【破文标题】注册某发型设计软件
【破文作者】紫色缘[TFW][PCG][DFCG]
【作者邮箱】yufufen37@hotmail.com
【作者主页】www.cniso.org / www.bizqz.com
【破解工具】OD、PEID
【破解平台】WinXP
【软件名称】发型设计软件
【软件大小】14MB
【原版下载】很抱歉不提供~
【保护方式】注册码及功能限制
------------------------------------------------------------------------
【破解过程】
前言,一朋友急需此软件,所以就看看了。
1、先载入主程序,找到注册窗口,输入注册码“1111111111111”提示:“你的注册码不准确,请重新输入或与供应商联系.”
--------------------------
//生成码:WD-WCAM96574947
//注册码:1111111111111
--------------------------
2、用Peid查无壳,为Borland C++ 1999语言编写。
3、直接用OD载入主程序,查找相关ASCII字符串
Ultra String Reference,项目 55
Address=0042119F
Disassembly=mov edx,Hair.0044850C
Text String=你的注册码不准确,请重新输入或与供应商联系.
4、找到触发事件的代码并下断,其代码如下:
00421064 55 push ebp ; 在此下断
//下断后,运行主程序,找到注册窗口,输入注册码“1111111111111”.中断在此
00421065 |. 8BEC mov ebp, esp
00421067 |. 81C4 74FFFFFF add esp, -8C
0042106D |. 8955 98 mov [ebp-68], edx
00421070 |. 8945 9C mov [ebp-64], eax
00421073 |. B8 349C4400 mov eax, 00449C34
00421078 |. E8 FF1D0100 call 00432E7C
0042107D |. 6A 00 push 0 ; /Arg2 = 00000000
0042107F |. 8B55 9C mov edx, [ebp-64] ; |
00421082 |. 81C2 E4070000 add edx, 7E4 ; |
00421088 |. 52 push edx ; |Arg1
00421089 |. E8 9AFD0000 call 00430E28 ; \Hair.00430E28
0042108E |. 83C4 08 add esp, 8
00421091 |. 8B4D 9C mov ecx, [ebp-64]
00421094 |. 81C1 28080000 add ecx, 828
0042109A |. 51 push ecx ; /生成码:WD-WCAM96574947 入ECX
0042109B |. 8B45 9C mov eax, [ebp-64] ; |
0042109E |. 05 E4070000 add eax, 7E4 ; |
004210A3 |. 50 push eax ; |Arg1
004210A4 |. E8 8FFF0000 call 00431038 ; \关键call ,F7跟进
004210A9 |. 83C4 08 add esp, 8 ; 此处出现注册码
004210AC |. 66:C745 B0 08>mov word ptr [ebp-50], 8
004210B2 |. 8D45 F4 lea eax, [ebp-C]
004210B5 |. E8 925DFEFF call 00406E4C
004210BA |. 8BD0 mov edx, eax
004210BC |. FF45 BC inc dword ptr [ebp-44]
004210BF |. 8B4D 9C mov ecx, [ebp-64]
004210C2 |. 8B81 D4040000 mov eax, [ecx+4D4]
004210C8 |. E8 3B5C0200 call <jmp.&vcl60.Controls::TC>
004210CD |. 8D55 F4 lea edx, [ebp-C]
004210D0 |. FF32 push dword ptr [edx] ; 假码出现
004210D2 |. 8D45 F0 lea eax, [ebp-10]
004210D5 |. E8 725DFEFF call 00406E4C
004210DA |. 8BD0 mov edx, eax
004210DC |. FF45 BC inc dword ptr [ebp-44]
004210DF |. 58 pop eax ; 弹出假码“111111111111”
004210E0 |. E8 635F0200 call <jmp.&rtl60.Sysutils::Tr>
004210E5 |. 8D45 F0 lea eax, [ebp-10]
