Magic Excel Recovery算法注册分析【附注册机】
本帖最后由 crackvip 于 2014-6-20 22:19 编辑下载程序,试运行,点注册,随便输入crackvip,0123456789,
点注册,弹出注册框,呵呵
无壳
好吧OD载入
00CFD954 > $55 PUSH EBP ;停在这
00CFD955 .8BEC MOV EBP, ESP
00CFD957 .83C4 E8 ADD ESP, -0x18
00CFD95A .53 PUSH EBX
00CFD95B .56 PUSH ESI
F9运行,注册,弹窗,暂停,返到用户代码,回朔。。。。。。
找到这里,呵呵
00619C04 $55 PUSH EBP ;算法;;本地调用来自 00619F70, 00619F8F, 00619FAE
00619C05 .8BEC MOV EBP, ESP
00619C07 .B9 0C000000 MOV ECX, 0xC
00619C0C >6A 00 PUSH 0x0
00619C0E .6A 00 PUSH 0x0
00619C10 .49 DEC ECX
00619C11 .^ 75 F9 JNZ SHORT Magic_Ex.00619C0C
00619C13 .53 PUSH EBX
00619C14 .56 PUSH ESI
00619C15 .57 PUSH EDI
00619C16 .8945 FC MOV DWORD PTR SS:, EAX
00619C19 .8B45 FC MOV EAX, DWORD PTR SS:
00619C1C .E8 07E1DEFF CALL Magic_Ex.00407D28
00619C21 .33C0 XOR EAX, EAX
00619C23 .55 PUSH EBP
00619C24 .68 749E6100 PUSH Magic_Ex.00619E74
00619C29 .64:FF30 PUSH DWORD PTR FS:
00619C2C .64:8920 MOV DWORD PTR FS:, ESP
00619C2F .33C0 XOR EAX, EAX
00619C31 .55 PUSH EBP
00619C32 .68 FB9D6100 PUSH Magic_Ex.00619DFB
00619C37 .64:FF30 PUSH DWORD PTR FS:
00619C3A .64:8920 MOV DWORD PTR FS:, ESP
00619C3D .C645 FB 00 MOV BYTE PTR SS:, 0x0
00619C41 .8D45 C4 LEA EAX, DWORD PTR SS:
00619C44 .8B55 08 MOV EDX, DWORD PTR SS:
00619C47 .8B52 FC MOV EDX, DWORD PTR DS: ;用户名
00619C4A .E8 19F1DEFF CALL Magic_Ex.00408D68
00619C4F .8B45 C4 MOV EAX, DWORD PTR SS:
00619C52 .8D55 C8 LEA EDX, DWORD PTR SS:
00619C55 .E8 927BE0FF CALL Magic_Ex.004217EC ;变大写,并将长度放到EAX
00619C5A .8B55 C8 MOV EDX, DWORD PTR SS:
00619C5D .8D45 CC LEA EAX, DWORD PTR SS:
00619C60 .E8 EFF0DEFF CALL Magic_Ex.00408D54
00619C65 .8B45 CC MOV EAX, DWORD PTR SS:
00619C68 .8D55 E8 LEA EDX, DWORD PTR SS:
00619C6B .E8 DC7CE0FF CALL Magic_Ex.0042194C
00619C70 .8D45 E4 LEA EAX, DWORD PTR SS:
00619C73 .E8 CCDFDEFF CALL Magic_Ex.00407C44
00619C78 .8D55 BC LEA EDX, DWORD PTR SS:
00619C7B .B8 8C9E6100 MOV EAX, Magic_Ex.00619E8C ;Magic Excel Recovery
00619C80 .E8 677BE0FF CALL Magic_Ex.004217EC ;变大写,并将长度放到EAX
00619C85 .8B55 BC MOV EDX, DWORD PTR SS:
00619C88 .8D45 C0 LEA EAX, DWORD PTR SS:
00619C8B .E8 C4F0DEFF CALL Magic_Ex.00408D54
00619C90 .8B45 C0 MOV EAX, DWORD PTR SS:
00619C93 .8D55 E0 LEA EDX, DWORD PTR SS:
00619C96 .E8 B17CE0FF CALL Magic_Ex.0042194C
