【破文作者】ocnzhao
【所属组织】[OCN]
【作者主页】http://ocn.e5v.com/bbs/index.php
【 E-mail 】
【 作者QQ 】
【文章题目】Hidden Camera的算法分析
【软件名称】Hidden Cameras 2.18
【下载地址】http://www.onlinedown.net/soft/27108.htm
【加密方式】无
【加壳方式】无
【破解工具】OD,
【软件限制】试用天数
【破解平台】Windows XP2
=======================================================================================================
【文章简介】
只是为了爱好,没有别的。
=======================================================================================================
【解密过程】
00414843 . 8B45 A8 mov eax, [ebp-58]
00414846 . 83A0 44F10000>and dword ptr [eax+F144], 0
0041484D . B8 29484100 mov eax, HC.00414829
00414852 . C3 retn
00414853 . B8 D7E14400 mov eax, HC.0044E1D7
00414858 . E8 E32A0100 call HC.00427340
0041485D . 81EC 20010000 sub esp, 120
00414863 . A1 04744600 mov eax, [467404]
00414868 . 3345 04 xor eax, [ebp+4]
0041486B . 53 push ebx
0041486C . 56 push esi
0041486D . 57 push edi
0041486E . 8BF1 mov esi, ecx
00414870 . 33DB xor ebx, ebx
00414872 . 33FF xor edi, edi
00414874 . 8965 F0 mov [ebp-10], esp
00414877 . 47 inc edi
00414878 . 53 push ebx
00414879 . 8D8E 94180000 lea ecx, [esi+1894]
0041487F . 8945 EC mov [ebp-14], eax
00414882 . 8975 94 mov [ebp-6C], esi
00414885 . 895D FC mov [ebp-4], ebx
00414888 . 89BE 44F10000 mov [esi+F144], edi
0041488E . E8 B6170200 call HC.00436049
00414893 . 8BCE mov ecx, esi
00414895 . E8 3F26FFFF call HC.00406ED9
0041489A . 53 push ebx
0041489B . 8D8D D4FEFFFF lea ecx, [ebp-12C]
004148A1 . E8 576F0000 call HC.0041B7FD
004148A6 . 8D8D D4FEFFFF lea ecx, [ebp-12C]
004148AC . C645 FC 01 mov byte ptr [ebp-4], 1
004148B0 . E8 91130200 call HC.00435C46
004148B5 . 3BC7 cmp eax, edi
004148B7 . 0F85 B4030000 jnz HC.00414C71
004148BD . 8D86 58180000 lea eax, [esi+1858]
004148C3 . 50 push eax
004148C4 . 8D86 54180000 lea eax, [esi+1854]
004148CA . 50 push eax
004148CB . 8D86 50180000 lea eax, [esi+1850]
004148D1 . 50 push eax
004148D2 . 8D86 4C180000 lea eax, [esi+184C]
004148D8 . 50 push eax
004148D9 . 8D8D D4FEFFFF lea ecx, [ebp-12C]
004148DF . E8 686D0000 call HC.0041B64C
004148E4 . 68 3C074500 push HC.0045073C
004148E9 . 8D4D A0 lea ecx, [ebp-60]
004148EC . E8 53D4FEFF call HC.00401D44
004148F1 . C645 FC 02 mov byte ptr [ebp-4], 2
004148F5 . 895D E8 mov [ebp-18], ebx
004148F8 . 33C0 xor eax, eax
004148FA > 83F8 20 cmp eax, 20 ;预处理
004148FD . 7D 15 jge short HC.00414914
004148FF . 806405 C4 00 and byte ptr [ebp+eax-3C], 0
00414904 . 806405 A4 00 and byte ptr [ebp+eax-5C], 0
00414909 . 80A405 64FFFF>and byte ptr [ebp+eax-9C], 0
00414911 . 40 inc eax
00414912 .^ EB E6 jmp short HC.004148FA
00414914 > 33C0 xor eax, eax
00414916 > 83F8 10 cmp eax, 10
00414919 . 7D 08 jge short HC.00414923
0041491B . 806405 84 00 and byte ptr [ebp+eax-7C], 0
00414920 . 40 inc eax
00414921 .^ EB F3 jmp short HC.00414916
00414923 > 8DBE 4C180000 lea edi, [esi+184C]
00414929 . 57 push edi
0041492A . 8D4D 9C lea ecx, [ebp-64]
0041492D . C645 C4 D9 mov byte ptr [ebp-3C], 0D9 ; 常值,下面计算用到
00414931 . C645 C5 06 mov byte ptr [ebp-3B], 6
00414935 . C645 C6 02 mov byte ptr [ebp-3A], 2
00414939 . C645 C7 14 mov byte ptr [ebp-39], 14
0041493D . C645 C8 0F mov byte ptr [ebp-38], 0F
00414941 C645 C9 13 mov byte ptr [ebp-37], 13
00414945 . C645 CA FB mov byte ptr [ebp-36], 0FB
00414949 . C645 CB B7 mov byte ptr [ebp-35], 0B7
0041494D . C645 CC 33 mov byte ptr [ebp-34], 33
00414951 . C645 CD 12 mov byte ptr [ebp-33], 12
00414955 . C645 CE 32 mov byte ptr [ebp-32], 32
00414959 . C645 CF EF mov byte ptr [ebp-31], 0EF
0041495D . C645 D0 83 mov byte ptr [ebp-30], 83
00414961 . C645 D1 C7 mov byte ptr [ebp-2F], 0C7
00414965 . C645 D2 49 mov byte ptr [ebp-2E], 49
00414969 . C645 D3 AB mov byte ptr [ebp-2D], 0AB
0041496D . C645 D4 ED mov byte ptr [ebp-2C], 0ED
00414971 . C645 D5 90 mov byte ptr [ebp-2B], 90
00414975 . C645 D6 1F mov byte ptr [ebp-2A], 1F
00414979 . C645 D7 83 mov byte ptr [ebp-29], 83
0041497D . C645 D8 DB mov byte ptr [ebp-28], 0DB
00414981 . C645 D9 8B mov byte ptr [ebp-27], 8B
00414985 . C645 DA 19 mov byte ptr [ebp-26], 19
00414989 . C645 DB D8 mov byte ptr [ebp-25], 0D8
0041498D . C645 DC C4 mov byte ptr [ebp-24], 0C4
00414991 . C645 DD 1D mov byte ptr [ebp-23], 1D
00414995 . C645 DE EB mov byte ptr [ebp-22], 0EB
00414999 . C645 DF 95 mov byte ptr [ebp-21], 95
0041499D . C645 E0 9D mov byte ptr [ebp-20], 9D
004149A1 . C645 E1 0E mov byte ptr [ebp-1F], 0E
004149A5 . C645 E2 0B mov byte ptr [ebp-1E], 0B
004149A9 . C645 E3 0F mov byte ptr [ebp-1D], 0F
004149AD . C645 A4 0A mov byte ptr [ebp-5C], 0A
004149B1 . C645 A5 C6 mov byte ptr [ebp-5B], 0C6
004149B5 . C645 A6 0F mov byte ptr [ebp-5A], 0F
004149B9 . C645 A7 D8 mov byte ptr [ebp-59], 0D8
004149BD . C645 A8 9F mov byte ptr [ebp-58], 9F
004149C1 . C645 A9 AF mov byte ptr [ebp-57], 0AF
004149C5 . C645 AA B6 mov byte ptr [ebp-56], 0B6
004149C9 . C645 AB 31 mov byte ptr [ebp-55], 31
004149CD . C645 AC 9E mov byte ptr [ebp-54], 9E
004149D1 . C645 AD 73 mov byte ptr [ebp-53], 73
004149D5 . C645 AE 8B mov byte ptr [ebp-52], 8B
004149D9 . C645 AF FB mov byte ptr [ebp-51], 0FB
004149DD . C645 B0 BF mov byte ptr [ebp-50], 0BF
004149E1 . C645 B1 93 mov byte ptr [ebp-4F], 93
004149E5 . C645 B2 B2 mov byte ptr [ebp-4E], 0B2
004149E9 . C645 B3 89 mov byte ptr [ebp-4D], 89
004149ED . C645 B4 B2 mov byte ptr [ebp-4C], 0B2
004149F1 . C645 B5 B7 mov byte ptr [ebp-4B], 0B7
004149F5 . C645 B6 69 mov byte ptr [ebp-4A], 69
004149F9 . C645 B7 B9 mov byte ptr [ebp-49], 0B9
004149FD . C645 B8 04 mov byte ptr [ebp-48], 4
00414A01 . C645 B9 B7 mov byte ptr [ebp-47], 0B7
00414A05 . C645 BA 70 mov byte ptr [ebp-46], 70
00414A09 . C645 BB 1D mov byte ptr [ebp-45], 1D
00414A0D . C645 BC E6 mov byte ptr [ebp-44], 0E6
00414A11 . C645 BD 8A mov byte ptr [ebp-43], 8A
00414A15 . C645 BE 87 mov byte ptr [ebp-42], 87
00414A19 . C645 BF BF mov byte ptr [ebp-41], 0BF
00414A1D . C645 C0 96 mov byte ptr [ebp-40], 96
00414A21 . C645 C1 6F mov byte ptr [ebp-3F], 6F
00414A25 . C645 C2 9D mov byte ptr [ebp-3E], 9D
00414A29 . C645 C3 11 mov byte ptr [ebp-3D], 11
00414A2D . E8 19CBFEFF call HC.0040154B
00414A32 . 8D86 50180000 lea eax, [esi+1850]
00414A38 . 50 push eax
00414A39 . 8D4D 98 lea ecx, [ebp-68]
00414A3C . C645 FC 03 mov byte ptr [ebp-4], 3
00414A40 . E8 06CBFEFF call HC.0040154B
00414A45 . 8D9E 58180000 lea ebx, [esi+1858]
00414A4B . 53 push ebx
00414A4C . 8BCF mov ecx, edi
00414A4E . C645 FC 04 mov byte ptr [ebp-4], 4
00414A52 . E8 8FD0FEFF call HC.00401AE6
00414A57 . 8D86 50180000 lea eax, [esi+1850]
00414A5D . 50 push eax
00414A5E . 8D45 E4 lea eax, [ebp-1C]
00414A61 . 53 push ebx
00414A62 . 50 push eax
00414A63 . E8 48CEFEFF call HC.004018B0
00414A68 . 83C4 0C add esp, 0C
00414A6B . 50 push eax
00414A6C . 8D8E 50180000 lea ecx, [esi+1850]
00414A72 . C645 FC 05 mov byte ptr [ebp-4], 5
00414A76 . E8 BECDFEFF call HC.00401839 ; 控制机器数与邮件地址连接的字符串依次,记为S2
00414A7B . 8B4D E4 mov ecx, [ebp-1C]
00414A7E . 83C1 F0 add ecx, -10
00414A81 . C645 FC 04 mov byte ptr [ebp-4], 4
00414A85 . E8 5BC7FEFF call HC.004011E5 ; 注册名与控制机器数连接,S1
00414A8A . 33DB xor ebx, ebx
00414A8C . 33C0 xor eax, eax
00414A8E > 8B0F mov ecx, [edi]
00414A90 . 3B41 F4 cmp eax, [ecx-C] ; 计算完就跳
00414A93 . 7D 10 jge short HC.00414AA5
00414A95 . 8A0C01 mov cl, [ecx+eax] ; S1依次送CL
00414A98 . 304C05 C4 xor [ebp+eax-3C], cl ; S1依次异或D9 06 02 14 0F 13 FB B7 33 12 32
00414A9C . 0FB6C9 movzx ecx, cl ; EF 83 C7 49 AB ED 90 1F 83 DB 8B 19 D8
00414A9F . 014D E8 add [ebp-18], ecx ; 各位ASCII码相加,S1
00414AA2 . 40 inc eax
00414AA3 .^ EB E9 jmp short HC.00414A8E
00414AA5 > 33C0 xor eax, eax
00414AA7 > 8B8E 50180000 mov ecx, [esi+1850] ; S2依次
00414AAD . 3B41 F4 cmp eax, [ecx-C] ; 送入ECX
00414AB0 . 7D 10 jge short HC.00414AC2 ; 计算玩就跳
00414AB2 . 8A0C01 mov cl, [ecx+eax]
00414AB5 . 304C05 A4 xor [ebp+eax-5C], cl ; S2依次异或0A 0C6 0F 0D8 9F 0AF 0B6 31 9E 73 8B 0FB 0BF 93 0B2 89
00414AB9 . 0FB6C9 movzx ecx, cl ; 0B2 0B7 69 0B9 4 0B7 70 1D 0E6 8A 87 0BF 96 6F 9D 11
00414ABC . 014D E8 add [ebp-18], ecx ; ASCII码累加,S=S1+S2
00414ABF . 40 inc eax
00414AC0 .^ EB E5 jmp short HC.00414AA7
00414AC2 > 8B45 E8 mov eax, [ebp-18] ; S->EAX
00414AC5 . 6A 19 push 19
00414AC7 . 33D2 xor edx, edx
00414AC9 . 59 pop ecx
00414ACA . F7F1 div ecx ; /0X19
00414ACC . 8BFA mov edi, edx
00414ACE . 83FF 03 cmp edi, 3
00414AD1 . 73 02 jnb short HC.00414AD5 ; >=3,jump
00414AD3 . 51 push ecx ; 把0x19压栈
00414AD4 . 5F pop edi ;余数出栈
00414AD5 > 33C0 xor eax, eax
00414AD7 > 83F8 20 cmp eax, 20 ; eax=0x20, 作计数器
00414ADA . 7D 12 jge short HC.00414AEE
00414ADC . 8A4C05 A4 mov cl, [ebp+eax-5C]
00414AE0 . 324C05 C4 xor cl, [ebp+eax-3C]
00414AE4 . 40 inc eax
00414AE5 . 888C05 63FFFF>mov [ebp+eax-9D], cl ; 转移
00414AEC .^ EB E9 jmp short HC.00414AD7
00414AEE > 33C9 xor ecx, ecx
00414AF0 > 83F9 10 cmp ecx, 10 ; ECX=0x10, 作计数器
00414AF3 . 7D 20 jge short HC.00414B15
00414AF5 . 0FB6940D 64FF>movzx edx, byte ptr [ebp+ecx-9C]
00414AFD . 0FB6840D 74FF>movzx eax, byte ptr [ebp+ecx-8C]
00414B05 . 33C2 xor eax, edx
00414B07 . 33D2 xor edx, edx
00414B09 . F7F7 div edi ; /3
00414B0B . 80C2 41 add dl, 41 ; +0X41
00414B0E . 88540D 84 mov [ebp+ecx-7C], dl ; 转移
00414B12 . 41 inc ecx
00414B13 .^ EB DB jmp short HC.00414AF0 ; 跳回,
00414B15 > 33FF xor edi, edi
00414B17 > 83FF 10 cmp edi, 10
00414B1A . 7D 30 jge short HC.00414B4C ; 连接计算出的注册码
00414B1C . 33C0 xor eax, eax
00414B1E . 8A443D 84 mov al, [ebp+edi-7C]
00414B22 . 6A 01 push 1
00414B24 . 8D4D E4 lea ecx, [ebp-1C]
00414B27 . 50 push eax
00414B28 . E8 031FFFFF call HC.00406A30
00414B2D . 50 push eax
00414B2E . 8D4D A0 lea ecx, [ebp-60]
00414B31 . C645 FC 06 mov byte ptr [ebp-4], 6
00414B35 . E8 ACCFFEFF call HC.00401AE6
00414B3A . 8B4D E4 mov ecx, [ebp-1C]
00414B3D . 83C1 F0 add ecx, -10
00414B40 . C645 FC 04 mov byte ptr [ebp-4], 4
00414B44 . E8 9CC6FEFF call HC.004011E5
00414B49 . 47 inc edi
00414B4A .^ EB CB jmp short HC.00414B17 ; 跳回,注册码16位
00414B4C > 8D45 A0 lea eax, [ebp-60]
00414B4F . 50 push eax
00414B50 . 8D86 54180000 lea eax, [esi+1854]
00414B56 . 50 push eax
00414B57 . E8 FD11FFFF call HC.00405D59
00414B5C . 84C0 test al, al
00414B5E . 59 pop ecx
00414B5F . 59 pop ecx
00414B60 0F84 CF000000 je HC.00414C35
00414B66 . FFB6 58180000 push dword ptr [esi+1858]
00414B6C . E8 9C290100 call HC.0042750D
00414B71 . 59 pop ecx
00414B72 . 8BF8 mov edi, eax
00414B74 . C786 40180000>mov dword ptr [esi+1840], 1
00414B7E > 8B86 B8000000 mov eax, [esi+B8]
00414B84 . 3BC7 cmp eax, edi
00414B86 . 7E 10 jle short HC.00414B98
00414B88 . 48 dec eax
00414B89 . 8BCE mov ecx, esi
00414B8B . 8986 44180000 mov [esi+1844], eax
00414B91 . E8 27E5FFFF call HC.004130BD
00414B96 .^ EB E6 jmp short HC.00414B7E
00414B98 > 8D86 58180000 lea eax, [esi+1858]
00414B9E . 50 push eax
00414B9F . 8D45 E8 lea eax, [ebp-18]
00414BA2 . 68 58244500 push HC.00452458 ; oleansoft hidden camera v2.17 manager & remote control - full version -
00414BA7 . 50 push eax
00414BA8 . 899E 40180000 mov [esi+1840], ebx
00414BAE . E8 E0CDFEFF call HC.00401993
00414BB3 . 83C4 0C add esp, 0C
00414BB6 . 68 48244500 push HC.00452448 ; employees pcs
00414BBB . 50 push eax
00414BBC . 8D45 E4 lea eax, [ebp-1C]
00414BBF . 50 push eax
00414BC0 . C645 FC 07 mov byte ptr [ebp-4], 7
00414BC4 . E8 57CDFEFF call HC.00401920
00414BC9 . 83C4 0C add esp, 0C
