?? supercool bookmark 1.67.txt
字號(hào):
軟件名稱:SuperCool Bookmark main.exe 1,297KB
下載地點(diǎn):http://www.supercoolbookmark.com
發(fā) 信 人: 井 風(fēng)
時(shí) 間: 2001-02-06
破解工具:Trw20001.22
解題難度:[專 業(yè)] [學(xué) 士] [碩 士] [博 士]
********
前 言:
這個(gè)軟件注冊碼計(jì)算和驗(yàn)證的算法思路是一種類型的代表。
過 程:
1、注冊窗口填入: 注冊名:ABCD 注冊碼:12345678;
2、用“井風(fēng)跟蹤”法找到出錯(cuò)的CALL,詳細(xì)過程參見“井風(fēng)”之WINZIP8.0破解教學(xué)篇;
3、分析代碼:(從后面向前分析)
015F:004E3AC5 CMP BYTE [EBP-16],00
015F:004E3AC9 JZ 004E3AD1
015F:004E3ACB MOV EAX,[EBP-28]
015F:004E3ACE MOV [EBP-2C],EAX
015F:004E3AD1 MOV BYTE [EBP-16],00
015F:004E3AD5 MOV EDI,[EBP-2C]
015F:004E3AD8 TEST EDI,EDI
015F:004E3ADA JNG 004E3B23
015F:004E3ADC MOV EBX,01
015F:004E3AE1 MOV EAX,[EBP-14] <****************************************
015F:004E3AE4 MOVZX ESI,BYTE [EAX+EBX-01]<
015F:004E3AE9 MOV EAX,[EBP-24] < 這段代碼的功能就是將注冊名的
015F:004E3AEC MOVZX EAX,BYTE [EAX+EBX-01]< 每一位和相應(yīng)注冊碼的每一位的ASCII
015F:004E3AF1 XOR ESI,EAX < 值相異或,產(chǎn)生字符串,提供后面的
015F:004E3AF3 LEA EAX,[EBP-14] < CMP EAX,EDX數(shù)據(jù)。
015F:004E3AF6 MOV ECX,01 <
015F:004E3AFB MOV EDX,EBX <
015F:004E3AFD CALL 004044C4 <
015F:004E3B02 MOV EAX,ESI <
015F:004E3B04 MOV [EBP-15],AL <
015F:004E3B07 LEA EAX,[EBP-34] <
015F:004E3B0A MOV DL,[EBP-15] <
015F:004E3B0D CALL 004041A4 <
015F:004E3B12 MOV EAX,[EBP-34] <
015F:004E3B15 LEA EDX,[EBP-14] <
015F:004E3B18 MOV ECX,EBX <
015F:004E3B1A CALL 0040450C <
015F:004E3B1F INC EBX <
015F:004E3B20 DEC EDI <
015F:004E3B21 JNZ 004E3AE1 <********************************************
015F:004E3B23 LEA EAX,[EBP-1C]
015F:004E3B26 MOV EDX,[EBP-14]
015F:004E3B29 CALL 00404284
015F:004E3B2E MOV EAX,[EBP-2C]
015F:004E3B31 ADD [EBP-10],EAX
015F:004E3B34 MOV EAX,[EBP-10]
015F:004E3B37 CMP EAX,[EBP-28]
·
·
·
015F:00404389 LEA EAX,[EAX+00]
015F:0040438C PUSH EBX
015F:0040438D PUSH ESI
015F:0040438E PUSH EDI
015F:0040438F MOV ESI,EAX
015F:00404391 MOV EDI,EDX
015F:00404393 CMP EAX,EDX [***] <====D EAX見到以你輸入信息計(jì)算的字符串 ppppU^
D EDX見到字符串 CuiWei, 兩串相同則不跳。
那么ppppU^是如何計(jì)算出的呢,跟蹤前面代碼。
015F:00404395 JZ NEAR 0040442A <====不等則跳到**行,繼兒執(zhí)行*行,出錯(cuò)!
015F:0040439B TEST ESI,ESI
015F:0040439D JZ 00404407
015F:0040439F TEST EDI,EDI
015F:004043A1 JZ 0040440E
015F:004043A3 MOV EAX,[ESI-04]
015F:004043A6 MOV EDX,[EDI-04]
015F:004043A9 SUB EAX,EDX
015F:004043AB JA 004043AF
015F:004043AD ADD EDX,EAX
015F:004043AF PUSH EDX
·
·
·
015F:00404407 MOV EDX,[EDI-04]
015F:0040440A SUB EAX,EDX
015F:0040440C JMP SHORT 0040442A
015F:0040440E MOV EAX,[ESI-04]
015F:00404411 SUB EAX,EDX
015F:00404413 JMP SHORT 0040442A
015F:00404415 POP EDX
015F:00404416 CMP CL,BL
015F:00404418 JNZ 0040442A
015F:0040441A CMP CH,BH
015F:0040441C JNZ 0040442A
015F:0040441E SHR ECX,10
015F:00404421 SHR EBX,10
015F:00404424 CMP CL,BL
015F:00404426 JNZ 0040442A
015F:00404428 CMP CH,BH
015F:0040442A POP EDI <====如跳到此行則執(zhí)行*行,出錯(cuò)!
015F:0040442B POP ESI
015F:0040442C POP EBX
015F:0040442D RET
015F:0040442E MOV EAX,EAX
015F:00404430 TEST EAX,EAX
015F:00404432 JZ 0040443E
015F:00404434 MOV EDX,[EAX-08]
015F:00404437 INC EDX
015F:00404438 JNG 0040443E
015F:0040443A LOCK INC DWORD [EAX-08]
015F:0040443E RET
015F:0040443F NOP
·
·
·
015F:0050ABA1 PUSH EAX
015F:0050ABA2 MOV EAX,[00510B54]
015F:0050ABA7 MOV EAX,[EAX+34]
015F:0050ABAA ADD EAX,BYTE +3C
015F:0050ABAD PUSH EAX
015F:0050ABAE MOV CX,[0050AD10]
015F:0050ABB5 MOV DL,01
015F:0050ABB7 MOV EAX,0050AD70
015F:0050ABBC CALL 0045B344 <====執(zhí)行此行則出錯(cuò),記作[*]
015F:0050ABC1 MOV EAX,[EBX+0414]
015F:0050ABC7 CMP BYTE [EAX+2C],01
015F:0050ABCB JNZ 0050ABE6
015F:0050ABCD PUSH BYTE +03
015F:0050ABCF PUSH BYTE +00
·
·
·
小 結(jié):
注冊驗(yàn)證方法為:將注冊名的每一位與相對(duì)應(yīng)的注冊碼的每一位的ASCII碼值相異或值的與
CuiWei比較。只要注冊名第一位的ASCII與注冊碼第一位的ASCII異或值等于C的ASCII碼,其余
類推,相等即驗(yàn)證通過。
隨便拼湊一對(duì):注冊名 qCXaQX 注冊碼 261641
另外還有一種修改數(shù)據(jù)段代碼的方法:用16進(jìn)制編輯器找出main.exe中的CuiWei串,用你
在***處D EAX 見到的串取代它,那么你輸入的注冊名、注冊碼就通過了。
后 記:
有疑問請(qǐng)與我聯(lián)系:hz.cy@163.net?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -