Ideal DVD to PSP Converter 2.1.1算法分析
【破文标题】Ideal DVD to PSP Converter 2.1.1算法分析【破文作者】tianxj
【作者邮箱】[email protected]
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD,DeDe
【破解平台】Windows XP sp3
【软件名称】Ideal DVD to PSP Converter 2.1.1
【软件大小】1691KB
【软件语言】英文
【软件类别】国外软件/视频转换
【软件授权】共享版
【运行环境】Win9x/Me/NT/2000/XP/2003
【更新时间】2009-11-3
【原版下载】http://www.onlinedown.net/soft/73855.htm
【保护方式】注册码
【软件简介】理想的DVD转换是一种简单和强大的DVD到掌机转换。它可以转换任何DVD电影格式,以掌机高视频质量和快速的转换速度。它还可以传输转换的MP4档案到您的索尼PSP。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、对IdealDVD2PSP.exe查壳为Microsoft Visual C++ 6.0
**************************************************************
二、用F12暂停法就可以快速到达关键部位
004138B9 E8 FA1FFFFF call 004058B8
004138BE 8BF8 mov edi, eax
004138C0 6A 00 push 0
004138C2 8D4D CC lea ecx, dword ptr
004138C5 E8 4E4F0600 call <jmp.&MFC42.#CString::GetBuffer_>
004138CA 8BF0 mov esi, eax
004138CC 6A 00 push 0
004138CE 8D4D D4 lea ecx, dword ptr
004138D1 E8 424F0600 call <jmp.&MFC42.#CString::GetBuffer_>
004138D6 50 push eax ; //试炼码
004138D7 56 push esi ; //用户名
004138D8 8BCF mov ecx, edi
004138DA E8 591DFFFF call 00405638 ; //关键CALL
004138DF 85C0 test eax, eax
004138E1 75 5F jnz short 00413942 ; //关键跳转
004138E3 6A 30 push 30
004138E5 6A 00 push 0
004138E7 68 C0C84A00 push 004AC8C0 ; ASCII "The registration code isn't correct. We strongly recommend you copy and then paste it to the register window!"
004138EC E8 875B0000 call 00419478
004138F1 83C4 0C add esp, 0C
004138F4 68 44C04A00 push 004AC044
004138F9 8B4D E8 mov ecx, dword ptr
004138FC E8 B54D0600 call <jmp.&MFC42.#CWnd::SetWindowText>
00413901 68 44C04A00 push 004AC044
00413906 8BCB mov ecx, ebx
00413908 E8 A94D0600 call <jmp.&MFC42.#CWnd::SetWindowText>
0041390D C745 D8 0000000>mov dword ptr , 0
00413914 8D4D D4 lea ecx, dword ptr
00413917 E8 9C4B0600 call <jmp.&MFC42.#CString::~CString_8>
0041391C C745 D0 0000000>mov dword ptr , 0
00413923 8D4D CC lea ecx, dword ptr
00413926 E8 8D4B0600 call <jmp.&MFC42.#CString::~CString_8>
0041392B 8B7D DC mov edi, dword ptr
0041392E 8B75 E0 mov esi, dword ptr
00413931 8B5D E4 mov ebx, dword ptr
00413934 8B4D F4 mov ecx, dword ptr
00413937 64:890D 0000000>mov dword ptr fs:, ecx
0041393E 8BE5 mov esp, ebp
00413940 5D pop ebp
00413941 C3 retn
00413942 8D45 B4 lea eax, dword ptr
00413945 50 push eax
00413946 E8 85670100 call 0042A0D0
0041394B 59 pop ecx
0041394C C745 FC 0300000>mov dword ptr , 3
00413953 6A 30 push 30
00413955 6A 00 push 0
00413957 FF75 B4 push dword ptr
0041395A E8 195B0000 call 00419478
0041395F 83C4 0C add esp, 0C
00413962 C745 FC 0100000>mov dword ptr , 1
00413969 8D4D B4 lea ecx, dword ptr
0041396C E8 474B0600 call <jmp.&MFC42.#CString::~CString_8>
00413971^ E9 4AFEFFFF jmp 004137C0
00413976 90 nop
00413977 90 nop
00413978 B8 D8A14800 mov eax, 0048A1D8
0041397D C3 retn
=========================================================
00405638 57 push edi
00405639 56 push esi
0040563A 53 push ebx
0040563B 81EC 00020000 sub esp, 200
00405641 8BBC24 10020000 mov edi, dword ptr ; //用户名
00405648 33C0 xor eax, eax
0040564A 8A37 mov dh, byte ptr
0040564C 8BCF mov ecx, edi
0040564E 84F6 test dh, dh
00405650 74 0C je short 0040565E
00405652 83C1 01 add ecx, 1
00405655 83C0 01 add eax, 1
00405658 8A11 mov dl, byte ptr
0040565A 84D2 test dl, dl
0040565C^ 75 F4 jnz short 00405652
0040565E 8BD0 mov edx, eax ; //用户名长度
00405660 85D2 test edx, edx
00405662 0F8E 40010000 jle 004057A8 ; //用户名为空则跳
00405668 8BBC24 10020000 mov edi, dword ptr
0040566F 33DB xor ebx, ebx
00405671 33C0 xor eax, eax
00405673 0FBE3438 movsx esi, byte ptr ; //逐位取用户名
00405677 8BCA mov ecx, edx ; //用户名长度
00405679 2BC8 sub ecx, eax ; //用户名长度减去已循环次数
0040567B 0FAFF1 imul esi, ecx ; //esi=esi*ecx
0040567E 83C0 01 add eax, 1 ; //计数器+1
00405681 03DE add ebx, esi ; //累加到ebx
00405683 0FB7DB movzx ebx, bx
00405686 3BC2 cmp eax, edx
00405688^ 7C E9 jl short 00405673 ; //循环
0040568A 8BBC24 14020000 mov edi, dword ptr ; //试炼码
00405691 33C0 xor eax, eax
00405693 8A37 mov dh, byte ptr
00405695 8BCF mov ecx, edi
00405697 84F6 test dh, dh
00405699 74 0C je short 004056A7
0040569B 83C1 01 add ecx, 1
0040569E 83C0 01 add eax, 1
004056A1 8A11 mov dl, byte ptr
004056A3 84D2 test dl, dl
004056A5^ 75 F4 jnz short 0040569B
004056A7 83F8 14 cmp eax, 14
004056AA 74 0E je short 004056BA ; //注册码必须是20位
004056AC 33C0 xor eax, eax
004056AE 81C4 00020000 add esp, 200
004056B4 5B pop ebx
004056B5 5E pop esi
004056B6 5F pop edi
004056B7 C2 0800 retn 8
004056BA 8D3C24 lea edi, dword ptr
004056BD 33C0 xor eax, eax
004056BF B9 00010000 mov ecx, 100
004056C4 25 FFFF0000 and eax, 0FFFF
004056C9 8AE0 mov ah, al
004056CB 8BF1 mov esi, ecx
004056CD 8BD0 mov edx, eax
004056CF C1E0 10 shl eax, 10
004056D2 C1E9 02 shr ecx, 2
004056D5 0BC2 or eax, edx
004056D7 F3:AB rep stos dword ptr es:
004056D9 8BCE mov ecx, esi
004056DB 83E1 03 and ecx, 3
004056DE F3:AA rep stos byte ptr es:
004056E0 8DBC24 00010000 lea edi, dword ptr
004056E7 33C0 xor eax, eax
004056E9 B9 00010000 mov ecx, 100
004056EE 25 FFFF0000 and eax, 0FFFF
004056F3 8AE0 mov ah, al
004056F5 8BF1 mov esi, ecx
004056F7 8BD0 mov edx, eax
004056F9 C1E0 10 shl eax, 10
004056FC C1E9 02 shr ecx, 2
004056FF 0BC2 or eax, edx
00405701 F3:AB rep stos dword ptr es:
00405703 8BCE mov ecx, esi
00405705 83E1 03 and ecx, 3
00405708 F3:AA rep stos byte ptr es:
0040570A 8D0424 lea eax, dword ptr
0040570D 53 push ebx
0040570E 68 44C34A00 push 004AC344 ; ASCII "%04X"
00405713 50 push eax
00405714 FF15 E4974800 call dword ptr [<&MSVCRT.sprintf>] ; MSVCRT.sprintf//将ebx格式化输出
0040571A 8B9C24 20020000 mov ebx, dword ptr ; //试炼码
00405721 8BB424 20020000 mov esi, dword ptr
00405728 8BBC24 20020000 mov edi, dword ptr
0040572F 8D8C24 0C010000 lea ecx, dword ptr
00405736 0FBE53 07 movsx edx, byte ptr ; //试炼码第8位
0040573A 0FBE46 13 movsx eax, byte ptr ; //试炼码第20位
0040573E 8B9C24 20020000 mov ebx, dword ptr
00405745 0FBE77 0E movsx esi, byte ptr ; //试炼码第15位
00405749 0FBE5B 12 movsx ebx, byte ptr ; //试炼码第19位
0040574D 53 push ebx
0040574E 56 push esi
0040574F 50 push eax
00405750 52 push edx
00405751 68 4CC34A00 push 004AC34C ; ASCII "%c%c%c%c"
00405756 51 push ecx
00405757 FF15 E4974800 call dword ptr [<&MSVCRT.sprintf>] ; MSVCRT.sprintf
0040575D 83C4 24 add esp, 24
00405760 8D3C24 lea edi, dword ptr
00405763 8DB424 00010000 lea esi, dword ptr
0040576A 8A17 mov dl, byte ptr ; //格式化字符串第1位、第3位
0040576C 3A16 cmp dl, byte ptr ; //试炼码第8位、第15位
0040576E 75 1A jnz short 0040578A
00405770 0AD2 or dl, dl
00405772 74 12 je short 00405786
00405774 8A57 01 mov dl, byte ptr ; //格式化字符串第2位、第4位
00405777 3A56 01 cmp dl, byte ptr ; //试炼码第20位、第19位
0040577A 75 0E jnz short 0040578A
0040577C 83C7 02 add edi, 2
0040577F 83C6 02 add esi, 2
00405782 0AD2 or dl, dl
00405784^ 75 E4 jnz short 0040576A ; //循环比较
00405786 33C0 xor eax, eax
00405788 EB 05 jmp short 0040578F
0040578A 1BC0 sbb eax, eax
0040578C 83C8 01 or eax, 1
0040578F 85C0 test eax, eax
00405791^ 0F85 15FFFFFF jnz 004056AC
00405797 B8 01000000 mov eax, 1 ; //标志位赋值
0040579C 81C4 00020000 add esp, 200
004057A2 5B pop ebx
004057A3 5E pop esi
004057A4 5F pop edi
004057A5 C2 0800 retn 8
**************************************************************
【破解总结】
--------------------------------------------------------------
【算法总结】
1.注册码必须是20位
2.取用户名长度减去循环次数后与用户名ASCII码相乘,累加乘积,格式化为%04X形式。
取试炼码第8位、第20位、试炼码第15位、试炼码第19位与格式化的结果逐位比较。
--------------------------------------------------------------
【算法注册机】
〖VB代码〗
Private Sub Command1_Click()
If Len(Text1.Text) = 0 Then
Text2.Text = "输入有误,请重新输入!"
Else
For i = 1 To Len(Text1.Text)
j = Len(Text1.Text) - i + 1
x = Asc(Mid(Text1.Text, i, 1)) * j
y = y + x
Next
z = Right("0000" & Hex(y), 4)
Text2.Text = Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Mid(z, 1, 1) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Mid(z, 3, 1) & Int(Rnd() * 10) & Int(Rnd() * 10) & Int(Rnd() * 10) & Mid(z, 4, 1) & Mid(z, 2, 1) 'Int(Rnd()'"1234567" & Mid(z, 1, 1) & "901234" & Mid(z, 3, 1) & "678" & Mid(z, 4, 1) & Mid(z, 2, 1)
End If
End Sub
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! /:good 哈哈,今天看到了T大好多精彩文章,学习了 很详细,值得看一看/:014 学习了!/:good 学习了!
感谢T大!!!
页:
[1]