浅谈共享软件是如何被破解的
浅谈共享软件是如何被破解的一、常见的共享软件保护方式
正所谓“知己知彼,百站百胜”,在讨论如何破解“共享软件”之前,我们首先应该知道“共享软件”都采用了哪些保护方法
1.网上注册
目前大约80%的共享软件都采用网上注册。通常这类共享染件都会有使用时间上的限制,一旦过了试用期,就必须向软件开发者着册才能够继续使用。注册过程一般都是用户把自己的私人信息告诉给开发者,开发者再根据这些信息,按照一定的规则计算出注册码,用户付费后即可得到。最后,用户在软件的注册项中输入得到的注册码,完成注册。
2.警告窗口
警告窗口是软件设计者用来不断提醒用户购买正版软件的窗口,这样的窗口会在软件启动或运行过程中不时弹出,非常令人讨厌。此类软件注册后,窗口会自动消失。
3.限时器保护
有些共享软件具有时间限制功能,比如每次运行时间超过多少分钟就会自动关闭程序,必须重新启动才能正常运行。还有一种保护模式就是程序只能运行有限的次数和天数等,这是由软件内部的定时器控制运行时间的。
4.注册稳当保护
这是一种利用文本文件来注册软件的方式。注册文档是纯文字文件或二进制的文件,其内容是一些加密或未加密的数据,内容包括用户的注册信息,文件格式由开发者自行定义。试用版本软件中没有这个注册文档,只有当用户向开发者付费注册后,才会收到软件的注册文档。用户只要将该文档放入指定的目录中,就可以将软件注册。软件在每次启动的时从注册文档中读取数据,然后利用某种算法判断注册信息是否正确,进而决定以何种模式运行。
二、使用工具破解保护
了解了“共享软件”通常使用的保护方式后,我们再来看看目前常用的破解工具软件。
这里,我们推荐使用 Sunny FreeWizard 3.0
软件名称 Sunny FreeWizard 3.0
软件版本 3.0
授权方式 共享软件
STEP1:下载安装 Sunny FreeWizard ,并运行安装程序。
STEP2:选择你要截取程序的限制,包括使用日期限制,使用天数限制,使用次数限制,启动时候弹出的确认窗户提醒注册。
STEP3:输入要阻止的软件提醒注册窗口,在这里可以随便输入。,进行窗户检测并确认启动程序。
STEP4:破解后再次启动 被破解的工具,软件不再提示注册。
三、破解软件的类型
通常在网上供下载的破解软件有四种类型:第一种是软件的破解版,即下载的程序已被修改过,屏遮掉了注册功能:第二种是软件的破解补丁,即我们安装了原始软件后还需要运行破解补丁对软件进行破解:第三种就是内存破解程序,也就是通过修改程序执行时在内存中的注册信息,让软件认为用户已经注册:第四种则是同通过软件的注册机计算出注册码,再进行软件注册。
四、"Cracker"的破解方法
其实现在大多数“共享软件”的注册码,破解程序和补丁都可以在网上找到,大可不必自己费力气来破解软件。不过,你想知道."Cracker"面对这些软件如何做的吗?下面就详细说说。
1. “TNT”法——暴力破解
暴力破解最常见也最简单的破解方法。."Cracker"直接利用编辑工具<例如ULTRAEDIT-32>对可执行文件进行修改,也就是说通过修改可属性程序的源文件来达到破解目的。某些元件在验证用户注册信息和注册码时候,如果用户输入的信息与软件通过的算法生成的注册码相等,程序就会注册成功,否则就会注册失败。
2. “翻箱倒柜”法——追查软件注册码
从软件中找到注册码一般都是稍微有些功力的."Cracker"做的,软件在进行注册码认证的时候会有个比较的过程,就是水软件会通过我们输入的用户或者根据我们的其他注册信息,生成一个正确的注册码与我们输入的注册码进行比较,如果2个相同,表示注册码正确并通过注册认证,否者就会提示出错。而对于采用明码的软件来说<就是将计算机出的注册码直接放在内寸中>,."Cracker"就会利用调试器对内存程序进行分析,找出存储在内存里面的正确注册码。
3.破解之大成——编写软件注册机
"Cracker"中的高手一般亲自写软件的注册机。这样做其一是由于某些加密程度较高的软件很难使用上述方法找到注册码,其二是."Cracker"进行破解通常并不仅仅是为了一个注册码,而是要对其软件结构,加密算法进行系统的分析和了解。当然,要想真正的写出软件的注册机,破解者需要具备相当熟练的代码分析能力和扎实的对软件开发功底,这也需要破解者进行刻艰苦的学习和长期的积累。
编后语: 破解与反破解永远是道高一尺,魔高一丈的争斗。共享软件想要成功,其作者除了在软件中加强保护的力度,还需要不断提高自己的水准,做出高质量,有独特的创新,能真正满足用户需要的共享软件。
2.盗版不是软件的致命伤
我们的一些国产软件,包括相当多有良好前途的应用软件,出于急于回收投资或者其它方面的考虑,往往在软件推出的时候,把价钱定得很高,而且采取了比较高级的“加密技术”,以防止软件被盗版。可是他们忽略了当他们的软件被破解之后,因为价钱比较低廉,使用者必然会大增,从而加大该软件的市场使用率。而且因为破解软件在使用过程中,或多或少地会出现一些问题,所以出于工作等方面的需要,反过来又会促使“正版软件的购买量”。
但前提是你的软件是不是真的“很好”。在这里不妨引用一下厦门蓝芒科技有限公司总裁许广彬先生的一句话“尽管我们公司的软件被盗版,但是我还是要感谢那些盗版软件的使用者,因为他给了我一个信心,证明我的软件是真的有用的。我们所销售的不仅仅是软件的本身,更多的是我们的服务,我们与我们的合作伙伴共同发展的过程。”
所以一直以来,我对那些纷纷出来指责“盗版”软件会影响他们生存的软件公司,并不怎么抱认可态度。因为盗版固然可能会对他们造成一定的伤害,但更可怕的是他们的软件水准不值得盗版。
3.破解软件全过程
●提供者
首先有专门负责获取软件的成员,称为“提供者”。提供者获取软件的方式则是五花八门,有可能是花钱买来正版的软件,也有可能提供者本身就是软件公司的职员,将公司尚未发行的软件弄出来破解。EA公司的游戏FIFA2000就曾经遇到过这种情形,在正版游戏销售前一个月就被WareZ组织破解流传。
●破解者
得到了软件之后,接下来就由破解者(Cracker,与前面提到的骇客是同一个单词,但是性质不同)出马操刀,负责将软件解密。这道工序是整个流程中技术含量最高的。破解者要有丰富的经验,找到破解的关键点进行跟踪,理解软件的加密流程,从而找到破解的方法。所以破解不仅要有软件才能,还需要有相当的数学头脑。
●“剥离者”
在某些小组织内还有一个角色叫做Ripper,这个词用汉语比较难解释,或者可以称其为“剥离者”。有些软件含有一些没什么作用的内容,占用空间而且对软件的使用没有多大作用,比如游戏中的过关动画,为了方便在网络传播,需要将这些内容剥离,这就是Ripper们的功夫了。
●打包者
接着就是打包者上场了,他们负责将破解后的软件重新打包,并且制作安装程序。这个看起来简单的工作其实也是一个技术活,因为要在网上发布,所以打包结果是有规矩的,比如硬盘版的游戏,一个软件不能超过65个压缩包,每个压缩包不能超过2.8兆,就算原来的游戏有六七张光盘,如果最终不能弄成这样子就发布出去,是会被行内的人笑话的。
●测试者
在整个破解打包过程中,会有测试者一直跟踪测试,保证破解后的软件不出问题。最后一道工序,则是将各个压缩包散布到网络各处,并且通过渠道让大家知道这个破解版的存在。
4.全球破解组织网址大全
由于破解组织不能有长期的网站,所以如果有不能进入的网站不要奇怪!
[url=http://www.phrozencrew.com/]http://www.phrozencrew.com/[/url] (The OFFICIAL PC Website)
[url=http://nitr8.tsx.org/]http://nitr8.tsx.org/[/url] (Nitr8^'s site -- PC mem)
[url=http://www.ixpres.com/jwwiii/]http://www.ixpres.com/jwwiii/[/url]
[url=http://rude.8m.com/]http://rude.8m.com/[/url] (RudeBoy's Page of Fun -- PC mem)
[url=http://www.phrozencrew.com/~teraphy/]http://www.phrozencrew.com/~teraphy/[/url]
[url=http://azrael.infierno.org/]http://azrael.infierno.org/[/url]
[url=http://come.to/dkc.com/]http://come.to/dkc.com/[/url] (da Kurious Child's site -- PC mem)
[url=http://virogen.cjb.net/]http://virogen.cjb.net/[/url] (Virogen's NOP page -- PC mem)
[url=http://davinci.ice.org/]http://davinci.ice.org/[/url] (DaVinci's Art Gallery)
[url=http://nitallica.cjb.net/]http://nitallica.cjb.net/[/url] (My Artrial Emissions)
[url=http://welcome.to/my.gothic.domain/]http://welcome.to/my.gothic.domain/[/url]
[url=http://surf.to/HarvestR/]http://surf.to/HarvestR/[/url] (Various Links and Tools)
[url=http://hackersclub.com/km/files/cfiles/index.html]http://hackersclub.com/km/files/cfiles/index.html[/url] (PC tuts)
[url=http://uranus.kersur.net/Cracks/PC_Files/]http://uranus.kersur.net/Cracks/PC_Files/[/url]
[url=http://defiance.hysterical.net/T_D/cracks.htm]http://defiance.hysterical.net/T_D/cracks.htm[/url]
[url=http://www.toxic.thiswayup.com/]http://www.toxic.thiswayup.com/[/url]
[url=http://start.at/SerialNumberShop/]http://start.at/SerialNumberShop/[/url]
[url=http://defiance.hysterical.net/T_D/...packs/index.htm]http://defiance.hysterical.net/T_D/...packs/index.htm[/url] (More Crack Packs)
[url=http://home.global.co.za/~ticket/]http://home.global.co.za/~ticket/[/url] (alternate Serial Number Shop URL)
[url=http://www.warezone.com/cracks/9811/]http://www.warezone.com/cracks/9811/[/url]
uNiTED cRACKiNG fORCE:
[url=http://www.ucf2000.com/]http://www.ucf2000.com/[/url] (UCF's Homepage and access to their crack files)
[url=http://www.seventh.com.au/ucf/]http://www.seventh.com.au/ucf/[/url] (Something new from the guys in UCF,check it out!)
[url=http://quantico.cjb.net/]http://quantico.cjb.net/[/url] (Quantico's HQ -- MEXELiTE & UCF mem)
[url=http://scroll.to/mysite/]http://scroll.to/mysite/[/url] (KiRCH0FF's website -- UCF mem)
CORE:
[url=http://www.orc.ru/~pakou/index.html]http://www.orc.ru/~pakou/index.html[/url] (Russ97's CORE Collection)
[url=http://www.russcore.net/]http://www.russcore.net/[/url] (CORE cracks)
[url=http://hambo.yeah.net/]http://hambo.yeah.net/[/url] (Keygen Studio)
[url=http://202.103.111.109/hambo/index.html]http://202.103.111.109/hambo/index.html[/url] (alternate Keygen Studi URL)
[url=http://www.crackworld.net/hambo/index.html]http://www.crackworld.net/hambo/index.html[/url] (alternate Keygen Studio URL)
LawAbidingCriminalZ:
[url=http://users.powernet.co.uk/smurff/]http://users.powernet.co.uk/smurff/[/url] (LAC Homepage)
[url=http://www.welcome.to/lawabidingcriminalz/]http://www.welcome.to/lawabidingcriminalz/[/url] (Another LAC url)
[url=http://www.lac2000.freeserve.co.uk/]http://www.lac2000.freeserve.co.uk/[/url] (Another LAC url)
cRACKiNG 4 aLL:
[url=http://surf.to/C4A]http://surf.to/C4A[/url] (c4a Website)
[url=http://208.234.248.14:81/c4all/]http://208.234.248.14:81/c4all/[/url] (Alternate C4A URL)
[url=http://guest:rusky@skcarc.reallyrussian.com/c4all/]http://guest:rusky@skcarc.reallyrussian.com/c4all/[/url] (more C4A!!)
The Exterminators:
[url=http://skcarc.reallyrussian.com/]http://skcarc.reallyrussian.com/[/url] (username: guest password: rusky -
Please note this is temporary)
[url=http://home.bip.net/rbz16/pict1b.html]http://home.bip.net/rbz16/pict1b.html[/url] (RayBieZ Releases -- tEXmember)
[url=http://qnet.kr.net/~netp/tex99/]http://qnet.kr.net/~netp/tex99/[/url] (fresh tEX releases!)
[url=http://tex99.mypage.org/]http://tex99.mypage.org/[/url] (Fresh tEX URL)
AnThraX - The Ongoing Force:
[url=http://www.anthrax.org/main.html]http://www.anthrax.org/main.html[/url] (AnThraX Website)
[url=http://www.lis.net.au/~jmaxt/cracks/]http://www.lis.net.au/~jmaxt/cracks/[/url] (Cokebottle cracks page -- member of AnThraX)
[url=http://take-us.to/dasavant/]http://take-us.to/dasavant/[/url] (DASavant's Site -- another member of AnThraX))
[url=http://www.chez.com/ccosmo/cosmo.htm]http://www.chez.com/ccosmo/cosmo.htm[/url] (Cosmo Cramer's Cracks & Serials -- President of AnThraX)
The Nameless Ones:
[url=http://members.xoom.com/tno/]http://members.xoom.com/tno/[/url] (tNO Website)
[url=http://russtno.cjb.net/]http://russtno.cjb.net/[/url] (Russ's tNO Cracks Page)
[url=http://www.listen.to/tno/]http://www.listen.to/tno/[/url] (tNO Cracks Page)
[url=http://www.orc.ru/~pakou/tno.html]http://www.orc.ru/~pakou/tno.html[/url] (Russ97's tNO Page)
Crackers By Excellence:
[url=http://welcome.to/cbe/]http://welcome.to/cbe/[/url] (CbE Website)
[url=ftp://24.95.71.29:99/pub/]ftp://24.95.71.29:99/pub/[/url] (CbE complete file archive)
BaSiC SmUrFs:
[url=http://www.come.to/basic_smurfs/]http://www.come.to/basic_smurfs/[/url] (BaSiC SmUrFs Page)
Dedicated 4 Cracking:
[url=http://toto.xcem.com/d4c/index.html]http://toto.xcem.com/d4c/index.html[/url] (Unofficial d4c Website)
FAITH2000:
[url=http://listen.to/faith2000/]http://listen.to/faith2000/[/url] (Faith2000 website -- l/p F2K/4ever)
[url=http://move.to/f2k_cp/]http://move.to/f2k_cp/[/url] (Faith2000 April Crackpack)
[url=http://search.faith2000.com/]http://search.faith2000.com/[/url] (F2K Search Page)
[url=http://www.faith98.demon.nl/html/files.htm]http://www.faith98.demon.nl/html/files.htm[/url] (alternate F2K URL)
[url=http://home.telia.no/faith2000/mirror/index.html]http://home.telia.no/faith2000/mirror/index.html[/url] (alternate F2K URL)
[url=http://members.tripod.com/midi_now/]http://members.tripod.com/midi_now/[/url] (alternate F2K URL)
Hack Section Warez:
[url=http://hsection.dynip.com]http://hsection.dynip.com[/url] (Hack Section Warez Website)
Kick Ass Cracking:
[url=http://kac.cjb.net/]http://kac.cjb.net/[/url] (kAc Website)
Laxity:
[url=http://www.laxity.com/]http://www.laxity.com/[/url] (Laxity WebSite)
[url=http://www.http2.com/www.laxity.com/]http://www.http2.com/www.laxity.com/[/url] (alternate Laxity URL)
Drink Or Die:
[url=http://www.drinkordie.com]http://www.drinkordie.com[/url] (DOD Website -- read: COOL GFX!)
Cyber Knights Templar:
[url=http://members.tripod.com/cyberkt]http://members.tripod.com/cyberkt[/url] (Cyber Knights Templar Homepage)
PZ Crack Team:
[url=http://fly.to/pct/]http://fly.to/pct/[/url] (PZ Website)
[url=http://pzct.cjb.net/]http://pzct.cjb.net/[/url] (alternate PZ URL)
[url=http://pzcrackteam.findhere.com/]http://pzcrackteam.findhere.com/[/url] (alternate PZ URL)
HNC Productions:
[url=http://www.multimania.com/~hnc]http://www.multimania.com/~hnc[/url] (HNC Website)
Tristar & Red Sector:
[url=http://www.trsi.de/]http://www.trsi.de/[/url] (Tristar & Red Sector Website)
Six World ($!X):
[url=http://come.to/sixworld]http://come.to/sixworld[/url] (The $!X WEbSite)
[url=http://come.to/sixbackup]http://come.to/sixbackup[/url] ($!X Site)
[url=http://www.thepentagon.com/sixworld]http://www.thepentagon.com/sixworld[/url] ($!X Site)
[url=http://cool.icestorm.com/sixworld/sixcrackz.htm]http://cool.icestorm.com/sixworld/sixcrackz.htm[/url] ($!X Cracks)
SpeltaniX:
[url=http://hackerlink.or.id/spx/main.html]http://hackerlink.or.id/spx/main.html[/url] (SpeltaniX WEbSite)
[url=http://travel.to/alien/]http://travel.to/alien/[/url] (|Alien|'s webpage -- SpeltaniX member)
Croatian Cracking Service:
[url=http://surf.to/crocracks/]http://surf.to/crocracks/[/url] ([CCS] WEbSite)
Hungarian Pirates Alliance:
[url=http://w3.swi.hu/krow/hpaweb/crackz.html]http://w3.swi.hu/krow/hpaweb/crackz.html[/url] (HPA Cracks Page)
[url=http://hpa.netchicken.hu/]http://hpa.netchicken.hu/[/url] (alternate HPA Cracks Page)
[url=http://www.hpacrackers.com/]http://www.hpacrackers.com/[/url] (Newest HPA Link)
Ivanopulo:
[url=http://ivanopulo-cracks.da.ru/]http://ivanopulo-cracks.da.ru/[/url] (Ivanopulo's Cracks Page)
[url=http://www.artcon.ru/cracks/]http://www.artcon.ru/cracks/[/url] (Another Ivanopulo Addy)
BLaCK SQuaDRoN:
[url=http://www.blacksquadron.est-ici.org/]http://www.blacksquadron.est-ici.org/[/url] (BLaCK SQuaDRoN's WebSite)
[url=http://get.to/bs2000/]http://get.to/bs2000/[/url] (Black Squadron releases)
Ebola Virus Crew:
[url=http://beam.to/evc/]http://beam.to/evc/[/url] (Ebola Virus Crew WebSite)
4110 Crackers:
[url=http://come.to/4110/]http://come.to/4110/[/url] (4110 WebSite -- remember the guys in GCG?)
