004053CA      .  3027               |XOR BYTE PTR DS:[EDI],AH    bp conditinal log   STRING [[Eax+8]]

幾乎解決了

dd 351

不是很明白

与此日志
读取数据模拟器

是不是在004053CA      .  3027               |XOR BYTE PTR DS:[EDI],AH
里设置条件断点？bp conditinal log   STRING [[Eax+8]]

yes
look memory

路过，我也看看

現在已註銷alghoritmo
此幫助

since version 2.50 the anti-debugging code has been improved to such an extent that if you try to debug or run your program in the development environment it may cause the debugger to crash or not function properly. E.g. It will cause the debugger to crash with the Visual C++, Delphi, C Builder platforms. In this case we recommend that you use one of our debug object modules or DLLs
So do you have dinkey version 2.5 or before?

大概分析了一下,很容易爆破:
1. 看那个提示框,是messagebox弹出的,因此,命令窗口中,输入:
    bp User32.MessageBoxA  回车。
2.断下下后，看栈顶，地址是 ： 004013D1。
   点击CPU 窗口，按CTRL+G,输入004013D1，直接go到用户程序空间中。
3.向上看，有下面的一段汇编：

00401320                                            A1 40214100             mov eax,dword ptr ds:[412140]
00401325                                            85C0                    test eax,eax
00401327                                            0F85 A4000000           jnz ddlook.004013D1
0040132D                                            8B0D 101F4100           mov ecx,dword ptr ds:[411F10]                    ; ddlook.00400000
00401333                                            8D4424 48               lea eax,dword ptr ss:[esp+48]

关键跳转，就是红色标记的那个，爆破，直接改为jmp ， OK了。

哪个版本？

什么版本

爆破?我是想看看算法过程

hello

do you have 2035 lic reg?

用COMPID.EXE(0.51)得到电脑ID号告诉我,我给你X64许可证

to dentalart :
do you have dinkey version 2.5 or before?

我也能生成dinkey x64的许可，关键在于要得到REG文件

我也在纠结这个，我有好几个REG，搞不清数据如何生成，达到所需的时间。

通过复制REG的某一段DONGLE~1.EXE的代码，使得其它fliename变为2100的时间，
但是有个问题，软件方面的时间是不变的，关键在于最后的一段代码， 尝试将其它reg代码替换
软件就不识别加密狗，DDLOOK是正常的。

"dinkMemory"=hex:\

90,ec,c3,87,3c,fa,d0,73,dd,ef,e4,ea,3a,c8,e8,63,\
53,15,9f,f3,31,99,ea,16,05,30,22,9b,21,57,bd,c0,\
08,5e,d1,41,21,67,d1,53,48,4c,11,f9,86,c1,80,95,\  

*dog numbers, dog models, updata, relevant  

64,6f,6e,67,6c,65,7e,31,65,78,65,   *DDLOOK "FileName"    Dongle~1.EXE
63,61,6d,62,72,69,7e,31,65,78,65,  *DDLOOK "FileName"
42,42,42,42,42,42,42,42,42,42,\       *NULL

2f,23,cc,d8,a3,05,cf,6e,c8,ee,f4,68,33,c8,77,e3,\  *DDLOOK "execs left" "expiry" "max day""features"
2f,2f,c0,d4,af,0d,cb,62,c8,ee,74,68,33,48,77,63,\ *DDLOOK "execs left" "expiry" "max day""features"

5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\

c4,a5,f4,27,9a,db,6c,fa,80,b3,40,69,10,26,1f,3e,\
30,9c,ec,b9,d5,4c,04,8f,cb,b4,49,c7,47,2a,4f,53,\
4c,28,3a,d1,d7,c1,25,80,ac,e2,c7,ac,a5,99,53,dc,\
0a,53,87,06,17,31,cb,aa,82,38,bb,f3,73,e0,f0,5f,\
6a,6a,f8,d2,86,0b,f4,47,ed,b0,8d,c3,75,d5,0f,d6,\
9a,c1,f2,d2,81,a0,ba,a4,9d,5d,e4,a3,ed,b3,69,97,\
70,7c,62,e6,0c,bb,81,73,36,a4,28,fd,7c,bd,f0,ad,\
79,00,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\   *permissions data 软件的权限功能

5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,5a,4d,\
5a,4d

2f,23,cc,d8,a3,05,cf,6e,c8,ee,f4,68,33,c8,77,e3,\  *DDLOOK "execs left" "expiry" "max day""features"
2f,2f,c0,d4,af,0d,cb,62,c8,ee,74,68,33,48,77,63,\ *DDLOOK "execs left" "expiry" "max day""features"

这里第一段就是时间方面的，第一个一般为DONGLE~1.EXE,他的时间都是2100/1/1  将这段代码复制到第二行即可

我不会调试尝试，你可以通过修改reg，重新注册REG，重启MK，刷新DDLOOK，下断，对比代码

to :egiziano
你都分析得这么透彻了？厉害，周六要参加一个考试，后面多交流，关于ddlook的反调试你过了吗？

sorry, 我不会调试程序。

良好
但你必須明白算法

部分缺失

这个加密狗是飞天ROCKEY4，可以参考一些R4的文章

00405CA9 的代码是什么？ 还有 在call 00405CA9 之前 或者在 00405caa之前eax的值是什么 因为这个call 最后返回到了 00405caa之前的eax里的地址了
而且00403000-00404ca 9 内存为可读可写可执行 估计是自修改代码
00403699  触发异常 执行到 00405D09里了