BigJig 算法分析【附算法注册机】
看了下作业统计,发现自己没有交第五课的作业,于是花了点时间把第五课的作业补上,就顺便看了下算法算法其实也是比较简单
004C8D76|.E8 353AFCFF CALL bigjig.0048C7B0 ;关键CALL,算法CALL
004C8D7B|.3C 01 CMP AL, 0x1
004C8D7D|.75 32 JNZ SHORT bigjig.004C8DB1 ;关键跳,这里改成强行跳
F7跟进到算法
0048C7B0/$55 PUSH EBP ;关键CALL 本地调用来自 0048C372, 004C8D76
0048C7B1|.8BEC MOV EBP, ESP
0048C7B3|.83C4 D8 ADD ESP, -0x28
0048C7B6|.53 PUSH EBX
0048C7B7|.56 PUSH ESI
0048C7B8|.33C9 XOR ECX, ECX
0048C7BA|.894D F4 MOV DWORD PTR SS:, ECX
0048C7BD|.894D F0 MOV DWORD PTR SS:, ECX
0048C7C0|.894D EC MOV DWORD PTR SS:, ECX
0048C7C3|.8955 F8 MOV DWORD PTR SS:, EDX
0048C7C6|.8945 FC MOV DWORD PTR SS:, EAX
0048C7C9|.8B45 FC MOV EAX, DWORD PTR SS:
0048C7CC|.E8 4F78F7FF CALL bigjig.00404020
0048C7D1|.8B45 F8 MOV EAX, DWORD PTR SS:
0048C7D4|.E8 4778F7FF CALL bigjig.00404020
0048C7D9|.8D5D E8 LEA EBX, DWORD PTR SS:
0048C7DC|.33C0 XOR EAX, EAX
0048C7DE|.55 PUSH EBP
0048C7DF|.68 32CA4800 PUSH bigjig.0048CA32
0048C7E4|.64:FF30 PUSH DWORD PTR FS:
0048C7E7|.64:8920 MOV DWORD PTR FS:, ESP
0048C7EA|.8D55 F4 LEA EDX, DWORD PTR SS:
0048C7ED|.8B45 FC MOV EAX, DWORD PTR SS:
0048C7F0|.E8 2FBFF7FF CALL bigjig.00408724
0048C7F5|.8D55 F0 LEA EDX, DWORD PTR SS:
0048C7F8|.8B45 F8 MOV EAX, DWORD PTR SS:
0048C7FB|.E8 24BFF7FF CALL bigjig.00408724
0048C800|.8B45 F4 MOV EAX, DWORD PTR SS:
0048C803|.E8 6476F7FF CALL bigjig.00403E6C
0048C808|.83F8 06 CMP EAX, 0x6 ;用户名长度必须为6位
0048C80B|.74 07 JE SHORT bigjig.0048C814
0048C80D|.B3 01 MOV BL, 0x1
0048C80F|.E9 03020000 JMP bigjig.0048CA17
0048C814|>8D45 E0 LEA EAX, DWORD PTR SS:
0048C817|.8B55 F4 MOV EDX, DWORD PTR SS:
0048C81A|.E8 11C9F7FF CALL bigjig.00409130
0048C81F|.33C0 XOR EAX, EAX
0048C821|.8903 MOV DWORD PTR DS:, EAX
0048C823|.8D45 E0 LEA EAX, DWORD PTR SS:
0048C826|.8D55 D8 LEA EDX, DWORD PTR SS:
0048C829|>8A08 /MOV CL, BYTE PTR DS:
0048C82B|.880A |MOV BYTE PTR DS:, CL
0048C82D|.FF03 |INC DWORD PTR DS:
0048C82F|.42 |INC EDX
0048C830|.40 |INC EAX
0048C831|.833B 07 |CMP DWORD PTR DS:, 0x7
0048C834|.^ 75 F3 \JNZ SHORT bigjig.0048C829
0048C836|.33C0 XOR EAX, EAX
0048C838|.8903 MOV DWORD PTR DS:, EAX
0048C83A|.8D45 D8 LEA EAX, DWORD PTR SS:
0048C83D|>8A10 /MOV DL, BYTE PTR DS:
0048C83F|.80FA 41 |CMP DL, 0x41 ;大写a
0048C842|.72 05 |JB SHORT bigjig.0048C849
0048C844|.80FA 5A |CMP DL, 0x5A ;大写Z
0048C847|.76 07 |JBE SHORT bigjig.0048C850
0048C849|>B3 01 |MOV BL, 0x1
0048C84B|.E9 C7010000 |JMP bigjig.0048CA17 ;判断是否为大写,不是则跳
0048C850|>FF03 |INC DWORD PTR DS:
0048C852|.40 |INC EAX
0048C853|.833B 06 |CMP DWORD PTR DS:, 0x6
0048C856|.^ 75 E5 \JNZ SHORT bigjig.0048C83D
0048C858|.33C0 XOR EAX, EAX
0048C85A|.8A45 D8 MOV AL, BYTE PTR SS:
0048C85D|.33D2 XOR EDX, EDX
0048C85F|.8A55 D9 MOV DL, BYTE PTR SS:
0048C862|.03C2 ADD EAX, EDX
0048C864|.33D2 XOR EDX, EDX
0048C866|.8A55 DA MOV DL, BYTE PTR SS:
0048C869|.03C2 ADD EAX, EDX
0048C86B|.33D2 XOR EDX, EDX
0048C86D|.8A55 DB MOV DL, BYTE PTR SS:
0048C870|.03C2 ADD EAX, EDX
0048C872|.33D2 XOR EDX, EDX
0048C874|.8A55 DC MOV DL, BYTE PTR SS:
0048C877|.03C2 ADD EAX, EDX
0048C879|.B9 05000000 MOV ECX, 0x5
0048C87E|.33D2 XOR EDX, EDX
0048C880|.F7F1 DIV ECX
0048C882|.33D2 XOR EDX, EDX
0048C884|.8A55 DD MOV DL, BYTE PTR SS:
0048C887|.3BC2 CMP EAX, EDX ;用户名最后一位为特征码,应该叫校验码
0048C889|.74 07 JE SHORT bigjig.0048C892 ;这里要换成G
0048C88B|.B3 01 MOV BL, 0x1
0048C88D|.E9 85010000 JMP bigjig.0048CA17
0048C892|>B2 01 MOV DL, 0x1
0048C894|.33C0 XOR EAX, EAX
0048C896|.8903 MOV DWORD PTR DS:, EAX
0048C898|.8D45 D8 LEA EAX, DWORD PTR SS: ;黑名单
0048C89B|>8B0D B8F34C00 /MOV ECX, DWORD PTR DS: ;DIKYUN
0048C8A1|.8B33 |MOV ESI, DWORD PTR DS:
0048C8A3|.0FB60C31 |MOVZX ECX, BYTE PTR DS:
0048C8A7|.49 |DEC ECX
0048C8A8|.0FB630 |MOVZX ESI, BYTE PTR DS:
0048C8AB|.3BCE |CMP ECX, ESI
0048C8AD|.74 04 |JE SHORT bigjig.0048C8B3
0048C8AF|.33D2 |XOR EDX, EDX
0048C8B1|.EB 08 |JMP SHORT bigjig.0048C8BB
0048C8B3|>FF03 |INC DWORD PTR DS:
0048C8B5|.40 |INC EAX
0048C8B6|.833B 06 |CMP DWORD PTR DS:, 0x6
0048C8B9|.^ 75 E0 \JNZ SHORT bigjig.0048C89B
0048C8BB|>84D2 TEST DL, DL
0048C8BD|.74 07 JE SHORT bigjig.0048C8C6
0048C8BF|.B3 01 MOV BL, 0x1
0048C8C1|.E9 51010000 JMP bigjig.0048CA17
0048C8C6|>B2 01 MOV DL, 0x1
0048C8C8|.33C0 XOR EAX, EAX