[url=http://beam.to/4110/]http://beam.to/4110/[/url] (alternate 4110 URL)
[url=http://4110.tsx.org/]http://4110.tsx.org/[/url] (alternate 4110 URL)
Ultra Tech:
[url=http://ultra-tech.org/]http://ultra-tech.org/[/url] (Ultra Tech WebSite)
The Egoiste:
[url=http://w3.to/egoiste/]http://w3.to/egoiste/[/url] (The Egoiste Website)
[url=http://egoiste.cjb.net/]http://egoiste.cjb.net/[/url] (alternate Egoiste URL)
[url=http://come.to/egoiste/]http://come.to/egoiste/[/url] (alternate Egoiste URL)
Green Knight:
[url=http://www.green-knight.com/]http://www.green-knight.com/[/url] (Green Knight's Website)
[url=ftp://24.93.48.171:21/]ftp://24.93.48.171:21/[/url] (Green Knight FTP -- login: Anonymous)
Radium:
[url=http://www.bape3.da.ru/]http://www.bape3.da.ru/[/url] (Radium Release Site)
[url=http://user.koenig.su/HBB2/audiowarez/]http://user.koenig.su/HBB2/audiowarez/[/url] (Find their releases here)
[url=http://www.enet.ru/win/digitalKenig...BB2/audiowarez/]http://www.enet.ru/win/digitalKenig...BB2/audiowarez/[/url] (Findtheir re
leases here)
LASH:
[url=http://www.lash-cracking.com/]http://www.lash-cracking.com/[/url] (LASH webpg)
[url=http://come.to/moreorlash/]http://come.to/moreorlash/[/url] (alternate LASH URL)
[url=http://meltingpot.fortunecity.com/liveoak/754/index.htm]http://meltingpot.fortunecity.com/liveoak/754/index.htm[/url] (alternate LASH URL)
Warp:
[url=http://www.warphome.org/]http://www.warphome.org/[/url] (Home of the Efnet-based cracking crew Warp)
gERMAN cORRUPTED kILLaS:
[url=http://gck.home.pages.de/]http://gck.home.pages.de/[/url] (GCK homepage)
[url=http://www.crackworld.net/german/]http://www.crackworld.net/german/[/url] (alternate GCK URL)
[url=http://homepages.go.com/~germancorruptedkillas/]http://homepages.go.com/~germancorruptedkillas/[/url] (alternate GCK URL)
BREAKPOiNT:
[url=http://breakpoint.tsx.org/]http://breakpoint.tsx.org/[/url] (BreakPoint homepage)
FIGHTING FORCE:
[url=http://ffo2000.cjb.net/]http://ffo2000.cjb.net/[/url] (FFO website)
TNT!Crack!Team:
[url=http://come.to/tntcrackteam/]http://come.to/tntcrackteam/[/url] (TNT website)
[url=http://members.xoom.com/_XOOM/tntcrackteam/index.htm]http://members.xoom.com/_XOOM/tntcrackteam/index.htm[/url] (altnernate TNT URL)
[url=http://drive.to/tnt/]http://drive.to/tnt/[/url] (TNT's Security Site)
Whiskey Kon Tekila [WkT!]:
[url=http://wkt.tsx.org/]http://wkt.tsx.org/[/url] (WKT website)
[url=http://wkt.mypage.org/]http://wkt.mypage.org/[/url] (Alternate WKT URL)
[url=http://pagina.de/wkt/]http://pagina.de/wkt/[/url] (Alternate WKT URL)
[url=http://come.to/wkt/]http://come.to/wkt/[/url] (Alternate WKT URL)
[url=http://ecd.cjb.net/]http://ecd.cjb.net/[/url] (WKT Tutorials Site)
[url=http://lafundacion.tsx.org/]http://lafundacion.tsx.org/[/url] (La Fundacion -- Mr Crimson's CrackPage --WKT member)
Eternity:
[url=http://welcome.to/Eternitys.home/]http://welcome.to/Eternitys.home/[/url] (Eternity's website)
[url=http://www.toxic.thiswayup.com/]http://www.toxic.thiswayup.com/[/url] (Toxic Crackz Page)
[url=http://members2.easyspace.com/archivist/]http://members2.easyspace.com/archivist/[/url]
PRO-X:
[url=http://come.to/prox/]http://come.to/prox/[/url] (PRO-X Webpage)
BRCrackers:
[url=http://brc.tsx.org/]http://brc.tsx.org/[/url] (BRCrackers Webpage -- excellent Brazilian crackers)
Nova:
[url=http://surf.to/nova/]http://surf.to/nova/[/url] (NOVA Webpg)
[url=http://novacracks.cjb.net/]http://novacracks.cjb.net/[/url] (alternate NOVA URL)
Tuberculosis:
[url=http://tbc.tsx.org/]http://tbc.tsx.org/[/url] (Tuberculosis WebSite)
[url=http://tbc.iscool.net/]http://tbc.iscool.net/[/url] (alternate Tuberculosis URL)
[url=http://tuberculosis.cjb.net/]http://tuberculosis.cjb.net/[/url] (alternate Tuberculosis URL)
[url=http://viny.tsx.org/]http://viny.tsx.org/[/url] (Viny's Page -- Tuberculosis member)
[url=http://adenozin.tsx.org/]http://adenozin.tsx.org/[/url] (aDENOZiN's Page -- Tuberculosis member)
[url=http://come.to/crackingHQ/]http://come.to/crackingHQ/[/url] (jak's Cracking HQ -- Tuberculosis member)
PDAZone:
[url=http://WWW.PDAzone.net/]http://WWW.PDAzone.net/[/url] (PDAZone Website -- PalmPilot and WinCE crackers)
Dark Society of Destruction:
[url=http://www.come.to/cib/]http://www.come.to/cib/[/url] (Woody's website -- a DSD member --official CiB site)
[url=http://hjem.get2net.dk/monkee/]http://hjem.get2net.dk/monkee/[/url] (Dena's website -- a DSD member)
[url=http://home7.inet.tele.dk/mafia/]http://home7.inet.tele.dk/mafia/[/url] (Sordid's website -- a DSD member)
United Cracking Team:
[url=http://uct2000.cjb.net/]http://uct2000.cjb.net/[/url] (United Cracking Team Homepage)
[url=http://uct2000.tsx.org/]http://uct2000.tsx.org/[/url] (another UCT addy)
[url=http://uctnet.tsx.org/]http://uctnet.tsx.org/[/url] (UCT's Scene Newz Page)
[url=http://upp.tsx.org/]http://upp.tsx.org/[/url] (UCT's Universal Power Patcher)
Digital Cracker Domain:
[url=http://dcd.mainpage.net/]http://dcd.mainpage.net/[/url] (DCD webpage -- nice looking, easy loading)
BAKOENIN CREW:
[url=http://listen.to/bc98/]http://listen.to/bc98/[/url] (BAKOENIN CREW webpage)
[url=http://bc98.ourfamily.com/]http://bc98.ourfamily.com/[/url] (BAKOENIN CREW -- american mirror)
German StarfoX CreW:
[url=http://fly.to/gscob/]http://fly.to/gscob/[/url] (German StarfoX CreW webpage)
iMPACT:
[url=http://www.impact.notrix.net/]http://www.impact.notrix.net/[/url] (iMPACT webpage)
[url=http://members.xoom.com/_XOOM/_VOiZE_/index.html]http://members.xoom.com/_XOOM/_VOiZE_/index.html[/url] (alternate iMPACT URL)
[url=http://boozers.fortunecity.com/slug/58/]http://boozers.fortunecity.com/slug/58/[/url] (alternate iMPACT URL)
eRRatum Krak House:
[url=http://all.at/ekh/]http://all.at/ekh/[/url] (eRRatum Krak House webpage)
[url=http://www.hackerlink.or.id/ekh/englishnew.htm]http://www.hackerlink.or.id/ekh/englishnew.htm[/url] (alternate Erratum URL)
Team Epsylon:
[url=http://www.teamepsylon.de.cx/]http://www.teamepsylon.de.cx/[/url]
Addiction:
[url=http://www.addiction.net/]http://www.addiction.net/[/url]
German Cracking Force:
[url=http://get.to/gcf/]http://get.to/gcf/[/url] (German Cracking Force webpage)
[url=http://skyscraper.fortunecity.com/activex/607/hp.htm]http://skyscraper.fortunecity.com/activex/607/hp.htm[/url]
CroSSover:
[url=http://crossover.tsx.org/]http://crossover.tsx.org/[/url] (CroSSover homepage)
Looney Tunes Crack Club:
[url=http://surf.to/ltcc/]http://surf.to/ltcc/[/url] (LTCC Website -- another Brazilian crackinggroup)
The Hacking Paranoiaz:
[url=http://tsx.de/paranoiaz/]http://tsx.de/paranoiaz/[/url] (THP Website)
[url=http://fast.to/dabytefrog/]http://fast.to/dabytefrog/[/url] (alternate THP URL)
Ground Zero Inc:
[url=http://w3.to/gzi/]http://w3.to/gzi/[/url] (GZI Website)
Phusion:
[url=http://i.am/jame**ond001/]http://i.am/jame**ond001/[/url] (PhuSioN Website -- XP Crackers)
[url=http://www.geocities.com/ResearchTr...Thinktank/8521/(alternate]http://www.geocities.com/ResearchTr...Thinktank/8521/(alternate[/url] PhuSioN URL)
IceFortress:
[url=http://www.icefortress.com/]http://www.icefortress.com/[/url] (IceFortress Homepage -- International Crackers Evolution)
Cracker`s NEXUS:
[url=http://move.to/CrackersNEXUS/]http://move.to/CrackersNEXUS/[/url] (Cracker`s NEXUS -- German Cracking/MP3/Burning/Etc.roup)
Soldiers of Satan Group:
[url=http://sos.nanko.ru/]http://sos.nanko.ru/[/url] (SOS Group Website)
bYtEsMaCk InC:
[url=http://www.angelfire.com/nc/bYtEsMaCk/]http://www.angelfire.com/nc/bYtEsMaCk/[/url] (bYtEsMaCk InC. Website)
Digital Cyber Hackers:
[url=http://www.dch.de.cx/]http://www.dch.de.cx/[/url] (Digital Cyber Hackers URL)
[url=http://www.starkontakt.de/DCH/]http://www.starkontakt.de/DCH/[/url] (alternate DCH URL)
[url=http://www.green-knight.com/]http://www.green-knight.com/[/url] (Green Knight's Website)
[url=ftp://24.93.48.171:21/]ftp://24.93.48.171:21/[/url] (Green Knight FTP -- login: Anonymous)
Radium:
[url=http://www.bape3.da.ru/]http://www.bape3.da.ru/[/url] (Radium Release Site)
[url=http://user.koenig.su/HBB2/audiowarez/]http://user.koenig.su/HBB2/audiowarez/[/url] (Find their releases here)
[url=http://www.enet.ru/win/digitalKenig...BB2/audiowarez/]http://www.enet.ru/win/digitalKenig...BB2/audiowarez/[/url] (Findtheir re
leases here)
LASH:
[url=http://www.lash-cracking.com/]http://www.lash-cracking.com/[/url] (LASH webpg)
[url=http://come.to/moreorlash/]http://come.to/moreorlash/[/url] (alternate LASH URL)
[url=http://meltingpot.fortunecity.com/liveoak/754/index.htm]http://meltingpot.fortunecity.com/liveoak/754/index.htm[/url] (alternate LASH URL)
Warp:
[url=http://www.warphome.org/]http://www.warphome.org/[/url] (Home of the Efnet-based cracking crew Warp)
gERMAN cORRUPTED kILLaS:
[url=http://gck.home.pages.de/]http://gck.home.pages.de/[/url] (GCK homepage)
[url=http://www.crackworld.net/german/]http://www.crackworld.net/german/[/url] (alternate GCK URL)
[url=http://homepages.go.com/~germancorruptedkillas/]http://homepages.go.com/~germancorruptedkillas/[/url] (alternate GCK URL)
BREAKPOiNT:
[url=http://breakpoint.tsx.org/]http://breakpoint.tsx.org/[/url] (BreakPoint homepage)
FIGHTING FORCE:
[url=http://ffo2000.cjb.net/]http://ffo2000.cjb.net/[/url] (FFO website)
TNT!Crack!Team:
[url=http://come.to/tntcrackteam/]http://come.to/tntcrackteam/[/url] (TNT website)
[url=http://members.xoom.com/_XOOM/tntcrackteam/index.htm]http://members.xoom.com/_XOOM/tntcrackteam/index.htm[/url] (altnernate TNT URL)
[url=http://drive.to/tnt/]http://drive.to/tnt/[/url] (TNT's Security Site)
Whiskey Kon Tekila [WkT!]:
[url=http://wkt.tsx.org/]http://wkt.tsx.org/[/url] (WKT website)
[url=http://wkt.mypage.org/]http://wkt.mypage.org/[/url] (Alternate WKT URL)
[url=http://pagina.de/wkt/]http://pagina.de/wkt/[/url] (Alternate WKT URL)
[url=http://come.to/wkt/]http://come.to/wkt/[/url] (Alternate WKT URL)
[url=http://ecd.cjb.net/]http://ecd.cjb.net/[/url] (WKT Tutorials Site)
[url=http://lafundacion.tsx.org/]http://lafundacion.tsx.org/[/url] (La Fundacion -- Mr Crimson's CrackPage --WKT member)
Eternity:
[url=http://welcome.to/Eternitys.home/]http://welcome.to/Eternitys.home/[/url] (Eternity's website)
[url=http://www.toxic.thiswayup.com/]http://www.toxic.thiswayup.com/[/url] (Toxic Crackz Page)
[url=http://members2.easyspace.com/archivist/]http://members2.easyspace.com/archivist/[/url]
PRO-X:
[url=http://come.to/prox/]http://come.to/prox/[/url] (PRO-X Webpage)
BRCrackers:
[url=http://brc.tsx.org/]http://brc.tsx.org/[/url] (BRCrackers Webpage -- excellent Brazilian crackers)
Nova:
[url=http://surf.to/nova/]http://surf.to/nova/[/url] (NOVA Webpg)
[url=http://novacracks.cjb.net/]http://novacracks.cjb.net/[/url] (alternate NOVA URL)
Tuberculosis:
[url=http://tbc.tsx.org/]http://tbc.tsx.org/[/url] (Tuberculosis WebSite)
[url=http://tbc.iscool.net/]http://tbc.iscool.net/[/url] (alternate Tuberculosis URL)
[url=http://tuberculosis.cjb.net/]http://tuberculosis.cjb.net/[/url] (alternate Tuberculosis URL)
[url=http://viny.tsx.org/]http://viny.tsx.org/[/url] (Viny's Page -- Tuberculosis member)
[url=http://adenozin.tsx.org/]http://adenozin.tsx.org/[/url] (aDENOZiN's Page -- Tuberculosis member)
[url=http://come.to/crackingHQ/]http://come.to/crackingHQ/[/url] (jak's Cracking HQ -- Tuberculosis member)
PDAZone:
[url=http://WWW.PDAzone.net/]http://WWW.PDAzone.net/[/url] (PDAZone Website -- PalmPilot and WinCE crackers)
Dark Society of Destruction:
[url=http://www.come.to/cib/]http://www.come.to/cib/[/url] (Woody's website -- a DSD member --official CiB site)
[url=http://hjem.get2net.dk/monkee/]http://hjem.get2net.dk/monkee/[/url] (Dena's website -- a DSD member)
[url=http://home7.inet.tele.dk/mafia/]http://home7.inet.tele.dk/mafia/[/url] (Sordid's website -- a DSD member)
United Cracking Team:
[url=http://uct2000.cjb.net/]http://uct2000.cjb.net/[/url] (United Cracking Team Homepage)
[url=http://uct2000.tsx.org/]http://uct2000.tsx.org/[/url] (another UCT addy)
[url=http://uctnet.tsx.org/]http://uctnet.tsx.org/[/url] (UCT's Scene Newz Page)
[url=http://upp.tsx.org/]http://upp.tsx.org/[/url] (UCT's Universal Power Patcher)
Digital Cracker Domain:
[url=http://dcd.mainpage.net/]http://dcd.mainpage.net/[/url] (DCD webpage -- nice looking, easy loading)
BAKOENIN CREW:
[url=http://listen.to/bc98/]http://listen.to/bc98/[/url] (BAKOENIN CREW webpage)
[url=http://bc98.ourfamily.com/]http://bc98.ourfamily.com/[/url] (BAKOENIN CREW -- american mirror)
German StarfoX CreW:
[url=http://fly.to/gscob/]http://fly.to/gscob/[/url] (German StarfoX CreW webpage)
iMPACT:
[url=http://www.impact.notrix.net/]http://www.impact.notrix.net/[/url] (iMPACT webpage)
[url=http://members.xoom.com/_XOOM/_VOiZE_/index.html]http://members.xoom.com/_XOOM/_VOiZE_/index.html[/url] (alternate iMPACT URL)
[url=http://boozers.fortunecity.com/slug/58/]http://boozers.fortunecity.com/slug/58/[/url] (alternate iMPACT URL)
eRRatum Krak House:
[url=http://all.at/ekh/]http://all.at/ekh/[/url] (eRRatum Krak House webpage)
[url=http://www.hackerlink.or.id/ekh/englishnew.htm]http://www.hackerlink.or.id/ekh/englishnew.htm[/url] (alternate Erratum URL)
Team Epsylon:
[url=http://www.teamepsylon.de.cx/]http://www.teamepsylon.de.cx/[/url]
Addiction:
[url=http://www.addiction.net/]http://www.addiction.net/[/url]
German Cracking Force:
[url=http://get.to/gcf/]http://get.to/gcf/[/url] (German Cracking Force webpage)
[url=http://skyscraper.fortunecity.com/activex/607/hp.htm]http://skyscraper.fortunecity.com/activex/607/hp.htm[/url]
CroSSover:
[url=http://crossover.tsx.org/]http://crossover.tsx.org/[/url] (CroSSover homepage)
Looney Tunes Crack Club:
[url=http://surf.to/ltcc/]http://surf.to/ltcc/[/url] (LTCC Website -- another Brazilian crackinggroup)
The Hacking Paranoiaz:
[url=http://tsx.de/paranoiaz/]http://tsx.de/paranoiaz/[/url] (THP Website)
[url=http://fast.to/dabytefrog/]http://fast.to/dabytefrog/[/url] (alternate THP URL)
Ground Zero Inc:
[url=http://w3.to/gzi/]http://w3.to/gzi/[/url] (GZI Website)
Phusion:
[url=http://i.am/jame**ond001/]http://i.am/jame**ond001/[/url] (PhuSioN Website -- XP Crackers)
[url=http://www.geocities.com/ResearchTr...Thinktank/8521/(alternate]http://www.geocities.com/ResearchTr...Thinktank/8521/(alternate[/url] PhuSioN URL)
IceFortress:
[url=http://www.icefortress.com/]http://www.icefortress.com/[/url] (IceFortress Homepage -- International Crackers Evolution)
Cracker`s NEXUS:
[url=http://move.to/CrackersNEXUS/]http://move.to/CrackersNEXUS/[/url] (Cracker`s NEXUS -- German Cracking/MP3/Burning/Etc. Group)
Soldiers of Satan Group:
[url=http://sos.nanko.ru/]http://sos.nanko.ru/[/url] (SOS Group Website)
bYtEsMaCk InC:
[url=http://www.angelfire.com/nc/bYtEsMaCk/]http://www.angelfire.com/nc/bYtEsMaCk/[/url] (bYtEsMaCk InC. Website)
Digital Cyber Hackers:
[url=http://www.dch.de.cx/]http://www.dch.de.cx/[/url] (Digital Cyber Hackers URL)
[url=http://www.starkontakt.de/DCH/]http://www.starkontakt.de/DCH/[/url] (alternate DCH URL )
6.简单算法 GIF Movie Gear 3.0
工具:trw 2000 娃娃版,w32dasm,windows 计算器,regmon.
运行注册对话框,输入 happycreator,注册码: 123456789
在trw 2000 中下断点bpx hmemcpy
点“确定”中断
来到004317d2
向下看:
:004317EE 8D4C2460 lea ecx, dword ptr [esp+60]
:004317F2 50 push eax
:004317F3 51 push ecx
:004317F4 E8F7FBFFFF call 004313F0 <-----关键call!
:004317F9 83C408 add esp, 00000008
:004317FC 85C0 test eax, eax
:004317FE 0F84AD000000 je 004318B1
:00431804 8D542410 lea edx, dword ptr [esp+10]
:00431808 8D44240C lea eax, dword ptr [esp+0C]
:0043180C 52 push edx
:0043180D 50 push eax
:0043180E 6A00 push 00000000
:00431810 683F000F00 push 000F003F
:00431815 6A00 push 00000000
:00431817 6814ED4400 push 0044ED14
:0043181C 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Software\gamani\GIFMovieGear\2.0"
|
:0043181E 68B8B34400 push 0044B3B8
:00431823 6801000080 push 80000001
* Reference To: ADVAPI32.RegCreateKeyExA, Ord:015Fh
|
:00431828 FF1514804400 Call dword ptr [00448014]
:0043182E 8D7C2460 lea edi, dword ptr [esp+60]
:00431832 83C9FF or ecx, FFFFFFFF
:00431835 33C0 xor eax, eax
:00431837 8B54240C mov edx, dword ptr [esp+0C]
:0043183B F2 repnz
:0043183C AE sca**
:0043183D F7D1 not ecx
* Reference To: ADVAPI32.RegSetvalueExA, Ord:0186h
|
:0043183F 8B1D08804400 mov ebx, dword ptr [00448008]
:00431845 51 push ecx
:00431846 8D4C2464 lea ecx, dword ptr [esp+64]
:0043184A 51 push ecx
:0043184B 6A01 push 00000001
:0043184D 50 push eax
* Possible StringData Ref from Data Obj ->"RegName3"
|
:0043184E 6890D44400 push 0044D490
:00431853 52 push edx
:00431854 FFD3 call ebx
:00431856 8DBC24C4000000 lea edi, dword ptr [esp+000000C4]
:0043185D 83C9FF or ecx, FFFFFFFF
:00431860 33C0 xor eax, eax
:00431862 F2 repnz
:00431863 AE sca**
:00431864 F7D1 not ecx
:00431866 8D8424C4000000 lea eax, dword ptr [esp+000000C4]
:0043186D 51 push ecx
:0043186E 8B4C2410 mov ecx, dword ptr [esp+10]
:00431872 50 push eax
:00431873 6A01 push 00000001
:00431875 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"RegCode3"
|
:00431877 689CD44400 push 0044D49C
:0043187C 51 push ecx
:0043187D FFD3 call ebx
:0043187F 8B54240C mov edx, dword ptr [esp+0C]
:00431883 52 push edx
* Reference To: ADVAPI32.RegCloseKey, Ord:015Bh
|
:00431884 FF1518804400 Call dword ptr [00448018]
* Possible StringData Ref from Data Obj ->"Software\Loani\MG3t"
|
:0043188A 68A8D44400 push 0044D4A8
:0043188F 6802000080 push 80000002
* Reference To: ADVAPI32.RegDeleteKeyA, Ord:0162h
|
:00431894 FF1510804400 Call dword ptr [00448010]
:0043189A 6A01 push 00000001
:0043189C 56 push esi
-------------------------------------------------------------------------
:004313F0 53 push ebx
:004313F1 55 push ebp
:004313F2 8B6C2410 mov ebp, dword ptr [esp+10]
:004313F6 56 push esi
:004313F7 57 push edi
:004313F8 807D006D cmp byte ptr [ebp+00], 6D<----首位为"m"否则失败
:004313FC 0F85A0000000 jne 004314A2
:00431402 807D0167 cmp byte ptr [ebp+01], 67<------第二位为"g"
:00431406 0F8596000000 jne 004314A2
:0043140C 807D0233 cmp byte ptr [ebp+02], 33<-----第三位为“3”
:00431410 0F858C000000 jne 004314A2
:00431416 807D0337 cmp byte ptr [ebp+03], 37<-----第四位为“7”
:0043141A 0F8582000000 jne 004314A2
<---改过来,再试。
* Possible Indirect StringData Ref from Data Obj ->"mvg21951736"<---不知道是不是从前的非法注册码?
|
:00431420 BBBCD44400 mov ebx, 0044D4BC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431446(C)
|
:00431425 8B13 mov edx, dword ptr [ebx]
:00431427 83C9FF or ecx, FFFFFFFF
:0043142A 8BFA mov edi, edx
:0043142C 33C0 xor eax, eax
:0043142E F2 repnz
:0043142F AE sca**
:00431430 F7D1 not ecx
:00431432 49 dec ecx
:00431433 8BFA mov edi, edx
:00431435 8BF5 mov esi, ebp
:00431437 33C0 xor eax, eax
:00431439 F3 repz
:0043143A A6 cmp**
:0043143B 7465 je 004314A2
:0043143D 83C304 add ebx, 00000004
:00431440 81FBC0D44400 cmp ebx, 0044D4C0
:00431446 7CDD jl 00431425
:00431448 807D0473 cmp byte ptr [ebp+04], 73<----第五位是否为"s",改之,试一下。
:0043144C 7501 jne 0043144F
:0043144E 45 inc ebp
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043144C(C)
|
:0043144F 83C507 add ebp, 00000007
:00431452 55 push ebp
:00431453 E8C4DD0000 call 0043F21C<-------对注册码的关键运算!
:00431458 8B542418 mov edx, dword ptr [esp+18]
:0043145C 83C404 add esp, 00000004
:0043145F 8BFA mov edi, edx<----对注册名开始运算!
:00431461 33C9 xor ecx, ecx
:00431463 8A12 mov dl, byte ptr [edx]
:00431465 BEDF0B0000 mov esi, 00000BDF<---esi的初始值。
:0043146A 84D2 test dl, dl
:0043146C 7426 je 00431494
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431492(C)
|
:0043146E 0FBED2 movsx edx, dl 注册名各字符进edx
:00431471 41 inc ecx<------ecx计数
:00431472 0FAFD1 imul edx, ecx<------位数与注册名ASC码相乘。
:00431475 03F2 add esi, edx<-----和加入esi
:00431477 81FEBE170000 cmp esi, 000017BE
:0043147D 7E06 jle 00431485
:0043147F 81EEBE170000 sub esi, 000017BE<---最后取esi除17be的余数。
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043147D(C)
|
:00431485 83F90A cmp ecx, 0000000A<----ecx以十为一组。
:00431488 7E02 jle 0043148C
:0043148A 33C9 xor ecx, ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431488(C)
|
:0043148C 8A5701 mov dl, byte ptr [edi+01]
:0043148F 47 inc edi
:00431490 84D2 test dl, dl<----直到取尽注册名。
:00431492 75DA jne 0043146E
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043146C(C)
|
:00431494 3BF0 cmp esi, eax<----与注册码计算结果比较,不等则失败!
:00431496 750A jne 004314A2
:00431498 5F pop edi
:00431499 5E pop esi
:0043149A 5D pop ebp
:0043149B B801000000 mov eax, 00000001
:004314A0 5B pop ebx
:004314A1 C3 ret
:0043F21C FF742404 push [esp+04]
:0043F220 E86CFFFFFF call 0043F191<-----跟进!
:0043F225 59 pop ecx
:0043F226 C3 ret
--------------------------------------------------------------------------
* Referenced by a CALL at Addresses:
|:0043F220 , :004463E3 , :00446411 , :0044643C
|
:0043F191 53 push ebx
:0043F192 55 push ebp
:0043F193 56 push esi
:0043F194 57 push edi
:0043F195 8B7C2414 mov edi, dword ptr [esp+14]<---edi指向第九位。
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F1C5(U)
|
:0043F199 833D4CE2440001 cmp dword ptr [0044E24C], 00000001<---查看是否取尽
:0043F1A0 7E0F jle 0043F1B1
:0043F1A2 0FB607 movzx eax, byte ptr [edi]
:0043F1A5 6A08 push 00000008
:0043F1A7 50 push eax
:0043F1A8 E812230000 call 004414BF
:0043F1AD 59 pop ecx
:0043F1AE 59 pop ecx
:0043F1AF EB0F jmp 0043F1C0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F1A0(C)
|
:0043F1B1 0FB607 movzx eax, byte ptr [edi]
* Possible StringData Ref from Data Obj ->" ((((( "
->" H"
|
:0043F1B4 8B0D40E04400 mov ecx, dword ptr [0044E040]
:0043F1BA 8A0441 mov al, byte ptr [ecx+2*eax]
:0043F1BD 83E008 and eax, 00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F1AF(U)
|
:0043F1C0 85C0 test eax, eax
:0043F1C2 7403 je 0043F1C7
:0043F1C4 47 inc edi
:0043F1C5 EBD2 jmp 0043F199
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F1C2(C)
|
:0043F1C7 0FB637 movzx esi, byte ptr [edi]
:0043F1CA 47 inc edi
:0043F1CB 83FE2D cmp esi, 0000002D<---第九位是否为"-"
:0043F1CE 8BEE mov ebp, esi
:0043F1D0 7405 je 0043F1D7<-----是则有另一种算法,最后取eax的补码。
:0043F1D2 83FE2B cmp esi, 0000002B<----第九位是不是"+"?
:0043F1D5 7504 jne 0043F1DB<---不是则跳!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F1D0(C)
|
:0043F1D7 0FB637 movzx esi, byte ptr [edi] <-对于第九位“-”或“+”的对其后数
字进行计算。
:0043F1DA 47 inc edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F1D5(C)
|
:0043F1DB 33DB xor ebx, ebx<--否则直接进行计算。
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F20C(U)
|
:0043F1DD 833D4CE2440001 cmp dword ptr [0044E24C], 00000001<--以下好像是在验证是否取完数码。
:0043F1E4 7E0C jle 0043F1F2
:0043F1E6 6A04 push 00000004
:0043F1E8 56 push esi
:0043F1E9 E8D1220000 call 004414BF
:0043F1EE 59 pop ecx
:0043F1EF 59 pop ecx
:0043F1F0 EB0B jmp 0043F1FD
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F1E4(C)
|
* Possible StringData Ref from Data Obj ->" ((((( "
->" H"
|
:0043F1F2 A140E04400 mov eax, dword ptr [0044E040]
:0043F1F7 8A0470 mov al, byte ptr [eax+2*esi]
:0043F1FA 83E004 and eax, 00000004
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F1F0(U)
|
:0043F1FD 85C0 test eax, eax
:0043F1FF 740D je 0043F20E
:0043F201 8D049B lea eax, dword ptr [ebx+4*ebx]<---对eax取值!
:0043F204 8D5C46D0 lea ebx, dword ptr [esi+2*eax-30]<---对ebx取值!!
:0043F208 0FB637 movzx esi, byte ptr [edi] <----esi为相应数字的ASC码。
:0043F20B 47 inc edi<-- 下一位
:0043F20C EBCF jmp 0043F1DD
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F1FF(C)
|
:0043F20E 83FD2D cmp ebp, 0000002D<--算法选择。
:0043F211 8BC3 mov eax, ebx <----返回eax的值!
:0043F213 7502 jne 0043F217
:0043F215 F7D8 neg eax <--是否取反,视有无"-"而定。
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043F213(C)
|
:0043F217 5F pop edi
:0043F218 5E pop esi
:0043F219 5D pop ebp
:0043F21A 5B pop ebx
:0043F21B C3 ret
在00431494处的比较决定了注册成功与否。相等既大功告成!
在对注册码的计算中实际上是对输入的九至n位数字转化为十六进制,而在对注册名的算法中是在esi的初始值
上再加上各位字符和位数的积的和除17be的余数。两者相等既可成功。在前面还有一个对第五位的测试,时间原因就不能再分析了
我的结果:注册名:happycreator
注册码:mg37s6784216
注册后信息会保存在注册表中:HKCU\Software\gamani\GIFMovieGear\2.0
删除相关信息后又变为未注册。注册码第6、7、8三位无关。
7.CheckFiles V1.8破解
【软件类别】:国外软件 / 共享版 / 文件管理
【开 发 商】[url=http://www.lightlink.com/ym/chkfiles.htm]http://www.lightlink.com/ym/chkfiles.htm[/url]
【破解过程】:用Fi2.45检查,VC 5.0编写,无壳。于是用W32Dasm反汇编后查找错误信息,找到关键点如下:
【破解过程】:
:00408483 E8017B0100 call 0041FF89
:00408488 8BC8 mov ecx, eax
:0040848A E8217C0100 call 004200B0
/* 取用户名位数 */
:0040848F 85C0 test eax, eax
:00408491 7518 jne 004084AB
:00408493 50 push eax
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
|
:00408494 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"You need to enter a user name."
|
:00408499 6828ED4200 push 0042ED28
:0040849E 8BCE mov ecx, esi
:004084A0 E87DA20100 call 00422722
:004084A5 5F pop edi
:004084A6 5E pop esi
:004084A7 83C420 add esp, 00000020
:004084AA C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408491(C)
|
:004084AB 83F814 cmp eax, 00000014
/* 用户名是否在20位以内? */
:004084AE 7E19 jle 004084C9
:004084B0 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
|
:004084B2 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"The user name must be 20 characters "
->"or less."
|
:004084B7 68F8EC4200 push 0042ECF8
:004084BC 8BCE mov ecx, esi
:004084BE E85FA20100 call 00422722
:004084C3 5F pop edi
:004084C4 5E pop esi
:004084C5 83C420 add esp, 00000020
:004084C8 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004084AE(C)
|
:004084C9 8D44240C lea eax, dword ptr [esp+0C]
:004084CD 6A17 push 00000017
:004084CF 50 push eax
* Possible Reference to Dialog: DialogID_0087, CONTROL_ID:040F, ""
|
:004084D0 680F040000 push 0000040F
:004084D5 8BCE mov ecx, esi
:004084D7 E8AD7A0100 call 0041FF89
:004084DC 8BC8 mov ecx, eax
:004084DE E8CD7B0100 call 004200B0
/* 取试炼码位数 */
:004084E3 85C0 test eax, eax
:004084E5 7518 jne 004084FF
:004084E7 50 push eax
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
|
:004084E8 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"You need to enter a registration "
->"number."
|
:004084ED 68CCEC4200 push 0042ECCC
:004084F2 8BCE mov ecx, esi
:004084F4 E829A20100 call 00422722
:004084F9 5F pop edi
:004084FA 5E pop esi
:004084FB 83C420 add esp, 00000020
:004084FE C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004084E5(C)
|
:004084FF 8D4C2408 lea ecx, dword ptr [esp+08]
:00408503 8D54240C lea edx, dword ptr [esp+0C]
/* 取试炼码地址 */
:00408507 51 push ecx
* Possible StringData Ref from Data Obj ->"%lu"
|
:00408508 6854E24200 push 0042E254
:0040850D 52 push edx
:0040850E E8AD100000 call 004095C0
/* 判断试炼码是否全是数字,若是则转为16进制,不是则给出错误信息 */
:00408513 83C40C add esp, 0000000C
:00408516 83F801 cmp eax, 00000001
:00408519 7419 je 00408534
:0040851B 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
|
:0040851D 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"You need to enter a valid registration "
->"number."
|
:00408522 689CEC4200 push 0042EC9C
:00408527 8BCE mov ecx, esi
:00408529 E8F4A10100 call 00422722
:0040852E 5F pop edi
:0040852F 5E pop esi
:00408530 83C420 add esp, 00000020
:00408533 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408519(C)
|
:00408534 8B442408 mov eax, dword ptr [esp+08]
/* 16进制值送eax */
:00408538 85C0 test eax, eax
:0040853A 7519 jne 00408555
:0040853C 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
|
:0040853E 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"You need to enter a valid registartion "
->"number."
|
:00408543 686CEC4200 push 0042EC6C
:00408548 8BCE mov ecx, esi
:0040854A E8D3A10100 call 00422722
:0040854F 5F pop edi
:00408550 5E pop esi
:00408551 83C420 add esp, 00000020
:00408554 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040853A(C)
|
:00408555 68282D4300 push 00432D28
/* 用户名地址入栈 */
:0040855A E8A18AFFFF call 00401000
/* 算法call */
:0040855F 8B4C240C mov ecx, dword ptr [esp+0C]
:00408563 83C404 add esp, 00000004
:00408566 3BC8 cmp ecx, eax
/* 关键比较 */
:00408568 7419 je 00408583
/* 一定要跳 */
:0040856A 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
|
:0040856C 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"Sorry, this registration number "
->"is not valid."
|
:00408571 683CEC4200 push 0042EC3C
:00408576 8BCE mov ecx, esi
:00408578 E8A5A10100 call 00422722
:0040857D 5F pop edi
:0040857E 5E pop esi
:0040857F 83C420 add esp, 00000020
:00408582 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408568(C)
|
* Possible StringData Ref from Data Obj ->"ww"
|
:00408583 68FCE34200 push 0042E3FC
* Possible StringData Ref from Data Obj ->"chkfiles.ser"
|
:00408588 685CE24200 push 0042E25C
:0040858D E86E120000 call 00409800
:00408592 8BF8 mov edi, eax
:00408594 83C408 add esp, 00000008
:00408597 85FF test edi, edi
:00408599 7439 je 004085D4
:0040859B 8B442408 mov eax, dword ptr [esp+08]
:0040859F 50 push eax
:004085A0 68282D4300 push 00432D28
* Possible StringData Ref from Data Obj ->"%s%lu"
:004085A5 6834EC4200 push 0042EC34
:004085AA 57 push edi
:004085AB E870120000 call 00409820
:004085B0 83C410 add esp, 00000010
:004085B3 83F8FF cmp eax, FFFFFFFF
:004085B6 741C je 004085D4
:004085B8 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
|
:004085BA 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"Thank you for registering."
|
:004085BF 6818EC4200 push 0042EC18
:004085C4 8BCE mov ecx, esi
:004085C6 E857A10100 call 00422722
:004085CB C605202D430001 mov byte ptr [00432D20], 01
:004085D2 EB13 jmp 004085E7
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00408599(C), :004085B6(C)
|
:004085D4 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
|
:004085D6 6848ED4200 push 0042ED48
* Possible StringData Ref from Data Obj ->"Error writing registration file."
