-
-
[原创]环球电影电视剧 1.13 简单算法分析+VB注册机
-
发表于:
2005-5-19 18:31
9950
-
[原创]环球电影电视剧 1.13 简单算法分析+VB注册机
【破文标题】:环球电影电视剧 1.13 简单算法分析+VB注册机
【破文作者】:KuNgBiM[DFCG]
【作者邮箱】:gb_1227@163.com
【软件名称】:环球电影电视剧 1.13
【软件大小】:2253 KB
【软件类别】:国产软件/共享版/网络音视
【整理时间】:2005-5-19
【下载地址】:http://www.cn0660.com/xiaer/lianxuju/12.htm
【软件简介】:环球电影电视剧为广大观众提供500部连续剧,包括台湾、香港、大陆、日本、韩国等几个地区影片;1千部电影,包括动作片、卡通片、喜剧片、科幻片、恐怖片等。精彩连续剧、电影任你选择,每星期更新一次影片,免费升级,方便好用。
【保护方式】:注册码+功能限制
【编译语言】:Borland Delphi 6.0 - 7.0
【调试环境】:WinXP、PEiD、W32Dasm、Ollydbg
【破解日期】:2005-05-19
【破解目的】:研究算法分析
【作者声明】:初学Crack,只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
―――――――――――――――――――――――――――――――――
【破解过程】:
侦测:用PEiD查壳,无壳,Borland Delphi 6.0 - 7.0 编译。
试探:运行主程序注册,输入试炼码,确认!程序提示:" 注册码无效。"
初步下药:使出法宝,用W32Dasm进行静态反汇编,查找" 注册码无效。"字符串,结果找到004AAA20处,确定断点应下在004AA9F7处。
对症下药:Ollydbg载入主程序,来到 004AA9F7 处下断,F9运行,输入试炼信息:
*****
试炼信息 ******
机器码:BD258095
注册码:78787878
*********************
点击确定后OD断下:(这里我采用的是W32Dasm的反汇编信息,比较干净清楚!)
:004AA9EB 8D55F0
lea edx,
dword ptr [
ebp-10]
:004AA9EE 8B45FC
mov eax,
dword ptr [
ebp-04]
:004AA9F1 8B801C030000
mov eax,
dword ptr [
eax+0000031C]
:004AA9F7 E88C21FCFF
call 0046CB88
:004AA9FC 837DF000
cmp dword ptr [
ebp-10], 00000000 //
比较注册码是否为0
:004AAA00 741E
je 004AAA20 //
等于0则跳死
:004AAA02 8D55EC
lea edx,
dword ptr [
ebp-14]
:004AAA05 8B45FC
mov eax,
dword ptr [
ebp-04] //
向eax赋值010C0EC4
:004AAA08 8B801C030000
mov eax,
dword ptr [
eax+0000031C] //
向eax赋值010BBF08
:004AAA0E E87521FCFF
call 0046CB88
:004AAA13 8B45EC
mov eax,
dword ptr [
ebp-14] //
试炼码赋值给EAX
:004AAA16 E8119AF5FF
call 0040442C
:004AAA1B 83F808
cmp eax, 00000008 //
注册码位数是否为8
:004AAA1E 7E30
jle 004AAA50 //
大于小于则跳死
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004AAA00(C)
|
* Possible StringData Ref from Code Obj ->
" 注册码无效。"
|
:004AAA20 B814AD4A00
mov eax, 004AAD14
:004AAA25 E88238F8FF
call 0042E2AC
:004AAA2A 8B45FC
mov eax,
dword ptr [
ebp-04]
:004AAA2D 8B801C030000
mov eax,
dword ptr [
eax+0000031C]
:004AAA33 33D2
xor edx,
edx
:004AAA35 E8E221FCFF
call 0046CC1C
:004AAA3A 8B45FC
mov eax,
dword ptr [
ebp-04]
:004AAA3D 8B801C030000
mov eax,
dword ptr [
eax+0000031C]
:004AAA43 8B10
mov edx,
dword ptr [
eax]
:004AAA45 FF92C4000000
call dword ptr [
edx+000000C4]
:004AAA4B E923020000
jmp 004AAC73
* Referenced by a (U)nconditional
or (C)onditional Jump at Address:
|:004AAA1E(C)
|
:004AAA50 8D45E4
lea eax,
dword ptr [
ebp-1C] //
注册码位数等于8
:004AAA53 50
push eax
:004AAA54 8D55E0
lea edx,
dword ptr [
ebp-20]
:004AAA57 8B45FC
mov eax,
dword ptr [
ebp-04]
:004AAA5A 8B8018030000
mov eax,
dword ptr [
eax+00000318]
:004AAA60 E82321FCFF
call 0046CB88
:004AAA65 8B45E0
mov eax,
dword ptr [
ebp-20] //
机器码入EAX(ASCII "BD258095
")
:004AAA68 B906000000
mov ecx, 00000006 //ECX
给予6位空间
:004AAA6D BA01000000
mov edx, 00000001
:004AAA72 E8159CF5FF
call 0040468C //
取机器码前6位
:004AAA77 8B4DE4
mov ecx,
dword ptr [
ebp-1C] //
机器码前6位入ECX(ASCII "BD2580
")
:004AAA7A 8D45E8
lea eax,
dword ptr [
ebp-18]
:004AAA7D BA2CAD4A00
mov edx, 004AAD2C //
