NETGATE系列软件之USB注册算法分析笔记
这是当时调试分析的笔记,看得懂的则看,看不懂勿怪。。大牛们就飘过了。。=======================以下为算法CALL===============================
004083B0 /$ 6A FF PUSH -0x1 ; 这里是算法3
004083B2 |. 68 A73B4200 PUSH USBRecov.00423BA7
004083B7 |. 64:A1 0000000>MOV EAX, DWORD PTR FS:
004083BD |. 50 PUSH EAX
004083BE |. 81EC B0000000 SUB ESP, 0xB0
004083C4 |. 53 PUSH EBX
004083C5 |. 56 PUSH ESI
004083C6 |. A1 80BD4300 MOV EAX, DWORD PTR DS:
004083CB |. 33C4 XOR EAX, ESP
004083CD |. 50 PUSH EAX
004083CE |. 8D8424 BC0000>LEA EAX, DWORD PTR SS:
004083D5 |. 64:A3 0000000>MOV DWORD PTR FS:, EAX
004083DB |. C78424 C40000>MOV DWORD PTR SS:, 0x0
004083E6 |. C74424 1C 000>MOV DWORD PTR SS:, 0x0
004083EE |. C78424 C40000>MOV DWORD PTR SS:, 0x2 ; 下面为加入特征字串
004083F9 |. 6A 38 PUSH 0x38 ; 8
004083FB |. 8D8424 D40000>LEA EAX, DWORD PTR SS:
00408402 |. 50 PUSH EAX
00408403 |. 8D4C24 34 LEA ECX, DWORD PTR SS:
00408407 |. 51 PUSH ECX
00408408 |. E8 E3C8FFFF CALL USBRecov.00404CF0
0040840D |. C68424 D00000>MOV BYTE PTR SS:, 0x3
00408415 |. 6A 62 PUSH 0x62 ; b
00408417 |. 50 PUSH EAX
00408418 |. 8D5424 5C LEA EDX, DWORD PTR SS:
0040841C |. 52 PUSH EDX
0040841D |. E8 CEC8FFFF CALL USBRecov.00404CF0
00408422 |. C68424 DC0000>MOV BYTE PTR SS:, 0x4
0040842A |. 6A 33 PUSH 0x33 ; 3
0040842C |. 50 PUSH EAX
0040842D |. 8D4424 58 LEA EAX, DWORD PTR SS:
00408431 |. 50 PUSH EAX
00408432 |. E8 B9C8FFFF CALL USBRecov.00404CF0
00408437 |. C68424 E80000>MOV BYTE PTR SS:, 0x5
0040843F |. 6A 7A PUSH 0x7A ; z
00408441 |. 50 PUSH EAX
00408442 |. 8D4C24 4C LEA ECX, DWORD PTR SS:
00408446 |. 51 PUSH ECX
00408447 |. E8 A4C8FFFF CALL USBRecov.00404CF0
0040844C |. C68424 F40000>MOV BYTE PTR SS:, 0x6
00408454 |. 6A 6F PUSH 0x6F ; o
00408456 |. 50 PUSH EAX
00408457 |. 8D9424 8C0000>LEA EDX, DWORD PTR SS:
0040845E |. 52 PUSH EDX
0040845F |. E8 8CC8FFFF CALL USBRecov.00404CF0
00408464 |. 83C4 3C ADD ESP, 0x3C
00408467 |. C68424 C40000>MOV BYTE PTR SS:, 0x8
0040846F |. 8D4C24 20 LEA ECX, DWORD PTR SS:
00408473 |. E8 784A0000 CALL USBRecov.0040CEF0
00408478 |. C68424 C40000>MOV BYTE PTR SS:, 0x9
00408480 |. 8D4C24 38 LEA ECX, DWORD PTR SS:
00408484 |. E8 674A0000 CALL USBRecov.0040CEF0
00408489 |. C68424 C40000>MOV BYTE PTR SS:, 0xA
00408491 |. 8D4C24 48 LEA ECX, DWORD PTR SS:
00408495 |. E8 564A0000 CALL USBRecov.0040CEF0
0040849A |. C68424 C40000>MOV BYTE PTR SS:, 0xB
004084A2 |. 8D4C24 2C LEA ECX, DWORD PTR SS:
004084A6 |. E8 454A0000 CALL USBRecov.0040CEF0
004084AB |. 8B4424 58 MOV EAX, DWORD PTR SS:
004084AF |. 85C0 TEST EAX, EAX ; 用户名加上特征字串,这里加上的是8b3zo
004084B1 |. 74 05 JE SHORT USBRecov.004084B8 ; ASCII "CrackVip8b3zo"
004084B3 |. 8B48 F8 MOV ECX, DWORD PTR DS:
004084B6 |. EB 07 JMP SHORT USBRecov.004084BF
004084B8 |> 33C9 XOR ECX, ECX
004084BA |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
004084BF |> 51 PUSH ECX
004084C0 |. 50 PUSH EAX
004084C1 |. E8 2AE6FFFF CALL USBRecov.00406AF0 ; 变换算法,使用户名加密
004084C6 |. 51 PUSH ECX
004084C7 |. 8D4424 60 LEA EAX, DWORD PTR SS:
004084CB |. 8BCC MOV ECX, ESP
004084CD |. 896424 18 MOV DWORD PTR SS:, ESP
004084D1 |. 50 PUSH EAX
004084D2 |. E8 E9490000 CALL USBRecov.0040CEC0
004084D7 |. C68424 D00000>MOV BYTE PTR SS:, 0xC
004084DF |. 8D8C24 AC0000>LEA ECX, DWORD PTR SS:
004084E6 |. 51 PUSH ECX
004084E7 |. C68424 D40000>MOV BYTE PTR SS:, 0xB
004084EF |. E8 4CE5FFFF CALL USBRecov.00406A40
004084F4 |. C68424 D40000>MOV BYTE PTR SS:, 0xD ; 下面为加入特征字串
004084FC |. 6A 63 PUSH 0x63 ; c
004084FE |. 8D9424 F00000>LEA EDX, DWORD PTR SS:
00408505 |. 52 PUSH EDX
00408506 |. 8D4424 38 LEA EAX, DWORD PTR SS:
0040850A |. 50 PUSH EAX
0040850B |. E8 E0C7FFFF CALL USBRecov.00404CF0
00408510 |. C68424 E00000>MOV BYTE PTR SS:, 0xE
00408518 |. 6A 36 PUSH 0x36 ; 6
0040851A |. 50 PUSH EAX
0040851B |. 8D4C24 5C LEA ECX, DWORD PTR SS:
0040851F |. 51 PUSH ECX
00408520 |. E8 CBC7FFFF CALL USBRecov.00404CF0
00408525 |. C68424 EC0000>MOV BYTE PTR SS:, 0xF
0040852D |. 6A 65 PUSH 0x65 ; e
0040852F |. 50 PUSH EAX
00408530 |. 8D5424 78 LEA EDX, DWORD PTR SS:
00408534 |. 52 PUSH EDX
00408535 |. E8 B6C7FFFF CALL USBRecov.00404CF0
0040853A |. C68424 F80000>MOV BYTE PTR SS:, 0x10
00408542 |. 6A 74 PUSH 0x74 ; t
00408544 |. 50 PUSH EAX
00408545 |. 8D4424 68 LEA EAX, DWORD PTR SS:
00408549 |. 50 PUSH EAX
0040854A |. E8 A1C7FFFF CALL USBRecov.00404CF0
0040854F |. 83C4 40 ADD ESP, 0x40
