【破文标题】:精品网络电视王 6.22(新禧版) 破解分析
【破文作者】:KuNgBiM[DFCG]
【作者邮箱】:gb_1227@163.com
【软件名称】:精品网络电视王 6.22(新禧版)
【整理日期】:2005-4-1 9:17:54 (愚人节)
【软件大小】:615 KB
【软件授权】:国产软件/共享软件/网络音视
【使用平台】:Win9x/Me/NT/2000/XP
【发布公司】:http://jpsoft.51.net/
【软件简介】:精品网络电视王是在宽带网上欣赏网络节目的精品软件。收集了350多家国内外电视台(凤凰卫视中文台、香港翡翠台、华娱卫视、星空体育、泰星体育等)和200多家电台。网络节目丰富,包括几十部精彩的国内外影片、上百首流行歌曲、十多个经典相声、小品和精彩的魔术。收视率达96%以上。
【加密方式】:注册码
【编译语言】:Borland Delphi 6.0 - 7.0
【功能限制】:功能限制
【调试环境】:WinNT、W32DasmPEiD、Ollydbg
【破解日期】:2005-04-01 (愚人节)
【破解目的】:研究算法分析 (作者也给我们开了个玩笑)
【作者声明】:初学Crack,只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
―――――――――――――――――――――――――――――――――
【破解过程】:
1
、试探:运行主程序注册,输入注册名、注册码,确认!程序无反映!
2
、侦测:用PEiD0.92查壳,发现是Borland Delphi 6.0 - 7.0编译,无壳!
3
、在W32Dasm中找关键,找到“注册码无效,请与作者联系Email:jpsoft_yh@163.com”的字符串双击,如下:
* Possible StringData Ref from Code Obj ->
"注册码无效,请与作者联系Email:jpsoft_yh@163.com" //
我们找到的字符串
|
:00463B7B B8443C4600
mov eax, 00463C44
:00463B80 E85F7AFCFF
call 0042B5E4
:00463B85 8B83FC020000
mov eax,
dword ptr [
ebx+000002FC]
:00463B8B 33D2
xor edx,
edx
:00463B8D E81E71FDFF
call 0043ACB0
:00463B92 8B83FC020000
mov eax,
dword ptr [
ebx+000002FC]
:00463B98 8B10
mov edx,
dword ptr [
eax]
:00463B9A FF92C4000000
call dword ptr [
edx+000000C4]
向上来到这里:(没有发现我们要的“惊喜”)
* Possible StringData Ref from Code Obj ->
"软件注册成功!谢谢注册"
|
:00463B63 B8243C4600
mov eax, 00463C24
:00463B68 E8777AFCFF
call 0042B5E4
:00463B6D A124234700
mov eax,
dword ptr [00472324]
:00463B72 8B00
mov eax,
dword ptr [
eax]
:00463B74 E81F37FFFF
call 00457298
:00463B79 EB25
jmp 00463BA0
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00463AA3(C)
|
.............
(略)
再次向上“找”惊喜,来到:
:00463A88 8D55F8
lea edx,
dword ptr [
ebp-08]
:00463A8B 8B83FC020000
mov eax,
dword ptr [
ebx+000002FC]
:00463A91 E8EA71FDFF
call 0043AC80 //
算法CALL
:00463A96 8B45F8
mov eax,
dword ptr [
ebp-08]
* Possible StringData Ref from Code Obj ->
"fyzo-muaw-jnqs" //
这里的ASCII "fyzo-muaw-jnqs
" 象似注册码!
|
:00463A99 BACC3B4600
mov edx, 00463BCC
:00463A9E E85108FAFF
call 004042F4 //
经典的比较CALL,可用作写内存注册机!
:00463AA3 0F85D2000000
jne 00463B7B //
把EAX和EDX作比较,跳则完蛋!