004210E8 |. E8 F70DFEFF call 00401EE4 ; 比较call
004210ED |. 50 push eax ; /ASCII“111111111111” (假)
004210EE |. 8B55 9C mov edx, [ebp-64] ; |
004210F1 |. 81C2 68080000 add edx, 868 ; |
004210F7 |. 52 push edx ; |ASCII "TA0PGCL;5622035" (真)
004210F8 |. E8 8B640200 call <jmp.&CC3260MT._strcmp> ; \_strcmp
004210FD |. 83C4 08 add esp, 8
00421100 |. 85C0 test eax, eax
00421102 |. 0F95C1 setne cl
00421105 |. 83E1 01 and ecx, 1
00421108 |. 51 push ecx
00421109 |. FF4D BC dec dword ptr [ebp-44]
0042110C |. 8D45 F0 lea eax, [ebp-10]
0042110F |. BA 02000000 mov edx, 2
00421114 |. E8 3F1F0100 call 00433058
00421119 |. FF4D BC dec dword ptr [ebp-44] ; |
0042111C |. 8D45 F4 lea eax, [ebp-C] ; |
0042111F |. BA 02000000 mov edx, 2 ; |
00421124 |. E8 2F1F0100 call 00433058 ; \HairDesi.00433058
00421129 |. 59 pop ecx
0042112A |. 84C9 test cl, cl ; 测试CL 的值
0042112C |. 0F84 8D000000 je 004211BF ; 相等则跳
00421132 |. 66:C745 B0 14>mov word ptr [ebp-50], 14
00421138 |. 8D45 E8 lea eax, [ebp-18]
0042113B |. E8 0C5DFEFF call 00406E4C
00421140 |. 50 push eax
00421141 |. FF45 BC inc dword ptr [ebp-44]
00421144 |. 8B55 9C mov edx, [ebp-64]
00421147 |. 81C2 28080000 add edx, 828
0042114D |. 8D45 EC lea eax, [ebp-14]
00421150 |. E8 EF1D0100 call 00432F44
00421155 |. 8BD0 mov edx, eax
00421157 |. FF45 BC inc dword ptr [ebp-44]
0042115A |. B8 04854400 mov eax, 00448504 ; 生成码:
0042115F |. 59 pop ecx
00421160 |. E8 D3220100 call 00433438
00421165 |. 8D55 E8 lea edx, [ebp-18]
00421168 |. 8B12 mov edx, [edx]
0042116A |. 8B45 9C mov eax, [ebp-64]
0042116D |. 8B80 DC040000 mov eax, [eax+4DC]
00421173 |. E8 8A5B0200 call <jmp.&vcl60.Controls::TC>
00421178 |. FF4D BC dec dword ptr [ebp-44]
0042117B |. 8D45 E8 lea eax, [ebp-18]
0042117E |. BA 02000000 mov edx, 2
00421183 |. E8 D01E0100 call 00433058
00421188 |. FF4D BC dec dword ptr [ebp-44]
0042118B |. 8D45 EC lea eax, [ebp-14]
0042118E |. BA 02000000 mov edx, 2
00421193 |. E8 C01E0100 call 00433058
00421198 |. 6A 00 push 0
0042119A |. B9 37854400 mov ecx, 00448537 ; 注意
0042119F |. BA 0C854400 mov edx, 0044850C ; 你的注册码不准确,请重新输入或与供应商联系.
004211A4 |. A1 303B4500 mov eax, [<&vcl60.Forms::App>
004211A9 |. 8B00 mov eax, [eax]
004211AB |. E8 741D0100 call 00432F24 ; 呼出注册错误Message!