00408552 |. C68424 C40000>MOV BYTE PTR SS:, 0x11
0040855A |. 6A 65 PUSH 0x65 ; e
0040855C |. 50 PUSH EAX
0040855D |. 8D4C24 68 LEA ECX, DWORD PTR SS:
00408561 |. 51 PUSH ECX
00408562 |. E8 89C7FFFF CALL USBRecov.00404CF0 ; 邮箱加入特征字串c6ete
00408567 |. 83C4 0C ADD ESP, 0xC
0040856A |. C68424 C40000>MOV BYTE PTR SS:, 0x13
00408572 |. 8D4C24 2C LEA ECX, DWORD PTR SS:
00408576 |. E8 75490000 CALL USBRecov.0040CEF0
0040857B |. C68424 C40000>MOV BYTE PTR SS:, 0x14
00408583 |. 8D4C24 48 LEA ECX, DWORD PTR SS:
00408587 |. E8 64490000 CALL USBRecov.0040CEF0
0040858C |. C68424 C40000>MOV BYTE PTR SS:, 0x15
00408594 |. 8D4C24 38 LEA ECX, DWORD PTR SS:
00408598 |. E8 53490000 CALL USBRecov.0040CEF0
0040859D |. C68424 C40000>MOV BYTE PTR SS:, 0x16
004085A5 |. 8D4C24 20 LEA ECX, DWORD PTR SS:
004085A9 |. E8 42490000 CALL USBRecov.0040CEF0
004085AE |. 8B4424 64 MOV EAX, DWORD PTR SS:
004085B2 |. 85C0 TEST EAX, EAX
004085B4 |. 74 05 JE SHORT USBRecov.004085BB
004085B6 |. 8B48 F8 MOV ECX, DWORD PTR DS:
004085B9 |. EB 07 JMP SHORT USBRecov.004085C2
004085BB |> 33C9 XOR ECX, ECX
004085BD |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
004085C2 |> 51 PUSH ECX
004085C3 |. 50 PUSH EAX
004085C4 |. E8 27E5FFFF CALL USBRecov.00406AF0 ; 变形算法
004085C9 |. 51 PUSH ECX
004085CA |. 8D5424 6C LEA EDX, DWORD PTR SS:
004085CE |. 8BCC MOV ECX, ESP
004085D0 |. 896424 18 MOV DWORD PTR SS:, ESP
004085D4 |. 52 PUSH EDX
004085D5 |. E8 E6480000 CALL USBRecov.0040CEC0
004085DA |. C68424 D00000>MOV BYTE PTR SS:, 0x17
004085E2 |. 8D8424 9C0000>LEA EAX, DWORD PTR SS:
004085E9 |. 50 PUSH EAX
004085EA |. C68424 D40000>MOV BYTE PTR SS:, 0x16
004085F2 |. E8 49E4FFFF CALL USBRecov.00406A40 ; MD5
004085F7 |. 83C4 10 ADD ESP, 0x10
004085FA |. C68424 C40000>MOV BYTE PTR SS:, 0x18
00408602 |. 6A FF PUSH -0x1
00408604 |. 68 E03E4300 PUSH USBRecov.00433EE0
00408609 |. 8D4C24 18 LEA ECX, DWORD PTR SS:
0040860D |. E8 0E520000 CALL USBRecov.0040D820
00408612 |. C68424 C40000>MOV BYTE PTR SS:, 0x19
0040861A |. 68 BC91E911 PUSH 0x11E991BC ; 这个是什么数字,转成数字后是300519868,经过分析这里为软
件特征
0040861F |. 8D4C24 14 LEA ECX, DWORD PTR SS:
00408623 |. E8 E8530000 CALL USBRecov.0040DA10 ; 取其中的后面8位数字?