0048C8CA|.8903 MOV DWORD PTR DS:, EAX
0048C8CC|.8D45 D8 LEA EAX, DWORD PTR SS: ;黑名单
0048C8CF|>8B0D BCF34C00 /MOV ECX, DWORD PTR DS: ;EZMJFL
0048C8D5|.8B33 |MOV ESI, DWORD PTR DS:
0048C8D7|.0FB60C31 |MOVZX ECX, BYTE PTR DS:
0048C8DB|.49 |DEC ECX
0048C8DC|.0FB630 |MOVZX ESI, BYTE PTR DS:
0048C8DF|.3BCE |CMP ECX, ESI
0048C8E1|.74 04 |JE SHORT bigjig.0048C8E7
0048C8E3|.33D2 |XOR EDX, EDX
0048C8E5|.EB 08 |JMP SHORT bigjig.0048C8EF
0048C8E7|>FF03 |INC DWORD PTR DS:
0048C8E9|.40 |INC EAX
0048C8EA|.833B 06 |CMP DWORD PTR DS:, 0x6
0048C8ED|.^ 75 E0 \JNZ SHORT bigjig.0048C8CF
0048C8EF|>84D2 TEST DL, DL
0048C8F1|.74 07 JE SHORT bigjig.0048C8FA
0048C8F3|.B3 01 MOV BL, 0x1
0048C8F5|.E9 1D010000 JMP bigjig.0048CA17
0048C8FA|>B2 01 MOV DL, 0x1
0048C8FC|.33C0 XOR EAX, EAX
0048C8FE|.8903 MOV DWORD PTR DS:, EAX
0048C900|.8D45 D8 LEA EAX, DWORD PTR SS: ;黑名单
0048C903|>8B0D C0F34C00 /MOV ECX, DWORD PTR DS: ;GMNWCL
0048C909|.8B33 |MOV ESI, DWORD PTR DS:
0048C90B|.0FB60C31 |MOVZX ECX, BYTE PTR DS:
0048C90F|.49 |DEC ECX
0048C910|.0FB630 |MOVZX ESI, BYTE PTR DS:
0048C913|.3BCE |CMP ECX, ESI
0048C915|.74 04 |JE SHORT bigjig.0048C91B
0048C917|.33D2 |XOR EDX, EDX
0048C919|.EB 08 |JMP SHORT bigjig.0048C923
0048C91B|>FF03 |INC DWORD PTR DS:
0048C91D|.40 |INC EAX
0048C91E|.833B 06 |CMP DWORD PTR DS:, 0x6
0048C921|.^ 75 E0 \JNZ SHORT bigjig.0048C903
0048C923|>84D2 TEST DL, DL
0048C925|.74 07 JE SHORT bigjig.0048C92E
0048C927|.B3 01 MOV BL, 0x1
0048C929|.E9 E9000000 JMP bigjig.0048CA17
0048C92E|>8B45 F0 MOV EAX, DWORD PTR SS:
0048C931|.E8 3675F7FF CALL bigjig.00403E6C
0048C936|.83F8 0B CMP EAX, 0xB ;注册码长度为11位
0048C939|.74 07 JE SHORT bigjig.0048C942
0048C93B|.B3 01 MOV BL, 0x1
0048C93D|.E9 D5000000 JMP bigjig.0048CA17
0048C942|>8D45 EC LEA EAX, DWORD PTR SS:
0048C945|.50 PUSH EAX
0048C946|.B9 04000000 MOV ECX, 0x4
0048C94B|.BA 01000000 MOV EDX, 0x1
0048C950|.8B45 F0 MOV EAX, DWORD PTR SS:
0048C953|.E8 1877F7FF CALL bigjig.00404070 ;前四位必须为BJ4-
0048C958|.BA 4CCA4800 MOV EDX, bigjig.0048CA4C ;BJ4-
0048C95D|.8B45 EC MOV EAX, DWORD PTR SS:
0048C960|.E8 23BCF7FF CALL bigjig.00408588
0048C965|.85C0 TEST EAX, EAX
0048C967|.74 07 JE SHORT bigjig.0048C970
0048C969|.B3 01 MOV BL, 0x1
0048C96B|.E9 A7000000 JMP bigjig.0048CA17
0048C970|>8D45 EC LEA EAX, DWORD PTR SS:
0048C973|.50 PUSH EAX
0048C974|.B9 01000000 MOV ECX, 0x1
0048C979|.BA 08000000 MOV EDX, 0x8
0048C97E|.8B45 F0 MOV EAX, DWORD PTR SS:
0048C981|.E8 EA76F7FF CALL bigjig.00404070
0048C986|.BA 5CCA4800 MOV EDX, bigjig.0048CA5C ;-
0048C98B|.8B45 EC MOV EAX, DWORD PTR SS: ;第8位必须为-
0048C98E|.E8 F5BBF7FF CALL bigjig.00408588
0048C993|.85C0 TEST EAX, EAX
0048C995|.74 04 JE SHORT bigjig.0048C99B
0048C997|.B3 01 MOV BL, 0x1
0048C999|.EB 7C JMP SHORT bigjig.0048CA17
0048C99B|>8D45 EC LEA EAX, DWORD PTR SS:
0048C99E|.50 PUSH EAX
0048C99F|.B9 03000000 MOV ECX, 0x3
0048C9A4|.BA 05000000 MOV EDX, 0x5
0048C9A9|.8B45 F0 MOV EAX, DWORD PTR SS:
0048C9AC|.E8 BF76F7FF CALL bigjig.00404070 ;第5位开始取3位
0048C9B1|.8BD3 MOV EDX, EBX
0048C9B3|.8B45 EC MOV EAX, DWORD PTR SS:
0048C9B6|.E8 1963F7FF CALL bigjig.00402CD4 ;转16进制
0048C9BB|.8BF0 MOV ESI, EAX ;7B
0048C9BD|.8D45 EC LEA EAX, DWORD PTR SS:
0048C9C0|.50 PUSH EAX
0048C9C1|.B9 03000000 MOV ECX, 0x3
0048C9C6|.BA 09000000 MOV EDX, 0x9
0048C9CB|.8B45 F0 MOV EAX, DWORD PTR SS:
0048C9CE|.E8 9D76F7FF CALL bigjig.00404070 ;第9位开始取3位
0048C9D3|.8BD3 MOV EDX, EBX
0048C9D5|.8B45 EC MOV EAX, DWORD PTR SS:
0048C9D8|.E8 F762F7FF CALL bigjig.00402CD4 ;转16进制
0048C9DD|.8BD6 MOV EDX, ESI ;EAX=1C8
0048C9DF|.D1FA SAR EDX, 1 ;算术右移1--->3D
0048C9E1|.79 03 JNS SHORT bigjig.0048C9E6
0048C9E3|.83D2 00 ADC EDX, 0x0
0048C9E6|>52 PUSH EDX
0048C9E7|.BA 84030000 MOV EDX, 0x384 ;900
0048C9EC|.59 POP ECX
0048C9ED|.2BD1 SUB EDX, ECX ;EDX-ECX(384h-3Dh)=347h
0048C9EF|.33C9 XOR ECX, ECX
0048C9F1|.8A4D D8 MOV CL, BYTE PTR SS:
0048C9F4|.03D1 ADD EDX, ECX ;Edx+ecx(347h+43h=38Ah)
0048C9F6|.33C9 XOR ECX, ECX
0048C9F8|.8A4D DD MOV CL, BYTE PTR SS:
0048C9FB|.8D0C49 LEA ECX, DWORD PTR DS: ;校验码ECX+ECX*2(47h+47h*2=D5h)
0048C9FE|.2BD1 SUB EDX, ECX
0048CA00|.83FE 64 CMP ESI, 0x64 ;100
0048CA03|.7C 0C JL SHORT bigjig.0048CA11 ;ESI取值范围100~999,也就是第5到7位的值为100-999