004211B0 |. 8B55 A0 mov edx, [ebp-60]
004211B3 |. 64:8915 00000>mov fs:[0], edx
004211BA |. E9 F3020000 jmp 004214B2 ; 跳转到程序结尾处
004211BF |> 66:C745 B0 20>mov word ptr [ebp-50], 20
004211C5 |. 8D45 FC lea eax, [ebp-4]
004211C8 |. E8 7F5CFEFF call 00406E4C
004211CD |. FF45 BC inc dword ptr [ebp-44]
004211D0 |. 66:C745 B0 2C>mov word ptr [ebp-50], 2C
004211D6 |. 66:C745 B0 38>mov word ptr [ebp-50], 38
004211DC |. 8D45 F8 lea eax, [ebp-8]
004211DF |. E8 685CFEFF call 00406E4C
004211E4 |. FF45 BC inc dword ptr [ebp-44]
004211E7 |. 66:C745 B0 2C>mov word ptr [ebp-50], 2C
004211ED |. 66:C745 B0 44>mov word ptr [ebp-50], 44
004211F3 |. 8D45 E4 lea eax, [ebp-1C]
004211F6 |. E8 515CFEFF call 00406E4C
004211FB |. 8BD0 mov edx, eax
004211FD |. FF45 BC inc dword ptr [ebp-44]
00421200 |. 8B0D 303B4500 mov ecx, [<&vcl60.Forms::App>; vcl60.Forms::Application
00421206 |. 8B01 mov eax, [ecx]
00421208 |. E8 1F580200 call <jmp.&vcl60.Forms::TAppl>
0042120D |. 8D55 E4 lea edx, [ebp-1C]
00421210 |. FF32 push dword ptr [edx]
00421212 |. 8D45 E0 lea eax, [ebp-20]
00421215 |. E8 325CFEFF call 00406E4C
0042121A |. 8BD0 mov edx, eax
0042121C |. FF45 BC inc dword ptr [ebp-44]
0042121F |. 58 pop eax
00421220 |. E8 055E0200 call <jmp.&rtl60.Sysutils::Ex>
00421225 |. 8D55 E0 lea edx, [ebp-20]
00421228 |. 8D45 FC lea eax, [ebp-4]
0042122B |. E8 581E0100 call 00433088
00421230 |. FF4D BC dec dword ptr [ebp-44]
00421233 |. 8D45 E0 lea eax, [ebp-20]
00421236 |. BA 02000000 mov edx, 2
0042123B |. E8 181E0100 call 00433058
00421240 |. FF4D BC dec dword ptr [ebp-44]
00421243 |. 8D45 E4 lea eax, [ebp-1C]
00421246 |. BA 02000000 mov edx, 2
0042124B |. E8 081E0100 call 00433058
00421250 |. 66:C745 B0 50>mov word ptr [ebp-50], 50
00421256 |. 8D45 D8 lea eax, [ebp-28]
00421259 |. E8 EE5BFEFF call 00406E4C
0042125E |. 50 push eax
0042125F |. FF45 BC inc dword ptr [ebp-44]
00421262 |. BA 3C854400 mov edx, 0044853C ; sys\registry.txt
00421267 |. 8D45 DC lea eax, [ebp-24]
0042126A |. E8 D51C0100 call 00432F44
0042126F |. FF45 BC inc dword ptr [ebp-44]
00421272 |. 8D55 DC lea edx, [ebp-24]
00421275 |. 8D45 FC lea eax, [ebp-4]
00421278 |. 59 pop ecx
00421279 |. E8 1E1E0100 call 0043309C
0042127E |. 8D55 D8 lea edx, [ebp-28]
00421281 |. 8D45 F8 lea eax, [ebp-8]
00421284 |. E8 FF1D0100 call 00433088
00421289 |. FF4D BC dec dword ptr [ebp-44]
0042128C |. 8D45 D8 lea eax, [ebp-28]
0042128F |. BA 02000000 mov edx, 2
00421294 |. E8 BF1D0100 call 00433058
00421299 |. FF4D BC dec dword ptr [ebp-44]
0042129C |. 8D45 DC lea eax, [ebp-24]
0042129F |. BA 02000000 mov edx, 2
004212A4 |. E8 AF1D0100 call 00433058
004212A9 |. 8B45 F8 mov eax, [ebp-8]
004212AC |. E8 855D0200 call <jmp.&rtl60.Sysutils::Fi>
004212B1 |. 84C0 test al, al
004212B3 |. 74 08 je short 004212BD
004212B5 |. 8B45 F8 mov eax, [ebp-8]
004212B8 |. E8 7F1C0100 call 00432F3C
004212BD |> 68 4D854400 push 0044854D ; w+t
004212C2 |. 8D45 F8 lea eax, [ebp-8]
004212C5 |. E8 1A0CFEFF call 00401EE4
004212CA |. 50 push eax ; |path
004212CB |. E8 70620200 call <jmp.&CC3260MT._fopen> ; \_fopen
004212D0 |. 83C4 08 add esp, 8
004212D3 |. 8945 94 mov [ebp-6C], eax
004212D6 |. 85C0 test eax, eax
004212D8 |. 75 47 jnz short 00421321
004212DA |. 6A 00 push 0
004212DC |. B9 6C854400 mov ecx, 0044856C ; 注意
004212E1 |. BA 51854400 mov edx, 00448551 ; 注册失败,请与服务人员联系.
