-
-
[分享](简单)Magic DVD Copier 5.01算法分析
-
发表于: 2007-6-1 19:33 5246
-
【文章标题】: (简单)Magic DVD Copier 5.01算法分析
【文章作者】: 坚持到底
【软件名称】: Magic DVD Copier 5.01
【下载地址】: http://www.newhua.com/soft/55065.htm
【保护方式】: 注册码
【使用工具】: flyod,peid
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
在OD中搜索字符串
Register Code is not correct!
Please copy and paste your user name and register code.
有好几处 最后找到这里有用的
输入
insist
123456789
0041DF10 . 55 push ebp
0041DF11 . 8BEC mov ebp,esp
0041DF13 . 83C4 AC add esp,-54
0041DF16 . 53 push ebx
0041DF17 . 56 push esi
0041DF18 . 57 push edi
0041DF19 . 8945 B8 mov dword ptr ss:[ebp-48],eax
0041DF1C . B8 24335300 mov eax,MagicDVD.00533324
0041DF21 . E8 EE3D0E00 call MagicDVD.00501D14
0041DF26 . 66:C745 CC 0800 mov word ptr ss:[ebp-34],8
0041DF2C . 66:C745 CC 0800 mov word ptr ss:[ebp-34],8
0041DF32 . 66:C745 CC 2000 mov word ptr ss:[ebp-34],20
0041DF38 . 33C0 xor eax,eax
0041DF3A . 33F6 xor esi,esi
0041DF3C . 8945 F4 mov dword ptr ss:[ebp-C],eax
0041DF3F . 8D55 F4 lea edx,dword ptr ss:[ebp-C]
0041DF42 . FF45 D8 inc dword ptr ss:[ebp-28]
0041DF45 . 8B4D B8 mov ecx,dword ptr ss:[ebp-48]
0041DF48 . 8B81 F8020000 mov eax,dword ptr ds:[ecx+2F8]
0041DF4E . E8 D9110B00 call MagicDVD.004CF12C
0041DF53 . 8D45 F4 lea eax,dword ptr ss:[ebp-C]
0041DF56 . 8B00 mov eax,dword ptr ds:[eax]
0041DF58 . 33D2 xor edx,edx
0041DF5A . 8955 FC mov dword ptr ss:[ebp-4],edx
0041DF5D . 8D55 FC lea edx,dword ptr ss:[ebp-4]
0041DF60 . FF45 D8 inc dword ptr ss:[ebp-28]
0041DF63 . E8 1C310500 call MagicDVD.00471084
0041DF68 . FF4D D8 dec dword ptr ss:[ebp-28]
0041DF6B . 8D45 F4 lea eax,dword ptr ss:[ebp-C]
0041DF6E . BA 02000000 mov edx,2
0041DF73 . E8 34290F00 call MagicDVD.005108AC
0041DF78 . 66:C745 CC 1400 mov word ptr ss:[ebp-34],14
0041DF7E . 837D FC 00 cmp dword ptr ss:[ebp-4],0
0041DF82 . 74 05 je short MagicDVD.0041DF89
0041DF84 . 8B45 FC mov eax,dword ptr ss:[ebp-4]
0041DF87 . EB 05 jmp short MagicDVD.0041DF8E
0041DF89 > B8 9B315300 mov eax,MagicDVD.0053319B
0041DF8E > 8945 B4 mov dword ptr ss:[ebp-4C],eax
0041DF91 . 33FF xor edi,edi
0041DF93 . 8B45 B4 mov eax,dword ptr ss:[ebp-4C]
0041DF96 . 8BD8 mov ebx,eax
0041DF98 . EB 08 jmp short MagicDVD.0041DFA2
0041DF9A > 33C0 xor eax,eax
0041DF9C . 8A03 mov al,byte ptr ds:[ebx]
0041DF9E . 03F0 add esi,eax ; //用户名累加在esi
0041DFA0 . 47 inc edi
0041DFA1 . 43 inc ebx
0041DFA2 > 8B55 B4 mov edx,dword ptr ss:[ebp-4C]
0041DFA5 . 52 push edx
0041DFA6 . E8 21390E00 call MagicDVD.005018CC
0041DFAB . 59 pop ecx
0041DFAC . 3BF8 cmp edi,eax
0041DFAE .^ 72 EA jb short MagicDVD.0041DF9A
0041DFB0 . 81E6 FFFF0080 and esi,8000FFFF
0041DFB6 . 79 08 jns short MagicDVD.0041DFC0
0041DFB8 . 4E dec esi
0041DFB9 . 81CE 0000FFFF or esi,FFFF0000
0041DFBF . 46 inc esi
0041DFC0 > 56 push esi ; /Arg3
0041DFC1 . 68 9C315300 push MagicDVD.0053319C ; |Arg2 = 0053319C ASCII "%04X"
0041DFC6 . 8D4D AC lea ecx,dword ptr ss:[ebp-54] ; |
0041DFC9 . 51 push ecx ; |Arg1
0041DFCA . E8 B9730E00 call MagicDVD.00505388 ; \MagicDVD.00505388
0041DFCF . 66:C745 CC 2C00 mov word ptr ss:[ebp-34],2C ; //用户名累加和的格式化字串 我这里是 092A
0041DFD5 . 33C0 xor eax,eax
0041DFD7 . 83C4 0C add esp,0C
0041DFDA . 8945 F0 mov dword ptr ss:[ebp-10],eax
0041DFDD . 8D55 F0 lea edx,dword ptr ss:[ebp-10]
0041DFE0 . FF45 D8 inc dword ptr ss:[ebp-28]
0041DFE3 . 8B4D B8 mov ecx,dword ptr ss:[ebp-48]
0041DFE6 . 8B81 FC020000 mov eax,dword ptr ds:[ecx+2FC]
0041DFEC . E8 3B110B00 call MagicDVD.004CF12C
0041DFF1 . 8D45 F0 lea eax,dword ptr ss:[ebp-10]
0041DFF4 . 8B00 mov eax,dword ptr ds:[eax]
0041DFF6 . 33D2 xor edx,edx
0041DFF8 . 8955 EC mov dword ptr ss:[ebp-14],edx
0041DFFB . 8D55 EC lea edx,dword ptr ss:[ebp-14]
0041DFFE . FF45 D8 inc dword ptr ss:[ebp-28]
0041E001 . E8 7E300500 call MagicDVD.00471084
0041E006 . 8D45 EC lea eax,dword ptr ss:[ebp-14]
0041E009 . 33C9 xor ecx,ecx
0041E00B . 894D F8 mov dword ptr ss:[ebp-8],ecx
0041E00E . 8D55 F8 lea edx,dword ptr ss:[ebp-8]
0041E011 . FF45 D8 inc dword ptr ss:[ebp-28]
0041E014 . E8 532B0F00 call MagicDVD.00510B6C
0041E019 . FF4D D8 dec dword ptr ss:[ebp-28]
0041E01C . 8D45 EC lea eax,dword ptr ss:[ebp-14]
0041E01F . BA 02000000 mov edx,2
0041E024 . E8 83280F00 call MagicDVD.005108AC
0041E029 . FF4D D8 dec dword ptr ss:[ebp-28]
0041E02C . 8D45 F0 lea eax,dword ptr ss:[ebp-10]
0041E02F . BA 02000000 mov edx,2
0041E034 . E8 73280F00 call MagicDVD.005108AC
0041E039 . 66:C745 CC 1400 mov word ptr ss:[ebp-34],14
0041E03F . 837D F8 00 cmp dword ptr ss:[ebp-8],0
0041E043 . 74 05 je short MagicDVD.0041E04A
0041E045 . 8B75 F8 mov esi,dword ptr ss:[ebp-8]
0041E048 . EB 05 jmp short MagicDVD.0041E04F
0041E04A > BE A1315300 mov esi,MagicDVD.005331A1
0041E04F > 33FF xor edi,edi
0041E051 . 8BDE mov ebx,esi
0041E053 . EB 12 jmp short MagicDVD.0041E067
0041E055 > 0FBE03 movsx eax,byte ptr ds:[ebx]
0041E058 . 83F8 6F cmp eax,6F
0041E05B . 74 05 je short MagicDVD.0041E062
0041E05D . 83F8 4F cmp eax,4F
0041E060 . 75 03 jnz short MagicDVD.0041E065
0041E062 > C603 30 mov byte ptr ds:[ebx],30
0041E065 > 47 inc edi ;
0041E066 . 43 inc ebx
0041E067 > 56 push esi
0041E068 . E8 5F380E00 call MagicDVD.005018CC
