種背景組合,為讀書迷提供最高舒適度和最大程度的視力保護。2. 強大、智能化的自動排版功能,並可以隨意設定字體大小、顏色、行距、標題行。3. 極其高速的排版速度:目前主流電腦上排版速度超過一萬頁/秒,所以通常你根本無法感覺到排版程序。
4. 高速的DirectDraw圖形引擎,翻頁尋跡流暢自如。5.附帶的html轉換、合成工具能夠迅速依次將一批html文件轉換且合併為一個大的文本文件,方便閱讀。6.寬廣的平台適用性:從486/win95到最新P4/XP都能從容應對。7.體貼的左手鍵操作,使你從此擺脫長期右手操作滑鼠、鍵盤帶來的疲勞。8.與頁面字數成正比的自動翻頁間隔,自然優於呆板的類BIOS翻頁間隔。9.可以選項使用視窗模式(尋跡方便)或全螢幕幕模式(閱讀效果更好)。10.全書遍歷/測試功能,保護你的電腦,節約能源。11.搜尋功能方便讀者在書中搜尋。12. 具有強於word和IE的漢字亂碼糾錯功能。

下載位址: http://www.skycn.com/soft/9090.html

輸入一個EMAIL和一個註冊碼(必須是24位,見下),用一般方法很容易找到這裡:

:00403A3B 6A20 push 00000020
:00403A3D 57 push edi <--輸入的EMAIL
:00403A3E 8BCD mov ecx, ebp
:00403A40 E881770100 call 0041B1C6 <--得到長度
:00403A45 8D9E00010000 lea ebx, dword ptr [esi+00000100]
:00403A4B 6A20 push 00000020
:00403A4D 68202C4500 push 00452C20 <--假碼
:00403A52 8BCB mov ecx, ebx
:00403A54 A300204500 mov dword ptr [00452000], eax <--先把EMAIL長度存起來
:00403A59 E868770100 call 0041B1C6 <--得到長度
:00403A5E 83F818 cmp eax, 00000018
:00403A61 0F85C0000000 jne 00403B27 <--長度必須為18h
:00403A67 A100204500 mov eax, dword ptr [00452000] <--讀出EMAIL長度
:00403A6C 83F804 cmp eax, 00000004
:00403A6F 0F8CB2000000 jl 00403B27 <--EMAIL長度不小於4
:00403A75 8364241000 and dword ptr [esp+10], 00000000
:00403A7A EB05 jmp 00403A81

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403A9F(C)
|
:00403A7C A100204500 mov eax, dword ptr [00452000]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403A7A(U)
|
:00403A81 50 push eax
:00403A82 0FAF442414 imul eax, dword ptr [esp+14]
:00403A87 05402C4500 add eax, 00452C40
:00403A8C 57 push edi
:00403A8D 50 push eax
:00403A8E E8BD570000 call 00409250 <--把[EDI]處的記憶體寫入[eax]
:00403A93 83C40C add esp, 0000000C
:00403A96 FF442410 inc [esp+10]
:00403A9A 837C241040 cmp dword ptr [esp+10], 00000040
:00403A9F 7CDB jl 00403A7C <--把EMAIL重寫40次??作者在和我兜圈子?
:00403AA1 BF20244500 mov edi, 00452420

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403ABF(C)
|
:00403AA6 6A20 push 00000020
:00403AA8 68202C4500 push 00452C20
:00403AAD 57 push edi
:00403AAE E89D570000 call 00409250
:00403AB3 83C720 add edi, 00000020
:00403AB6 83C40C add esp, 0000000C
:00403AB9 81FF202C4500 cmp edi, 00452C20
:00403ABF 7CE5 jl 00403AA6 <--又把假碼重寫40次 *_*
:00403AC1 33FF xor edi, edi
:00403AC3 57 push edi
:00403AC4 57 push edi
:00403AC5 6801150000 push 00001501
:00403ACA FF761C push [esi+1C]

* Reference To: USER32.SendMessageA, Ord:0214h
|
:00403ACD FF15F0544200 Call dword ptr [004254F0]
:00403AD3 80BEC000000000 cmp byte ptr [esi+000000C0], 00 <--重要標誌
:00403ADA 742F je 00403B0B <--這裡修改為JNE就成功了

* Possible StringData Ref from Data Obj ->" --------- 祝賀你! ---------- "
->"

你已經成為了《書香門第》註冊用戶!"
|
:00403ADC 6828D74200 push 0042D728
:00403AE1 893DC83E4500 mov dword ptr [00453EC8], edi
:00403AE7 E8AC220000 call 00405D98

看上去似乎沒什麼時候難的,很傳統的判斷,一個CALL,然後CMP,JE,可是跟進CALL一看,卻是系統的USER32.DLL,
百思不得其解,其它地方也找不到什麼判斷.怎麼辦呢??考慮N分鐘後決定用BPM試一下.不是比較[ESI+C0]處是否為0嗎,如果判斷註冊的話肯定要像這裡寫上0或者其它什麼東西.我們就看看程序什麼時候在這裡寫了東西.

下指令: BPM ESI+C0 中斷在下面:

:00403B4D 817C240401150000 cmp dword ptr [esp+04], 00001501
:00403B55 56 push esi
:00403B56 8BF1 mov esi, ecx
:00403B58 750B jne 00403B65
:00403B5A E81D000000 call 00403B7C <--很明顯是關鍵的CALL
:00403B5F 8886C0000000 mov byte ptr [esi+000000C0], al <--呵呵,中斷在這裡

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403B58(C)
|
:00403B65 FF742410 push [esp+10]
:00403B69 8BCE mov ecx, esi
:00403B6B FF742410 push [esp+10]
:00403B6F FF742410 push [esp+10]
:00403B73 E8B7540100 call 0041902F
:00403B78 5E pop esi
:00403B79 C20C00 ret 000C

跟進403B5A處的關鍵CALL:

* Referenced by a CALL at Addresses:
|:004017E2 , :00402135 , :004030B9 , :00403B5A , :00404DA0
|
:00403B7C 55 push ebp
:00403B7D 8BEC mov ebp, esp
:00403B7F 81EC00010000 sub esp, 00000100
:00403B85 56 push esi
:00403B86 6A20 push 00000020
:00403B88 E8DE5B0000 call 0040976B
:00403B8D 6A40 push 00000040
:00403B8F BE20234500 mov esi, 00452320
:00403B94 99 cdq
:00403B95 59 pop ecx
:00403B96 F7F9 idiv ecx
:00403B98 C1E205 shl edx, 05
:00403B9B 81C220244500 add edx, 00452420
:00403BA1 52 push edx
:00403BA2 56 push esi
:00403BA3 E8A8560000 call 00409250
:00403BA8 68FF000000 push 000000FF
:00403BAD 8D8500FFFFFF lea eax, dword ptr [ebp+FFFFFF00]
:00403BB3 6A00 push 00000000
:00403BB5 50 push eax
:00403BB6 E8555A0000 call 00409610
:00403BBB 83C418 add esp, 00000018
:00403BBE FF3500204500 push dword ptr [00452000]
:00403BC4 E8A25B0000 call 0040976B
:00403BC9 6A40 push 00000040
:00403BCB 99 cdq
:00403BCC 59 pop ecx
:00403BCD F7F9 idiv ecx
:00403BCF 8D8500FFFFFF lea eax, dword ptr [ebp+FFFFFF00]
:00403BD5 0FAF1500204500 imul edx, dword ptr [00452000]
:00403BDC 81C2402C4500 add edx, 00452C40
:00403BE2 52 push edx
:00403BE3 50 push eax
:00403BE4 E867560000 call 00409250
:00403BE9 6A0C push 0000000C
:00403BEB 56 push esi
:00403BEC 68A0224500 push 004522A0
:00403BF1 E85A560000 call 00409250
:00403BF6 6A0C push 0000000C
:00403BF8 682C234500 push 0045232C
:00403BFD 6820224500 push 00452220
:00403C02 E849560000 call 00409250
:00403C07 A100204500 mov eax, dword ptr [00452000]
:00403C0C 80252C22450000 and byte ptr [0045222C], 00
:00403C13 8025AC22450000 and byte ptr [004522AC], 00
:00403C1A 83C424 add esp, 00000024
:00403C1D 33D2 xor edx, edx
:00403C1F 85C0 test eax, eax
:00403C21 7E2E jle 00403C51
:00403C23 53 push ebx
:00403C24 57 push edi
:00403C25 8D58FF lea ebx, dword ptr [eax-01]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403C4D(C)
|
:00403C28 8DBC1500FFFFFF lea edi, dword ptr [ebp+edx-00000100]
:00403C2F 8A0F mov cl, byte ptr [edi] <-依次取EMAIL的字串
:00403C31 80F940 cmp cl, 40
:00403C34 7405 je 00403C3B <--是否為'@'
:00403C36 80F92E cmp cl, 2E
:00403C39 750F jne 00403C4A<--是否為'.'

