申请加入2-快刀斩乱麻V3.91算法分析~~

pentacle · 发表于 2005-10-14 14:47:24

【破文标题】快刀斩乱麻V3.91算法分析~~
【破文作者】pentacle
【作者邮箱】
【作者主页】
【破解工具】OD
【破解平台】
【软件名称】快刀斩乱麻V3.91
【软件大小】2029KB

【原版下载】http://nj.onlinedown.net/soft/58.htm
【保护方式】
【软件简介】它是目前同类软件中功能最强大的！它不但支持批处理，使您能一次分割许多个文件!而且分割前还支持对文件进行加密和对文件进行压缩！这让您分割后的文件更具安全性和更加节省磁盘空间！本软件还具有一个特色功能那就是提取MP3文件的片段！这样您就能把一首歌中您喜欢的片段提取出来，单独播放了！除了以上功能，本软件还加入了许多人性化设计，使您用起来更加得心应手！而且本软件界面华丽，简单易用，相信在您想要携带大文件时，它会成为您的得力助手！                   (PS:此软件捆绑了太多的流氓软件)
------------------------------------------------------------------------
【破解过程】闲话少说，OD进入主题
通过字串我们找到
00401501 PUSH x-cut.00415058 注册码不正确！
双击过去~~
004014FB  |.  3BC7       CMP EAX,EDI
004014FD  |.  74 14       JE SHORT x-cut.00401513                ;  关键跳转~~
004014FF  |.  53          PUSH EBX
00401500  |.  53          PUSH EBX
00401501  |.  68 58504100 PUSH x-cut.00415058                   ;  注册码不正确！
向上走~~
004013E0  /$  6A FF       PUSH -1
004013E2  |.  68 48DB4000 PUSH x-cut.0040DB48                   ;  SE handler installation
004013E7  |.  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
004013ED  |.  50          PUSH EAX
004013EE  |.  64:8925 00000>MOV DWORD PTR FS:[0],ESP
004013F5  |.  83EC 10    SUB ESP,10
004013F8  |.  A1 185C4100 MOV EAX,DWORD PTR DS:[415C18]
004013FD  |.  53          PUSH EBX
004013FE  |.  56          PUSH ESI
004013FF  |.  33DB       XOR EBX,EBX
00401401  |.  57          PUSH EDI
00401402  |.  53          PUSH EBX                               ; /TimerID => 0
00401403  |.  50          PUSH EAX                               ; |hWnd => 00190B7C ('注册快刀斩乱麻：',class='#32770')
00401404  |.  FF15 54044100 CALL DWORD PTR DS:[<&USER32.KillTimer>]  ; \KillTimer
0040140A  |.  8D4C24 10    LEA ECX,DWORD PTR SS:[ESP+10]
0040140E  |.  E8 3FC00000 CALL <JMP.&MFC42.#540>
00401413  |.  6A 01       PUSH 1
00401415  |.  B9 F85B4100 MOV ECX,x-cut.00415BF8
0040141A  |.  895C24 28    MOV DWORD PTR SS:[ESP+28],EBX
0040141E  |.  E8 BFC00000 CALL <JMP.&MFC42.#6334>
00401423  |.  8B0D 685C4100 MOV ECX,DWORD PTR DS:[415C68]
00401429  |.  BE 1E000000 MOV ESI,1E
0040142E  |.  68 685C4100 PUSH x-cut.00415C68
00401433  |.  BF 01000000 MOV EDI,1
00401438  |.  8B41 F8    MOV EAX,DWORD PTR DS:[ECX-8]
0040143B  |.  8D4C24 14    LEA ECX,DWORD PTR SS:[ESP+14]
0040143F  |.  2BF0       SUB ESI,EAX
00401441  |.  E8 96C00000 CALL <JMP.&MFC42.#858>
00401446  |.  8B15 685C4100 MOV EDX,DWORD PTR DS:[415C68]
0040144C  |.  8B42 F8    MOV EAX,DWORD PTR DS:[EDX-8]
0040144F  |.  83F8 1E    CMP EAX,1E                            ;  注册名长度>30就跳走，不足就往下走
00401452  |.  7D 3A       JGE SHORT x-cut.0040148E
00401454  |.  3BF3       CMP ESI,EBX
00401456  |.  7E 66       JLE SHORT x-cut.004014BE
00401458  |>  68 68504100 /PUSH x-cut.00415068                   ;  注册名用0补足30位
0040145D  |.  8D4424 18    |LEA EAX,DWORD PTR SS:[ESP+18]
00401461  |.  68 685C4100 |PUSH x-cut.00415C68
00401466  |.  50          |PUSH EAX
00401467  |.  E8 6AC00000 |CALL <JMP.&MFC42.#924>
0040146C  |.  50          |PUSH EAX
0040146D  |.  B9 685C4100 |MOV ECX,x-cut.00415C68
00401472  |.  C64424 28 01  |MOV BYTE PTR SS:[ESP+28],1
00401477  |.  E8 60C00000 |CALL <JMP.&MFC42.#858>
0040147C  |.  8D4C24 14    |LEA ECX,DWORD PTR SS:[ESP+14]
00401480  |.  885C24 24    |MOV BYTE PTR SS:[ESP+24],BL
00401484  |.  E8 DBBF0000 |CALL <JMP.&MFC42.#800>
00401489  |.  4E          |DEC ESI
0040148A  |.^ 75 CC       \JNZ SHORT x-cut.00401458
0040148C  |.  EB 30       JMP SHORT x-cut.004014BE
0040148E  |>  7E 2E       JLE SHORT x-cut.004014BE
00401490  |.  8D4C24 14    LEA ECX,DWORD PTR SS:[ESP+14]
00401494  |.  6A 1E       PUSH 1E
00401496  |.  51          PUSH ECX
00401497  |.  B9 685C4100 MOV ECX,x-cut.00415C68
0040149C  |.  E8 2FC00000 CALL <JMP.&MFC42.#4129>
004014A1  |.  50          PUSH EAX
004014A2  |.  B9 685C4100 MOV ECX,x-cut.00415C68
004014A7  |.  C64424 28 02  MOV BYTE PTR SS:[ESP+28],2
004014AC  |.  E8 2BC00000 CALL <JMP.&MFC42.#858>
004014B1  |.  8D4C24 14    LEA ECX,DWORD PTR SS:[ESP+14]
004014B5  |.  885C24 24    MOV BYTE PTR SS:[ESP+24],BL
004014B9  |.  E8 A6BF0000 CALL <JMP.&MFC42.#800>
004014BE  |>  55          PUSH EBP
004014BF  |.  8B2D 685C4100 MOV EBP,DWORD PTR DS:[415C68]          ;  将注册名压入EBP
004014C5  |.  33C9       XOR ECX,ECX
004014C7  |>  8A0429       /MOV AL,BYTE PTR DS:[ECX+EBP]          ;  计算注册码，依次取注册码的每一位
004014CA  |.  83E0 7F    |AND EAX,7F
004014CD  |.  69C0 3B2E0800 |IMUL EAX,EAX,82E3B                   ;  EAX=EAX*536123
004014D3  |.  8BF0       |MOV ESI,EAX
004014D5  |.  B8 E10217B8 |MOV EAX,B81702E1
004014DA  |.  F7EE       |IMUL ESI                               ;  EAX=ESI*EAX，取低位，高位入EDX
004014DC  |.  03D6       |ADD EDX,ESI                            ;  EDX=高位
004014DE  |.  C1FA 06    |SAR EDX,6                            ;  右移6位
004014E1  |.  8BC2       |MOV EAX,EDX
004014E3  |.  C1E8 1F    |SHR EAX,1F                            ;  右移31位
004014E6  |.  03D0       |ADD EDX,EAX
004014E8  |.  41          |INC ECX
004014E9  |.  83F9 1E    |CMP ECX,1E                            ;  30次计算循环
004014EC  |.  8DBC17 7A0785>|LEA EDI,DWORD PTR DS:[EDI+EDX+85077A] ;  EDI的值=EDI+EDX+85077A
004014F3  |.^ 7C D2       \JL SHORT x-cut.004014C7
004014F5  |.  A1 645C4100 MOV EAX,DWORD PTR DS:[415C64]          ;  假注册码入EAX
004014FA  |.  5D          POP EBP
004014FB  |.  3BC7       CMP EAX,EDI
004014FD  |.  74 14       JE SHORT x-cut.00401513                ;  关键跳转~~
004014FF  |.  53          PUSH EBX
00401500  |.  53          PUSH EBX
00401501  |.  68 58504100 PUSH x-cut.00415058                   ;  注册码不正确！
00401506  |.  E8 BFBF0000 CALL <JMP.&MFC42.#1200>
0040150B  |.  393D 645C4100 CMP DWORD PTR DS:[415C64],EDI
00401511  |.  75 5C       JNZ SHORT x-cut.0040156F
00401513  |>  8D4C24 18    LEA ECX,DWORD PTR SS:[ESP+18]
00401517  |.  8D5424 0C    LEA EDX,DWORD PTR SS:[ESP+C]
0040151B  |.  51          PUSH ECX                               ; /pDisposition
0040151C  |.  52          PUSH EDX                               ; |pHandle
0040151D  |.  53          PUSH EBX                               ; |pSecurity
0040151E  |.  68 3F000F00 PUSH 0F003F                            ; |Access = KEY_ALL_ACCESS
00401523  |.  53          PUSH EBX                               ; |Options
00401524  |.  53          PUSH EBX                               ; |Class
00401525  |.  53          PUSH EBX                               ; |Reserved
00401526  |.  68 38504100 PUSH x-cut.00415038                   ; |Subkey = "MIME\Database\Charset\sciJSD"
0040152B  |.  68 00000080 PUSH 80000000                         ; |hKey = HKEY_CLASSES_ROOT
00401530  |.  C74424 38 080>MOV DWORD PTR SS:[ESP+38],8             ; |
00401538  |.  FF15 00004100 CALL DWORD PTR DS:[<&ADVAPI32.RegCreateK>; \RegCreateKeyExA
0040153E  |.  8B4C24 0C    MOV ECX,DWORD PTR SS:[ESP+C]
00401542  |.  8D4424 14    LEA EAX,DWORD PTR SS:[ESP+14]
00401546  |.  6A 04       PUSH 4                                  ; /BufSize = 4
00401548  |.  50          PUSH EAX                               ; |Buffer
00401549  |.  6A 04       PUSH 4                                  ; |ValueType = REG_DWORD
0040154B  |.  53          PUSH EBX                               ; |Reserved
0040154C  |.  68 30504100 PUSH x-cut.00415030                   ; |ValueName = "option"
00401551  |.  51          PUSH ECX                               ; |hKey
00401552  |.  FF15 04004100 CALL DWORD PTR DS:[<&ADVAPI32.RegSetValu>; \RegSetValueExA
00401558  |.  8B5424 0C    MOV EDX,DWORD PTR SS:[ESP+C]
0040155C  |.  52          PUSH EDX                               ; /hKey
0040155D  |.  FF15 08004100 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe>; \RegCloseKey

算法总结：
注册名<30位则用0补足30位。注册名>30则取30位计算。
计算是：依次取注册名的ASCII码*82E3Bh*B81702E1h=值  将低8位放入EAX中高8位放入EDX中
将EDX的值右移6位。
EDX=1+85077A*30+30位字符分别经过上述运算后的EDX右移6位后的值  转为十进制便是注册码

注册后信息保存在注册表中
HKEY_CLASSES_ROOT\MIME\Database\Charset\SciJS下option下。DW健值为8.
要不注册删除就可以了。反之也行~~

------------------------------------------------------------------------
【破解总结】我是一只小小鸟~~~
------------------------------------------------------------------------
【版权声明】本文纯属技术交流, 转载请注明作者信息并保持文章的完整, 谢谢!

飘云 · 发表于 2005-10-14 17:05:10

楼主的软件有点老了～
请发布几个15天以内的“新鲜” 软件破文

		自动登录	找回密码
密码			加入我们