|
:004085DB 68F4EB4200 push 0042EBF4
:004085E0 8BCE mov ecx, esi
:004085E2 E83BA10100 call 00422722
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004085D2(U)
|
:004085E7 57 push edi
:004085E8 E873080000 call 00408E60
:004085ED 83C404 add esp, 00000004
:004085F0 8BCE mov ecx, esi
:004085F2 E8394B0100 call 0041D130
:004085F7 5F pop edi
:004085F8 5E pop esi
:004085F9 83C420 add esp, 00000020
:004085FC C3 ret
___________________________________________________________
算法call:
:00401000 53 push ebx
:00401001 55 push ebp
:00401002 8B6C240C mov ebp, dword ptr [esp+0C]
:00401006 56 push esi
:00401007 57 push edi
:00401008 8BFD mov edi, ebp
:0040100A 83C9FF or ecx, FFFFFFFF
:0040100D 33C0 xor eax, eax
:0040100F F2 repnz
:00401010 AE sca**
:00401011 F7D1 not ecx
:00401013 49 dec ecx
/* 这里取得用户名长度 */
:00401014 8BC1 mov eax, ecx
:00401016 8BD8 mov ebx, eax
:00401018 7452 je 0040106C
:0040101A 83F814 cmp eax, 00000014
:0040101D 7F4D jg 0040106C
:0040101F 7D1D jge 0040103E
:00401021 B914000000 mov ecx, 00000014
:00401026 8D3C28 lea edi, dword ptr [eax+ebp]
:00401029 2BC8 sub ecx, eax
:0040102B B820202020 mov eax, 20202020
:00401030 8BD1 mov edx, ecx
:00401032 C1E902 shr ecx, 02
:00401035 F3 repz
:00401036 AB stosd
/* 上面这段指令用0x20将未满20位的用户名补足20位 */
:00401037 8BCA mov ecx, edx
:00401039 83E103 and ecx, 00000003
:0040103C F3 repz
:0040103D AA sto**
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040101F(C)
|
:0040103E BE322DFB21 mov esi, 21FB2D32
:00401043 B929197C6B mov ecx, 6B7C1929
/* 以上是两个计算关键值 */
:00401048 33D2 xor edx, edx
/* edx清零 */
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040105F(C)
|
:0040104A 33C0 xor eax, eax
/* eax清零 */
:0040104C 8A042A mov al, byte ptr [edx+ebp]
/* 依次取用户名的每一位 */
:0040104F 0FAFC1 imul eax, ecx
/* eax=eax*ecx */
:00401052 03F0 add esi, eax
/* esi=eax+esi */
:00401054 42 inc edx
/* edx++ */
:00401055 83FA14 cmp edx, 00000014
/* 20位是否都算完? */
:00401058 8D8C092106471E lea ecx, dword ptr [ecx+ecx+1E470621]
/* ecx=ecx*2+1E470621 */
:0040105F 7CE9 jl 0040104A
/* 未满20位则返回继续运算 */
:00401061 C6042B00 mov byte ptr [ebx+ebp], 00
:00401065 8BC6 mov eax, esi
/* 运算结果作为返回值送出 */
:00401067 5F pop edi
:00401068 5E pop esi
:00401069 5D pop ebp
:0040106A 5B pop ebx
:0040106B C3 ret
【整 理】:
用户名:cyclotron
注册码:101258879
【注册信息存放】:
主目录下chkfiles.ser
【Turbo C 注册机】:
#include "stdio.h"
#include "string.h"
void main()
{char regname[21];
unsigned long regcode=0x21FB2D32,ecx=0x6B7C1929;
int i,length;
printf("\t*******************************************************************\n\n");
printf("\t\tKeyGen for CheckFiles V1.5\n\t\t\tProduced by cyclotron\n\n");
printf("\t*******************************************************************\n\n");
do
{printf("\n\tPlease input your Regname(less than or equal to 20):");
length=strlen(gets(regname));
}
while(!length||length>20);
for(i=length;i<20;i++)
regname=0x20;
for(i=0;i<20;i++)
{regcode+=regname*ecx;
ecx=ecx*2+0x1E470621;
}
printf("\n\tYour Regcode is:\t%lu\n",regcode);
printf("\n\tThank you for your use!\n");
getchar();
8.世纪葵花--桌面直播录像机系统5.2
前 言】:这个软件有很多地方不明白,所以发出来和大家探讨一下!(在这里也要谢谢安靖)
【下载页面】[url=http://www.softreg.com.cn/sharew]http://www.softreg.com.cn/sharew[/url] ... -BB4E-567A2FE09680/
【文章作者】:辉仔Yock[DFCG][YCG]
【作者声明】:本人发表这篇文章只是为了学习和研究!!!请不用于商业用途或是将本文方法制作的注册机任意传播,读者看了文章后所做的事情与我无关,我也不会负责,请读者看了文章后三思而后行!最后希望大家在经济基础好的时候,支持共享软件!
【破解工具】:OLLYDBG W32Dasm
—————————————————————————————————
【过 程】:
主程序SFCAPCaster.exe没有加壳,事用Microsoft Visual C++ 6.0编写的!
用W32dasm反汇编,根据参考字串很快找到关键!
用OLLYDBG加载SFCAPCaster.exe
选择帮助-->注册-->输入用户名Yock196(用户名要大于5位)-->邮箱地址(可以不填,下面不做运算!-->输入20位的假注册码KHSC-987654321ABCDEF(开头五位一定要是"KHSC-")
下断点004147D4来到下面:
:004147BF E83AE40100 call 00432BFE
//这里事取得用户名位数
:004147C4 8B07 mov eax, dword ptr [edi]
:004147C6 C744242000000000 mov [esp+20], 00000000
:004147CE 8B40F8 mov eax, dword ptr [eax-08]
:004147D1 83F805 cmp eax, 00000005
//比较用户名是否小于5位
:004147D4 7D13 jge 004147E9
:004147D6 6A00 push 00000000
:004147D8 6A10 push 00000010
* Possible StringData Ref from Data Obj ->"请输入长度大于5的用户名称"
|
:004147DA 68A05B4500 push 00455BA0
:004147DF E8CF410200 call 004389B3
:004147E4 E91E010000 jmp 00414907
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004147D4(C)
|
:004147E9 8D4C2410 lea ecx, dword ptr [esp+10]
:004147ED 8D7E5C lea edi, dword ptr [esi+5C]
:004147F0 6A05 push 00000005
:004147F2 51 push ecx
:004147F3 8BCF mov ecx, edi
:004147F5 E8B18A0100 call 0042D2AB
:004147FA 8B00 mov eax, dword ptr [eax]
* Possible StringData Ref from Data Obj ->"KHSC-"
|
:004147FC 68985B4500 push 00455B98
:00414801 50 push eax
:00414802 E8F59E0000 call 0041E6FC
//比较注册码的前面五位是否"KHSC-"
:00414807 83C408 add esp, 00000008
:0041480A 85C0 test eax, eax
:0041480C 7511 jne 0041481F
//不是就跳下去出错
:0041480E 8B17 mov edx, dword ptr [edi]
:00414810 837AF814 cmp dword ptr [edx-08], 00000014
//比较注册码是否等于20位
:00414814 0F95C0 setne al
:00414817 84C0 test al, al
:00414819 7504 jne 0041481F
//不是的话跳下去出错
:0041481B 32DB xor bl, bl
:0041481D EB02 jmp 00414821
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041480C(C), :00414819(C)
|
:0041481F B301 mov bl, 01
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041481D(U)
|
:00414821 8D4C2410 lea ecx, dword ptr [esp+10]
:00414825 E85FE60100 call 00432E89
:0041482A 84DB test bl, bl
:0041482C 7413 je 00414841
//输入的注册码如果不符合上面的条件就不跳走!
//符合反之
//这里可以说是一个暗桩,我第一次以为这样注册成功了!
//其实不是的,符合上面的条件,但不是真的注册码一样是未注册!
:0041482E 6A00 push 00000000
:00414830 6A10 push 00000010
* Possible StringData Ref from Data Obj ->"注册失败!"
|
:00414832 688C5B4500 push 00455B8C
:00414837 E877410200 call 004389B3
:0041483C E9C6000000 jmp 00414907
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041482C(C) //上面来到这里!
......
......
//省略一部分用处不大的代码
:0041488D 8D442418 lea eax, dword ptr [esp+18]
:00414891 50 push eax
//用户名
:00414892 E829090000 call 004151C0
//来到这里是把我的用户名经过运算后得出一串数字"298103222272636"
//但是感觉上用处不大,我认为根本就没有!
:00414897 83C40C add esp, 0000000C
:0041489A 50 push eax
:0041489B 8D4C2410 lea ecx, dword ptr [esp+10]
:0041489F C644242402 mov [esp+24], 02
:004148A4 E819E70100 call 00432FC2
:004148A9 8D4C2410 lea ecx, dword ptr [esp+10]
:004148AD C644242000 mov [esp+20], 00
:004148B2 E8D2E50100 call 00432E89
:004148B7 51 push ecx
:004148B8 8D542410 lea edx, dword ptr [esp+10]
:004148BC 8BCC mov ecx, esp
:004148BE 89642418 mov dword ptr [esp+18], esp
:004148C2 52 push edx
:004148C3 E836E30100 call 00432BFE
:004148C8 8BCE mov ecx, esi
:004148CA E861000000 call 00414930
:004148CF 6A00 push 00000000
:004148D1 8BCE mov ecx, esi
:004148D3 E838010000 call 00414A10
:004148D8 8BCE mov ecx, esi
:004148DA E8E1030000 call 00414CC0
//根据W32Dasm的提示得知这个CALL里面是注册成功但出的窗口!
//跟进去!
:004148DF 8BCE mov ecx, esi
:004148E1 E87A030000 call 00414C60
//根据W32Dasm的提示得知这个CALL里面是注册成功但出的窗口!
//跟进去!
:004148E6 8B461C mov eax, dword ptr [esi+1C]
:004148E9 6A00 push 00000000
:004148EB 6A00 push 00000000
:004148ED 6892040000 push 00000492
:004148F2 50 push eax
* Reference To: USER32.SendMessageA, Ord:0214h
|
:004148F3 FF1574654400 Call dword ptr [00446574]
//这个地方是最不明白的了!
//用"安靖"的注册码注册就在这里但出成功的窗口!
//用我自己追出来的注册码,这里是没有反映的!但也能注册成功!
//还请高手指点!
:004148F9 8BCE mov ecx, esi
:004148FB E86DE00100 call 0043296D
:00414900 8BCE mov ecx, esi
:00414902 E81EF60100 call 00433F25
------------------------------------------------------------------
上面004148DA的CALL来到这里:
* Referenced by a CALL at Address:
|:004148DA
|
:00414CC0 51 push ecx
:00414CC1 56 push esi
:00414CC2 8BF1 mov esi, ecx
:00414CC4 57 push edi
:00414CC5 8D442408 lea eax, dword ptr [esp+08]
:00414CC9 6A05 push 00000005
:00414CCB 50 push eax
:00414CCC 8D8EF4010000 lea ecx, dword ptr [esi+000001F4]
:00414CD2 E8D4850100 call 0042D2AB
:00414CD7 8B00 mov eax, dword ptr [eax]
:00414CD9 50 push eax
:00414CDA E8129A0000 call 0041E6F1
:00414CDF 83C404 add esp, 00000004
:00414CE2 8D4C2408 lea ecx, dword ptr [esp+08]
:00414CE6 8BF8 mov edi, eax
:00414CE8 E89CE10100 call 00432E89
:00414CED 8B8EE8010000 mov ecx, dword ptr [esi+000001E8]
:00414CF3 51 push ecx
:00414CF4 E887020000 call 00414F80
:00414CF9 83C404 add esp, 00000004
:00414CFC 3BF8 cmp edi, eax
//关键比较...
