【破文标题】魅影传说网络电视5.88算法分析
【破文作者】?幻刹那
【作者性别】男
【作者主页】???
【作者邮箱】lovecy616927@yahoo.com.cn
【所属组织】??游民
【软件名称】魅影传说网络电视
【下载地址】google搜索吧
【破解工具】od
【保护方式】注册码
【软件限制】试用30次
【破解难度】简单
----------------------------------------------------
软件介绍:最好用的网络电视,最精彩的电影、电视剧,增加自动更新功能,更新版本后不需再次下载。最好用的网络电视,高速网络电视,高速在线电视,高速卫星电视,快速网络电视,.....『魅影传说』全情演绎!!
----------------------------------------------------
破解声名:
----------------------------------------------------
【破解分析】
下载发现加ASPack 2.12壳,轻松脱掉,发现是vb的程序,运行随便输入跳出
错误,用rtcMsgBox下断,很快来到我们算法部分,
0042FE49 . 52 PUSH EDX
0042FE4A . FF15 34114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrVarVal>] ; 取得机器码47701152
0042FE50 . 50 PUSH EAX ; 取得机器码并押入eax
0042FE51 . FF15 F0114000 CALL DWORD PTR DS:[<&msvbvm60.rtcR8ValFromBstr>] ; 把机器码转换成双精度实数47701152.0000000000
0042FE57 . DC05 201E4000 FADD QWORD PTR DS:[401E20] ; 和固定数51201314相加+47701152=98902466
0042FE5D . DD5D A4 FSTP QWORD PTR SS:[EBP-5C] ;
0042FE60 . DFE0 FSTSW AX
0042FE62 . A8 0D TEST AL,0D
0042FE64 . 0F85 F4030000 JNZ 2.0043025E ; eax=100
0042FE6A . C745 9C 05000>MOV DWORD PTR SS:[EBP-64],5
0042FE71 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
0042FE74 . 50 PUSH EAX
0042FE75 . 8D4D 8C LEA ECX,DWORD PTR SS:[EBP-74]
0042FE78 . 51 PUSH ECX
0042FE79 . FF15 98104000 CALL DWORD PTR DS:[<&msvbvm60.rtcTrimVar>] ; msvbvm60.rtcTrimVar
0042FE7F . 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C] ; 取得我们输入的假注册码
0042FE82 . 52 PUSH EDX ; 压入edx
0042FE83 . 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74]
0042FE86 . 50 PUSH EAX
0042FE87 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
0042FE8A . 51 PUSH ECX
0042FE8B . FF15 34114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrVarVal>] ; msvbvm60.__vbaStrVarVal
0042FE91 . 50 PUSH EAX ; 压入eax
0042FE92 . FF15 14114000 CALL DWORD PTR DS:[<&msvbvm60.rtcStrReverse>] ; 全部取反98902466取反过后是66420989
0042FE98 . 8BD0 MOV EDX,EAX ; 也就是我们的注册码的,这个采用的明码比
0042FE9A . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30] 比较,就分析到这里吧
0042FE9D . FF15 C4114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrMove>] ; msvbvm60.__vbaStrMove
0042FEA3 . 50 PUSH EAX
0042FEA4 . FF15 B8104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrCmp>] ; msvbvm60.__vbaStrCmp
0042FEAA . F7D8 NEG EAX
0042FEAC . 1BC0 SBB EAX,EAX ; eax清零
0042FEAE . 40 INC EAX ; eax加1
0042FEAF . F7D8 NEG EAX ; eax取或
0042FEB1 . 66:8985 40FFF>MOV WORD PTR SS:[EBP-C0],AX
0042FEB8 . 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0042FEBB . 52 PUSH EDX
0042FEBC . 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C]
0042FEBF . 50 PUSH EAX
0042FEC0 . 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
0042FEC3 . 51 PUSH ECX
0042FEC4 . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
0042FEC7 . 52 PUSH EDX
0042FEC8 . 6A 04 PUSH 4
0042FECA . FF15 70114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeStrList>] ; msvbvm60.__vbaFreeStrList
0042FED0 . 83C4 14 ADD ESP,14
0042FED3 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0042FED6 . FF15 EC114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeObj>] ; msvbvm60.__vbaFreeObj
