IUWESHARE系列软件的注册和过网络验证
IUWESHARE系列软件的注册和过网络验证我只OD了那个:IUWEshare Photo Recovery Wizard 1.8.8.8 推测全站的解决方案应该是一样的。。。
如果不一样,嗯,就当这个标题是我胡言乱语。~~
以IUWEshare Photo Recovery Wizard 1.8.8.8为例:
貌似有RSA算法,没确认直接F8跑了下。KEY长度29位,形如:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX。
注册的解决方案有2种:
一、利用黑名单修改一处跳转即可:
00476687 81C1 A0537900 add ecx,IUWEshar.007953A0 ; ASCII "IL9SW-3YE3M-LSMR8-PCDHB-L7FDL"<-----贴心的黑名单
0047668D 51 push ecx
0047668E 8B55 08 mov edx,dword ptr ss:
00476691 52 push edx
00476692 FF15 08866800 call dword ptr ds:[<&MSVCR90._stricmp>] ; msvcr90._stricmp
00476698 83C4 08 add esp,0x8
0047669B 85C0 test eax,eax
0047669D 75 04 jnz short IUWEshar.004766A3 ; 改为JMP即可~
0047669F 33C0 xor eax,eax
004766A1 EB 49 jmp short IUWEshar.004766EC
二、非黑名单注册:
039F1AD3 8B4424 24 mov eax,dword ptr ss:
039F1AD7 85C0 test eax,eax
039F1AD9 0F85 90010000 jnz EULicens.039F1C6F ; 这里不能跳~
039F1ADF 394424 28 cmp dword ptr ss:,eax
039F1AE3 74 0A je short EULicens.039F1AEF
039F1AE5 33D2 xor edx,edx
039F1AE7 8BC7 mov eax,edi
不过,还是得注意下这里:
004766D1 807D E8 15 cmp byte ptr ss:,0x15
004766D5 72 0F jb short IUWEshar.004766E6 ;不能跳(不能小于15H)
004766D7 807D E8 19 cmp byte ptr ss:,0x19
004766DB 76 02 jbe short IUWEshar.004766DF ;必须跳(不能大于19H)
004766DD EB 07 jmp short IUWEshar.004766E6
004766DF B8 01000000 mov eax,0x1
004766E4 EB 06 jmp short IUWEshar.004766EC
004766E6 33C0 xor eax,eax ; 爆破点
004766E8 EB 02 jmp short IUWEshar.004766EC
004766EA 33C0 xor eax,eax ; 爆破点
004766EC 8BE5 mov esp,ebp
004766EE 5D pop ebp
004766EF C2 0800 retn 0x8
OK,网验和谐点:
02A22E3D 8B45 EC mov eax,dword ptr ss:
02A22E40 8378 08 00 cmp dword ptr ds:,0x0
02A22E44 75 0C jnz short EuActive.02A22E52 ; 这里不跳~
02A22E46 C745 E8 04102007 mov dword ptr ss:,0x7201004
02A22E4D E9 0B040000 jmp EuActive.02A2325D
02A22E52 33C9 xor ecx,ecx
02A22E54^ 75 E7 jnz short EuActive.02A22E3D
02A22E56 8D95 58FEFFFF lea edx,dword ptr ss:
02A22E5C 52 push edx
和
02A23268 8B45 E8 mov eax,dword ptr ss:
02A2326B 25 FF0F0000 and eax,0xFFF
02A23270 74 23 JE short EuActive.02A23295 ; JMP???
02A23272 8BF4 mov esi,esp
02A23274 FF15 2850A302 call dword ptr ds:[<&KERNEL32.GetLastError>; ntdll.RtlGetLastWin32Error
02A2327A 3BF4 cmp esi,esp
如果,你还喜欢戴帽子的话,可以看看程序这个地方:
00453DCE 68 308B6C00 push IUWEshar.006C8B30 ; caption
00453DD3 8D45 F0 lea eax,dword ptr ss:
00453DD6 50 push eax
00453DD7 E8 84A9FDFF call IUWEshar.0042E760
00453DDC 83C4 08 add esp,0x8
00453DDF C745 FC 0000000>mov dword ptr ss:,0x0
00453DE6 E8 15D2FAFF call IUWEshar.00401000
00453DEB 8BC8 mov ecx,eax
00453DED E8 9E2DFFFF call IUWEshar.00446B90
00453DF2 8945 EC mov dword ptr ss:,eax
00453DF5 8B4D EC mov ecx,dword ptr ss:
00453DF8 898D 28FFFFFF mov dword ptr ss:,ecx
00453DFE 83BD 28FFFFFF 0>cmp dword ptr ss:,0x4
00453E05 77 5B ja short IUWEshar.00453E62
00453E07 8B95 28FFFFFF mov edx,dword ptr ss:
00453E0D FF2495 4C424500 jmp dword ptr ds: ; IUWEshar.00453E54
00453E14 68 B3B06B00 push IUWEshar.006BB0B3
00453E19 8D4D F0 lea ecx,dword ptr ss:
00453E1C FF15 A88B6800 call dword ptr ds:[<&mfc90.#945>] ; mfc90.#945
00453E22 EB 3E jmp short IUWEshar.00453E62
00453E24 68 B7B06B00 push IUWEshar.006BB0B7
00453E29 8D4D F0 lea ecx,dword ptr ss:
00453E2C FF15 A88B6800 call dword ptr ds:[<&mfc90.#945>] ; mfc90.#945
00453E32 EB 2E jmp short IUWEshar.00453E62
00453E34 68 E3B06B00 push IUWEshar.006BB0E3
00453E39 8D4D F0 lea ecx,dword ptr ss:
00453E3C FF15 A88B6800 call dword ptr ds:[<&mfc90.#945>] ; mfc90.#945
00453E42 EB 1E jmp short IUWEshar.00453E62
00453E44 68 388B6C00 push IUWEshar.006C8B38 ;Unlimited
00453E49 8D4D F0 lea ecx,dword ptr ss:
00453E4C FF15 A88B6800 call dword ptr ds:[<&mfc90.#945>] ; mfc90.#945
00453E52 EB 0E jmp short IUWEshar.00453E62
00453E54 68 448B6C00 push IUWEshar.006C8B44 ;AdvancedPE
00453E59 8D4D F0 lea ecx,dword ptr ss:
嗯,接下来上图:
该网站其他的软件我没测试。。。谁有兴趣的话可以试下。。。。
好吧,Nisy的大白呢?我找找去~~
依照国际惯例,自己的沙发自己坐~~ 来膜拜一下 充分利用黑名单,变废为宝~ 问题已解决,多谢大家。 问题已解决,多谢大家。 来膜拜一下...
页:
[1]