:00463AA9 8BC3
mov eax,
ebx
:00463AAB E8E837FFFF
call 00457298
:00463AB0 B201
mov dl, 01
:00463AB2 A1DC014300
mov eax,
dword ptr [004301DC]
:00463AB7 E820C8FCFF
call 004302DC
:00463ABC 8945FC
mov dword ptr [
ebp-04],
eax
:00463ABF 33C0
xor eax,
eax
:00463AC1 55
push ebp
:00463AC2 685C3B4600
push 00463B5C
:00463AC7 64FF30
push dword ptr fs:[
eax]
:00463ACA 648920
mov dword ptr fs:[
eax],
esp
:00463ACD BA01000080
mov edx, 80000001
:00463AD2 8B45FC
mov eax,
dword ptr [
ebp-04]
:00463AD5 E8A2C8FCFF
call 0043037C
:00463ADA 33C9
xor ecx,
ecx
* Possible StringData Ref from Code Obj ->
"\Software\webtv\soft" //
写入注册表的路径
|
:00463ADC BAE43B4600
mov edx, 00463BE4
:00463AE1 8B45FC
mov eax,
dword ptr [
ebp-04]
:00463AE4 E8D3C9FCFF
call 004304BC
:00463AE9 84C0
test al,
al
:00463AEB 7530
jne 00463B1D
* Possible StringData Ref from Code Obj ->
"\Software\webtv\soft" //
写入注册表的路径
|
:00463AED BAE43B4600
mov edx, 00463BE4
:00463AF2 8B45FC
mov eax,
dword ptr [
ebp-04]
:00463AF5 E8E6C8FCFF
call 004303E0
:00463AFA B101
mov cl, 01
* Possible StringData Ref from Code Obj ->
"\Software\webtv\soft" //
写入注册表的路径
|
:00463AFC BAE43B4600
mov edx, 00463BE4
:00463B01 8B45FC
mov eax,
dword ptr [
ebp-04]
:00463B04 E8B3C9FCFF
call 004304BC
* Possible StringData Ref from Code Obj ->
"790110" //
写入注册表的“键值”
|
:00463B09 B9043C4600
mov ecx, 00463C04
* Possible StringData Ref from Code Obj ->
"regcode" //
写入注册表的重要“键”
|
:00463B0E BA143C4600
mov edx, 00463C14
:00463B13 8B45FC
mov eax,
dword ptr [
ebp-04]
:00463B16 E83DCBFCFF
call 00430658
:00463B1B EB0F
jmp 00463B2C
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00463AEB(C)
|
:00463B1D B101
mov cl, 01
* Possible StringData Ref from Code Obj ->
"\Software\webtv\soft" //
重启时验证注册表的路径
|
:00463B1F BAE43B4600
mov edx, 00463BE4
:00463B24 8B45FC
mov eax,
dword ptr [
ebp-04]
:00463B27 E890C9FCFF
call 004304BC
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00463B1B(U)
|
* Possible StringData Ref from Code Obj ->
"790110" //
重启时验证注册表的“键值”
|
:00463B2C B9043C4600
mov ecx, 00463C04
* Possible StringData Ref from Code Obj ->
"regcode" //
重启时验证注册表的重要“键”
|
:00463B31 BA143C4600
mov edx, 00463C14
:00463B36 8B45FC
mov eax,
dword ptr [
ebp-04]
:00463B39 E81ACBFCFF
call 00430658
:00463B3E 33C0
xor eax,
eax
:00463B40 5A
pop edx
:00463B41 59
pop ecx
:00463B42 59
pop ecx
:00463B43 648910
mov dword ptr fs:[
eax],
edx
:00463B46 68633B4600
push 00463B63
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:00463B61(U)
|
:00463B4B 8B45FC
mov eax,
dword ptr [
ebp-04]
:00463B4E E8F9C7FCFF
call 0043034C
:00463B53 8B45FC
mov eax,
dword ptr [
ebp-04]
:00463B56 E83DF6F9FF
call 00403198
:00463B5B C3
ret:00463B5C E98BFDF9FF
jmp 004038EC
:00463B61 EBE8
jmp 00463B4B
.........
(略)
===============================
4
、总结
该软件是个典型的明码比较软件,固定的用户码,当然就用固定的注册码比较(软柿子而已!)
通用的序列号:mvsy-brhw-ojcz
通用的注册码:fyzo-muaw-jnqs5
、算法注册机源码(为了搞笑而已!!)
------------Visual Basic 6.0
在WIN2K下编译通过--------------
Dim a
a = Len(txtMC.Text)
If a =
"" Or a <> 14 Then
txtSN.Text =
"Please Input Machine Code !!!"
Else
txtSN.Text =
"fyzo-muaw-jnqs"
End If
End Sub-----------------------------------------------------
7
、注册信息保存在注册表里:
[HKEY_LOCAL_MACHINE\Software\webtv\soft]
"regcode"=
"790110"
-----------------------------------------------------
==========
到此收工 =============
Cracked By KuNgBiM[DFCG]
2005-04-01 15:53:20
[课程]Linux pwn 探索篇!