一个InstallShield的安装序列号破解,注册算法没看懂,请大虾们帮忙分析一下
用sid 1.0增强版 反汇编后,找到序列号开始的算法
@00008C68 开始的,本人算法实在太差,转了几圈就晕了,哪位大侠帮忙看看,或是修改哪条指令可以直接跳过序列号判断
我已经把文件传到网盘上去了,哪位高人帮忙研究下吧
http://pickup.mofile.com/2770005845292704
或
http://sv006d.mofile.com/2770005845292704/RGlzazIvNDAvNDAzNDM3NzA5Ni8zLzM2MzQxOTE3MjU1ODI4Ng../setup.rar
多谢楼下朋友们关注,有兴趣的点这里下载吧 setup.rar下图是序列号输入对话框,随便填后下一步会有如图中的出错提示
序列号好像有长度或是格式要求,没分析出是几位
激活码是xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx格式的“-”号输入界面上已经有了
附一小段代码
@00008C68 begin
@00008C71:0006 local_string7 = "Dlg_ActivationKey";
@00008C8C:000D local_number9 = (global_number16 = 2);
@00008C9B:0004 if(local_number9) then // ref index: 1
@00008CA7:0021 SdMakeName(global_string3, local_string7, local_string1, local_number4);
@00008CB9:0021 SilentReadData(global_string3, "ProductCode", 1, local_string5, local_number3);
@00008CDB:0021 SilentReadData(global_string3, "ActivateKey", 1, local_string6, local_number3);
@00008CFD:0021 SilentReadData(global_string3, "Result", 2, local_string8, local_number1);
@00008D1A:0027 // return coming
@00008D1E:0023 return local_number1;
@00008D25:0004 endif;
@00008D25:0004 label_8d25:
@00008D27:0021 function_15(local_string6, local_string10, local_string11, local_string12, local_string13, local_string14, local_string15, local_string16);
@00008D45:000D local_number9 = (global_number14 = 0);
@00008D54:0004 if(local_number9) then // ref index: 1
@00008D60:0021 SdInit();
@00008D66:0006 endif;
@00008D66:0006 label_8d66:
@00008D68:0021 EzDefineDialog(local_string7, "", "", 22017);
@00008D7C:0006 local_number9 = LASTRESULT;
@00008D86:000D local_number9 = (local_number9 = -1);
@00008D95:0004 if(local_number9) then // ref index: 1
@00008DA1:0027 // return coming
@00008DA5:0023 return -1;
@00008DAE:0001 endif;
@00008DAE:0001 label_8dae:
@00008DB0:0006 local_number5 = 0;
@00008DBC:0006 label_8dbc:
@00008DBE:0001 // switch/while/???
@00008DC2:000D local_number9 = (local_number5 = 0);
@00008DD1:0004 if(local_number9) then // ref index: 43
@00008DDD:0021 CmdGetHwndDlg/WaitOnDialog(local_string7);
@00008DE6:0006 local_number1 = LASTRESULT;
@00008DF0:0001 // switch/while/???
@00008DF4:0017 label_8df4:
@00008DF6:000D local_number9 = (local_number1 = -100);
@00008E05:0004 if(local_number9) then // ref index: 1
@00008E11:0006 local_number6 = 0;
@00008E1D:0021 function_496(local_string7, 50, local_string1);
@00008E2E:0021 function_496(local_string7, 711, local_string2);
@00008E3F:0021 function_496(local_string7, 719, local_string3);
@00008E50:0021 CtrlSetCurSel(local_string7, 1001, local_string5);
@00008E61:0021 function_496(local_string7, 720, local_string4);
@00008E72:0021 CtrlSetCurSel(local_string7, 1002, local_string10);
@00008E83:0021 CtrlSetCurSel(local_string7, 1003, local_string11);
@00008E94:0021 CtrlSetCurSel(local_string7, 1004, local_string12);
@00008EA5:0021 CtrlSetCurSel(local_string7, 1005, local_string13);
@00008EB6:0021 CtrlSetCurSel(local_string7, 1006, local_string14);
@00008EC7:0021 CtrlSetCurSel(local_string7, 1007, local_string15);
@00008ED8:0021 CtrlSetCurSel(local_string7, 1008, local_string16);
@00008EE9:0021 CtrlGetSubCommand/CmdGetHwndDlg(local_string7);
@00008EF2:0006 local_number7 = LASTRESULT;
@00008EFC:0021 function_492(local_string7, local_number7, 64, global_string2);
@00008F10:0021 function_14(local_number7, 1, local_string10, local_string11, local_string12, local_string13, local_string14, local_string15, local_string16);
@00008F33:0020 GetDlgItem(local_number7, 1001); // dll: USER.dll
@00008F41:0006 local_number8 = LASTRESULT;
@00008F4B:0020 SetFocus(local_number8); // dll: USER.dll
@00008F54:0005 goto label_9e06;
@00008F5D:0007 endif;
========================
这里应该是序列号的计算了
@00009E25:0021 function_491();
@00009E2B:0007 local_string17 = (local_string10 + "-");
