-
-
[旧帖] [原创] Power Video Converter 2.2.1 算法分析 0.00雪花
-
发表于: 2009-1-14 15:27 3136
-
Power Video Converter 2.2.1 算法分析
【破文标题】Power Video Converter 2.2.1算法分析
【破文作者】creantan
【作者邮箱】creantan@126.com
【破解工具】PEiD,OD
【破解平台】Windows XP
【软件名称】Power Video Converter 2.2.1
【软件大小】6231KB
【软件类别】国外软件/视频转换
【软件授权】共享版
【软件语言】英文
【运行环境】Win9x/Me/NT/2000/XP/2003
【更新时间】2009-1-6
【原版下载】http://www.newhua.com/soft/29607.htm
【保护方式】注册码
【软件简介】 Power Video Converter可以在AVi, MPEG1, MPEG2, VCD, SVCD, DVD, WMV, ASF, DAT, VOB文件格式之间进行转换,同时具有很快的转换速度和友好的使用界面。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
PEID上显示Microsoft Visual C++ 6.0
试着注册有错误提示。。。下断 bp MessageBoxA
断点后回到用户代码,向上找到关键算法。。。。
代码:
**************************************************************
【破解总结】
--------------------------------------------------------------
【算法总结】
将"aGbmcldSemfkgEhcixjsktlYmbnkoDptqarfswtlujvDwIxPyZzXAPBoCKDgEyFmGtHaIrJqKNLQMUNuOGPJQLRnSbTCUFVHWoXwYEZpvMw"和"ESqNCdaYoDciekuS"与用户名运算得到注册码
--------------------------------------------------------------
【算法注册机】
【注册信息】
用户名:creantan
注册码:lfmGklGkESqNCdaY
--------------------------------------------------------------
【版权声明】本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
【破文标题】Power Video Converter 2.2.1算法分析
【破文作者】creantan
【作者邮箱】creantan@126.com
【破解工具】PEiD,OD
【破解平台】Windows XP
【软件名称】Power Video Converter 2.2.1
【软件大小】6231KB
【软件类别】国外软件/视频转换
【软件授权】共享版
【软件语言】英文
【运行环境】Win9x/Me/NT/2000/XP/2003
【更新时间】2009-1-6
【原版下载】http://www.newhua.com/soft/29607.htm
【保护方式】注册码
【软件简介】 Power Video Converter可以在AVi, MPEG1, MPEG2, VCD, SVCD, DVD, WMV, ASF, DAT, VOB文件格式之间进行转换,同时具有很快的转换速度和友好的使用界面。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
PEID上显示Microsoft Visual C++ 6.0
试着注册有错误提示。。。下断 bp MessageBoxA
断点后回到用户代码,向上找到关键算法。。。。
代码:
00423750 /$ 53 push ebx 00423751 |. 55 push ebp ; 00423752 |. 8B6C24 0C mov ebp, dword ptr [esp+C] 00423756 |. 56 push esi 00423757 |. 57 push edi 00423758 |. BE ECD24300 mov esi, 0043D2EC 0042375D |. 8BC5 mov eax, ebp 0042375F |> 8A10 /mov dl, byte ptr [eax] ; 判断用户名是否为空 00423761 |. 8A1E |mov bl, byte ptr [esi] 00423763 |. 8ACA |mov cl, dl 00423765 |. 3AD3 |cmp dl, bl 00423767 |. 75 1E |jnz short 00423787 00423769 |. 84C9 |test cl, cl 0042376B |. 74 16 |je short 00423783 0042376D |. 8A50 01 |mov dl, byte ptr [eax+1] 00423770 |. 8A5E 01 |mov bl, byte ptr [esi+1] 00423773 |. 8ACA |mov cl, dl 00423775 |. 3AD3 |cmp dl, bl 00423777 |. 75 0E |jnz short 00423787 00423779 |. 83C0 02 |add eax, 2 0042377C |. 83C6 02 |add esi, 2 0042377F |. 84C9 |test cl, cl 00423781 |.