0042FEDC . 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74]
0042FEDF . 50 PUSH EAX
0042FEE0 . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
0042FEE3 . 51 PUSH ECX
0042FEE4 . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0042FEE7 . 52 PUSH EDX
0042FEE8 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
0042FEEB . 50 PUSH EAX
0042FEEC . 6A 04 PUSH 4
0042FEEE . FF15 34104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeVarList>] ; msvbvm60.__vbaFreeVarList
0042FEF4 . 83C4 14 ADD ESP,14
0042FEF7 . 0FBF8D 40FFFF>MOVSX ECX,WORD PTR SS:[EBP-C0]
0042FEFE 85C9 TEST ECX,ECX ; ecx=0跳走也即注册失败ecx=1注册成功
0042FF00 0F84 4D020000 JE 2.00430153 ; 爆破点
0042FF06 . C745 FC 09000>MOV DWORD PTR SS:[EBP-4],9
0042FF0D . C745 94 04000>MOV DWORD PTR SS:[EBP-6C],80020004
0042FF14 . C745 8C 0A000>MOV DWORD PTR SS:[EBP-74],0A
0042FF1B . C745 A4 04000>MOV DWORD PTR SS:[EBP-5C],80020004
0042FF22 . C745 9C 0A000>MOV DWORD PTR SS:[EBP-64],0A
0042FF29 . C785 74FFFFFF>MOV DWORD PTR SS:[EBP-8C],2.00407390
0042FF33 . C785 6CFFFFFF>MOV DWORD PTR SS:[EBP-94],8
0042FF3D . 8D95 6CFFFFFF LEA EDX,DWORD PTR SS:[EBP-94]
0042FF43 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0042FF46 . FF15 A0114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaVarDup>] ; msvbvm60.__vbaVarDup
0042FF4C . C745 84 A47A4>MOV DWORD PTR SS:[EBP-7C],2.00407AA4
0042FF53 . C785 7CFFFFFF>MOV DWORD PTR SS:[EBP-84],8
0042FF5D . 8D95 7CFFFFFF LEA EDX,DWORD PTR SS:[EBP-84]
0042FF63 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
0042FF66 . FF15 A0114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaVarDup>] ; msvbvm60.__vbaVarDup
0042FF6C . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
0042FF6F . 52 PUSH EDX
0042FF70 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
0042FF73 . 50 PUSH EAX
0042FF74 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
0042FF77 . 51 PUSH ECX
0042FF78 . 6A 00 PUSH 0
0042FF7A . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
0042FF7D . 52 PUSH EDX
0042FF7E . FF15 80104000 CALL DWORD PTR DS:[<&msvbvm60.rtcMsgBox>] ; 这里注册成功
0042FF84 . 8D45 8C LEA EAX,DWORD PTR SS:[EBP-74]
0042FF87 . 50 PUSH EAX
0042FF88 . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
0042FF8B . 51 PUSH ECX
0042FF8C . 8D55 AC LEA EDX,DWORD PTR SS:[EBP-54]
0042FF8F . 52 PUSH EDX
0042FF90 . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
0042FF93 . 50 PUSH EAX
0042FF94 . 6A 04 PUSH 4
0042FF96 . FF15 34104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeVarList>] ; msvbvm60.__vbaFreeVarList
0042FF9C . 83C4 14 ADD ESP,14
0042FF9F . C745 FC 0A000>MOV DWORD PTR SS:[EBP-4],0A
0042FFA6 . 68 A46E4000 PUSH 2.00406EA4 ; UNICODE "yes"
0042FFAB . 68 B06E4000 PUSH 2.00406EB0 ; UNICODE "zc"
0042FFB0 . 68 886E4000 PUSH 2.00406E88 ; UNICODE "zcxx"
0042FFB5 . 68 6C6E4000 PUSH 2.00406E6C ; UNICODE "miccrosoft"
0042FFBA . FF15 08104000 CALL DWORD PTR DS:[<&msvbvm60.rtcSaveSetting>] ; msvbvm60.rtcSaveSetting
0042FFC0 . C745 FC 0B000>MOV DWORD PTR SS:[EBP-4],0B
0042FFC7 . 68 A46E4000 PUSH 2.00406EA4 ; UNICODE "yes"
0042FFCC . 68 986E4000 PUSH 2.00406E98 ; UNICODE "zc2"