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403C34(C)
|
:00403C3B 3BD3 cmp edx, ebx
:00403C3D 7D09 jge 00403C48
:00403C3F 8BCB mov ecx, ebx
:00403C41 8D7701 lea esi, dword ptr [edi+01]
:00403C44 2BCA sub ecx, edx
:00403C46 F3 repz
:00403C47 A4 movsb

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403C3D(C)
|
:00403C48 48 dec eax
:00403C49 4B dec ebx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403C39(C)
|
:00403C4A 42 inc edx
:00403C4B 3BD0 cmp edx, eax
:00403C4D 7CD9 jl 00403C28 <--上面的一段是對EMAIL的處理,去掉@,在後面補齊等
:00403C4F 5F pop edi
:00403C50 5B pop ebx

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403C21(C)
|
:00403C51 83F80C cmp eax, 0000000C
:00403C54 5E pop esi
:00403C55 7D18 jge 00403C6F
:00403C57 6A0C push 0000000C
:00403C59 59 pop ecx
:00403C5A 2BC8 sub ecx, eax
:00403C5C 8D840500FFFFFF lea eax, dword ptr [ebp+eax-00000100]
:00403C63 51 push ecx
:00403C64 6A30 push 00000030
:00403C66 50 push eax
:00403C67 E8A4590000 call 00409610
:00403C6C 83C40C add esp, 0000000C

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403C55(C)
|
:00403C6F 80A50CFFFFFF00 and byte ptr [ebp+FFFFFF0C], 00
:00403C76 E847000000 call 00403CC2 <--關鍵的CALL
:00403C7B 6A0C push 0000000C
:00403C7D 8D8500FFFFFF lea eax, dword ptr [ebp+FFFFFF00]
:00403C83 68A0234500 push 004523A0
:00403C88 50 push eax
:00403C89 E8D2600000 call 00409D60 <--這裡就是比較了
:00403C8E 83C40C add esp, 0000000C
:00403C91 85C0 test eax, eax
:00403C93 751B jne 00403CB0
:00403C95 2005FB1C4500 and byte ptr [00451CFB], al
:00403C9B 2005FA1C4500 and byte ptr [00451CFA], al
:00403CA1 2005F91C4500 and byte ptr [00451CF9], al
:00403CA7 2005F81C4500 and byte ptr [00451CF8], al
:00403CAD 40 inc eax
:00403CAE C9 leave
:00403CAF C3 ret

進入403C89處的CALL:

* Referenced by a CALL at Addresses:
|:00403C76 , :004044A5
|
:00403CC2 6A0C push 0000000C
:00403CC4 E802000000 call 00403CCB <--進入
:00403CC9 59 pop ecx
:00403CCA C3 ret