00414BCC . 8B38 mov edi, [eax]
00414BCE . C645 FC 08 mov byte ptr [ebp-4], 8
00414BD2 . E8 F6350300 call HC.004481CD
00414BD7 . 8B40 04 mov eax, [eax+4]
00414BDA . 8B48 1C mov ecx, [eax+1C]
00414BDD . 57 push edi
00414BDE . E8 EC130200 call HC.00435FCF
00414BE3 . 8B4D E4 mov ecx, [ebp-1C]
00414BE6 . 83C1 F0 add ecx, -10
00414BE9 . E8 F7C5FEFF call HC.004011E5
00414BEE . 8B4D E8 mov ecx, [ebp-18]
00414BF1 . 83C1 F0 add ecx, -10
00414BF4 . C645 FC 04 mov byte ptr [ebp-4], 4
00414BF8 . E8 E8C5FEFF call HC.004011E5
00414BFD . 53 push ebx ; /Arg3
00414BFE . 53 push ebx ; |Arg2
00414BFF . 68 10244500 push HC.00452410 ; |full version activation has been successfully finished
00414C04 . E8 57A40200 call HC.0043F060 ; \HC.0043F060
00414C09 . 53 push ebx
00414C0A . 8D8E C0F00000 lea ecx, [esi+F0C0]
00414C10 . E8 34140200 call HC.00436049
00414C15 . 8D45 9C lea eax, [ebp-64]
00414C18 . 8D8E 4C180000 lea ecx, [esi+184C]
00414C1E . 50 push eax
00414C1F . E8 15CCFEFF call HC.00401839
00414C24 . 8D45 98 lea eax, [ebp-68]
00414C27 . 8D8E 50180000 lea ecx, [esi+1850]
00414C2D . 50 push eax
00414C2E . E8 06CCFEFF call HC.00401839
00414C33 . EB 12 jmp short HC.00414C47
00414C35 > 53 push ebx ; /Arg3
00414C36 . 53 push ebx ; |Arg2
00414C37 . 68 F4234500 push HC.004523F4 ; |wrong key! please try again
00414C3C . E8 1FA40200 call HC.0043F060 ; \HC.0043F060
00414C41 . 33C0 xor eax, eax
00414C43 . 3BC3 cmp eax, ebx
00414C45 . 74 07 je short HC.00414C4E
00414C47 > C746 54 2C838>mov dword ptr [esi+54], 3F86832C
00414C4E > 8B4D 98 mov ecx, [ebp-68]
00414C51 . 83C1 F0 add ecx, -10
00414C54 . E8 8CC5FEFF call HC.004011E5
00414C59 . 8B4D 9C mov ecx, [ebp-64]
00414C5C . 83C1 F0 add ecx, -10
00414C5F . E8 81C5FEFF call HC.004011E5
00414C64 . 8B4D A0 mov ecx, [ebp-60]
00414C67 . 83C1 F0 add ecx, -10
00414C6A . E8 76C5FEFF call HC.004011E5
00414C6F . 33DB xor ebx, ebx
00414C71 > 8065 FC 00 and byte ptr [ebp-4], 0
00414C75 . 8D8D D4FEFFFF lea ecx, [ebp-12C]
00414C7B . 899E 44F10000 mov [esi+F144], ebx
00414C81 . E8 C2680000 call HC.0041B548
00414C86 . 8B4D F4 mov ecx, [ebp-C]
00414C89 . 64:890D 00000>mov fs:[0], ecx
00414C90 . 8B4D EC mov ecx, [ebp-14]
00414C93 . 334D 04 xor ecx, [ebp+4]
00414C96 . E8 3D1D0100 call HC.004269D8
00414C9B . 5F pop edi
00414C9C . 5E pop esi
00414C9D . 5B pop ebx
00414C9E . C9 leave
00414C9F . C3 retn
over
=======================================================================================================
【解密心得】
算法分析:
(1)注册内容由name,Email,quantity和key四部分组成
(2)程序的计算用到了两个数组
S1:
D9 06 02 14 0F 13 FB B7 33 12 32 EF 83 C7 49 AB ED 90
1F 83 DB 8B 19 D8 C4 1D EB 95 9D 0E 0B 0F
S2:
0A 0C6 0F 0D8 9F 0AF 0B6 31 9E 73 8B 0FB 0BF 93 0B2 89
0B2 0B7 69 0B9 4 0B7 70 1D 0E6 8A 87 0BF 96 6F 9D 11
(3) 注册名与要控制的机器数连成一个字符串,记为A;要控制的机器数与Email再连成一个字符串,记为B。
(4)A与S1异或的结果再异或B与S2异或的结果.