^ 75 DC \jnz short 0042375F 00423783 |> 33C0 xor eax, eax 00423785 |. EB 05 jmp short 0042378C 00423787 |> 1BC0 sbb eax, eax 00423789 |. 83D8 FF sbb eax, -1 0042378C |> 85C0 test eax, eax 0042378E |. 74 51 je short 004237E1 00423790 |. 8B7C24 18 mov edi, dword ptr [esp+18] 00423794 |. BE ECD24300 mov esi, 0043D2EC 00423799 |. 8BC7 mov eax, edi 0042379B |> 8A10 /mov dl, byte ptr [eax] ; 判断假码是否为空 0042379D |. 8A1E |mov bl, byte ptr [esi] 0042379F |. 8ACA |mov cl, dl 004237A1 |. 3AD3 |cmp dl, bl 004237A3 |. 75 1E |jnz short 004237C3 004237A5 |. 84C9 |test cl, cl 004237A7 |. 74 16 |je short 004237BF 004237A9 |. 8A50 01 |mov dl, byte ptr [eax+1] 004237AC |. 8A5E 01 |mov bl, byte ptr [esi+1] 004237AF |. 8ACA |mov cl, dl 004237B1 |. 3AD3 |cmp dl, bl 004237B3 |. 75 0E |jnz short 004237C3 004237B5 |. 83C0 02 |add eax, 2 004237B8 |. 83C6 02 |add esi, 2 004237BB |. 84C9 |test cl, cl 004237BD |.^ 75 DC \jnz short 0042379B 004237BF |> 33C0 xor eax, eax 004237C1 |. EB 05 jmp short 004237C8 004237C3 |> 1BC0 sbb eax, eax 004237C5 |. 83D8 FF sbb eax, -1 004237C8 |> 85C0 test eax, eax 004237CA |. 74 15 je short 004237E1 004237CC |. 57 push edi ; 假码 004237CD |. 55 push ebp ; 用户名 004237CE |. E8 3DFDFFFF call 00423510 { 00423510 /$ 6A FF push -1 00423512 |. 68 D0EE4200 push 0042EED0 ; SE 处理程序安装 00423517 |. 64:A1 0000000>mov eax, dword ptr fs:[0] 0042351D |. 50 push eax 0042351E |. 64:8925 00000>mov dword ptr fs:[0], esp 00423525 |. 83EC 14 sub esp, 14 00423528 |. 8B4424 24 mov eax, dword ptr [esp+24] 0042352C |. 53 push ebx 0042352D |. 55 push ebp 0042352E |. 56 push esi 0042352F |. 57 push edi 00423530 |. 50 push eax 00423531 |. 8D4C24 18 lea ecx, dword ptr [esp+18] 00423535 |. E8 0E690000 call <jmp.&MFC42.#537> 0042353A |. 33F6 xor esi, esi 0042353C |. 8D4C24 14 lea ecx, dword ptr [esp+14] 00423540 |. 897424 2C mov dword ptr [esp+2C], esi 00423544 |. E8 C56C0000 call <jmp.&MFC42.#6282> 00423549 |. 8D4C24 14 lea ecx, dword ptr [esp+14] 0042354D |. E8 B66C0000 call <jmp.&MFC42.#6283> 00423552 |. 6A 20 push 20 00423554 |. 8D4C24 18 lea ecx, dword ptr [esp+18] 00423558 |. E8 A96B0000 call <jmp.&MFC42.#2915> 0042355D |. 8B4C24 38 mov ecx, dword ptr [esp+38] ; 取假码 00423561 |. 8BD8 mov ebx, eax 00423563 |. 51 push ecx 00423564 |. 8D4C24 14 lea ecx, dword ptr [esp+14] 00423568 |. E8 DB680000 call <jmp.&MFC42.#537> 0042356D |. 8D4C24 10 lea ecx, dword ptr [esp+10] 00423571 |. C64424 2C 01 mov byte ptr [esp+2C], 1 00423576 |. E8 936C0000 call <jmp.&MFC42.#6282> 0042357B |. 8D4C24 10 lea ecx, dword ptr [esp+10] 0042357F |. E8 846C0000 call <jmp.