0048CA05|.81FE E7030000 CMP ESI, 0x3E7
0048CA0B|.7F 04 JG SHORT bigjig.0048CA11
0048CA0D|.3BC2 CMP EAX, EDX ;eax必须和EDX相等,否则为错误
0048CA0F|.74 04 JE SHORT bigjig.0048CA15
0048CA11|>B3 01 MOV BL, 0x1
0048CA13|.EB 02 JMP SHORT bigjig.0048CA17
0048CA15|>33DB XOR EBX, EBX
0048CA17|>33C0 XOR EAX, EAX
0048CA19|.5A POP EDX
0048CA1A|.59 POP ECX
0048CA1B|.59 POP ECX
0048CA1C|.64:8910 MOV DWORD PTR FS:, EDX
0048CA1F|.68 39CA4800 PUSH bigjig.0048CA39
0048CA24|>8D45 EC LEA EAX, DWORD PTR SS:
0048CA27|.BA 05000000 MOV EDX, 0x5
0048CA2C|.E8 E371F7FF CALL bigjig.00403C14
0048CA31\.C3 RETN
总结
算法用户名,随机5位,大写字线,第6位为校验码,长度必须为6位。
注册码:共计11位,前四位为BJ4-
第8位为-
第5到7位随机生成,生成范围为100~999
第9到11位为关键,算法是5-7位的ASCII和右移1位,设置不A
384h-A+用户名的第一位ASCII-3倍的校验码ASCII
比如我的CRACK--->算出校验码为G
C---->ASCII=43h
G---->ASCII=47h------>3*47h=D5h
比如第5-7位为123--->123=7Bh------>shr 1----->7Bh shr 1=3Dh
所以第9-11位为384h-3Dh+43h-D5h=2B5h=693
----------------------------------------------------------------
所以注册码为:BJ4-123-693
附上注册机源码
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
edt1: TEdit;
edt2: TEdit;
edt3: TEdit;
lbl1: TLabel;
lbl2: TLabel;
lbl3: TLabel;
btn1: TButton;
Label1: TLabel;
lbl4: TLabel;
procedure btn1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.btn1Click(Sender: TObject);
var str1,str2:string;
i,S1,S2,S3:Integer;
begin
str1:=UpperCase(Trim(edt1.Text));
S1:=0;
if Length(str1) <> 5 then
begin
ShowMessage('用户名长度必须为5位');
Exit;
end;
for i:=1 to Length(str1) do
begin
S1:=S1+ord(str1);
end;
S1:=S1 div 5;
str2:=Char(S1);
edt2.Text:= str1+str2;
Randomize;
S2:=Random(899)+100;
S3:=$384-(S2 shr 1)+ord(str1)-(S1*3);
edt3.Text:='BJ4-'+ IntToStr(S2)+'-'+inttostr(S3);
end;
end.
注册机下载:
注册是可以注册成功,但是下载的时候还是会提示用户与密码不对,还是下不了,不知道是不是网验,还请前辈指点。。。 crackvip 发表于 2014-7-1 23:24
注册是可以注册成功,但是下载的时候还是会提示用户与密码不对,还是下不了,不知道是不是网验,还请前辈指 ...
类似FTP HTTP 协议账户验证,其实我是来膜拜的,又见注册机,又见KEYGEN源码。。。让我们怎么活……
我也没交第五课,难,转不出来 crackvip 发表于 2014-7-1 23:24
注册是可以注册成功,但是下载的时候还是会提示用户与密码不对,还是下不了,不知道是不是网验,还请前辈指 ...
那个无解 ... 是官方的服务器验证 过不了
支持一下了,感谢分享啦,学习 这儿类东西养眼不养人。 算法咋这么顺眼,跟那个啥是一家的?
页:
[1]