0042FFD1 . 68 886E4000 PUSH 2.00406E88 ; UNICODE "zcxx"
0042FFD6 . 68 6C6E4000 PUSH 2.00406E6C ; UNICODE "miccrosoft"
0042FFDB . FF15 08104000 CALL DWORD PTR DS:[<&msvbvm60.rtcSaveSetting>] ; msvbvm60.rtcSaveSetting
0042FFE1 . C745 FC 0C000>MOV DWORD PTR SS:[EBP-4],0C
0042FFE8 . 833D 10504300>CMP DWORD PTR DS:[435010],0
0042FFEF . 75 1C JNZ SHORT 2.0043000D
0042FFF1 . 68 10504300 PUSH 2.00435010
0042FFF6 . 68 E04C4000 PUSH 2.00404CE0
0042FFFB . FF15 58114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaNew2>] ; msvbvm60.__vbaNew2
00430001 . C785 1CFFFFFF>MOV DWORD PTR SS:[EBP-E4],2.00435010
0043000B . EB 0A JMP SHORT 2.00430017
0043000D > C785 1CFFFFFF>MOV DWORD PTR SS:[EBP-E4],2.00435010
00430017 > 8B8D 1CFFFFFF MOV ECX,DWORD PTR SS:[EBP-E4]
0043001D . 8B11 MOV EDX,DWORD PTR DS:[ECX]
0043001F . 8B85 1CFFFFFF MOV EAX,DWORD PTR SS:[EBP-E4]
00430025 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
00430027 . 8B01 MOV EAX,DWORD PTR DS:[ECX]
00430029 . 52 PUSH EDX
0043002A . FF90 40030000 CALL DWORD PTR DS:[EAX+340]
00430030 . 50 PUSH EAX
00430031 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
00430034 . 51 PUSH ECX
00430035 . FF15 7C104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaObjSet>] ; msvbvm60.__vbaObjSet
0043003B . 8985 48FFFFFF MOV DWORD PTR SS:[EBP-B8],EAX
00430041 . 6A 00 PUSH 0
00430043 . 8B95 48FFFFFF MOV EDX,DWORD PTR SS:[EBP-B8]
00430049 . 8B02 MOV EAX,DWORD PTR DS:[EDX]
0043004B . 8B8D 48FFFFFF MOV ECX,DWORD PTR SS:[EBP-B8]
00430051 . 51 PUSH ECX
00430052 . FF90 9C000000 CALL DWORD PTR DS:[EAX+9C]
00430058 . DBE2 FCLEX
0043005A . 8985 44FFFFFF MOV DWORD PTR SS:[EBP-BC],EAX
00430060 . 83BD 44FFFFFF>CMP DWORD PTR SS:[EBP-BC],0
00430067 . 7D 26 JGE SHORT 2.0043008F
00430069 . 68 9C000000 PUSH 9C
0043006E . 68 2C674000 PUSH 2.0040672C
00430073 . 8B95 48FFFFFF MOV EDX,DWORD PTR SS:[EBP-B8]
00430079 . 52 PUSH EDX
0043007A . 8B85 44FFFFFF MOV EAX,DWORD PTR SS:[EBP-BC]
00430080 . 50 PUSH EAX
00430081 . FF15 5C104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaHresultCheckObj>] ; msvbvm60.__vbaHresultCheckObj
00430087 . 8985 18FFFFFF MOV DWORD PTR SS:[EBP-E8],EAX
0043008D . EB 0A JMP SHORT 2.00430099
0043008F > C785 18FFFFFF>MOV DWORD PTR SS:[EBP-E8],0
00430099 > 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0043009C . FF15 EC114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeObj>] ; msvbvm60.__vbaFreeObj
004300A2 . C745 FC 0D000>MOV DWORD PTR SS:[EBP-4],0D
004300A9 . 833D 60584300>CMP DWORD PTR DS:[435860],0
004300B0 . 75 1C JNZ SHORT 2.004300CE
004300B2 . 68 60584300 PUSH 2.00435860
004300B7 . 68 206D4000 PUSH 2.00406D20
004300BC . FF15 58114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaNew2>] ; msvbvm60.__vbaNew2
004300C2 . C785 14FFFFFF>MOV DWORD PTR SS:[EBP-EC],2.00435860
004300CC . EB 0A JMP SHORT 2.004300D8
004300CE > C785 14FFFFFF>MOV DWORD PTR SS:[EBP-EC],2.00435860
004300D8 > 8B8D 14FFFFFF MOV ECX,DWORD PTR SS:[EBP-EC]
004300DE . 8B11 MOV EDX,DWORD PTR DS:[ECX]
004300E0 . 8995 48FFFFFF MOV DWORD PTR SS:[EBP-B8],EDX
004300E6 . 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
004300E9 . 50 PUSH EAX