004212E6 |. A1 303B4500 mov eax, [<&vcl60.Forms::App>
004212EB |. 8B00 mov eax, [eax]
004212ED |. E8 321C0100 call 00432F24
004212F2 |. FF4D BC dec dword ptr [ebp-44]
004212F5 |. 8D45 F8 lea eax, [ebp-8]
004212F8 |. BA 02000000 mov edx, 2
004212FD |. E8 561D0100 call 00433058
00421302 |. FF4D BC dec dword ptr [ebp-44]
00421305 |. 8D45 FC lea eax, [ebp-4]
00421308 |. BA 02000000 mov edx, 2
0042130D |. E8 461D0100 call 00433058
00421312 |. 8B4D A0 mov ecx, [ebp-60]
00421315 |. 64:890D 00000>mov fs:[0], ecx
0042131C |. E9 91010000 jmp 004214B2
00421321 |> 66:C745 B0 5C>mov word ptr [ebp-50], 5C
00421327 |. 8D45 D4 lea eax, [ebp-2C]
0042132A |. E8 1D5BFEFF call 00406E4C
0042132F |. 8BD0 mov edx, eax
00421331 |. FF45 BC inc dword ptr [ebp-44]
00421334 |. 8B4D 9C mov ecx, [ebp-64]
00421337 |. 8B81 D4040000 mov eax, [ecx+4D4]
0042133D |. E8 C6590200 call <jmp.&vcl60.Controls::TC>
00421342 |. 8D55 D4 lea edx, [ebp-2C]
00421345 |. FF32 push dword ptr [edx]
00421347 |. 8D45 D0 lea eax, [ebp-30]
0042134A |. E8 FD5AFEFF call 00406E4C
0042134F |. 8BD0 mov edx, eax
00421351 |. FF45 BC inc dword ptr [ebp-44]
00421354 |. 58 pop eax
00421355 |. E8 EE5C0200 call <jmp.&rtl60.Sysutils::Tr>
0042135A |. 8D45 D0 lea eax, [ebp-30]
0042135D |. E8 820BFEFF call 00401EE4
00421362 |. 50 push eax ; /src
00421363 |. 8D95 74FFFFFF lea edx, [ebp-8C] ; |
00421369 |. 52 push edx ; |dest
0042136A |. E8 1F620200 call <jmp.&CC3260MT._strcpy> ; \_strcpy
0042136F |. 83C4 08 add esp, 8
00421372 |. FF4D BC dec dword ptr [ebp-44]
00421375 |. 8D45 D0 lea eax, [ebp-30]
00421378 |. BA 02000000 mov edx, 2
0042137D |. E8 D61C0100 call 00433058
00421382 |. FF4D BC dec dword ptr [ebp-44]
00421385 |. 8D45 D4 lea eax, [ebp-2C]
00421388 |. BA 02000000 mov edx, 2
0042138D |. E8 C61C0100 call 00433058
00421392 |. FF75 94 push dword ptr [ebp-6C]
00421395 |. 6A 01 push 1
00421397 |. 8D8D 74FFFFFF lea ecx, [ebp-8C]
0042139D |. 51 push ecx ; /s
0042139E |. E8 F1610200 call <jmp.&CC3260MT._strlen> ; \_strlen
004213A3 |. 59 pop ecx ; |
004213A4 |. 40 inc eax ; |
004213A5 |. 50 push eax ; |size
004213A6 |. 8D85 74FFFFFF lea eax, [ebp-8C] ; |
004213AC |. 50 push eax ; |ptr
004213AD |. E8 A6610200 call <jmp.&CC3260MT._fwrite> ; \_fwrite
004213B2 |. 83C4 10 add esp, 10
004213B5 |. FF75 94 push dword ptr [ebp-6C] ; /stream
004213B8 |. E8 77610200 call <jmp.&CC3260MT._fclose> ; \_fclose
004213BD |. 59 pop ecx
004213BE |. B2 01 mov dl, 1
004213C0 |. 8B4D 9C mov ecx, [ebp-64]
004213C3 |. 8B81 A4030000 mov eax, [ecx+3A4]
004213C9 |. 8B08 mov ecx, [eax]
004213CB |. FF51 64 call [ecx+64]
004213CE |. B2 01 mov dl, 1
004213D0 |. 8B45 9C mov eax, [ebp-64]
004213D3 |. 8B80 18040000 mov eax, [eax+418]
004213D9 |. E8 A8570200 call <jmp.&vcl60.Menus::TMenu>
004213DE |. 33D2 xor edx, edx
004213E0 |. 8B4D 9C mov ecx, [ebp-64]
004213E3 |. 8B81 CC040000 mov eax, [ecx+4CC]
004213E9 |. E8 26590200 call <jmp.&vcl60.Controls::TC>
004213EE |. 66:C745 B0 68>mov word ptr [ebp-50], 68
004213F4 |. 8D45 CC lea eax, [ebp-34]
004213F7 |. E8 505AFEFF call 00406E4C
004213FC |. 8BD0 mov edx, eax
004213FE |. FF45 BC inc dword ptr [ebp-44]
00421401 |. 8B45 9C mov eax, [ebp-64]
00421404 |. E8 FF580200 call <jmp.&vcl60.Controls::TC>
00421409 |. 8D55 CC lea edx, [ebp-34]
0042140C |. 52 push edx
0042140D |. 8D45 C4 lea eax, [ebp-3C]
00421410 |. E8 375AFEFF call 00406E4C
00421415 |. 50 push eax
00421416 |. FF45 BC inc dword ptr [ebp-44]
00421419 |. BA 71854400 mov edx, 00448571 ; ――已注册
0042141E |. 8D45 C8 lea eax, [ebp-38]
00421421 |. E8 1E1B0100 call 00432F44
00421426 |. FF45 BC inc dword ptr [ebp-44]
00421429 |. 8D55 C8 lea edx, [ebp-38]
0042142C |. 59 pop ecx
0042142D |. 58 pop eax
0042142E |. E8 691C0100 call 0043309C
00421433 |. 8D55 C4 lea edx, [ebp-3C]
00421436 |. 8B12 mov edx, [edx]
00421438 |. 8B45 9C mov eax, [ebp-64]
0042143B |. E8 C2580200 call <jmp.&vcl60.Controls::TC>
00421440 |. FF4D BC dec dword ptr [ebp-44]
00421443 |. 8D45 C4 lea eax, [ebp-3C]
00421446 |. BA 02000000 mov edx, 2
0042144B |. E8 081C0100 call 00433058
00421450 |. FF4D BC dec dword ptr [ebp-44]
00421453 |. 8D45 C8 lea eax, [ebp-38]
00421456 |. BA 02000000 mov edx, 2
0042145B |. E8 F81B0100 call 00433058
00421460 |. FF4D BC dec dword ptr [ebp-44]
00421463 |. 8D45 CC lea eax, [ebp-34]
00421466 |. BA 02000000 mov edx, 2
0042146B |. E8 E81B0100 call 00433058
00421470 |. 6A 00 push 0
00421472 |. B9 90854400 mov ecx, 00448590 ; 注意
00421477 |. BA 7C854400 mov edx, 0044857C ; 注册成功,欢迎使用.
0042147C |. A1 303B4500 mov eax, [<&vcl60.Forms::App>
00421481 |. 8B00 mov eax, [eax]
00421483 |. E8 9C1A0100 call 00432F24
00421488 |. FF4D BC dec dword ptr [ebp-44]
0042148B |. 8D45 F8 lea eax, [ebp-8]
0042148E |. BA 02000000 mov edx, 2
00421493 |. E8 C01B0100 call 00433058
00421498 |. FF4D BC dec dword ptr [ebp-44]
0042149B |. 8D45 FC lea eax, [ebp-4]
0042149E |. BA 02000000 mov edx, 2
004214A3 |. E8 B01B0100 call 00433058
004214A8 |. 8B4D A0 mov ecx, [ebp-60]
004214AB |. 64:890D 00000>mov fs:[0], ecx
004214B2 |> 8BE5 mov esp, ebp
004214B4 |. 5D pop ebp
004214B5 \. C3 retn
-------------------------------跟进关键call 4210A4 处代码如下-------------------------------
00431038 /$ 55 push ebp ; 继续F8↓
00431039 |. 8BEC mov ebp, esp
0043103B |. 81C4 60FFFFFF add esp, -0A0
00431041 |. 56 push esi
00431042 |. 57 push edi
00431043 |. BE 9CEA4400 mov esi, 0044EA9C
00431048 |. 8D7D 80 lea edi, [ebp-80]
0043104B |. B9 1E000000 mov ecx, 1E ; 将“1E=30”送入ECX
00431050 |. F3:A5 rep movs dword ptr es:[edi], >; ecx=0000001E (十进制 30.)
00431052 |. FF75 0C push dword ptr [ebp+C] ; /ASCII "WD-WCAM96574947"
00431055 |. 8D85 60FFFFFF lea eax, [ebp-A0] ; |
0043105B |. 50 push eax ; |dest
0043105C |. E8 2D650100 call <jmp.&CC3260MT._strcpy> ; \_strcpy
00431061 |. 83C4 08 add esp, 8
00431064 |. FF75 0C push dword ptr [ebp+C] ; /S = "WD-WCAM96574947"
00431067 |. E8 28650100 call <jmp.&CC3260MT._strlen> ; \_strlen
0043106C |. 59 pop ecx ; 弹出生成码
0043106D |. 8945 FC mov [ebp-4], eax ; EAX=F 即为15 送入[EBP-4]
00431070 |. 33D2 xor edx, edx ; EDX清零
00431072 |. 8955 F8 mov [ebp-8], edx ; EDX值送入[EBP-8]
00431075 |. 8B4D F8 mov ecx, [ebp-8] ; [EBP-8]的值则送入ECX
00431078 |. 3B4D FC cmp ecx, [ebp-4] ; 与ECX值作比较,生成码是否大于ECX
0043107B |. 7D 54 jge short 004310D1 ; 大于则跳
0043107D |> 8B45 F8 /mov eax, [ebp-8]
00431080 |. 8A5485 80 |mov dl, [ebp+eax*4-80] ; [EBP+EAX*4-80]的值送入dl
00431084 |. 8B4D F8 |mov ecx, [ebp-8]
00431087 |. 30940D 60FFFF>|xor [ebp+ecx-A0], dl ; dl xor 生成码(W)的ASCII码第一位的16进制数---依次取生成码的ASCII码来与dl不同的值运算,DL的值依次为“352742123356972”
0043108E |. 8B45 F8 |mov eax, [ebp-8]
00431091 |. 0FBE9405 60FF>|movsx edx, byte ptr [ebp+eax-A>; xor 得来的值54再转换为ASCII码(T)
00431099 |. 83FA 30 |cmp edx, 30 ; 比较EDX的值是否大于30 也就是ASCII码(0)
0043109C |. 7D 0D |jge short 004310AB ; 大于则跳
0043109E |. 8B4D F8 |mov ecx, [ebp-8]
004310A1 |. C6840D 60FFFF>|mov byte ptr [ebp+ecx-A0], 3>
004310A9 |. EB 1B |jmp short 004310C6
004310AB |> 8B45 F8 |mov eax, [ebp-8]
004310AE |. 0FBE9405 60FF>|movsx edx, byte ptr [ebp+eax-A>; ASCII码 (T)送入EDX
004310B6 |. 83FA 7A |cmp edx, 7A ; EDX与7A做比较
004310B9 |. 7E 0B |jle short 004310C6 ; 小于则跳
004310BB |. 8B4D F8 |mov ecx, [ebp-8]
004310BE |. C6840D 60FFFF>|mov byte ptr [ebp+ecx-A0], 7>
004310C6 |> FF45 F8 |inc dword ptr [ebp-8] ; +1
004310C9 |. 8B45 F8 |mov eax, [ebp-8]
004310CC |. 3B45 FC |cmp eax, [ebp-4]
004310CF |.^ 7C AC \jl short 0043107D ; 没运算完,继续
004310D1 |> 8D95 60FFFFFF lea edx, [ebp-A0] ; [ebp-A0]的值偏移到EDX
004310D7 |. 52 push edx ; /出现真码,压入栈
004310D8 |. 8B4D 08 mov ecx, [ebp+8] ; |
004310DB |. 81C1 84000000 add ecx, 84 ; |
004310E1 |. 51 push ecx ; |dest
004310E2 |. E8 A7640100 call <jmp.&CC3260MT._strcpy> ; \_strcpy
004310E7 |. 83C4 08 add esp, 8
004310EA |. 5F pop edi
004310EB |. 5E pop esi
004310EC |. 8BE5 mov esp, ebp
004310EE |. 5D pop ebp
004310EF \. C3 retn
------------------------------------------------------------------------
【算法总结】
1、生成码最长不允许超过15位
2、依次取生成码的ASCII码转换为16进制数后,分别与不同的DL(352742123356972)值 XOR,得到的值再转换为ASCII码
机器码:WD-WCAM96574947
运算符:352742123356972
两者之间与对应的转换数运算
W = 57 XOR 3 = 54 ---> T
D = 44 XOR 5 = 41 ---> A
- = 2D XOR 2 = 2F ---> / ------------->与30作比较,小于30 直接用30替换! 所以得 - = 2D XOR 2 = 2F < 30 =0
W = 57 XOR 7 = 50 ---> P
C = 43 XOR 4 = 47 ---> G
A = 41 XOR 2 = 43 ---> C
M = 4D XOR 1 = 4C ---> L
9 = 39 XOR 2 = 3B ---> ;
6 = 36 XOR 3 = 35 ---> 5
5 = 35 XOR 3 = 36 ---> 6
7 = 37 XOR 5 = 32 ---> 2
4 = 34 XOR 6 = 32 ---> 2
9 = 39 XOR 9 = 30 ---> 0
4 = 34 XOR 7 = 33 ---> 3
7 = 37 XOR 2 = 35 ---> 5
3、其中如果生成码小于ASCII码0 的话,那就直接用0来作替代(与30作比较,小于30 直接用30(0x30=48=0)替换!)
4、如果生成码中有哪个大雨ASCII码 Z的,那就直接用Z来作替代(与7A作比较,大于7A 直接用7A(0x7A=122=Z)替换! )
5、最后得出的正确注册码为:TA0PGCL;5622035
还有测试一台机器的
生成码: B1AR3MHE
注册码:A4CU7OIG
B = 42 XOR 3 = 41 ---> A
1 = 31 XOR 5 = 34 ---> 4
A = 41 XOR 2 = 43 ---> C
R = 52 XOR 7 = 55 ---> U
3 = 33 XOR 4 = 37 ---> 7
M = 4D XOR 2 = 4F ---> O
H = 48 XOR 1 = 49 ---> I
E = 45 XOR 2 = 47 ---> G
------------------------------------------------------------------------
【版权声明】本文纯属技术交流, 转载请注明作者信息并保持文章的完整, 谢谢!
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