00619C9B .8D45 AC LEA EAX, DWORD PTR SS:
00619C9E .8B55 FC MOV EDX, DWORD PTR SS: ;版本特征
00619CA1 .E8 C2F0DEFF CALL Magic_Ex.00408D68
00619CA6 .8B45 AC MOV EAX, DWORD PTR SS:
00619CA9 .8D55 B0 LEA EDX, DWORD PTR SS:
00619CAC .E8 3B7BE0FF CALL Magic_Ex.004217EC ;变大写,并将长度放到EAX
00619CB1 .8B55 B0 MOV EDX, DWORD PTR SS:
00619CB4 .8D45 B4 LEA EAX, DWORD PTR SS:
00619CB7 .E8 98F0DEFF CALL Magic_Ex.00408D54
00619CBC .8B45 B4 MOV EAX, DWORD PTR SS:
00619CBF .8D55 B8 LEA EDX, DWORD PTR SS:
00619CC2 .E8 857CE0FF CALL Magic_Ex.0042194C
00619CC7 .8B55 B8 MOV EDX, DWORD PTR SS:
00619CCA .8D45 FC LEA EAX, DWORD PTR SS:
00619CCD .E8 9AE3DEFF CALL Magic_Ex.0040806C
00619CD2 .B2 01 MOV DL, 0x1
00619CD4 .A1 50326100 MOV EAX, DWORD PTR DS: ; /a
00619CD9 .E8 9E96FFFF CALL Magic_Ex.0061337C
00619CDE .8945 D8 MOV DWORD PTR SS:, EAX
00619CE1 .33C0 XOR EAX, EAX
00619CE3 .55 PUSH EBP
00619CE4 .68 EA9D6100 PUSH Magic_Ex.00619DEA
00619CE9 .64:FF30 PUSH DWORD PTR FS:
00619CEC .64:8920 MOV DWORD PTR FS:, ESP
00619CEF >EB 06 JMP SHORT Magic_Ex.00619CF7
00619CF1 >^ EB FC JMP SHORT Magic_Ex.00619CEF
00619CF3 .^ EB FC JMP SHORT Magic_Ex.00619CF1
00619CF5 FF DB FF
00619CF6 .F8 CLC
00619CF7 >8D45 A8 LEA EAX, DWORD PTR SS:
00619CFA .50 PUSH EAX
00619CFB .E8 A03BE1FF CALL Magic_Ex.0042D8A0
00619D00 .50 PUSH EAX
00619D01 .FF75 E8 PUSH DWORD PTR SS: ;假码大写
00619D04 .FF75 E0 PUSH DWORD PTR SS: ; "MAGIC EXCEL RECOVERY"
00619D07 .FF75 FC PUSH DWORD PTR SS: ;版本特征
00619D0A .68 C49E6100 PUSH Magic_Ex.00619EC4 ;BDDEEE28-4FE9-4E2E-B24A-E92F2881512C
00619D0F .8D45 A4 LEA EAX, DWORD PTR SS:
00619D12 .BA 04000000 MOV EDX, 0x4
00619D17 .E8 34F2DEFF CALL Magic_Ex.00408F50 ;合并后,取50长度
00619D1C .8B55 A4 MOV EDX, DWORD PTR SS: ; "CRACKVIPMAGIC EXCEL RECOVERYHOME EDITIONBDDEEE28-4")
00619D1F .8B45 D8 MOV EAX, DWORD PTR SS:
00619D22 .59 POP ECX
00619D23 .E8 348CFFFF CALL Magic_Ex.0061295C ;这个CALL已经算码了
00619D28 .8B45 A8 MOV EAX, DWORD PTR SS: ; (UNICODE "934724CCB3A30236DA71ACA0959EB90E")
00619D2B .8D55 DC LEA EDX, DWORD PTR SS:
00619D2E .E8 1976E0FF CALL Magic_Ex.0042134C
00619D33 .33C0 XOR EAX, EAX
00619D35 .8945 F4 MOV DWORD PTR SS:, EAX
00619D38 >837D F4 00 CMP DWORD PTR SS:, 0x0
00619D3C .74 0D JE SHORT Magic_Ex.00619D4B
00619D3E .8D45 E4 LEA EAX, DWORD PTR SS:
00619D41 .BA 1C9F6100 MOV EDX, Magic_Ex.00619F1C ;-
00619D46 .E8 25F1DEFF CALL Magic_Ex.00408E70
00619D4B >33C0 XOR EAX, EAX
00619D4D .8945 F0 MOV DWORD PTR SS:, EAX
00619D50 >8B45 F4 MOV EAX, DWORD PTR SS:
00619D53 .C1E0 02 SHL EAX, 0x2
00619D56 .0345 F0 ADD EAX, DWORD PTR SS:
00619D59 .8B55 DC MOV EDX, DWORD PTR SS:
00619D5C .0FB70442 MOVZX EAX, WORD PTR DS:
00619D60 .8D55 EC LEA EDX, DWORD PTR SS:
00619D63 .E8 6482E0FF CALL Magic_Ex.00421FCC
00619D68 .8B45 EC MOV EAX, DWORD PTR SS:
00619D6B .8945 D4 MOV DWORD PTR SS:, EAX
00619D6E .837D D4 00 CMP DWORD PTR SS:, 0x0
00619D72 .74 0B JE SHORT Magic_Ex.00619D7F
00619D74 .8B45 D4 MOV EAX, DWORD PTR SS:
00619D77 .83E8 04 SUB EAX, 0x4
00619D7A .8B00 MOV EAX, DWORD PTR DS:
00619D7C .8945 D4 MOV DWORD PTR SS:, EAX
00619D7F >8D45 A0 LEA EAX, DWORD PTR SS:
00619D82 .8B55 EC MOV EDX, DWORD PTR SS:
00619D85 .8B4D D4 MOV ECX, DWORD PTR SS:
00619D88 .66:8B544A FEMOV DX, WORD PTR DS:
00619D8D .E8 F2EEDEFF CALL Magic_Ex.00408C84
00619D92 .8B55 A0 MOV EDX, DWORD PTR SS:
00619D95 .8D45 E4 LEA EAX, DWORD PTR SS:
00619D98 .E8 D3F0DEFF CALL Magic_Ex.00408E70
00619D9D .FF45 F0 INC DWORD PTR SS:
00619DA0 .837D F0 04 CMP DWORD PTR SS:, 0x4
00619DA4 .^ 75 AA JNZ SHORT Magic_Ex.00619D50
00619DA6 .FF45 F4 INC DWORD PTR SS:
00619DA9 .837D F4 04 CMP DWORD PTR SS:, 0x4
00619DAD .^ 75 89 JNZ SHORT Magic_Ex.00619D38
00619DAF .8B45 E4 MOV EAX, DWORD PTR SS:
00619DB2 .8B55 08 MOV EDX, DWORD PTR SS:
00619DB5 .8B52 F8 MOV EDX, DWORD PTR DS:
00619DB8 .E8 A3F2DEFF CALL Magic_Ex.00409060
分别找到这三个调用,到这里
00619F52 .55 PUSH EBP ;版本号判断,呵呵
00619F53 .68 D99F6100 PUSH Magic_Ex.00619FD9
00619F58 .64:FF30 PUSH DWORD PTR FS:
00619F5B .64:8920 MOV DWORD PTR FS:, ESP
00619F5E .C645 F3 00 MOV BYTE PTR SS:, 0x0
00619F62 .8B45 F4 MOV EAX, DWORD PTR SS:
00619F65 .E8 DADCDEFF CALL Magic_Ex.00407C44
00619F6A .55 PUSH EBP
00619F6B .B8 1CA06100 MOV EAX, Magic_Ex.0061A01C ;Home Edition
00619F70 .E8 8FFCFFFF CALL Magic_Ex.00619C04
00619F75 .59 POP ECX
00619F76 .84C0 TEST AL, AL
00619F78 .74 0F JE SHORT Magic_Ex.00619F89
00619F7A .8B45 F4 MOV EAX, DWORD PTR SS:
00619F7D .BA 1CA06100 MOV EDX, Magic_Ex.0061A01C ;Home Edition
00619F82 .E8 9DE0DEFF CALL Magic_Ex.00408024
00619F87 .EB 3C JMP SHORT Magic_Ex.00619FC5