00408628 |. 6A FF PUSH -0x1
0040862A |. 68 E03E4300 PUSH USBRecov.00433EE0
0040862F |. 8D4C24 74 LEA ECX, DWORD PTR SS:
00408633 |. E8 E8510000 CALL USBRecov.0040D820
00408638 |. C68424 C40000>MOV BYTE PTR SS:, 0x1A ; 再加上特征字串
00408640 |. 6A 6B PUSH 0x6B ; k
00408642 |. 50 PUSH EAX
00408643 |. 8D8C24 800000>LEA ECX, DWORD PTR SS:
0040864A |. 51 PUSH ECX
0040864B |. E8 A0C6FFFF CALL USBRecov.00404CF0
00408650 |. C68424 D00000>MOV BYTE PTR SS:, 0x1B
00408658 |. 6A 72 PUSH 0x72 ; r
0040865A |. 50 PUSH EAX
0040865B |. 8D5424 34 LEA EDX, DWORD PTR SS:
0040865F |. 52 PUSH EDX
00408660 |. E8 8BC6FFFF CALL USBRecov.00404CF0
00408665 |. C68424 DC0000>MOV BYTE PTR SS:, 0x1C
0040866D |. 6A 78 PUSH 0x78 ; x
0040866F |. 50 PUSH EAX
00408670 |. 8D4424 58 LEA EAX, DWORD PTR SS:
00408674 |. 50 PUSH EAX
00408675 |. E8 76C6FFFF CALL USBRecov.00404CF0
0040867A |. C68424 E80000>MOV BYTE PTR SS:, 0x1D
00408682 |. 6A 35 PUSH 0x35 ; 5
00408684 |. 50 PUSH EAX
00408685 |. 8D4C24 74 LEA ECX, DWORD PTR SS:
00408689 |. 51 PUSH ECX
0040868A |. E8 61C6FFFF CALL USBRecov.00404CF0
0040868F |. B3 1E MOV BL, 0x1E ; 长度吗?30
00408691 |. 889C24 F40000>MOV BYTE PTR SS:, BL
00408698 |. 6A 6C PUSH 0x6C ; l
0040869A |. 50 PUSH EAX
0040869B |. 8D5424 64 LEA EDX, DWORD PTR SS:
0040869F |. 52 PUSH EDX
004086A0 |. E8 4BC6FFFF CALL USBRecov.00404CF0
004086A5 |. 83C4 3C ADD ESP, 0x3C
004086A8 |. C68424 C40000>MOV BYTE PTR SS:, 0x1F
004086B0 |. 50 PUSH EAX
004086B1 |. 8D4C24 14 LEA ECX, DWORD PTR SS:
004086B5 |. E8 16500000 CALL USBRecov.0040D6D0
004086BA |. 889C24 C40000>MOV BYTE PTR SS:, BL
004086C1 |. 8D4C24 2C LEA ECX, DWORD PTR SS:
004086C5 |. E8 26480000 CALL USBRecov.0040CEF0
004086CA |. C68424 C40000>MOV BYTE PTR SS:, 0x1D
004086D2 |. 8D4C24 48 LEA ECX, DWORD PTR SS:
004086D6 |. E8 15480000 CALL USBRecov.0040CEF0
004086DB |. C68424 C40000>MOV BYTE PTR SS:, 0x1C
004086E3 |. 8D4C24 38 LEA ECX, DWORD PTR SS:
004086E7 |. E8 04480000 CALL USBRecov.0040CEF0
004086EC |. C68424 C40000>MOV BYTE PTR SS:, 0x1B
004086F4 |. 8D4C24 20 LEA ECX, DWORD PTR SS:
004086F8 |. E8 F3470000 CALL USBRecov.0040CEF0
004086FD |. C68424 C40000>MOV BYTE PTR SS:, 0x1A
00408705 |. 8D4C24 78 LEA ECX, DWORD PTR SS:
00408709 |. E8 E2470000 CALL USBRecov.0040CEF0
0040870E |. C68424 C40000>MOV BYTE PTR SS:, 0x19
00408716 |. 8D4C24 6C LEA ECX, DWORD PTR SS:
