Open Video Converter 3.3.1.6算法分析
本帖最后由 老万 于 2011-2-4 20:40 编辑【破文标题】Open Video Converter 3.3.1.6算法分析
【破文作者】老万
【破解工具】peid,od
【破解平台】xp
【原版下载】http://search.newhua.com/softdown/27574_2.htm
【软件简介】
Open Video Converter 是一款易于使用的视频转换,分割和编辑工具.它能转换多个视频格式如MPG, AVI, ASF, WMV到AVI 文件. 它能改变帧尺寸,帧频,视频和音频压缩编码.主要功能有: -转换MPEG,WMV,ASF,MPG,VCD,OGM,DAT,SVCD为AVI. 支持DIVX,XVID编码. -分割视频文件 -改变帧尺寸,调整视频屏幕高宽比. -通过选择不同编码率改变视频文件大小 -改变AVI文件的视频和音频压缩编码.
【破解声明】请不要将本软件用于非法用途,否则后果自负!
【破解过程】
PEID查壳:Microsoft Visual C++ v7.0
直接来到关键地方:
0041FBE0 .55 push ebp
0041FBE1 .8BF1 mov esi,ecx
0041FBE3 .E8 98060200 call VideoCon.00440280 ;获取用户名
0041FBE8 .8B46 70 mov eax,dword ptr ds:
0041FBEB .8B78 F4 mov edi,dword ptr ds:
0041FBEE .83FF 02 cmp edi,0x2 ;用户名长度比较
0041FBF1 .0F8D E0000000 jge VideoCon.0041FCD7
0041FBF7 .E8 84490200 call VideoCon.00444580
0041FBFC .8B10 mov edx,dword ptr ds:
0041FBFE .8BC8 mov ecx,eax
0041FC00 .FF52 0C call dword ptr ds:
0041FC03 .83C0 10 add eax,0x10
0041FC06 .894424 18 mov dword ptr ss:,eax
0041FC0A .6A 67 push 0x67
0041FC0C .8D4424 20 lea eax,dword ptr ss:
.....................................
0041FCD7 > \8B46 74 mov eax,dword ptr ds: ;假注册码送入eax
0041FCDA .8B40 F4 mov eax,dword ptr ds: ;假注册码长度送入eax
0041FCDD .83F8 08 cmp eax,0x8 ;假注册码长度与8比较
0041FCE0 .53 push ebx
.......................................
0041FD96 > \8B46 70 mov eax,dword ptr ds: ;用户名ASCII码送入eax
0041FD99 .8B48 F4 mov ecx,dword ptr ds:
0041FD9C .85C9 test ecx,ecx
0041FD9E .7D 0A jge XVideoCon.0041FDAA
0041FDA0 .68 57000780 push 0x80070057
0041FDA5 .E8 5615FEFF call VideoCon.00401300
0041FDAA >8A10 mov dl,byte ptr ds: ;用户名第1位ASCII码送入dl
0041FDAC .8B46 70 mov eax,dword ptr ds:
0041FDAF .3968 F4 cmp dword ptr ds:,ebp
0041FDB2 .7D 0A jge XVideoCon.0041FDBE
0041FDB4 .68 57000780 push 0x80070057
0041FDB9 .E8 4215FEFF call VideoCon.00401300
0041FDBE >8A40 01 mov al,byte ptr ds:
0041FDC1 .884424 11 mov byte ptr ss:,al
0041FDC5 .8B46 70 mov eax,dword ptr ds:
0041FDC8 .8B48 F4 mov ecx,dword ptr ds:
0041FDCB .85C9 test ecx,ecx
0041FDCD .7D 0A jge XVideoCon.0041FDD9
0041FDCF .68 57000780 push 0x80070057
0041FDD4 .E8 2715FEFF call VideoCon.00401300
0041FDD9 >8B4E 70 mov ecx,dword ptr ds:
0041FDDC .8A18 mov bl,byte ptr ds:
0041FDDE .3969 F4 cmp dword ptr ds:,ebp
0041FDE1 .7D 0A jge XVideoCon.0041FDED
0041FDE3 .68 57000780 push 0x80070057
0041FDE8 .E8 1315FEFF call VideoCon.00401300