0041E06D . 59 pop ecx
0041E06E . 3BF8 cmp edi,eax
0041E070 .^ 72 E3 jb short MagicDVD.0041E055
0041E072 . 66:C745 CC 3800 mov word ptr ss:[ebp-34],38
0041E078 . 8D45 E8 lea eax,dword ptr ss:[ebp-18]
0041E07B . 8BD6 mov edx,esi
0041E07D . E8 16270F00 call MagicDVD.00510798
0041E082 . FF45 D8 inc dword ptr ss:[ebp-28]
0041E085 . 8B10 mov edx,dword ptr ds:[eax]
0041E087 . 8B45 B8 mov eax,dword ptr ss:[ebp-48]
0041E08A . 8B80 FC020000 mov eax,dword ptr ds:[eax+2FC]
0041E090 . E8 C7100B00 call MagicDVD.004CF15C
0041E095 . FF4D D8 dec dword ptr ss:[ebp-28]
0041E098 . 8D45 E8 lea eax,dword ptr ss:[ebp-18]
0041E09B . BA 02000000 mov edx,2
0041E0A0 . E8 07280F00 call MagicDVD.005108AC
0041E0A5 . 8A4E 05 mov cl,byte ptr ds:[esi+5]
0041E0A8 . 3A4D AC cmp cl,byte ptr ss:[ebp-54] ; //注册码第6位等于用户名累加和格式化串的第1位 0
0041E0AB . 75 26 jnz short MagicDVD.0041E0D3
0041E0AD . 8A46 04 mov al,byte ptr ds:[esi+4]
0041E0B0 . 3A45 AD cmp al,byte ptr ss:[ebp-53] ; //注册码第5位等于用户名累加和格式化串的第2位 2
0041E0B3 . 75 1E jnz short MagicDVD.0041E0D3
0041E0B5 . 8A56 12 mov dl,byte ptr ds:[esi+12] ; //注册码第19位等于用户名累加和格式化串的第3位 9
0041E0B8 . 3A55 AE cmp dl,byte ptr ss:[ebp-52]
0041E0BB . 75 16 jnz short MagicDVD.0041E0D3
0041E0BD . 8A0E mov cl,byte ptr ds:[esi]
0041E0BF . 3A4D AF cmp cl,byte ptr ss:[ebp-51] ; //注册码第1位等于用户名累加和格式化串的第4位 A
0041E0C2 . 75 0F jnz short MagicDVD.0041E0D3
0041E0C4 . 8B45 B8 mov eax,dword ptr ss:[ebp-48]
0041E0C7 . C780 4C020000 01000000 mov dword ptr ds:[eax+24C],1
0041E0D1 . EB 3E jmp short MagicDVD.0041E111
0041E0D3 > 66:C745 CC 4400 mov word ptr ss:[ebp-34],44
0041E0D9 . BA A2315300 mov edx,MagicDVD.005331A2 ; ASCII "Register Code is not correct!
Please copy and paste your user name and register code."
0041E0DE . 8D45 E4 lea eax,dword ptr ss:[ebp-1C]
0041E0E1 . E8 B2260F00 call MagicDVD.00510798
0041E0E6 . FF45 D8 inc dword ptr ss:[ebp-28]
注册码保存在程序目录中的 MagicDVDRipper.INI中
一组可用注册码
insist
A123208910129123459
--------------------------------------------------------------------------------
【经验总结】
keygen代码
UpdateData(true);
int i,sum=0;
char data[]="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
char name[64]={0};
char serial[64]={0};
char temp[4]={0};
strcpy(name,m_EDIT1);
for (i=0;i < strlen(name);i++)
sum+=name[i];
sprintf(temp,"%.4X",sum);
for (i=0;i<20;i++)//注册码位数随便只要大于19位
serial[i]=data[rand()%62]; //其他位数随机产生
serial[0]=temp[3];
serial[4]=temp[1];
serial[5]=temp[0];
serial[18]=temp[2];
m_EDIT2=serial;
UpdateData(false);
代码写的有点乱。。。。测试了几组可以通过。。。。不懂有没有BUG。。。。
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
|
|
|---|---|
|
|