//EDI和EAX寄存器分别存着真假注册码的前五位数的十六进制值!
:00414CFE 8986E8010000 mov dword ptr [esi+000001E8], eax
:00414D04 7509 jne 00414D0F
//这里跳走的话就...
:00414D06 6A01 push 00000001
:00414D08 8BCE mov ecx, esi
:00414D0A E8B1FEFFFF call 00414BC0
//这里进去有三个跳转,这三个跳转不跳的话就出现注册成功窗口!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414D04(C)
|
:00414D0F 5F pop edi
:00414D10 5E pop esi
:00414D11 59 pop ecx
:00414D12 C3 ret
------------------------------------------------------------------
上面004148E1的CALL来到这里:
* Referenced by a CALL at Address:
|:004148E1
|
:00414C60 51 push ecx
:00414C61 56 push esi
:00414C62 57 push edi
:00414C63 8BF1 mov esi, ecx
:00414C65 6A05 push 00000005
:00414C67 8D44240C lea eax, dword ptr [esp+0C]
:00414C6B 6A05 push 00000005
:00414C6D 50 push eax
:00414C6E 8D8EF4010000 lea ecx, dword ptr [esi+000001F4]
:00414C74 E820850100 call 0042D199
:00414C79 8B00 mov eax, dword ptr [eax]
:00414C7B 50 push eax
:00414C7C E8709A0000 call 0041E6F1
:00414C81 83C404 add esp, 00000004
:00414C84 8D4C2408 lea ecx, dword ptr [esp+08]
:00414C88 8BF8 mov edi, eax
:00414C8A E8FAE10100 call 00432E89
:00414C8F 8B8EEC010000 mov ecx, dword ptr [esi+000001EC]
:00414C95 51 push ecx
:00414C96 E8B5030000 call 00415050
:00414C9B 83C404 add esp, 00000004
:00414C9E 3BF8 cmp edi, eax
//和上面一样,关键比较...
//EDI和EAX寄存器分别存着真假注册码的前五位数的十六进制值!
:00414CA0 8986EC010000 mov dword ptr [esi+000001EC], eax
:00414CA6 7509 jne 00414CB1
:00414CA8 6A02 push 00000002
:00414CAA 8BCE mov ecx, esi
:00414CAC E80FFFFFFF call 00414BC0
//和上面一样
//这里进去有三个跳转,这三个跳转不跳的话就出现注册成功窗口!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00414CA6(C)
|
:00414CB1 5F pop edi
:00414CB2 5E pop esi
:00414CB3 59 pop ecx
:00414CB4 C3 ret
------------------------------------------------------------------
这里就是00414CAC和00414D0A的CALL来到的地方:
* Referenced by a CALL at Addresses:
|:00414586 , :00414CAC , :00414D0A
|
:00414BC0 56 push esi
:00414BC1 8BF1 mov esi, ecx
:00414BC3 E8CCA20200 call 0043EE94
:00414BC8 8B5004 mov edx, dword ptr [eax+04]
:00414BCB 8B442408 mov eax, dword ptr [esp+08]
:00414BCF 48 dec eax
:00414BD0 7452 je 00414C24
:00414BD2 48 dec eax
:00414BD3 7436 je 00414C0B
//我追出来的正确注册码和"安靖"的注册码在这里都跳走了!
:00414BD5 48 dec eax
:00414BD6 0F8580000000 jne 00414C5C
:00414BDC 6A00 push 00000000
:00414BDE 6A01 push 00000001
:00414BE0 8BCA mov ecx, edx
:00414BE2 C7825802000001000000 mov dword ptr [ebx+00000258], 00000001
:00414BEC E8AFFFFEFF call 00404BA0
:00414BF1 6A00 push 00000000
:00414BF3 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"注册成功, 请重新启动程序!"
|
:00414BF5 68C05B4500 push 00455BC0
:00414BFA E8B43D0200 call 004389B3
:00414BFF 6A00 push 00000000
* Reference To: USER32.PostQuitMessage, Ord:01E0h
|
:00414C01 FF1564644400 Call dword ptr [00446464]
:00414C07 5E pop esi
:00414C08 C20400 ret 0004
------------------------------------------------------------------
【总 结】:
我追出的注册码(邮箱不填也可以):
Yock196
KHSC-3518239909*****(后面五位随便)
安靖兄的注册码:
anjing
KHSC-351821842415032
注册信息保存在C:\WINDOWS\SYSTEM\SysXCasterDrv.sys
用我追出来的注册码按注册后没有反应(但也能成功!)
用安靖兄的注册码按注册后会弹出"注册成功, 请重新启动程序!"的框!
我想可能是我没有追到核心,所以想和大家探讨一下!
我问过安靖了,可是没有解决问题!好没头绪,希望又朋友能帮我看看!
最后在这里真心感谢你花了那么多时间看这篇文章!谢谢了...
9.在线网络电视3.0手记
开 发 商: [url=http://gigo.nease.net/]http://gigo.nease.net/[/url]
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、FI2.5、W32Dasm8.93黄金版
—————————————————————————————
【过 程】:
一个星期前刚看到一本《加密与解密》的书,突然产生了浓厚的兴趣,再加上我们这个学期恰好在学汇编语言,于是就开始学习Crack。一个星期之后,能依葫芦画瓢找这书上写的去破解,但不知其中的道理。管它的哦,那就依葫芦画瓢的来实战演练连一下。去天空里面下了一个网络电视播放软件(目前的水平也就只能破一些小小的东东,稍微变化一点都不会)。
先用Fi看到Tvonline.exe没有加壳,是用Visual C++编写的。然后按常规用W32DASM反汇编,然后串式参考,但是找不到了“你输入的注册码不正确”字样。只能动态调试了。
TRW2000装入目标程序。机器码:8HSDSL7N 填入试炼码:7524859
CTR+N切入TRW,下万能断点:BPX HMEMCPY,F5返回,点注册,立即拦下。
BD,暂停断点。下PMODULE指令,返回程序领空,按F12三十五次,再按F10来到下面。
:00414B7B E8869A0000 Call 0041E606
:00414B80 83F801 cmp eax, 00000001
:00414B83 0F8510020000 jne 00414D99
:00414B89 8D4DE8 lea ecx, dword ptr [ebp-18]
* Reference To: MFC42D.Ordinal:0370, Ord:0370h
|
:00414B8C E85B990000 Call 0041E4EC
:00414B91 50 push eax
:00414B92 8D8DD4FDFFFF lea ecx, dword ptr [ebp+FFFFFDD4]
:00414B98 51 push ecx
* Reference To: MSVCRTD.strcpy, Ord:02DBh
|
:00414B99 E8209D0000 Call 0041E8BE
:00414B9E 83C408 add esp, 00000008
:00414BA1 8D95D4FDFFFF lea edx, dword ptr [ebp+FFFFFDD4]
:00414BA7 52 push edx =====d edx=7524859 假注册码
:00414BA8 8B45F0 mov eax, dword ptr [ebp-10]
:00414BAB 0550010000 add eax, 00000150
:00414BB0 50 push eax =====d eax=98000460真注册码
* Reference To: MSVCRTD.strcmp, Ord:02D9h
|
:00414BB1 E8029D0000 Call 0041E8B8
:00414BB6 83C408 add esp, 00000008
:00414BB9 85C0 test eax, eax
:00414BBB 0F85C4010000 jne 00414D85
:00414BC1 8D4DE8 lea ecx, dword ptr [ebp-18]
:00414BC4 51 push ecx
:00414BC5 8D8DD0FDFFFF lea ecx, dword ptr [ebp+FFFFFDD0]
【整 理】:
机器码:8HSDSL7N
注册码:98000460
【问 题】:
1。MSVCRTD.strcpy 中每句指令是什么意思,为什么edx,eax中就是真假注册码
:00414B99 E8209D0000 Call 0041E8BE
:00414B9E 83C408 add esp, 00000008
:00414BA1 8D95D4FDFFFF lea edx, dword ptr [ebp+FFFFFDD4]
:00414BA7 52 push edx =====d edx=7524859 假注册码
:00414BA8 8B45F0 mov eax, dword ptr [ebp-10]
:00414BAB 0550010000 add eax, 00000150
:00414BB0 50 push eax =====d eax=98000460真注册码
2。这个软件的注册信息是保存在什么地方呢?怎么样可以找到他们啊?
3。为什么在W32DASM中看不到参考字符串呢?
完全初学者的问题,还请各位高手指点一下。
10.去除pdf文件“打印”“拷贝”限制
Acrobat Reader 5.1中文版+windows2000 sp0+softice
网上下载的pdf文件经常打开后只能阅读,不能打印、拷贝等功能,前几天幸好有一个这样的文件急需打印,破解过程如下:
1。打开softice;
2。打开Acrobat Reader,打开要阅读的文件;
3。ctrl+d调出softice,下断bpx Enablemenuitem
4。在reader中点击菜单file;
5。F12三次,往回找可以看到以下代码;
:00414E71 55 push ebp
:00414E72 8BEC mov ebp, esp
:00414E74 A130F17400 mov eax, dword ptr [0074F130]
:00414E79 56 push esi
:00414E7A 8BF1 mov esi, ecx
:00414E7C 8B8818020000 mov ecx, dword ptr [eax+00000218]
:00414E82 85C9 test ecx, ecx
:00414E84 741A