* Referenced by a CALL at Address:
|:00403CC4
|
:00403CCB 56 push esi
:00403CCC 8B742408 mov esi, dword ptr [esp+08]
:00403CD0 33C9 xor ecx, ecx
:00403CD2 57 push edi
:00403CD3 85F6 test esi, esi
:00403CD5 7E20 jle 00403CF7

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403CF5(C) <--第一處循環計算
|
:00403CD7 8D0431 lea eax, dword ptr [ecx+esi]
:00403CDA 6A09 push 00000009
:00403CDC 99 cdq
:00403CDD 5F pop edi
:00403CDE F7FF idiv edi
:00403CE0 B008 mov al, 08
:00403CE2 2AC2 sub al, dl
:00403CE4 88144D20234500 mov byte ptr [2*ecx+00452320], dl
:00403CEB 88044D21234500 mov byte ptr [2*ecx+00452321], al
:00403CF2 41 inc ecx
:00403CF3 3BCE cmp ecx, esi
:00403CF5 7CE0 jl 00403CD7 <--上面的計算挺熱鬧,但結果都是常數,所以只要知道結果就行了

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403CD5(C)
|
:00403CF7 8024752023450000 and byte ptr [2*esi+00452320], 00
:00403CFF 53 push ebx
:00403D00 55 push ebp
:00403D01 8DBE20234500 lea edi, dword ptr [esi+00452320]
:00403D07 56 push esi
:00403D08 BD20214500 mov ebp, 00452120
:00403D0D 57 push edi
:00403D0E 55 push ebp
:00403D0F E83C550000 call 00409250
:00403D14 BB20234500 mov ebx, 00452320
:00403D19 56 push esi
:00403D1A 53 push ebx
:00403D1B 57 push edi
:00403D1C E82F550000 call 00409250
:00403D21 56 push esi
:00403D22 55 push ebp
:00403D23 53 push ebx
:00403D24 E827550000 call 00409250 <--頻繁使用這個CALL(上面提到過),目的是把上面的計算結果前半段和後半段對調一下
:00403D29 83C424 add esp, 00000024
:00403D2C 33DB xor ebx, ebx
:00403D2E 85F6 test esi, esi
:00403D30 7E51 jle 00403D83

計算至此後記憶體中的情況:[00452320]
__________________________________________________________________

016F:00452320 00 08 01 07 02 06 03 05-04 04 05 03 03 05 04 04
016F:00452330 05 03 06 02 07 01 08 00-00 00 00 00 00 00 00 00
__________________________________________________________________

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403D81(C) <--第二處循環計算
|
:00403D32 8AC3 mov al, bl
:00403D34 8A8BA0224500 mov cl, byte ptr [ebx+004522A0] <-依次取出假碼前半段的字串ch1
:00403D3A FEC0 inc al
:00403D3C 8A9320224500 mov dl, byte ptr [ebx+00452220] <-依次取出假碼後半段的字串ch2
:00403D42 F6EB imul bl <-ch1=ch1*循環變數N (由0遞增)
:00403D44 8D3C1B lea edi, dword ptr [ebx+ebx]
:00403D47 FEC0 inc al
:00403D49 240F and al, 0F
:00403D4B 2A8F20234500 sub cl, byte ptr [edi+00452320]<-ch1=ch1-從[452320]處依次取的值
:00403D51 2A9721234500 sub dl, byte ptr [edi+00452321]<-ch2=ch2-從[452320]處倣傚取的值
:00403D57 A218214500 mov byte ptr [00452118], al
:00403D5C 80E941 sub cl, 41 <-ch1=ch1-41
:00403D5F 80EA41 sub dl, 41 <-ch2=ch2-41
:00403D62 32C8 xor cl, al <-ch1=ch1 xor 循環變數N
:00403D64 32D0 xor dl, al <-ch2=ch2 xor 循環變數N
:00403D66 888BA0224500 mov byte ptr [ebx+004522A0], cl
:00403D6C 889320224500 mov byte ptr [ebx+00452220], dl <-把結果寫在[4522A0]
:00403D72 43 inc ebx
:00403D73 888F20214500 mov byte ptr [edi+00452120], cl
:00403D79 3BDE cmp ebx, esi
:00403D7B 889721214500 mov byte ptr [edi+00452121], dl <-再寫在[452120]
:00403D81 7CAF jl 00403D32

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403D30(C)
|
:00403D83 56 pus
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403D30(C)
|
:00403D83 56 push esi
:00403D84 55 push ebp
:00403D85 6820224500 push 00452220
:00403D8A E8C1540000 call 00409250
:00403D8F 8DBE20214500 lea edi, dword ptr [esi+00452120]
:00403D95 56 push esi
:00403D96 BBA0224500 mov ebx, 004522A0
:00403D9B 57 push edi
:00403D9C 53 push ebx
:00403D9D E8AE540000 call 00409250
:00403DA2 56 push esi
:00403DA3 53 push ebx
:00403DA4 55 push ebp
:00403DA5 E8A6540000 call 00409250
:00403DAA 56 push esi
:00403DAB 6820224500 push 00452220
:00403DB0 57 push edi
:00403DB1 E89A540000 call 00409250 <--又是同樣的方法把前半段ch1和後半段ch2再調換
:00403DB6 83C430 add esp, 00000030
:00403DB9 33C0 xor eax, eax
:00403DBB 85F6 test esi, esi
:00403DBD 5D pop ebp
:00403DBE 5B pop ebx
:00403DBF 7E1C jle 00403DDD

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403DDB(C) <--第三處循環計算
|
:00403DC1 8A0C4521214500 mov cl, byte ptr [2*eax+00452121] <--從[452120]處每次取兩個值
:00403DC8 C0E104 shl cl, 04 即第二次計算的結果,把後一值
:00403DCB 0A0C4520214500 or cl, byte ptr [2*eax+00452120] 左移四位後與前值進行OR運算,
:00403DD2 40 inc eax 結果寫在[4523A0]
:00403DD3 3BC6 cmp eax, esi
:00403DD5 88889F234500 mov byte ptr [eax+0045239F], cl
:00403DDB 7CE4 jl 00403DC1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403DBF(C)
|
:00403DDD 80A6A023450000 and byte ptr [esi+004523A0], 00
:00403DE4 5F pop edi
:00403DE5 5E pop esi
:00403DE6 C3 ret

進行比較的那個CALL我就不寫了(因為這篇文章太長了),但它好像只比較前四位,也就是說只要你的EMAIL前四位與[4523A0]處的結果一致就可以.可我隨意填的假碼經反算後根本不是可顯示字串,要想寫出註冊機必須把算法逆回去,我想了好半天也不知道這個算法怎樣逆運算,看著清清楚楚的程式碼就是寫不出註冊機,痛苦中.....

哪位大哥幫我分析一下,我的數學太爛了...
程序判斷註冊的思路:

1.先將EMAIL中的'@','.'字串去掉,如果小於12個字串就在後面補'0'.然後把前六位和後六位顛倒過來.

2.取註冊碼(24位)按下表計算: (假設輸入的是ABCDEFGHIJKLMNOPQRSTUVWX)

+----+---+---+---+---+---+---+---+---+---+---+---+---+
|假碼| A | B | C | D | E | F | G | H | I | J | K | L |
|Num | 0 | 1 | 2 | 3 | 4 | 5 | 3 | 4 | 5 | 6 | 7 | 8 |
+----+---+---+---+---+---+---+---+---+---+---+---+---+
|假碼| M | N | O | P | Q | R | S | T | U | V | W | X |
|Num | 8 | 7 | 6 | 5 | 4 | 3 | 5 | 4 | 3 | 2 | 1 | 0 |
+----+---+---+---+---+---+---+---+---+---+---+---+---+
|Nxor| 1 | 3 | 7 | D | 5 | F | B | 9 | 9 | B | F | 5 |
+----+---+---+---+---+---+---+---+---+---+---+---+---+

其中第N列的Nxor值計算方法是((N-1)*N+1) mod 10h

判斷時將每列上一格裡的(註冊碼-Num-41h) xor 該格對應列的Nxor值,記結果為S1,用同樣方法算出該列下一格的值S2,計算(S2 SHR 4) OR S1. 12列的結果組成的字串如果和EMAIL經處理後的字串一致就成功.

因為程序將註冊碼反算,所以註冊機要求它的逆運算.逆運算的關鍵是如何把EMAIL中的一個值拆分成S1和S2,因為這個逆運算產生的結果不惟一,但要保證計算出的註冊碼是可顯示字串.不妨把一個兩位的十六進位值拆成高位和低位元.如字母'R'=52h,可拆成S1=2,S2=5,這樣計算出來的註冊碼在'A'-'X'之間,完全符合要求.

註冊機: (Borland Pascal 7.0)

Program CrackZbook;
var fmail,mail,code,temp:string;
p,p1,s1,s2,s :integer;
Num:array[1..24] of integer;
Nxor:array[1..12] of integer;
begin
Num[1]:=0; Num[2]:=1; Num[3]:=2; Num[4]:=3;
Num[5]:=4; Num[6]:=5; Num[7]:=3; Num[8]:=4;
Num[9]:=5; Num[10]:=6; Num[11]:=7; Num[12]:=8;
Num[13]:=8; Num[14]:=7; Num[15]:=6; Num[16]:=5;
Num[17]:=4; Num[18]:=3; Num[19]:=5; Num[20]:=4;
Num[21]:=3; Num[22]:=2; Num[23]:=1; Num[24]:=0;
Nxor[1]:=1;Nxor[2]:=3;Nxor[3]:=7;Nxor[4]:=13;
Nxor[5]:=5;Nxor[6]:=15;Nxor[7]:=11;Nxor[8]:=9;
Nxor[9]:=9;Nxor[10]:=11;Nxor[11]:=15;Nxor[12]:=5; //啟始化計算表
p1:=1;
repeat
write('Please input your Email:');
readln(fmail);
until length(fmail)>=4;
for p:=1 to length(fmail) do
if (fmail[p]<>'.') and (fmail[p]<>'@') then
begin
mail[p1]:=fmail[p];
inc(p1);
end;
for p:=p1 to 12 do mail[p]:='0';
for p:=1 to 6 do temp[p]:=mail[p];
for p:=7 to 12 do mail[p-6]:=mail[p];
for p:=7 to 12 do mail[p]:=temp[p-6]; //對EMAIL的處理
for p:=1 to 12 do
begin
s:=ord(mail[p]);
s1:=s mod 16;
s2:=s div 16;
s1:=s1 xor Nxor[p];
s2:=s2 xor Nxor[p];
s1:=s1+$41+Num[p];
s2:=s2+$41+Num[p+12];
code[p]:=chr(s1);
code[p+12]:=chr(s2);
end;
for p:=1 to 24 do write(code[p]);
writeln;
writeln('Crack by RoBa Thank you');
end.

一個可用的註冊碼:

EMAIL: RoBa
CODE : BEJQJUMKQQWNKHKTKPTTQPNG
psac 目前離線  
送花文章: 3, 收花文章: 1630 篇, 收花: 3204 次
 


主題工具
顯示模式

發表規則
不可以發文
不可以回覆主題
不可以上傳附加檔案
不可以編輯您的文章

論壇啟用 BB 語法
論壇啟用 表情符號
論壇啟用 [IMG] 語法
論壇禁用 HTML 語法
Trackbacks are 禁用
Pingbacks are 禁用
Refbacks are 禁用


所有時間均為台北時間。現在的時間是 06:29 PM


Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2020, Jelsoft Enterprises Ltd.


SEO by vBSEO 3.6.1