&MFC42.#6283> 00423584 |. 6A 20 push 20 00423586 |. 8D4C24 14 lea ecx, dword ptr [esp+14] 0042358A |. E8 776B0000 call <jmp.&MFC42.#2915> ; 取假码 0042358F |. 8BD0 mov edx, eax 00423591 |. 83C9 FF or ecx, FFFFFFFF 00423594 |. 8BFA mov edi, edx 00423596 |. 33C0 xor eax, eax 00423598 |. F2:AE repne scas byte ptr es:[edi] 0042359A |. F7D1 not ecx 0042359C |. 49 dec ecx ; 取假码长度 0042359D |. 8BFB mov edi, ebx 0042359F |. 8BE9 mov ebp, ecx 004235A1 |. 83C9 FF or ecx, FFFFFFFF 004235A4 |. F2:AE repne scas byte ptr es:[edi] 004235A6 |. F7D1 not ecx 004235A8 |. 49 dec ecx ; 取用户名长度 004235A9 |. 895424 20 mov dword ptr [esp+20], edx 004235AD |. 3BCD cmp ecx, ebp 004235AF |. 0F87 64010000 ja 00423719 ; 用户名长度与假码长度比较 004235B5 |. 8BFB mov edi, ebx ; 假码长度不能小于用户名 004235B7 |. 83C9 FF or ecx, FFFFFFFF 004235BA |. F2:AE repne scas byte ptr es:[edi] 004235BC |. F7D1 not ecx 004235BE |. 49 dec ecx ; 用户名长度 004235BF |. 0F84 54010000 je 00423719 ; 判断长度是否为0 004235C5 |. 8BFA mov edi, edx 004235C7 |. 83C9 FF or ecx, FFFFFFFF 004235CA |. F2:AE repne scas byte ptr es:[edi] 004235CC |. F7D1 not ecx 004235CE |. 49 dec ecx ; 假码长度 004235CF |. 0F84 44010000 je 00423719 ; 判断假码长度是否为0 0的话就跳向失败 004235D5 |. 897424 38 mov dword ptr [esp+38], esi 004235D9 |> 8B5424 38 /mov edx, dword ptr [esp+38] ; edx赋值 004235DD |. 8D4C24 34 |lea ecx, dword ptr [esp+34] 004235E1 |. 8A82 CCCD4300 |mov al, byte ptr [edx+43CDCC] 004235E7 |. 884424 18 |mov byte ptr [esp+18], al 004235EB |. E8 A6650000 |call <jmp.&MFC42.#540> 004235F0 |. 8BFB |mov edi, ebx 004235F2 |. 83C9 FF |or ecx, FFFFFFFF ; ////////////////////////////////////// 004235F5 |. 33C0 |xor eax, eax ; ★注册码第一部分关键点★ 004235F7 |. 33ED |xor ebp, ebp 004235F9 |. F2:AE |repne scas byte ptr es:[edi] 004235FB |. F7D1 |not ecx ; 取用户名长度 004235FD |. 49 |dec ecx ; ///////////////////////////// 004235FE |. C64424 2C 02 |mov byte ptr [esp+2C], 2 00423603 |. 74 50 |je short 00423655 00423605 |> 8A0C2B |/mov cl, byte ptr [ebx+ebp] ; 逐个取用户名 00423608 |. 33F6 ||xor esi, esi 0042360A |. B8 64CD4300 ||mov eax, 0043CD64 ; 固定字符串 0042360F |> 3A08 ||/cmp cl, byte ptr [eax] ; 与字符串查找中 00423611 |. 74 0D |||je short 00423620 ; 相等跳出 00423613 |. 83C0 02 |||add eax, 2 ; eax+=2 00423616 |. 46 |||inc esi ; esi++ 下面取字符串用 00423617 |. 3D CCCD4300 |||cmp eax, 0043CDCC ; ASCII "vMw" 0042361C |.^ 7C F1 ||\jl short 0042360F 0042361E |. EB 11 ||jmp short 00423631 00423620 |> 8A0C75 65CD43>||mov cl, byte ptr [esi*2+43CD65] ; [esi*2]取字符 00423627 |. 51 ||push ecx 00423628 |. 