00619F89 >55 PUSH EBP
00619F8A .B8 44A06100 MOV EAX, Magic_Ex.0061A044 ;Office Edition
00619F8F .E8 70FCFFFF CALL Magic_Ex.00619C04
00619F94 .59 POP ECX
00619F95 .84C0 TEST AL, AL
00619F97 .74 0F JE SHORT Magic_Ex.00619FA8
00619F99 .8B45 F4 MOV EAX, DWORD PTR SS:
00619F9C .BA 44A06100 MOV EDX, Magic_Ex.0061A044 ;Office Edition
00619FA1 .E8 7EE0DEFF CALL Magic_Ex.00408024
00619FA6 .EB 1D JMP SHORT Magic_Ex.00619FC5
00619FA8 >55 PUSH EBP
00619FA9 .B8 70A06100 MOV EAX, Magic_Ex.0061A070 ;Commercial Edition
00619FAE .E8 51FCFFFF CALL Magic_Ex.00619C04
00619FB3 .59 POP ECX
00619FB4 .84C0 TEST AL, AL
00619FB6 .74 0D JE SHORT Magic_Ex.00619FC5
00619FB8 .8B45 F4 MOV EAX, DWORD PTR SS:
00619FBB .BA 70A06100 MOV EDX, Magic_Ex.0061A070 ;Commercial Edition
00619FC0 .E8 5FE0DEFF CALL Magic_Ex.00408024
00619FC5 >8B45 F4 MOV EAX, DWORD PTR SS:
00619FC8 .8338 00 CMP DWORD PTR DS:, 0x0
00619FCB .0F9545 F3 SETNE BYTE PTR SS:
我们回到上面那个算法函数
00619C05 .8BEC MOV EBP, ESP
00619C07 .B9 0C000000 MOV ECX, 0xC
00619C0C >6A 00 PUSH 0x0
00619C0E .6A 00 PUSH 0x0
00619C10 .49 DEC ECX
00619C11 .^ 75 F9 JNZ SHORT Magic_Ex.00619C0C
00619C13 .53 PUSH EBX
00619C14 .56 PUSH ESI
00619C15 .57 PUSH EDI
00619C16 .8945 FC MOV DWORD PTR SS:, EAX
00619C19 .8B45 FC MOV EAX, DWORD PTR SS:
00619C1C .E8 07E1DEFF CALL Magic_Ex.00407D28
00619C21 .33C0 XOR EAX, EAX
00619C23 .55 PUSH EBP
00619C24 .68 749E6100 PUSH Magic_Ex.00619E74
00619C29 .64:FF30 PUSH DWORD PTR FS:
00619C2C .64:8920 MOV DWORD PTR FS:, ESP
00619C2F .33C0 XOR EAX, EAX
00619C31 .55 PUSH EBP
00619C32 .68 FB9D6100 PUSH Magic_Ex.00619DFB
00619C37 .64:FF30 PUSH DWORD PTR FS:
00619C3A .64:8920 MOV DWORD PTR FS:, ESP
00619C3D .C645 FB 00 MOV BYTE PTR SS:, 0x0
00619C41 .8D45 C4 LEA EAX, DWORD PTR SS:
00619C44 .8B55 08 MOV EDX, DWORD PTR SS:
00619C47 .8B52 FC MOV EDX, DWORD PTR DS: ;用户名
00619C4A .E8 19F1DEFF CALL Magic_Ex.00408D68
00619C4F .8B45 C4 MOV EAX, DWORD PTR SS:
00619C52 .8D55 C8 LEA EDX, DWORD PTR SS:
00619C55 .E8 927BE0FF CALL Magic_Ex.004217EC ;变大写,并将长度放到EAX
00619C5A .8B55 C8 MOV EDX, DWORD PTR SS:
00619C5D .8D45 CC LEA EAX, DWORD PTR SS:
00619C60 .E8 EFF0DEFF CALL Magic_Ex.00408D54
00619C65 .8B45 CC MOV EAX, DWORD PTR SS:
00619C68 .8D55 E8 LEA EDX, DWORD PTR SS:
00619C6B .E8 DC7CE0FF CALL Magic_Ex.0042194C
00619C70 .8D45 E4 LEA EAX, DWORD PTR SS:
00619C73 .E8 CCDFDEFF CALL Magic_Ex.00407C44
00619C78 .8D55 BC LEA EDX, DWORD PTR SS:
00619C7B .B8 8C9E6100 MOV EAX, Magic_Ex.00619E8C ;Magic Excel Recovery
00619C80 .E8 677BE0FF CALL Magic_Ex.004217EC ;变大写,并将长度放到EAX
00619C85 .8B55 BC MOV EDX, DWORD PTR SS:
00619C88 .8D45 C0 LEA EAX, DWORD PTR SS:
00619C8B .E8 C4F0DEFF CALL Magic_Ex.00408D54
00619C90 .8B45 C0 MOV EAX, DWORD PTR SS:
00619C93 .8D55 E0 LEA EDX, DWORD PTR SS:
00619C96 .E8 B17CE0FF CALL Magic_Ex.0042194C
00619C9B .8D45 AC LEA EAX, DWORD PTR SS:
00619C9E .8B55 FC MOV EDX, DWORD PTR SS: ;版本特征
00619CA1 .E8 C2F0DEFF CALL Magic_Ex.00408D68
00619CA6 .8B45 AC MOV EAX, DWORD PTR SS:
00619CA9 .8D55 B0 LEA EDX, DWORD PTR SS:
00619CAC .E8 3B7BE0FF CALL Magic_Ex.004217EC ;变大写,并将长度放到EAX
00619CB1 .8B55 B0 MOV EDX, DWORD PTR SS:
00619CB4 .8D45 B4 LEA EAX, DWORD PTR SS:
00619CB7 .E8 98F0DEFF CALL Magic_Ex.00408D54
00619CBC .8B45 B4 MOV EAX, DWORD PTR SS:
00619CBF .8D55 B8 LEA EDX, DWORD PTR SS:
00619CC2 .E8 857CE0FF CALL Magic_Ex.0042194C
00619CC7 .8B55 B8 MOV EDX, DWORD PTR SS:
00619CCA .8D45 FC LEA EAX, DWORD PTR SS:
00619CCD .E8 9AE3DEFF CALL Magic_Ex.0040806C
00619CD2 .B2 01 MOV DL, 0x1
00619CD4 .A1 50326100 MOV EAX, DWORD PTR DS: ; /a
00619CD9 .E8 9E96FFFF CALL Magic_Ex.0061337C
00619CDE .8945 D8 MOV DWORD PTR SS:, EAX
00619CE1 .33C0 XOR EAX, EAX
00619CE3 .55 PUSH EBP
00619CE4 .68 EA9D6100 PUSH Magic_Ex.00619DEA
00619CE9 .64:FF30 PUSH DWORD PTR FS:
00619CEC .64:8920 MOV DWORD PTR FS:, ESP
00619CEF >EB 06 JMP SHORT Magic_Ex.00619CF7
00619CF1 >^ EB FC JMP SHORT Magic_Ex.00619CEF
00619CF3 .^ EB FC JMP SHORT Magic_Ex.00619CF1
00619CF5 FF DB FF
00619CF6 .F8 CLC
00619CF7 >8D45 A8 LEA EAX, DWORD PTR SS:
00619CFA .50 PUSH EAX
00619CFB .E8 A03BE1FF CALL Magic_Ex.0042D8A0
00619D00 .50 PUSH EAX
00619D01 .FF75 E8 PUSH DWORD PTR SS: ;假码大写
00619D04 .FF75 E0 PUSH DWORD PTR SS: ; "MAGIC EXCEL RECOVERY"
00619D07 .FF75 FC PUSH DWORD PTR SS: ;版本特征
00619D0A .68 C49E6100 PUSH Magic_Ex.00619EC4 ;BDDEEE28-4FE9-4E2E-B24A-E92F2881512C
00619D0F .8D45 A4 LEA EAX, DWORD PTR SS:
00619D12 .BA 04000000 MOV EDX, 0x4
00619D17 .E8 34F2DEFF CALL Magic_Ex.00408F50 ;合并后,取50长度???