004300EA . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
004300ED . 51 PUSH ECX
004300EE . FF15 88104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaObjSetAddref>] ; msvbvm60.__vbaObjSetAddref
004300F4 . 50 PUSH EAX
004300F5 . 8B95 48FFFFFF MOV EDX,DWORD PTR SS:[EBP-B8]
004300FB . 8B02 MOV EAX,DWORD PTR DS:[EDX]
004300FD . 8B8D 48FFFFFF MOV ECX,DWORD PTR SS:[EBP-B8]
00430103 . 51 PUSH ECX
00430104 . FF50 10 CALL DWORD PTR DS:[EAX+10]
00430107 . DBE2 FCLEX
00430109 . 8985 44FFFFFF MOV DWORD PTR SS:[EBP-BC],EAX
0043010F . 83BD 44FFFFFF>CMP DWORD PTR SS:[EBP-BC],0
00430116 . 7D 23 JGE SHORT 2.0043013B
00430118 . 6A 10 PUSH 10
0043011A . 68 D86E4000 PUSH 2.00406ED8
0043011F . 8B95 48FFFFFF MOV EDX,DWORD PTR SS:[EBP-B8]
00430125 . 52 PUSH EDX
00430126 . 8B85 44FFFFFF MOV EAX,DWORD PTR SS:[EBP-BC]
0043012C . 50 PUSH EAX
0043012D . FF15 5C104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaHresultCheckObj>] ; msvbvm60.__vbaHresultCheckObj
00430133 . 8985 10FFFFFF MOV DWORD PTR SS:[EBP-F0],EAX
00430139 . EB 0A JMP SHORT 2.00430145
0043013B > C785 10FFFFFF>MOV DWORD PTR SS:[EBP-F0],0
00430145 > 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
00430148 . FF15 EC114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeObj>] ; msvbvm60.__vbaFreeObj
0043014E . E9 99000000 JMP 2.004301EC
00430153 > C745 FC 0F000>MOV DWORD PTR SS:[EBP-4],0F
0043015A . C745 94 04000>MOV DWORD PTR SS:[EBP-6C],80020004
00430161 . C745 8C 0A000>MOV DWORD PTR SS:[EBP-74],0A
00430168 . C745 A4 04000>MOV DWORD PTR SS:[EBP-5C],80020004
0043016F . C745 9C 0A000>MOV DWORD PTR SS:[EBP-64],0A
00430176 . C785 74FFFFFF>MOV DWORD PTR SS:[EBP-8C],2.00407390
00430180 . C785 6CFFFFFF>MOV DWORD PTR SS:[EBP-94],8
0043018A . 8D95 6CFFFFFF LEA EDX,DWORD PTR SS:[EBP-94]
00430190 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
00430193 . FF15 A0114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaVarDup>] ; msvbvm60.__vbaVarDup
00430199 . C745 84 D07A4>MOV DWORD PTR SS:[EBP-7C],2.00407AD0
004301A0 . C785 7CFFFFFF>MOV DWORD PTR SS:[EBP-84],8
004301AA . 8D95 7CFFFFFF LEA EDX,DWORD PTR SS:[EBP-84]
004301B0 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004301B3 . FF15 A0114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaVarDup>] ; msvbvm60.__vbaVarDup
004301B9 . 8D4D 8C LEA ECX,DWORD PTR SS:[EBP-74]
004301BC . 51 PUSH ECX
004301BD . 8D55 9C LEA EDX,DWORD PTR SS:[EBP-64]
004301C0 . 52 PUSH EDX
004301C1 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
004301C4 . 50 PUSH EAX
004301C5 . 6A 00 PUSH 0
004301C7 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004301CA . 51 PUSH ECX
004301CB . FF15 80104000 CALL DWORD PTR DS:[<&msvbvm60.rtcMsgBox>] ; 走到这里就跳出对话框,注册失败
004301D1 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
004301D4 . 52 PUSH EDX
----------------------------------------------------
【总结】
接触算法没多久,错误之处在所难免,敬请指正
就是机器码跟一个固定数51201314相加,得到一个数,然后把这个数反序
就得到我们的注册码,比如我的机器码是47701152相加47701152+51201314=98902466,把这个数反序就是66420989就是我们注册码
----------------------------------------------------
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)