Computer Alarm Clock v2.2注册算法分析【附上注册机】
004839A8/.55 PUSH EBP ;难道这是启动验证004839A9|.8BEC MOV EBP, ESP ;启动时果然在这里停下
004839AB|.B9 40000000 MOV ECX, 0x40
004839B0|>6A 00 /PUSH 0x0
004839B2|.6A 00 |PUSH 0x0
004839B4|.49 |DEC ECX
004839B5|.^ 75 F9 \JNZ SHORT cac.004839B0
004839B7|.53 PUSH EBX
004839B8|.8BD8 MOV EBX, EAX
004839BA|.33C0 XOR EAX, EAX
004839BC|.55 PUSH EBP
004839BD|.68 FF3B4800 PUSH cac.00483BFF
004839C2|.64:FF30 PUSH DWORD PTR FS:
004839C5|.64:8920 MOV DWORD PTR FS:, ESP
004839C8|.8D45 F8 LEA EAX, DWORD PTR SS:
004839CB|.B9 143C4800 MOV ECX, cac.00483C14 ;cac.ini,第二处
004839D0|.8B93 78030000 MOV EDX, DWORD PTR DS:
004839D6|.E8 0911F8FF CALL cac.00404AE4
004839DB|.8D45 F4 LEA EAX, DWORD PTR SS:
004839DE|.E8 FD0DF8FF CALL cac.004047E0
004839E3|.8D45 F0 LEA EAX, DWORD PTR SS:
004839E6|.E8 F50DF8FF CALL cac.004047E0
004839EB|.8B45 F8 MOV EAX, DWORD PTR SS:
004839EE|.E8 5556F8FF CALL cac.00409048
004839F3|.84C0 TEST AL, AL
004839F5|.0F84 A0000000 JE cac.00483A9B
004839FB|.8B55 F8 MOV EDX, DWORD PTR SS:
004839FE|.8D85 0CFEFFFF LEA EAX, DWORD PTR SS:
00483A04|.E8 03F4F7FF CALL cac.00402E0C
00483A09|.8D85 0CFEFFFF LEA EAX, DWORD PTR SS:
00483A0F|.E8 88F1F7FF CALL cac.00402B9C
00483A14|.E8 D3EEF7FF CALL cac.004028EC
00483A19|.8D85 0CFEFFFF LEA EAX, DWORD PTR SS:
00483A1F|.E8 18F6F7FF CALL cac.0040303C
00483A24|.E8 C3EEF7FF CALL cac.004028EC
00483A29|.84C0 TEST AL, AL
00483A2B|.75 1E JNZ SHORT cac.00483A4B
00483A2D|.8D55 F4 LEA EDX, DWORD PTR SS:
00483A30|.8D85 0CFEFFFF LEA EAX, DWORD PTR SS:
00483A36|.E8 81F7F7FF CALL cac.004031BC
00483A3B|.8D85 0CFEFFFF LEA EAX, DWORD PTR SS:
00483A41|.E8 E2F7F7FF CALL cac.00403228
00483A46|.E8 A1EEF7FF CALL cac.004028EC
00483A4B|>8D83 3C040000 LEA EAX, DWORD PTR DS:
00483A51|.8B55 F4 MOV EDX, DWORD PTR SS: ;取出注册名
00483A54|.E8 DB0DF8FF CALL cac.00404834
00483A59|.8D85 0CFEFFFF LEA EAX, DWORD PTR SS:
00483A5F|.E8 D8F5F7FF CALL cac.0040303C
00483A64|.E8 83EEF7FF CALL cac.004028EC ;取出假码
00483A69|.84C0 TEST AL, AL
00483A6B|.75 1E JNZ SHORT cac.00483A8B
00483A6D|.8D55 F0 LEA EDX, DWORD PTR SS:
00483A70|.8D85 0CFEFFFF LEA EAX, DWORD PTR SS:
00483A76|.E8 41F7F7FF CALL cac.004031BC
00483A7B|.8D85 0CFEFFFF LEA EAX, DWORD PTR SS:
00483A81|.E8 A2F7F7FF CALL cac.00403228
00483A86|.E8 61EEF7FF CALL cac.004028EC
00483A8B|>8D85 0CFEFFFF LEA EAX, DWORD PTR SS:
00483A91|.E8 3EF4F7FF CALL cac.00402ED4
00483A96|.E8 51EEF7FF CALL cac.004028EC
00483A9B|>33C0 XOR EAX, EAX
00483A9D|.8945 FC MOV DWORD PTR SS:, EAX
00483AA0|.837D F4 00 CMP DWORD PTR SS:, 0x0 ;判断用户名是否为0
00483AA4|.74 5B JE SHORT cac.00483B01
00483AA6|.8D4D EC LEA ECX, DWORD PTR SS:
00483AA9|.BA 03000000 MOV EDX, 0x3
00483AAE|.8B45 F0 MOV EAX, DWORD PTR SS: ;假码
00483AB1|.E8 024CFBFF CALL cac.004386B8
00483AB6|.8D8D 08FEFFFF LEA ECX, DWORD PTR SS:
00483ABC|.BA 0E000000 MOV EDX, 0xE ;E=14
00483AC1|.8B45 F0 MOV EAX, DWORD PTR SS:
00483AC4|.E8 EF4BFBFF CALL cac.004386B8 ;只取注册码的前14位进行计算比较
00483AC9|.8B85 08FEFFFF MOV EAX, DWORD PTR SS:
00483ACF|.8D4D E8 LEA ECX, DWORD PTR SS:
00483AD2|.BA 02000000 MOV EDX, 0x2
00483AD7|.E8 F84BFBFF CALL cac.004386D4
00483ADC|.8B45 F4 MOV EAX, DWORD PTR SS:
00483ADF|.E8 B40FF8FF CALL cac.00404A98
00483AE4|.85C0 TEST EAX, EAX
00483AE6|.7E 19 JLE SHORT cac.00483B01
00483AE8|.BA 01000000 MOV EDX, 0x1
00483AED|>8B4D F4 /MOV ECX, DWORD PTR SS: ;算法一部分
00483AF0|.8A4C11 FF |MOV CL, BYTE PTR DS:
00483AF4|.81E1 FF000000 |AND ECX, 0xFF
00483AFA|.014D FC |ADD DWORD PTR SS:, ECX
00483AFD|.42 |INC EDX
00483AFE|.48 |DEC EAX
00483AFF|.^ 75 EC \JNZ SHORT cac.00483AED
00483B01|>8D55 F4 LEA EDX, DWORD PTR SS:
00483B04|.8B45 FC MOV EAX, DWORD PTR SS:
00483B07|.E8 A052F8FF CALL cac.00408DAC ;819?????
00483B0C|.8D4D E4 LEA ECX, DWORD PTR SS:
00483B0F|.BA 01000000 MOV EDX, 0x1 ;注册名的ASCII和(十进制)
00483B14|.8B45 F4 MOV EAX, DWORD PTR SS:
00483B17|.E8 B84BFBFF CALL cac.004386D4
00483B1C|.8D4D E0 LEA ECX, DWORD PTR SS:
00483B1F|.BA 01000000 MOV EDX, 0x1
00483B24|.8B45 F4 MOV EAX, DWORD PTR SS:
00483B27|.E8 8C4BFBFF CALL cac.004386B8
00483B2C|.8D8D 04FEFFFF LEA ECX, DWORD PTR SS:
00483B32|.BA 04000000 MOV EDX, 0x4
00483B37|.8B45 F0 MOV EAX, DWORD PTR SS:
00483B3A|.E8 794BFBFF CALL cac.004386B8 ;假码取前四个
00483B3F|.8B85 04FEFFFF MOV EAX, DWORD PTR SS:
00483B45|.8D4D DC LEA ECX, DWORD PTR SS:
00483B48|.BA 01000000 MOV EDX, 0x1
00483B4D|.E8 824BFBFF CALL cac.004386D4
00483B52|.8D8D 00FEFFFF LEA ECX, DWORD PTR SS:
00483B58|.BA 09000000 MOV EDX, 0x9
00483B5D|.8B45 F0 MOV EAX, DWORD PTR SS:
00483B60|.E8 534BFBFF CALL cac.004386B8 ;假码取前9个
00483B65|.8B85 00FEFFFF MOV EAX, DWORD PTR SS:
00483B6B|.8D4D D8 LEA ECX, DWORD PTR SS:
00483B6E|.BA 01000000 MOV EDX, 0x1
00483B73|.E8 5C4BFBFF CALL cac.004386D4
00483B78|.C683 38040000>MOV BYTE PTR DS:, 0x0
00483B7F|.8B45 E4 MOV EAX, DWORD PTR SS: ;9
00483B82|.8B55 DC MOV EDX, DWORD PTR SS: ;这里是取假码的第四位,与用户名之和的最后一位比较
00483B85|.E8 5210F8FF CALL cac.00404BDC ;前面有个1和4
00483B8A 75 32 JNZ SHORT cac.00483BBE ;只要改掉这几处跳就可以了(改成nop)
00483B8C|.8B45 E0 MOV EAX, DWORD PTR SS: ;8,第一位
00483B8F|.8B55 D8 MOV EDX, DWORD PTR SS: ;注册码的第9位比较
00483B92|.E8 4510F8FF CALL cac.00404BDC
00483B97 75 25 JNZ SHORT cac.00483BBE ;改nop
00483B99|.8B45 EC MOV EAX, DWORD PTR SS: ;注册码的前三位与e3k比较
00483B9C|.BA 243C4800 MOV EDX, cac.00483C24 ;e3k
00483BA1|.E8 3610F8FF CALL cac.00404BDC ;这个函数应该是比较
00483BA6 75 16 JNZ SHORT cac.00483BBE ;改nop
00483BA8|.8B45 E8 MOV EAX, DWORD PTR SS: ;难道这是最后两位?等下再验证一下与n3比较,只取注册码的前14位,所以是最后两位
00483BAB|.BA 303C4800 MOV EDX, cac.00483C30 ;n3
00483BB0|.E8 2710F8FF CALL cac.00404BDC
00483BB5 75 07 JNZ SHORT cac.00483BBE ;改nop
00483BB7|.C683 38040000>MOV BYTE PTR DS:, 0x1
00483BBE|>80BB 38040000>CMP BYTE PTR DS:, 0x0
00483BC5 74 0D JE SHORT cac.00483BD4 ;改nop,改不改都无所谓
00483BC7|.33D2 XOR EDX, EDX
00483BC9|.8B83 34030000 MOV EAX, DWORD PTR DS:
00483BCF|.E8 3CD2FCFF CALL cac.00450E10
00483BD4|>33C0 XOR EAX, EAX
00483BD6|.5A POP EDX
00483BD7|.59 POP ECX
00483BD8|.59 POP ECX
00483BD9|.64:8910 MOV DWORD PTR FS:, EDX
00483BDC|.68 063C4800 PUSH cac.00483C06
00483BE1|>8D85 00FEFFFF LEA EAX, DWORD PTR SS:
00483BE7|.BA 03000000 MOV EDX, 0x3
00483BEC|.E8 130CF8FF CALL cac.00404804
00483BF1|.8D45 D8 LEA EAX, DWORD PTR SS:
00483BF4|.BA 09000000 MOV EDX, 0x9
00483BF9|.E8 060CF8FF CALL cac.00404804
00483BFE\.C3 RETN
========================================
算法总结
1.计算用户名的ASCII和(十进制的),设为A
2.取假码的第四位与A的最后一位比较
3.取假码的第9位与A的第一位比较
4.注册码的前三位必须是e3k
5.注册码的最后两位必须是n3
6.只取注册码的前14位,后面的可以随便加,呵呵
附上一组注册码:
飘云阁
e3k957AC1IIKn3ChinaPYG
测试了一下,2.01及2.5都可以注册成功
注册机源码
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
edt1: TEdit;
edt2: TEdit;
lbl1: TLabel;
lbl2: TLabel;
Button1: TButton;
lbl3: TLabel;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
function RandomStr(majuscule: boolean; lowercase: boolean; number: boolean; digit: integer): string;
//大写字母,小写字母,数字,字符串的位数
//这个函数网上找的,呵呵,其实还有很多写法
var
i: Byte;
s: string;
begin
if majuscule then
s := 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
else
s := '';
if lowercase then
s := s + 'abcdefghijklmnopqrstuvwxyz';
if number then
s := s + '0123456789';
if s = '' then exit;
Result := '';
for i := 0 to digit - 1 do //根据长度来循环
begin
Randomize; //每次都初始化随机种子
Result := Result + s;
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var i, SUM: Integer;
str1, str2, str3: string;
begin
SUM := 0;
for i := 1 to Length(edt1.Text) do
begin
SUM := SUM + ord(edt1.Text);
end;
str1 := IntToStr(SUM);
Str2 := RandomStr(True, True, True, 4);
str3 := RandomStr(True, True, True, 3);
edt2.Text := 'e3k' + str1 + Str2 + str1 + str3 + 'n3ChinaPYG';
end;
end.
某大牛说我的软件界面太难看,所以加个皮肤,呵呵
大牛,佩服!我对算法都分析不了更不要说自己也注册机!! 皮肤如何加? 果然是牛啊{:lol:} 很给力,学习了,顶起了 不知道这软件干嘛的应该是闹钟之类的吧 本帖最后由 DaShanRen 于 2014-6-26 08:50 编辑
写注册机用VB好,用VB仿制一个:
Private Sub Command1_Click()
Dim Sum As Integer, i As Integer, IDbyt() As Byte, n As Integer
Dim Str1 As String, Str2 As String, Str3 As String
IDbyt = StrConv(Text1, vbFromUnicode)
n = UBound(IDbyt)
For i = 0 To n
Sum = Sum + IDbyt(i)
Next
Str1 = Sum
Str2 = RandomStr(True, True, True, 4)
Str3 = RandomStr(True, True, True, 3)
Text2 = "e3k" & Right(Str1, 1) & Str2 & Left(Str1, 1) & Str3 & "n3ChinaPYG"
End Sub
Private Function RandomStr(majuscule As Boolean, lowercase As Boolean, number As Boolean, digit As Integer) As String
Dim i As Integer, s As String, m As Integer, Stmp As String
If majuscule Then s = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
If lowercase Then s = s & "abcdefghijklmnopqrstuvwxyz"
If number Then s = s & "0123456789"
If s = "" Then Exit Function
m = Len(s)
Randomize
For i = 1 To digit
Stmp = Stmp & Mid(s, (m - 1) * Rnd + 1, 1)
Next
RandomStr = Stmp
End Function
咋加代码就变成乱码了? 果真是大牛啊。 学习了,对于我这个新手来说还有好多的看不明白.
页:
[1]
2