00619D1C .8B55 A4 MOV EDX, DWORD PTR SS: ; "CRACKVIPMAGIC EXCEL RECOVERYHOME EDITIONBDDEEE28-4")
00619D1F .8B45 D8 MOV EAX, DWORD PTR SS:
00619D22 .59 POP ECX
00619D23 .E8 348CFFFF CALL Magic_Ex.0061295C ;这个CALL已经算码了
00619D28 .8B45 A8 MOV EAX, DWORD PTR SS: ; 目测这个是MD5(UNICODE "934724CCB3A30236DA71ACA0959EB90E")
00619D2B .8D55 DC LEA EDX, DWORD PTR SS: ;经过测试,果然是MD5
00619D2E .E8 1976E0FF CALL Magic_Ex.0042134C
00619D33 .33C0 XOR EAX, EAX
00619D35 .8945 F4 MOV DWORD PTR SS:, EAX
00619D38 >837D F4 00 CMP DWORD PTR SS:, 0x0
00619D3C .74 0D JE SHORT Magic_Ex.00619D4B
00619D3E .8D45 E4 LEA EAX, DWORD PTR SS:
00619D41 .BA 1C9F6100 MOV EDX, Magic_Ex.00619F1C ;-
00619D46 .E8 25F1DEFF CALL Magic_Ex.00408E70 ;加入分割符
00619D4B >33C0 XOR EAX, EAX
00619D4D .8945 F0 MOV DWORD PTR SS:, EAX
00619D50 >8B45 F4 MOV EAX, DWORD PTR SS:
00619D53 .C1E0 02 SHL EAX, 0x2
00619D56 .0345 F0 ADD EAX, DWORD PTR SS:
00619D59 .8B55 DC MOV EDX, DWORD PTR SS:
00619D5C .0FB70442 MOVZX EAX, WORD PTR DS: ;逐字取ASCII到EAX
00619D60 .8D55 EC LEA EDX, DWORD PTR SS:
00619D63 .E8 6482E0FF CALL Magic_Ex.00421FCC ;转十进制
00619D68 .8B45 EC MOV EAX, DWORD PTR SS:
00619D6B .8945 D4 MOV DWORD PTR SS:, EAX
00619D6E .837D D4 00 CMP DWORD PTR SS:, 0x0
00619D72 .74 0B JE SHORT Magic_Ex.00619D7F
00619D74 .8B45 D4 MOV EAX, DWORD PTR SS:
00619D77 .83E8 04 SUB EAX, 0x4
00619D7A .8B00 MOV EAX, DWORD PTR DS:
00619D7C .8945 D4 MOV DWORD PTR SS:, EAX
00619D7F >8D45 A0 LEA EAX, DWORD PTR SS:
00619D82 .8B55 EC MOV EDX, DWORD PTR SS:
00619D85 .8B4D D4 MOV ECX, DWORD PTR SS:
00619D88 .66:8B544A FEMOV DX, WORD PTR DS:
00619D8D .E8 F2EEDEFF CALL Magic_Ex.00408C84 ;取个位数,比如51,则取1
00619D92 .8B55 A0 MOV EDX, DWORD PTR SS:
00619D95 .8D45 E4 LEA EAX, DWORD PTR SS:
00619D98 .E8 D3F0DEFF CALL Magic_Ex.00408E70
00619D9D .FF45 F0 INC DWORD PTR SS:
00619DA0 .837D F0 04 CMP DWORD PTR SS:, 0x4
00619DA4 .^ 75 AA JNZ SHORT Magic_Ex.00619D50
00619DA6 .FF45 F4 INC DWORD PTR SS:
00619DA9 .837D F4 04 CMP DWORD PTR SS:, 0x4 ;取四组
00619DAD .^ 75 89 JNZ SHORT Magic_Ex.00619D38
00619DAF .8B45 E4 MOV EAX, DWORD PTR SS:
00619DB2 .8B55 08 MOV EDX, DWORD PTR SS:
00619DB5 .8B52 F8 MOV EDX, DWORD PTR DS:
00619DB8 .E8 A3F2DEFF CALL Magic_Ex.00409060 ;注册码出现在EAX
00619DBD .0F9445 FB SETE BYTE PTR SS:
00619DC1 >EB 06 JMP SHORT Magic_Ex.00619DC9