0041FDED >0FB6C2 movzx eax,dl ;用户名第1位ASCII码值送入eax
0041FDF0 .83C8 41 or eax,0x41 ;与0X41或运算
0041FDF3 .99 cdq
0041FDF4 .BD 0A000000 mov ebp,0xA ;ebp=0XA
0041FDF9 .F7FD idiv ebp ;相除,取余数
0041FDFB .0FB64424 11 movzx eax,byte ptr ss: ;用户名第2位ASCII码值送入eax
0041FE00 .83C8 56 or eax,0x56 ;与0X56或运算
0041FE03 .885424 16 mov byte ptr ss:,dl ;存放真码第1位
0041FE07 .99 cdq
0041FE08 .F7FD idiv ebp ;相除,取余数
0041FE0A .0FB6C3 movzx eax,bl ;用户名第1位ASCII码值送入eax
0041FE0D .83C8 49 or eax,0x49 ;与0X49或运算
0041FE10 .8BDD mov ebx,ebp ;ebx=ebp=0XA
0041FE12 .885424 11 mov byte ptr ss:,dl ;存放真码第2位
0041FE16 .99 cdq
0041FE17 .F7FB idiv ebx ;相除,取余数
0041FE19 .0FB641 01 movzx eax,byte ptr ds: ;用户名第2位ASCII码值送入eax
0041FE1D .83C8 43 or eax,0x43 ;与0X43或运算
0041FE20 .8BCD mov ecx,ebp ;ecx=ebp=0XA
0041FE22 .885424 17 mov byte ptr ss:,dl ;存放真码第3位
0041FE26 .99 cdq
0041FE27 .F7F9 idiv ecx ;相除,取余数
0041FE29 .33C0 xor eax,eax ;寄存器清空
0041FE2B .33C9 xor ecx,ecx
0041FE2D .85FF test edi,edi
0041FE2F .885424 18 mov byte ptr ss:,dl ;存放真码第4位
0041FE33 .7E 1F jle XVideoCon.0041FE54
0041FE35 >85C9 test ecx,ecx
0041FE37 .0F8C E6000000 jl VideoCon.0041FF23
0041FE3D .8B56 70 mov edx,dword ptr ds:
0041FE40 .3B4A F4 cmp ecx,dword ptr ds:
0041FE43 .0F8F DA000000 jg VideoCon.0041FF23
0041FE49 .0FB6140A movzx edx,byte ptr ds: ;计算用户名的ASCII码累加值,送入eax
0041FE4D .03C2 add eax,edx
0041FE4F .41 inc ecx
0041FE50 .3BCF cmp ecx,edi
0041FE52 .^ 7C E1 jl XVideoCon.0041FE35
0041FE54 >99 cdq
0041FE55 .B9 0A000000 mov ecx,0xA ;ecx=0XA
0041FE5A .F7F9 idiv ecx ;相除,取余数
0041FE5C .8B46 74 mov eax,dword ptr ds: ;假注册码送入eax
0041FE5F .8B48 F4 mov ecx,dword ptr ds: ;假注册码长度送入ecx
0041FE62 .85C9 test ecx,ecx
0041FE64 .885424 19 mov byte ptr ss:,dl ;存放真码第5位
0041FE68 .7D 0A jge XVideoCon.0041FE74
0041FE6A .68 57000780 push 0x80070057
0041FE6F .E8 8C14FEFF call VideoCon.00401300
0041FE74 >8A10 mov dl,byte ptr ds: ;假注册码第1位送入dl
0041FE76 .8B4E 74 mov ecx,dword ptr ds: ;假注册码送入ecx
0041FE79 .8379 F4 01 cmp dword ptr ds:,0x1
0041FE7D .885424 1A mov byte ptr ss:,dl ;假注册码第1位送入
0041FE81 .7D 0A jge XVideoCon.0041FE8D
0041FE83 .68 57000780 push 0x80070057
0041FE88 .E8 7314FEFF call VideoCon.00401300
0041FE8D >8A41 01 mov al,byte ptr ds: ;假注册码第2位送入al
0041FE90 .8B4E 74 mov ecx,dword ptr ds:
0041FE93 .884424 12 mov byte ptr ss:,al ;假注册码第2位送入
0041FE97 .8379 F4 02 cmp dword ptr ds:,0x2
0041FE9B .7D 0A jge XVideoCon.0041FEA7
0041FE9D .68 57000780 push 0x80070057
0041FEA2 .E8 5914FEFF call VideoCon.00401300
0041FEA7 >8A49 02 mov cl,byte ptr ds: ;假注册码第3位送入cl
0041FEAA .884C24 13 mov byte ptr ss:,cl ;假注册码第3位送入
0041FEAE .8B4E 74 mov ecx,dword ptr ds:
0041FEB1 .8379 F4 03 cmp dword ptr ds:,0x3
0041FEB5 .7D 0A jge XVideoCon.0041FEC1
0041FEB7 .68 57000780 push 0x80070057
0041FEBC .E8 3F14FEFF call VideoCon.00401300
0041FEC1 >8A41 03 mov al,byte ptr ds: ;假注册码第4位送入al
0041FEC4 .8B4E 74 mov ecx,dword ptr ds:
0041FEC7 .884424 14 mov byte ptr ss:,al ;假注册码第4位送入
0041FECB .8379 F4 04 cmp dword ptr ds:,0x4
0041FECF .7D 0A jge XVideoCon.0041FEDB
0041FED1 .68 57000780 push 0x80070057
0041FED6 .E8 2514FEFF call VideoCon.00401300
0041FEDB >8A49 04 mov cl,byte ptr ds: ;假注册码第5位送入cl
0041FEDE .884C24 15 mov byte ptr ss:,cl ;假注册码第5位送入
0041FEE2 .8B4E 74 mov ecx,dword ptr ds:
0041FEE5 .8379 F4 05 cmp dword ptr ds:,0x5
0041FEE9 .7D 0A jge XVideoCon.0041FEF5
0041FEEB .68 57000780 push 0x80070057
0041FEF0 .E8 0B14FEFF call VideoCon.00401300
0041FEF5 >8A41 05 mov al,byte ptr ds: ;假注册码第6位送入al
0041FEF8 .8B4E 74 mov ecx,dword ptr ds:
0041FEFB .8B79 F4 mov edi,dword ptr ds:
0041FEFE .83FF 06 cmp edi,0x6
0041FF01 .884424 1B mov byte ptr ss:,al ;假注册码第6位送入
0041FF05 .7D 0A jge XVideoCon.0041FF11
0041FF07 .68 57000780 push 0x80070057
0041FF0C .E8 EF13FEFF call VideoCon.00401300
0041FF11 >8B7E 74 mov edi,dword ptr ds:
0041FF14 .8B6F F4 mov ebp,dword ptr ds:
0041FF17 .8A41 06 mov al,byte ptr ds: ;假注册码第7位送入al
0041FF1A .BB 07000000 mov ebx,0x7
0041FF1F .3BEB cmp ebp,ebx
0041FF21 .7D 0A jge XVideoCon.0041FF2D
0041FF23 >68 57000780 push 0x80070057
0041FF28 .E8 D313FEFF call VideoCon.00401300
0041FF2D >8A4F 07 mov cl,byte ptr ds: ;假注册码第8位送入cl
0041FF30 .0FB66C24 16 movzx ebp,byte ptr ss: ;真码第1位送入ebp
0041FF35 .0FB6FA movzx edi,dl ;假注册码第1位送入edi
0041FF38 .83EF 30 sub edi,0x30
0041FF3B .3BEF cmp ebp,edi ;真假注册码第1位比较
0041FF3D 75 48 jnz XVideoCon.0041FF87
0041FF3F .0FB65424 12 movzx edx,byte ptr ss:
0041FF44 .0FB67C24 11 movzx edi,byte ptr ss:
0041FF49 .83EA 30 sub edx,0x30
0041FF4C .3BFA cmp edi,edx ;真假注册码第2位比较
0041FF4E 75 33 jnz XVideoCon.0041FF83
0041FF50 .0FB65424 13 movzx edx,byte ptr ss:
0041FF55 .0FB67C24 17 movzx edi,byte ptr ss:
0041FF5A .83EA 30 sub edx,0x30
0041FF5D .3BFA cmp edi,edx ;真假注册码第3位比较
0041FF5F 75 22 jnz XVideoCon.0041FF83
0041FF61 .0FB65424 14 movzx edx,byte ptr ss:
0041FF66 .0FB67C24 18 movzx edi,byte ptr ss:
0041FF6B .83EA 30 sub edx,0x30
0041FF6E .3BFA cmp edi,edx ;真假注册码第4位比较
0041FF70 75 11 jnz XVideoCon.0041FF83
0041FF72 .0FB65424 15 movzx edx,byte ptr ss:
0041FF77 .0FB67C24 19 movzx edi,byte ptr ss:
0041FF7C .83EA 30 sub edx,0x30
0041FF7F .3BFA cmp edi,edx ;真假注册码第5位比较
0041FF81 .74 55 je XVideoCon.0041FFD8
0041FF83 >8A5424 1A mov dl,byte ptr ss: ;下面是万能密码
0041FF87 >80FA 35 cmp dl,0x35 ;假注册码第1位与5比较
0041FF8A 0F85 D7000000 jnz VideoCon.00420067
0041FF90 .807C24 12 31cmp byte ptr ss:,0x31 ;假注册码第2位与1比较
0041FF95 0F85 CC000000 jnz VideoCon.00420067
0041FF9B .807C24 13 38cmp byte ptr ss:,0x38 ;假注册码第3位与8比较
0041FFA0 0F85 C1000000 jnz VideoCon.00420067
0041FFA6 .807C24 14 39cmp byte ptr ss:,0x39 ;假注册码第4位与9比较
0041FFAB 0F85 B6000000 jnz VideoCon.00420067
0041FFB1 .807C24 15 37cmp byte ptr ss:,0x37 ;假注册码第5位与7比较
0041FFB6 0F85 AB000000 jnz VideoCon.00420067
0041FFBC .807C24 1B 36cmp byte ptr ss:,0x36 ;假注册码第6位与6比较
0041FFC1 0F85 A0000000 jnz VideoCon.00420067
0041FFC7 .3C 32 cmp al,0x32 ;假注册码第7位与2比较
0041FFC9 0F85 98000000 jnz VideoCon.00420067
0041FFCF .80F9 39 cmp cl,0x39 ;假注册码第8位与9比较
0041FFD2 0F85 8F000000 jnz VideoCon.00420067
0041FFD8 >6A 6A push 0x6A
0041FFDA .8D4424 24 lea eax,dword ptr ss:
0041FFDE .50 push eax
0041FFDF .B9 506E4900 mov ecx,VideoCon.00496E50 ;>FD
0041FFE4 .E8 7706FFFF call VideoCon.00410660
0041FFE9 .8B00 mov eax,dword ptr ds:
0041FFEB .6A 00 push 0x0
0041FFED .68 88A14500 push VideoCon.0045A188 ;OK
0041FFF2 .50 push eax
0041FFF3 .8BCE mov ecx,esi
0041FFF5 .C74424 3C 060>mov dword ptr ss:,0x6
0041FFFD .E8 20020200 call VideoCon.00440222
00420002 .8D4C24 20 lea ecx,dword ptr ss:
00420006 .C74424 30 FFF>mov dword ptr ss:,-0x1
0042000E .E8 9D37FEFF call VideoCon.004037B0
00420013 .8B7E 70 mov edi,dword ptr ds:
00420016 .E8 B7E40200 call VideoCon.0044E4D2
0042001B .8B40 04 mov eax,dword ptr ds:
0042001E .57 push edi
0042001F .68 D4944500 push VideoCon.004594D4 ;username
00420024 .68 F87A4500 push VideoCon.00457AF8 ;Option
算法:
1.用户名长度大于2位,注册码长度要大于8位
2.用户名第1位ASCII码值与0X41或运算 ,结果除以0XA,余数是真码第1位
3.用户名第2位ASCII码值与0X56或运算 ,结果除以0XA,余数是真码第2位
4.用户名第1位ASCII码值与0X49或运算 ,结果除以0XA,余数是真码第3位
5.用户名第2位ASCII码值与0X43或运算 ,结果除以0XA,余数是真码第4位
6.用户名的ASCII码累加值除以0XA,余数是真码第5位
7.其余各位随意
此软件还有一个万能密码:51897629
【版权声明】本文只在于研究算法和破解思路,请不要用于非法用途。 不错,分析的很详细啊 学习了!顶下老万兄弟.... 好久不见老万了哈,谢谢分享您的心得。 学习了!顶下老万兄弟.... 多谢老万的文章。
页:
[1]