(5)结果的前十六位异或后十六位。
(6)得到十六位,同余0X19,加0x41,转换成大写字母就是注册码.
附上代码,将就这看吧:
=======================================================================
#include <stdio.h>
#include <string.h>
#include <math.h>
main()
{ int m, n,l,i,n1,n2;
char name[255],quantity[4], Email[255],tb[50];
unsigned char tb1[] ={0xD9, 0x06, 0x02, 0x14, 0x0F,
0x13, 0xFB, 0xB7, 0x33, 0x12,
0x32, 0xEF, 0x83, 0xC7, 0x49,
0xAB, 0xED, 0x90, 0x1F, 0x83,
0xDB, 0x8B, 0x19, 0xD8, 0xC4,
0x1D, 0xEB, 0x95, 0x9D, 0x0E,
0x0B, 0x0F};
unsigned char tb2[] ={0x0A, 0xC6, 0x0F, 0xD8, 0x9F,
0xAF, 0xB6, 0x31, 0x9E, 0x73,
0x8B, 0xFB, 0xBF, 0x93, 0xB2,
0x89, 0xB2, 0xB7, 0x69, 0xB9,
0x04, 0xB7, 0x70, 0x1D, 0xE6,
0x8A, 0x87, 0xBF, 0x96, 0x6F,
0x9D, 0x11};
printf("////////////////////////////////////////////////////\n");
printf("// Oleansoft Hiden camera V2.18 Key Generator //\n");
printf("// //\n");
printf("// Author: ocnzhao[OCN] //\n");
printf("// //\n");
printf("// E-mail: ocnzhao@163.com //\n");
printf("// //\n");
printf("// OS : WinXP, PEiD, Ollydbg, C-Free3.5 //\n");
printf("// //\n");
printf("// Date : 2006-04-11 //\n");
printf("//////////////////////////////////////////////////\n\n");
printf("请输入你的用户名: ");
scanf("%s",&name);
printf("请输入控制的机器数量: ");
scanf("%s", &quantity);
printf("请输入你的邮箱地址: ");
scanf("%s", &Email);
m=strlen(quantity);
n=strlen(name);
l=strlen(Email);
for(i=0;i<m;i++)
{
name[n+i]=quantity[i];
}
for(i=m+l;i>=0;i--)
{
Email[i]=Email[i-3];
}
for(i=0;i<m;i++)
{
Email[i]=quantity[i];
}
n1=0;
for(i=0;i<n+m;i++)
{
n1+=name[i];
}
n2=0;
for(i=0;i<m+l;i++)
{
n2+=Email[i];
}
for(i=0; i<n+m;i++)
{
tb1[i] = tb1[i]^name[i];
}
for(i=0; i<l+m;i++)
{
tb2[i] = tb2[i]^Email[i];
}
for(i=0;i<0x20;i++)
{
tb1[i] = tb1[i]^tb2[i];
}
for(i=0;i<0x10; i++)
{
tb1[i] = (tb1[i]^tb1[16+i]) % ((n1+n2)%0x19)+0x41;
}
for(i=0;i<0x10;i++)
{
printf("%c",tb1[i]);
}
printf("\n");
}
=======================================================================================================
【破解声明】我是一个小小菜虫子,文章如有错误,请高手指正!
【版权声明】本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
=======================================================================================================
文章完成于2006-4-11 15:20:25
[注意]APP应用上架合规检测服务,协助应用顺利上架!