00619DC3 >^ EB FC JMP SHORT Magic_Ex.00619DC1
00619DC5 .^ EB FC JMP SHORT Magic_Ex.00619DC3
========================================
注册流程大致为
用户名,版本号,两个条件来算码
版本号有三个,分别是
Home Edition
Office Edition
Commercial Edition
软件特征码:BDDEEE28-4FE9-4E2E-B24A-E92F2881512C
1.转大写(MD5(转大写(用户名 & MAGIC EXCEL RECOVERY & 版本号 & 软件特征码)))
2.取MD5值的ASCII转十进制,然后取十进制的个位
3.取四个加入一个“-”,共取四组
三个版本的注册码都不一样
比如我的crackvip
则有三组注册码都可以用
分别是
Home Edition:7125-0277-6151-8014
Office Edition:9955-9650-9549-9857
Commercial Edition:1060-6466-7629-8054
注册信息保存在注册表
HKEY_CURRENT_USER\Software\East Imperial Soft\Magic Excel Recovery 1.0\Settings
删除了之后可以重新注册
注册机下载
附上注册机源码
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, MD5;
type
TForm1 = class(TForm)
Edit1: TEdit;
ComboBox1: TComboBox;
Edit2: TEdit;
Button1: TButton;
Label1: TLabel;
Label2: TLabel;
lbl1: TLabel;
Label3: TLabel;
procedure FormCreate(Sender: TObject);
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.FormCreate(Sender: TObject);
begin
ComboBox1.ItemIndex := 0;
end;
procedure TForm1.Button1Click(Sender: TObject);
var str1, str2, str3, str4, str5: string;
i: integer;
begin
str1 := 'MAGIC EXCEL RECOVERY';
str2 := 'BDDEEE28-4FE9-4E2E-B24A-E92F2881512C';
str3 := UpperCase(MD5Print(MD5String(UpperCase(Edit1.Text + str1 + combobox1.Text + str2))));
str4 := '';
str5 := '';
for i := 1 to 16 do
begin
str4 := IntToStr(ord(str3));
str5 := str5 + str4;
end;
Insert('-', str5, 5);
Insert('-', str5, 10);
Insert('-', str5, 15);
Edit2.Text := str5;
end;
end.
赞! 支持一下了,z大已经分享过注册机了,感谢楼主 厉害~~~ GGLHY 发表于 2014-6-20 22:32
厉害~~~
GG老师,也不送点分给我{:lol:} 楼主厉害厉害,佩服。 楼主威武,学习一下了,感谢分享 厉害,分析出了不同版本的算法。 00619D17 .E8 34F2DEFF CALL Magic_Ex.00408F50 ;合并后,取50长度???
00619D1C .8B55 A4 MOV EDX, DWORD PTR SS: ; "CRACKVIPMAGIC EXCEL RECOVERYHOME EDITIONBDDEEE28-4")
00619D1F .8B45 D8 MOV EAX, DWORD PTR SS:
00619D22 .59 POP ECX
00619D23 .E8 348CFFFF CALL Magic_Ex.0061295C ;这个CALL已经算码了
00619D28 .8B45 A8 MOV EAX, DWORD PTR SS: ; 目测这个是MD5(UNICODE "934724CCB3A30236DA71ACA0959EB90E")
00619D2B .8D55 DC LEA EDX, DWORD PTR SS: ;经过测试,果然是MD5
请教楼主,根据这50位字符,我怎么都算不出来下面的MD5值,请教楼主是如何算出来的,谢谢。 montana 发表于 2014-6-21 14:27
00619D17 .E8 34F2DEFF CALL Magic_Ex.00408F50 ;合并后,取50长度???
0061 ...
这个Call的Md5计算不是50位,是全部,应该是MD5(CRACKVIPMAGIC EXCEL RECOVERYHOME EDITIONBDDEEE28-4FE9-4E2E-B24A-E92F2881512C)
页:
[1]
2