0040871A |. E8 D1470000 CALL USBRecov.0040CEF0 ; 上面的字串,再加特征码,这个特征码是固定的
0040871F |. 8B4424 14 MOV EAX, DWORD PTR SS: ; ASCII "300519868krx5l"
00408723 |. 85C0 TEST EAX, EAX
00408725 |. 74 05 JE SHORT USBRecov.0040872C
00408727 |. 8B48 F8 MOV ECX, DWORD PTR DS:
0040872A |. EB 07 JMP SHORT USBRecov.00408733
0040872C |> 33C9 XOR ECX, ECX
0040872E |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
00408733 |> 51 PUSH ECX
00408734 |. 50 PUSH EAX
00408735 |. E8 B6E3FFFF CALL USBRecov.00406AF0
0040873A |. 51 PUSH ECX
0040873B |. 8D4424 1C LEA EAX, DWORD PTR SS:
0040873F |. 8BCC MOV ECX, ESP
00408741 |. 896424 18 MOV DWORD PTR SS:, ESP
00408745 |. 50 PUSH EAX
00408746 |. E8 75470000 CALL USBRecov.0040CEC0
0040874B |. C68424 D00000>MOV BYTE PTR SS:, 0x20
00408753 |. 8D8C24 B80000>LEA ECX, DWORD PTR SS:
0040875A |. 51 PUSH ECX
0040875B |. C68424 D40000>MOV BYTE PTR SS:, 0x19
00408763 |. E8 D8E2FFFF CALL USBRecov.00406A40 ; MD5运算
00408768 |. C68424 D40000>MOV BYTE PTR SS:, 0x21
00408770 |. 83C4 04 ADD ESP, 0x4
00408773 |. 8D9424 B80000>LEA EDX, DWORD PTR SS:
0040877A |. 8BCC MOV ECX, ESP
0040877C |. 896424 18 MOV DWORD PTR SS:, ESP
00408780 |. 52 PUSH EDX
00408781 |. E8 3A470000 CALL USBRecov.0040CEC0 ; 刚刚取到的MD5值
00408786 |. C68424 D00000>MOV BYTE PTR SS:, 0x22
0040878E |. 68 1C494300 PUSH USBRecov.0043491C ; -
00408793 |. 83EC 0C SUB ESP, 0xC
00408796 |. 8BF4 MOV ESI, ESP
00408798 |. 89A424 B80000>MOV DWORD PTR SS:, ESP
0040879F |. 83EC 0C SUB ESP, 0xC
004087A2 |. 8D8424 B80000>LEA EAX, DWORD PTR SS:
004087A9 |. 8BCC MOV ECX, ESP
004087AB |. 89A424 E00000>MOV DWORD PTR SS:, ESP
004087B2 |. 50 PUSH EAX
004087B3 |. E8 08470000 CALL USBRecov.0040CEC0
004087B8 |. B3 23 MOV BL, 0x23
004087BA |. 889C24 EC0000>MOV BYTE PTR SS:, BL
004087C1 |. 68 1C494300 PUSH USBRecov.0043491C ; -
004087C6 |. 83EC 0C SUB ESP, 0xC
004087C9 |. 8D9424 D80000>LEA EDX, DWORD PTR SS:
004087D0 |. 8BCC MOV ECX, ESP
004087D2 |. 896424 7C MOV DWORD PTR SS:, ESP
004087D6 |. 52 PUSH EDX
004087D7 |. E8 E4460000 CALL USBRecov.0040CEC0
004087DC |. C68424 FC0000>MOV BYTE PTR SS:, 0x24
004087E4 |. 8D8424 B00000>LEA EAX, DWORD PTR SS:
004087EB |. 50 PUSH EAX
004087EC |. 889C24 000100>MOV BYTE PTR SS:, BL
004087F3 |. E8 B894FFFF CALL USBRecov.00401CB0
004087F8 |. 83C4 14 ADD ESP, 0x14
004087FB |. C68424 EC0000>MOV BYTE PTR SS:, 0x25
00408803 |. 50 PUSH EAX
00408804 |. B3 26 MOV BL, 0x26 ; 26?
00408806 |. 56 PUSH ESI
00408807 |. 889C24 F40000>MOV BYTE PTR SS:, BL
0040880E |. E8 1D94FFFF CALL USBRecov.00401C30
00408813 |. 83C4 14 ADD ESP, 0x14
00408816 |. C68424 E00000>MOV BYTE PTR SS:, 0x27
0040881E |. 8D8C24 880000>LEA ECX, DWORD PTR SS:
00408825 |. 51 PUSH ECX
00408826 |. 889C24 E40000>MOV BYTE PTR SS:, BL
0040882D |. E8 7E94FFFF CALL USBRecov.00401CB0
00408832 |. 83C4 14 ADD ESP, 0x14
00408835 |. C68424 D00000>MOV BYTE PTR SS:, 0x28
0040883D |. 8BB424 D80000>MOV ESI, DWORD PTR SS:
00408844 |. 50 PUSH EAX
00408845 |. 56 PUSH ESI
00408846 |. C68424 D80000>MOV BYTE PTR SS:, 0x2A
0040884E |. E8 DD93FFFF CALL USBRecov.00401C30
00408853 |. 83C4 14 ADD ESP, 0x14
00408856 |. BB 01000000 MOV EBX, 0x1
0040885B |. 895C24 1C MOV DWORD PTR SS:, EBX
0040885F |. C68424 C40000>MOV BYTE PTR SS:, 0x29
00408867 |. 8D4C24 6C LEA ECX, DWORD PTR SS:
0040886B |. E8 80460000 CALL USBRecov.0040CEF0
00408870 |. C68424 C40000>MOV BYTE PTR SS:, 0x21
00408878 |. 8D4C24 78 LEA ECX, DWORD PTR SS:
0040887C |. E8 6F460000 CALL USBRecov.0040CEF0
00408881 |. 83EC 0C SUB ESP, 0xC
00408884 |. 8BCC MOV ECX, ESP
00408886 |. 896424 50 MOV DWORD PTR SS:, ESP
0040888A |. 56 PUSH ESI
0040888B |. E8 30460000 CALL USBRecov.0040CEC0
00408890 |. C68424 D00000>MOV BYTE PTR SS:, 0x2B
00408898 |. 8D9424 900000>LEA EDX, DWORD PTR SS:
0040889F |. 52 PUSH EDX
004088A0 |. C68424 D40000>MOV BYTE PTR SS:, 0x21
004088A8 |. E8 93E1FFFF CALL USBRecov.00406A40 ; 再MD5
004088AD |. 83C4 10 ADD ESP, 0x10
004088B0 |. C68424 C40000>MOV BYTE PTR SS:, 0x2C
004088B8 |. 8D8424 840000>LEA EAX, DWORD PTR SS:
004088BF |. 50 PUSH EAX
004088C0 |. 8BCE MOV ECX, ESI
004088C2 |. E8 29470000 CALL USBRecov.0040CFF0
004088C7 |. 8B46 04 MOV EAX, DWORD PTR DS:
004088CA |. 85C0 TEST EAX, EAX
004088CC |. 74 12 JE SHORT USBRecov.004088E0
004088CE |. 8378 F8 08 CMP DWORD PTR DS:, 0x8
004088D2 |. 7C 0C JL SHORT USBRecov.004088E0
004088D4 |. 6A 07 PUSH 0x7 ; 第7个替换
004088D6 |. 8BCE MOV ECX, ESI
004088D8 |. E8 D3440000 CALL USBRecov.0040CDB0
004088DD |. C600 2D MOV BYTE PTR DS:, 0x2D ; -
004088E0 |> 8B46 04 MOV EAX, DWORD PTR DS:
004088E3 |. 85C0 TEST EAX, EAX
004088E5 |. 74 12 JE SHORT USBRecov.004088F9
004088E7 |. 8378 F8 10 CMP DWORD PTR DS:, 0x10
004088EB |. 7C 0C JL SHORT USBRecov.004088F9
004088ED |. 6A 0F PUSH 0xF ; 第F(15)个替换-
004088EF |. 8BCE MOV ECX, ESI
004088F1 |. E8 BA440000 CALL USBRecov.0040CDB0
004088F6 |. C600 2D MOV BYTE PTR DS:, 0x2D
004088F9 |> 8B46 04 MOV EAX, DWORD PTR DS:
004088FC |. 85C0 TEST EAX, EAX
004088FE |. 74 12 JE SHORT USBRecov.00408912
00408900 |. 8378 F8 18 CMP DWORD PTR DS:, 0x18
00408904 |. 7C 0C JL SHORT USBRecov.00408912
00408906 |. 6A 17 PUSH 0x17 ; 第0x17个位置替换-
00408908 |. 8BCE MOV ECX, ESI
0040890A |. E8 A1440000 CALL USBRecov.0040CDB0
0040890F |. C600 2D MOV BYTE PTR DS:, 0x2D ; -
00408912 |> 8BCE MOV ECX, ESI
00408914 |. E8 F74A0000 CALL USBRecov.0040D410
00408919 |. 8B46 04 MOV EAX, DWORD PTR DS:
0040891C |. 85C0 TEST EAX, EAX
0040891E |. 74 05 JE SHORT USBRecov.00408925
00408920 |. 8B48 F8 MOV ECX, DWORD PTR DS:
00408923 |. EB 02 JMP SHORT USBRecov.00408927
00408925 |> 33C9 XOR ECX, ECX
00408927 |> 85C0 TEST EAX, EAX
00408929 |. 75 05 JNZ SHORT USBRecov.00408930
0040892B |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
00408930 |> 51 PUSH ECX
00408931 |. 50 PUSH EAX
00408932 |. E8 D9E1FFFF CALL USBRecov.00406B10 ; 替换字串0为E
00408937 |. 83C4 08 ADD ESP, 0x8
0040893A |. C68424 C40000>MOV BYTE PTR SS:, 0x21
00408942 |. 8D8C24 840000>LEA ECX, DWORD PTR SS:
00408949 |. E8 A2450000 CALL USBRecov.0040CEF0
0040894E |. C68424 C40000>MOV BYTE PTR SS:, 0x19
00408956 |. 8D8C24 AC0000>LEA ECX, DWORD PTR SS:
0040895D |. E8 8E450000 CALL USBRecov.0040CEF0
00408962 |. C68424 C40000>MOV BYTE PTR SS:, 0x18
0040896A |. 8D4C24 10 LEA ECX, DWORD PTR SS:
0040896E |. E8 7D450000 CALL USBRecov.0040CEF0
00408973 |. C68424 C40000>MOV BYTE PTR SS:, 0x16
0040897B |. 8D8C24 900000>LEA ECX, DWORD PTR SS:
00408982 |. E8 69450000 CALL USBRecov.0040CEF0
00408987 |. C68424 C40000>MOV BYTE PTR SS:, 0xD
0040898F |. 8D4C24 60 LEA ECX, DWORD PTR SS:
00408993 |. E8 58450000 CALL USBRecov.0040CEF0
00408998 |. C68424 C40000>MOV BYTE PTR SS:, 0xB
004089A0 |. 8D8C24 A00000>LEA ECX, DWORD PTR SS:
004089A7 |. E8 44450000 CALL USBRecov.0040CEF0
004089AC |. C68424 C40000>MOV BYTE PTR SS:, 0x2
004089B4 |. 8D4C24 54 LEA ECX, DWORD PTR SS:
004089B8 |. E8 33450000 CALL USBRecov.0040CEF0
004089BD |. 889C24 C40000>MOV BYTE PTR SS:, BL
004089C4 |. 8D8C24 D00000>LEA ECX, DWORD PTR SS:
004089CB |. E8 20450000 CALL USBRecov.0040CEF0
004089D0 |. C68424 C40000>MOV BYTE PTR SS:, 0x0
004089D8 |. 8D8C24 DC0000>LEA ECX, DWORD PTR SS:
004089DF |. E8 0C450000 CALL USBRecov.0040CEF0
004089E4 |. 8BC6 MOV EAX, ESI
004089E6 |. 8B8C24 BC0000>MOV ECX, DWORD PTR SS:
004089ED |. 64:890D 00000>MOV DWORD PTR FS:, ECX
004089F4 |. 59 POP ECX
004089F5 |. 5E POP ESI
004089F6 |. 5B POP EBX
004089F7 |. 81C4 BC000000 ADD ESP, 0xBC
004089FD \. C3 RETN
$+28 > 00A62C54 ASCII "1E32A25-7B2D9E4-6D62B8C-559A2E63"
0012ED58 00A62C54 ASCII "E62E51E-E85C1D2-2BCF48C-791D4946"
>0012ED58 00A62C54 ASCII "E62E51E-E85C1D2-2BCF48C-791D4946"
>
CrackVip
[email protected]
E62E51E-E85C1D2-2BCF48C-791D4946
EAX 00000000
ECX 00433EE1 USBRecov.00433EE1
EDX 00A6449D ASCII "4ce6db3d030f90eea1d40f4c5c56b4f"
EAX 0012F0B0
ECX 00433EE1 USBRecov.00433EE1
EDX 00A64E65 ASCII "5a3523cd7106b9552b874cb26c99e71"
EAX 0012F014
ECX 00434965 USBRecov.00434965
EDX 00A64509 ASCII "4cb26c99e71"
EAX 0012F014
ECX 00434939 USBRecov.00434939
EDX 00A6450D ASCII "6c99e71"
软件版本特征码
4415=<2<ov|1h
========MD5======================
d2c1cc6258f65227e7835fc416191e3f (32)
58f65227e7835fc4 (16)
**me
[email protected]
4444444-3333333-2222222-1111111
EAX 0012F0B0
ECX 00433EE1 USBRecov.00433EE1
EDX 00A64E7D ASCII ""
bf3820b3ea6c781ac9c608dc403d24f
EAX 0012EDC0
ECX 00433EE1 USBRecov.00433EE1
"9d0a5d0ff71be8dbf5ac618ba3195db"
堆栈 SS:=00A64B34, (ASCII "1111111-2222222c6ete300519868")
EAX=0012ECA8
5555555)6666666g2apa74415=<2<
-----》》》》MD5
a6853cdc095af227aabca40cccf15655
a6853cdc095af227aabca40cccf15655
" dc095af227aabca40cccf15655"
在第7位加入-,并转大写
ASCII "A6853C-C095AF227"
=============================================================
用户名加上特征字串------>>>ASCII "CrackVip8b3zo"
然后异或算法,得到加密后的字串 ASCII "GvegoRmt<f7~k"
该特征码MD5后
fbbbb696856b99fe30fa649668386e8f (32)
856b99fe30fa6496 (16)
============================================================
邮箱加上特征码------------->>>>>>>>>>[email protected]
然后与4异或算法,得到加密后的字串 ASCII "gvegormtDuu*gkig2apa"
该特征码MD5后
f14df3a3320192d94f106b6d306bdd1a (32)
320192d94f106b6d (16)
=============================================================
固定特征码字串
> 00A64E24 ASCII "300519868krx5l"
然后与4异或算法,得到加密后的字串 ASCII "74415=<2<ov|1h"
MD5后
fa10413a614948270e60f748774e9f83 (32)
614948270e60f748 (16)
==============================================================
将前面三组MD5中间加“-”号,再次进行MD5(全部为小写)
fbbbb696856b99fe30fa649668386e8f-f14df3a3320192d94f106b6d306bdd1a-fa10413a614948270e60f748774e9f83
$-70 > 00A647C4 ASCII "fbbbb696856b99fe30fa649668386e8f-f14df3a3320192d94f106b6d306bdd1a-fa10413a614948270e60f748774e9f83"
MD5后
2ae431a6f3aa183cd826dfcc518079f9 (32)
f3aa183cd826dfcc (16)
ASCII "2AE431A-F3AA183-D826DFC-518E79F9"
强!
沙发 我是直接将第3个MD5字符串固化到KeyGen里的{:biggrin:} Crackvip出趟差,难道真是采阴补阳了?要不然没法解释啊{:shutup:} GGLHY 发表于 2014-9-10 08:20
我是直接将第3个MD5字符串固化到KeyGen里的
你这样就没法做出系列的注册机了。。。 crackvip 发表于 2014-9-10 12:28
你这样就没法做出系列的注册机了。。。
哈哈。我没考虑把它们一网打尽,只找了1个,弄了下KG而已~~~
{:biggrin:}
看来和Small-Q在酒店里玩过肥皂后,被灌注了功力,强大啊! 路过,支持。 非常棒..真的 VIP技术真强大
页:
[1]
2