规定EDX为16进制数(ASCII "0x
")
:004AAA82 E8F199F5FF
call 00404478
:004AAA87 8B45E8
mov eax,
dword ptr [
ebp-18] //
机器码前6位变为16进制数(ASCII "0xBD2580
")
:004AAA8A E805DFF5FF
call 00408994
:004AAA8F 8BF0
mov esi,
eax //
将机器码前6位的字符串转换成16进制后存放在ESI中
:004AAA91 33C0
xor eax,
eax //
异或清空
:004AAA93 55
push ebp
:004AAA94 682AAC4A00
push 004AAC2A
:004AAA99 64FF30
push dword ptr fs:[
eax]
:004AAA9C 648920
mov dword ptr fs:[
eax],
esp
:004AAA9F 8D55DC
lea edx,
dword ptr [
ebp-24]
:004AAAA2 8B45FC
mov eax,
dword ptr [
ebp-04]
:004AAAA5 8B801C030000
mov eax,
dword ptr [
eax+0000031C]
:004AAAAB E8D820FCFF
call 0046CB88
:004AAAB0 8B45DC
mov eax,
dword ptr [
ebp-24] //
假码赋值给EAX (ASCII "78787878
")
:004AAAB3 E8DCDEF5FF
call 00408994 //
将假码转为16进制
:004AAAB8 8BD8
mov ebx,
eax //
假码赋值给EBX (eax=04B23526 ebx=010BC14C)
:004AAABA 8BC3
mov eax,
ebx //EBX
又赋值给EAX(ebx=04B23526 eax=04B23526)
:004AAABC 2BC6
sub eax,
esi //
EAX=
EAX-
ESI (esi=00BD2580 eax=04B23526)
:004AAABE 3B05F4AD4C00
cmp eax,
dword ptr [004CADF4] //
比较EAX与004CADF4中的值是否相等(常量值=BC614E)
:004AAAC4 7459
je 004AAB1F //EAX
值若不等于BC614E就跳死
//
(BC614E十进制数就是12345678,呵呵~)
* Possible StringData Ref from Code Obj ->
" 你输入的注册码 "
|
:004AAAC6 6838AD4A00
push 004AAD38
:004AAACB 8D55D4
lea edx,
dword ptr [
ebp-2C]
:004AAACE 8B45FC
mov eax,
dword ptr [
ebp-04]
:004AAAD1 8B801C030000
mov eax,
dword ptr [
eax+0000031C]
:004AAAD7 E8AC20FCFF
call 0046CB88
:004AAADC FF75D4
push [
ebp-2C]
* Possible StringData Ref from Code Obj ->
" 不正确。"
|
:004AAADF 6854AD4A00
push 004AAD54
:004AAAE4 8D45D8
lea eax,
dword ptr [
ebp-28]
:004AAAE7 BA03000000
mov edx, 00000003
:004AAAEC E8FB99F5FF
call 004044EC
:004AAAF1 8B45D8
mov eax,
dword ptr [
ebp-28]
:004AAAF4 E8B337F8FF
call 0042E2AC
:004AAAF9 8B45FC
mov eax,
dword ptr [
ebp-04]
:004AAAFC 8B801C030000
mov eax,
dword ptr [
eax+0000031C]
:004AAB02 33D2
xor edx,
edx
:004AAB04 E81321FCFF
call 0046CC1C
:004AAB09 8B45FC
mov eax,
dword ptr [
ebp-04]
:004AAB0C 8B801C030000
mov eax,
dword ptr [
eax+0000031C]
:004AAB12 8B10
mov edx,
dword ptr [
eax]
:004AAB14 FF92C4000000
call dword ptr [
edx+000000C4]
:004AAB1A E901010000
jmp 004AAC20
-------------------------------------------------------------------------------------------------------------------------
【算法总结】
注册验证非常简单:
注册码 = 十进制(机器码前6位+ BC614E)
=======================
【VB6算法注册机源码】
Private
Sub Text1_Change()
Dim jqm, z, a, b, m As String
x = Text1.Text
If x =
"" Then
'未输入的机器码则不计算
Else
If Len(x) = 8 Then
'输入的机器码等于8位后才开始计算
a =
"BC614E"
z = Mid(x, 1, 6)
m = Format(
"&h" + z)
b = Format(
"&h" + a)
zcm = Val(m) + Val(b)
Text2.Text = zcm
End If
End If
End Sub
=======================
注册信息:
机器码:BD258095
注册码:24741582
--------------------------------------------------------------------------
(本文完)
版权所有(C)2005 KuNgBiM[DFCG] Copyright (C) 2005 KuNgBiM[DFCG]--------------------------------------------------------------------------
Cracked BY KuNgBiM[DFCG]
2005-05-19
18:30:18 PM
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法