@00009E39:0007 local_string17 = (local_string17 + local_string11);
@00009E46:0007 local_string17 = (local_string17 + "-");
@00009E54:0007 local_string17 = (local_string17 + local_string12);
@00009E61:0007 local_string17 = (local_string17 + "-");
@00009E6F:0007 local_string17 = (local_string17 + local_string13);
@00009E7C:0007 local_string17 = (local_string17 + "-");
@00009E8A:0007 local_string17 = (local_string17 + local_string14);
@00009E97:0007 local_string17 = (local_string17 + "-");
@00009EA5:0007 local_string17 = (local_string17 + local_string15);
@00009EB2:0007 local_string17 = (local_string17 + "-");
@00009EC0:0007 local_string6 = (local_string17 + local_string16);
@00009ECD:0021 SdMakeName(global_string3, local_string7, local_string1, local_number4);
@00009EDF:0021 SilentReadData/SilentWriteData(global_string3, "ProductCode", 1, local_string5, 0);
@00009F03:0021 SilentReadData/SilentWriteData(global_string3, "ActivateKey", 1, local_string6, 0);
@00009F27:0021 SilentReadData/SilentWriteData(global_string3, "Result", 2, "", local_number1);
@00009F44:0027 // return coming
@00009F48:0023 return local_number1;
@00009F4F:0026 end; // checksum: 67281a44
@00009F5B:0009 label_9f5b:
@00009F5D:0022 function BOOL function_14(local_number1, local_number2, local_string1, local_string2, local_string3, local_string4, local_string5, local_string6, local_string7)
@00009F5D NUMBER local_number3, local_number4, local_number5;
@00009F5D
@00009F5D
@00009F5D begin
@00009F66:0020 GetDlgItem(local_number1, local_number2); // dll: USER.dll
@00009F72:0006 local_number3 = LASTRESULT;
@00009F7C:0020 IsWindow(local_number3); // dll: USER.dll
@00009F85:0006 local_number4 = LASTRESULT;
@00009F8F:000D local_number4 = (local_number4 = 0);
@00009F9E:0004 if(local_number4) then // ref index: 1
@00009FAA:0027 // return coming
@00009FAE:0023 return 0;
@00009FB7:0027 endif;
@00009FB7:0027 label_9fb7:
@00009FB9:0021 function_502(local_string1);
@00009FC2:0021 function_502(local_string2);
@00009FCB:0021 function_502(local_string3);
@00009FD4:0021 function_502(local_string4);
@00009FDD:0021 function_502(local_string5);
@00009FE6:0021 function_502(local_string6);
@00009FEF:0021 function_502(local_string7);
@00009FF8:0021 StrLength(local_string1);
@0000A001:0006 local_number4 = LASTRESULT;
@0000A00B:0009 local_number4 = (local_number4 < 4);
@0000A01A:0021 StrLength(local_string2);
@0000A023:0006 local_number5 = LASTRESULT;
@0000A02D:0009 local_number5 = (local_number5 < 4);
@0000A03C:0018 local_number4 = (local_number4 || local_number5);
@0000A049:0021 StrLength(local_string3);
@0000A052:0006 local_number5 = LASTRESULT;
@0000A05C:0009 local_number5 = (local_number5 < 4);
@0000A06B:0018 local_number4 = (local_number4 || local_number5);
@0000A078:0021 StrLength(local_string4);
@0000A081:0006 local_number5 = LASTRESULT;
@0000A08B:0009 local_number5 = (local_number5 < 4);
@0000A09A:0018 local_number4 = (local_number4 || local_number5);
@0000A0A7:0021 StrLength(local_string5);
@0000A0B0:0006 local_number5 = LASTRESULT;
@0000A0BA:0009 local_number5 = (local_number5 < 4);
@0000A0C9:0018 local_number4 = (local_number4 || local_number5);
@0000A0D6:0021 StrLength(local_string6);
@0000A0DF:0006 local_number5 = LASTRESULT;
@0000A0E9:0009 local_number5 = (local_number5 < 4);
@0000A0F8:0018 local_number4 = (local_number4 || local_number5);
@0000A105:0021 StrLength(local_string7);
@0000A10E:0006 local_number5 = LASTRESULT;
@0000A118:0009 local_number5 = (local_number5 < 4);
@0000A127:0018 local_number4 = (local_number4 || local_number5);
@0000A134:0004 if(local_number4) then // ref index: 1
@0000A140:0020 EnableWindow(local_number3, 0); // dll: USER.dll
@0000A14E:0027 // return coming
@0000A152:0023 return 0;
@0000A15B:0005 goto label_a18a;
@0000A164:0004 endif;
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!