8D4C24 38 ||lea ecx, dword ptr [esp+38] 0042362C |. E8 F3670000 ||call <jmp.&MFC42.#940> ; 取字符后连接字符串 00423631 |> 83FE 34 ||cmp esi, 34 00423634 |. 75 0E ||jnz short 00423644 00423636 |. 8B5424 18 ||mov edx, dword ptr [esp+18] 0042363A |. 8D4C24 34 ||lea ecx, dword ptr [esp+34] 0042363E |. 52 ||push edx 0042363F |. E8 E0670000 ||call <jmp.&MFC42.#940> 00423644 |> 8BFB ||mov edi, ebx 00423646 |. 83C9 FF ||or ecx, FFFFFFFF 00423649 |. 33C0 ||xor eax, eax 0042364B |. 45 ||inc ebp 0042364C |. F2:AE ||repne scas byte ptr es:[edi] ; 取字符串长度 0042364E |. F7D1 ||not ecx 00423650 |. 49 ||dec ecx 00423651 |. 3BE9 ||cmp ebp, ecx 00423653 |.^ 72 B0 |\jb short 00423605 00423655 |> 8B4424 34 |mov eax, dword ptr [esp+34] 00423659 |. 8B48 F8 |mov ecx, dword ptr [eax-8] 0042365C |. 83F9 10 |cmp ecx, 10 0042365F |. 7D 3A |jge short 0042369B 00423661 |. 8BC1 |mov eax, ecx 00423663 |. B9 10000000 |mov ecx, 10 00423668 |. 2BC8 |sub ecx, eax 0042366A |. 8D5424 1C |lea edx, dword ptr [esp+1C] 0042366E |. 51 |push ecx ; ★注册码第二部分关键点★ 0042366F |. 52 |push edx 00423670 |. B9 40D64300 |mov ecx, 0043D640 ; 固定字串ESqNCdaYoDciekuS 00423675 |. E8 AC650000 |call <jmp.&MFC42.#4129> ; 用用户名长度取字符串 0042367A |. 50 |push eax 0042367B |. 8D4C24 38 |lea ecx, dword ptr [esp+38] 0042367F |. C64424 30 03 |mov byte ptr [esp+30], 3 00423684 |. E8 95670000 |call <jmp.&MFC42.#939> ; 两部分连接 00423689 |. 8D4C24 1C |lea ecx, dword ptr [esp+1C] 0042368D |. C64424 2C 02 |mov byte ptr [esp+2C], 2 00423692 |. E8 F3640000 |call <jmp.&MFC42.#800> 00423697 |. 8B4424 34 |mov eax, dword ptr [esp+34] 0042369B |> 8B4C24 20 |mov ecx, dword ptr [esp+20] 0042369F |. 51 |push ecx ; /假码 004236A0 |. 50 |push eax ; |连接后的字符串 004236A1 |. FF15 AC064300 |call dword ptr [<&MSVCRT._mbscmp>] ; \比较字符串 004236A7 |. 83C4 08 |add esp, 8 004236AA |. 85C0 |test eax, eax 004236AC |. 74 24 |je short 004236D2 004236AE |. 8D4C24 34 |lea ecx, dword ptr [esp+34] 004236B2 |. 33F6 |xor esi, esi 004236B4 |. C64424 2C 01 |mov byte ptr [esp+2C], 1 004236B9 |. E8 CC640000 |call <jmp.&MFC42.#800> 004236BE |. 8B4424 38 |mov eax, dword ptr [esp+38] 004236C2 |. 40 |inc eax 004236C3 |. 83F8 03 |cmp eax, 3 004236C6 |. 894424 38 |mov dword ptr [esp+38], eax 004236CA |.^ 0F8C 09FFFFFF \jl 004235D9 004236D0 |. EB 13 jmp short 004236E5 004236D2 |> 8D4C24 34 lea ecx, dword ptr [esp+34] 004236D6 |. BE 01000000 mov esi, 1 004236DB |. C64424 2C 01 mov byte ptr [esp+2C], 1 004236E0 |. E8 A5640000 call <jmp.&MFC42.#800> 004236E5 |> 8D4C24 10 lea ecx, dword ptr [esp+10] 004236E9 |. C64424 2C 00 mov byte ptr [esp+2C], 0 004236EE |. E8 97640000 call <jmp.&MFC42.#800> 004236F3 |. 8D4C24 14 lea ecx, dword ptr [esp+14] 004236F7 |. C74424 2C FFF>mov dword ptr [esp+2C], -1 004236FF |. E8 86640000 call <jmp.&MFC42.#800> 00423704 |. 8BC6 mov eax, esi 00423706 |. 5F pop edi 00423707 |. 5E pop esi 00423708 |. 5D pop ebp 00423709 |. 5B pop ebx 0042370A |. 8B4C24 14 mov ecx, dword ptr [esp+14] 0042370E |. 64:890D 00000>mov dword ptr fs:[0], ecx 00423715 |. 83C4 20 add esp, 20 00423718 |. C3 retn 00423719 |> 8D4C24 10 lea ecx, dword ptr [esp+10] 0042371D |. C64424 2C 00 mov byte ptr [esp+2C], 0 00423722 |. E8 63640000 call <jmp.&MFC42.#800> 00423727 |. 8D4C24 14 lea ecx, dword ptr [esp+14] 0042372B |. C74424 2C FFF>mov dword ptr [esp+2C], -1 00423733 |. E8 52640000 call <jmp.&MFC42.#800> 00423738 |. 8B4C24 24 mov ecx, dword ptr [esp+24] 0042373C |. 5F pop edi 0042373D |. 5E pop esi 0042373E |. 5D pop ebp 0042373F |. 33C0 xor eax, eax 00423741 |. 5B pop ebx 00423742 |. 64:890D 00000>mov dword ptr fs:[0], ecx 00423749 |. 83C4 20 add esp, 20 0042374C \. C3 retn } 004237D3 |. 83C4 08 add esp, 8 004237D6 |. F7D8 neg eax 004237D8 |. 5F pop edi 004237D9 |. 5E pop esi 004237DA |. 1BC0 sbb eax, eax 004237DC |. 5D pop ebp 004237DD |. F7D8 neg eax 004237DF |. 5B pop ebx 004237E0 |. C3 retn 004237E1 |> 5F pop edi 004237E2 |. 5E pop esi 004237E3 |. 5D pop ebp 004237E4 |. 33C0 xor eax, eax 004237E6 |. 5B pop ebx 004237E7 \. C3 retn
**************************************************************
【破解总结】
--------------------------------------------------------------
【算法总结】
将"aGbmcldSemfkgEhcixjsktlYmbnkoDptqarfswtlujvDwIxPyZzXAPBoCKDgEyFmGtHaIrJqKNLQMUNuOGPJQLRnSbTCUFVHWoXwYEZpvMw"和"ESqNCdaYoDciekuS"与用户名运算得到注册码
--------------------------------------------------------------
【算法注册机】
void CKeyGenVideoDlg::OnKeyGen() { // TODO: Add your control notification handler code here CString str="aGbmcldSemfkgEhcixjsktlYmbnkoDptqarfswtlujvDwIxPyZzXAPBoCKDgEyFmGtHaIrJqKNLQMUNuOGPJQLRnSbTCUFVHWoXwYEZpvMw"; CString str1="ESqNCdaYoDciekuS"; CString serial; int nameLen,strLen; UpdateData(true); nameLen=m_name.GetLength(); strLen=str.GetLength(); for(int i=0;i<nameLen;i++) { for(int j=0;j<strLen;j+=2) { if(m_name.GetAt(i)==str.GetAt(j)) { serial.Insert(serial.GetLength(),str.GetAt(j+1)); break; } } } m_serial=serial+str1.Mid(0,16-nameLen); UpdateData(false); }
【注册信息】
用户名:creantan
注册码:lfmGklGkESqNCdaY
--------------------------------------------------------------
【版权声明】本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
他的文章
看原图
赞赏
雪币:
留言: