- UID
- 76030
注册时间2014-6-5
阅读权限30
最后登录1970-1-1
龙战于野
TA的每日心情 | 慵懒
2015-8-14 00:08 |
|---|
签到天数: 25 天 [LV.4]偶尔看看III
|
看了下作业统计,发现自己没有交第五课的作业,于是花了点时间把第五课的作业补上,就顺便看了下算法
算法其实也是比较简单
004C8D76 |. E8 353AFCFF CALL bigjig.0048C7B0 ; 关键CALL,算法CALL
004C8D7B |. 3C 01 CMP AL, 0x1
004C8D7D |. 75 32 JNZ SHORT bigjig.004C8DB1 ; 关键跳,这里改成强行跳
F7跟进到算法
0048C7B0 /$ 55 PUSH EBP ; 关键CALL 本地调用来自 0048C372, 004C8D76
0048C7B1 |. 8BEC MOV EBP, ESP
0048C7B3 |. 83C4 D8 ADD ESP, -0x28
0048C7B6 |. 53 PUSH EBX
0048C7B7 |. 56 PUSH ESI
0048C7B8 |. 33C9 XOR ECX, ECX
0048C7BA |. 894D F4 MOV DWORD PTR SS:[EBP-0xC], ECX
0048C7BD |. 894D F0 MOV DWORD PTR SS:[EBP-0x10], ECX
0048C7C0 |. 894D EC MOV DWORD PTR SS:[EBP-0x14], ECX
0048C7C3 |. 8955 F8 MOV DWORD PTR SS:[EBP-0x8], EDX
0048C7C6 |. 8945 FC MOV DWORD PTR SS:[EBP-0x4], EAX
0048C7C9 |. 8B45 FC MOV EAX, DWORD PTR SS:[EBP-0x4]
0048C7CC |. E8 4F78F7FF CALL bigjig.00404020
0048C7D1 |. 8B45 F8 MOV EAX, DWORD PTR SS:[EBP-0x8]
0048C7D4 |. E8 4778F7FF CALL bigjig.00404020
0048C7D9 |. 8D5D E8 LEA EBX, DWORD PTR SS:[EBP-0x18]
0048C7DC |. 33C0 XOR EAX, EAX
0048C7DE |. 55 PUSH EBP
0048C7DF |. 68 32CA4800 PUSH bigjig.0048CA32
0048C7E4 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0048C7E7 |. 64:8920 MOV DWORD PTR FS:[EAX], ESP
0048C7EA |. 8D55 F4 LEA EDX, DWORD PTR SS:[EBP-0xC]
0048C7ED |. 8B45 FC MOV EAX, DWORD PTR SS:[EBP-0x4]
0048C7F0 |. E8 2FBFF7FF CALL bigjig.00408724
0048C7F5 |. 8D55 F0 LEA EDX, DWORD PTR SS:[EBP-0x10]
0048C7F8 |. 8B45 F8 MOV EAX, DWORD PTR SS:[EBP-0x8]
0048C7FB |. E8 24BFF7FF CALL bigjig.00408724
0048C800 |. 8B45 F4 MOV EAX, DWORD PTR SS:[EBP-0xC]
0048C803 |. E8 6476F7FF CALL bigjig.00403E6C
0048C808 |. 83F8 06 CMP EAX, 0x6 ; 用户名长度必须为6位
0048C80B |. 74 07 JE SHORT bigjig.0048C814
0048C80D |. B3 01 MOV BL, 0x1
0048C80F |. E9 03020000 JMP bigjig.0048CA17
0048C814 |> 8D45 E0 LEA EAX, DWORD PTR SS:[EBP-0x20]
0048C817 |. 8B55 F4 MOV EDX, DWORD PTR SS:[EBP-0xC]
0048C81A |. E8 11C9F7FF CALL bigjig.00409130
0048C81F |. 33C0 XOR EAX, EAX
0048C821 |. 8903 MOV DWORD PTR DS:[EBX], EAX
0048C823 |. 8D45 E0 LEA EAX, DWORD PTR SS:[EBP-0x20]
0048C826 |. 8D55 D8 LEA EDX, DWORD PTR SS:[EBP-0x28]
0048C829 |> 8A08 /MOV CL, BYTE PTR DS:[EAX]
0048C82B |. 880A |MOV BYTE PTR DS:[EDX], CL
0048C82D |. FF03 |INC DWORD PTR DS:[EBX]
0048C82F |. 42 |INC EDX
0048C830 |. 40 |INC EAX
0048C831 |. 833B 07 |CMP DWORD PTR DS:[EBX], 0x7
0048C834 |.^ 75 F3 \JNZ SHORT bigjig.0048C829
0048C836 |. 33C0 XOR EAX, EAX
0048C838 |. 8903 MOV DWORD PTR DS:[EBX], EAX
0048C83A |. 8D45 D8 LEA EAX, DWORD PTR SS:[EBP-0x28]
0048C83D |> 8A10 /MOV DL, BYTE PTR DS:[EAX]
0048C83F |. 80FA 41 |CMP DL, 0x41 ; 大写a
0048C842 |. 72 05 |JB SHORT bigjig.0048C849
0048C844 |. 80FA 5A |CMP DL, 0x5A ; 大写Z
0048C847 |. 76 07 |JBE SHORT bigjig.0048C850
0048C849 |> B3 01 |MOV BL, 0x1
0048C84B |. E9 C7010000 |JMP bigjig.0048CA17 ; 判断是否为大写,不是则跳
0048C850 |> FF03 |INC DWORD PTR DS:[EBX]
0048C852 |. 40 |INC EAX
0048C853 |. 833B 06 |CMP DWORD PTR DS:[EBX], 0x6
0048C856 |.^ 75 E5 \JNZ SHORT bigjig.0048C83D
0048C858 |. 33C0 XOR EAX, EAX
0048C85A |. 8A45 D8 MOV AL, BYTE PTR SS:[EBP-0x28]
0048C85D |. 33D2 XOR EDX, EDX
0048C85F |. 8A55 D9 MOV DL, BYTE PTR SS:[EBP-0x27]
0048C862 |. 03C2 ADD EAX, EDX
0048C864 |. 33D2 XOR EDX, EDX
0048C866 |. 8A55 DA MOV DL, BYTE PTR SS:[EBP-0x26]
0048C869 |. 03C2 ADD EAX, EDX
0048C86B |. 33D2 XOR EDX, EDX
0048C86D |. 8A55 DB MOV DL, BYTE PTR SS:[EBP-0x25]
0048C870 |. 03C2 ADD EAX, EDX
0048C872 |. 33D2 XOR EDX, EDX
0048C874 |. 8A55 DC MOV DL, BYTE PTR SS:[EBP-0x24]
0048C877 |. 03C2 ADD EAX, EDX
0048C879 |. B9 05000000 MOV ECX, 0x5
0048C87E |. 33D2 XOR EDX, EDX
0048C880 |. F7F1 DIV ECX
0048C882 |. 33D2 XOR EDX, EDX
0048C884 |. 8A55 DD MOV DL, BYTE PTR SS:[EBP-0x23]
0048C887 |. 3BC2 CMP EAX, EDX ; 用户名最后一位为特征码,应该叫校验码
0048C889 |. 74 07 JE SHORT bigjig.0048C892 ; 这里要换成G
0048C88B |. B3 01 MOV BL, 0x1
0048C88D |. E9 85010000 JMP bigjig.0048CA17
0048C892 |> B2 01 MOV DL, 0x1
0048C894 |. 33C0 XOR EAX, EAX
0048C896 |. 8903 MOV DWORD PTR DS:[EBX], EAX
0048C898 |. 8D45 D8 LEA EAX, DWORD PTR SS:[EBP-0x28] ; 黑名单
0048C89B |> 8B0D B8F34C00 /MOV ECX, DWORD PTR DS:[0x4CF3B8] ; DIKYUN
0048C8A1 |. 8B33 |MOV ESI, DWORD PTR DS:[EBX]
0048C8A3 |. 0FB60C31 |MOVZX ECX, BYTE PTR DS:[ECX+ESI]
0048C8A7 |. 49 |DEC ECX
0048C8A8 |. 0FB630 |MOVZX ESI, BYTE PTR DS:[EAX]
0048C8AB |. 3BCE |CMP ECX, ESI
0048C8AD |. 74 04 |JE SHORT bigjig.0048C8B3
0048C8AF |. 33D2 |XOR EDX, EDX
0048C8B1 |. EB 08 |JMP SHORT bigjig.0048C8BB
0048C8B3 |> FF03 |INC DWORD PTR DS:[EBX]
0048C8B5 |. 40 |INC EAX
0048C8B6 |. 833B 06 |CMP DWORD PTR DS:[EBX], 0x6
0048C8B9 |.^ 75 E0 \JNZ SHORT bigjig.0048C89B
0048C8BB |> 84D2 TEST DL, DL
0048C8BD |. 74 07 JE SHORT bigjig.0048C8C6
0048C8BF |. B3 01 MOV BL, 0x1
0048C8C1 |. E9 51010000 JMP bigjig.0048CA17
0048C8C6 |> B2 01 MOV DL, 0x1
0048C8C8 |. 33C0 XOR EAX, EAX
0048C8CA |. 8903 MOV DWORD PTR DS:[EBX], EAX
0048C8CC |. 8D45 D8 LEA EAX, DWORD PTR SS:[EBP-0x28] ; 黑名单
0048C8CF |> 8B0D BCF34C00 /MOV ECX, DWORD PTR DS:[0x4CF3BC] ; EZMJFL
0048C8D5 |. 8B33 |MOV ESI, DWORD PTR DS:[EBX]
0048C8D7 |. 0FB60C31 |MOVZX ECX, BYTE PTR DS:[ECX+ESI]
0048C8DB |. 49 |DEC ECX
0048C8DC |. 0FB630 |MOVZX ESI, BYTE PTR DS:[EAX]
0048C8DF |. 3BCE |CMP ECX, ESI
0048C8E1 |. 74 04 |JE SHORT bigjig.0048C8E7
0048C8E3 |. 33D2 |XOR EDX, EDX
0048C8E5 |. EB 08 |JMP SHORT bigjig.0048C8EF
0048C8E7 |> FF03 |INC DWORD PTR DS:[EBX]
0048C8E9 |. 40 |INC EAX
0048C8EA |. 833B 06 |CMP DWORD PTR DS:[EBX], 0x6
0048C8ED |.^ 75 E0 \JNZ SHORT bigjig.0048C8CF
0048C8EF |> 84D2 TEST DL, DL
0048C8F1 |. 74 07 JE SHORT bigjig.0048C8FA
0048C8F3 |. B3 01 MOV BL, 0x1
0048C8F5 |. E9 1D010000 JMP bigjig.0048CA17
0048C8FA |> B2 01 MOV DL, 0x1
0048C8FC |. 33C0 XOR EAX, EAX
0048C8FE |. 8903 MOV DWORD PTR DS:[EBX], EAX
0048C900 |. 8D45 D8 LEA EAX, DWORD PTR SS:[EBP-0x28] ; 黑名单
0048C903 |> 8B0D C0F34C00 /MOV ECX, DWORD PTR DS:[0x4CF3C0] ; GMNWCL
0048C909 |. 8B33 |MOV ESI, DWORD PTR DS:[EBX]
0048C90B |. 0FB60C31 |MOVZX ECX, BYTE PTR DS:[ECX+ESI]
0048C90F |. 49 |DEC ECX
0048C910 |. 0FB630 |MOVZX ESI, BYTE PTR DS:[EAX]
0048C913 |. 3BCE |CMP ECX, ESI
0048C915 |. 74 04 |JE SHORT bigjig.0048C91B
0048C917 |. 33D2 |XOR EDX, EDX
0048C919 |. EB 08 |JMP SHORT bigjig.0048C923
0048C91B |> FF03 |INC DWORD PTR DS:[EBX]
0048C91D |. 40 |INC EAX
0048C91E |. 833B 06 |CMP DWORD PTR DS:[EBX], 0x6
0048C921 |.^ 75 E0 \JNZ SHORT bigjig.0048C903
0048C923 |> 84D2 TEST DL, DL
0048C925 |. 74 07 JE SHORT bigjig.0048C92E
0048C927 |. B3 01 MOV BL, 0x1
0048C929 |. E9 E9000000 JMP bigjig.0048CA17
0048C92E |> 8B45 F0 MOV EAX, DWORD PTR SS:[EBP-0x10]
0048C931 |. E8 3675F7FF CALL bigjig.00403E6C
0048C936 |. 83F8 0B CMP EAX, 0xB ; 注册码长度为11位
0048C939 |. 74 07 JE SHORT bigjig.0048C942
0048C93B |. B3 01 MOV BL, 0x1
0048C93D |. E9 D5000000 JMP bigjig.0048CA17
0048C942 |> 8D45 EC LEA EAX, DWORD PTR SS:[EBP-0x14]
0048C945 |. 50 PUSH EAX
0048C946 |. B9 04000000 MOV ECX, 0x4
0048C94B |. BA 01000000 MOV EDX, 0x1
0048C950 |. 8B45 F0 MOV EAX, DWORD PTR SS:[EBP-0x10]
0048C953 |. E8 1877F7FF CALL bigjig.00404070 ; 前四位必须为BJ4-
0048C958 |. BA 4CCA4800 MOV EDX, bigjig.0048CA4C ; BJ4-
0048C95D |. 8B45 EC MOV EAX, DWORD PTR SS:[EBP-0x14]
0048C960 |. E8 23BCF7FF CALL bigjig.00408588
0048C965 |. 85C0 TEST EAX, EAX
0048C967 |. 74 07 JE SHORT bigjig.0048C970
0048C969 |. B3 01 MOV BL, 0x1
0048C96B |. E9 A7000000 JMP bigjig.0048CA17
0048C970 |> 8D45 EC LEA EAX, DWORD PTR SS:[EBP-0x14]
0048C973 |. 50 PUSH EAX
0048C974 |. B9 01000000 MOV ECX, 0x1
0048C979 |. BA 08000000 MOV EDX, 0x8
0048C97E |. 8B45 F0 MOV EAX, DWORD PTR SS:[EBP-0x10]
0048C981 |. E8 EA76F7FF CALL bigjig.00404070
0048C986 |. BA 5CCA4800 MOV EDX, bigjig.0048CA5C ; -
0048C98B |. 8B45 EC MOV EAX, DWORD PTR SS:[EBP-0x14] ; 第8位必须为-
0048C98E |. E8 F5BBF7FF CALL bigjig.00408588
0048C993 |. 85C0 TEST EAX, EAX
0048C995 |. 74 04 JE SHORT bigjig.0048C99B
0048C997 |. B3 01 MOV BL, 0x1
0048C999 |. EB 7C JMP SHORT bigjig.0048CA17
0048C99B |> 8D45 EC LEA EAX, DWORD PTR SS:[EBP-0x14]
0048C99E |. 50 PUSH EAX
0048C99F |. B9 03000000 MOV ECX, 0x3
0048C9A4 |. BA 05000000 MOV EDX, 0x5
0048C9A9 |. 8B45 F0 MOV EAX, DWORD PTR SS:[EBP-0x10]
0048C9AC |. E8 BF76F7FF CALL bigjig.00404070 ; 第5位开始取3位
0048C9B1 |. 8BD3 MOV EDX, EBX
0048C9B3 |. 8B45 EC MOV EAX, DWORD PTR SS:[EBP-0x14]
0048C9B6 |. E8 1963F7FF CALL bigjig.00402CD4 ; 转16进制
0048C9BB |. 8BF0 MOV ESI, EAX ; 7B
0048C9BD |. 8D45 EC LEA EAX, DWORD PTR SS:[EBP-0x14]
0048C9C0 |. 50 PUSH EAX
0048C9C1 |. B9 03000000 MOV ECX, 0x3
0048C9C6 |. BA 09000000 MOV EDX, 0x9
0048C9CB |. 8B45 F0 MOV EAX, DWORD PTR SS:[EBP-0x10]
0048C9CE |. E8 9D76F7FF CALL bigjig.00404070 ; 第9位开始取3位
0048C9D3 |. 8BD3 MOV EDX, EBX
0048C9D5 |. 8B45 EC MOV EAX, DWORD PTR SS:[EBP-0x14]
0048C9D8 |. E8 F762F7FF CALL bigjig.00402CD4 ; 转16进制
0048C9DD |. 8BD6 MOV EDX, ESI ; EAX=1C8
0048C9DF |. D1FA SAR EDX, 1 ; 算术右移1--->3D
0048C9E1 |. 79 03 JNS SHORT bigjig.0048C9E6
0048C9E3 |. 83D2 00 ADC EDX, 0x0
0048C9E6 |> 52 PUSH EDX
0048C9E7 |. BA 84030000 MOV EDX, 0x384 ; 900
0048C9EC |. 59 POP ECX
0048C9ED |. 2BD1 SUB EDX, ECX ; EDX-ECX(384h-3Dh)=347h
0048C9EF |. 33C9 XOR ECX, ECX
0048C9F1 |. 8A4D D8 MOV CL, BYTE PTR SS:[EBP-0x28]
0048C9F4 |. 03D1 ADD EDX, ECX ; Edx+ecx(347h+43h=38Ah)
0048C9F6 |. 33C9 XOR ECX, ECX
0048C9F8 |. 8A4D DD MOV CL, BYTE PTR SS:[EBP-0x23]
0048C9FB |. 8D0C49 LEA ECX, DWORD PTR DS:[ECX+ECX*2] ; 校验码ECX+ECX*2(47h+47h*2=D5h)
0048C9FE |. 2BD1 SUB EDX, ECX
0048CA00 |. 83FE 64 CMP ESI, 0x64 ; 100
0048CA03 |. 7C 0C JL SHORT bigjig.0048CA11 ; ESI取值范围100~999,也就是第5到7位的值为100-999
0048CA05 |. 81FE E7030000 CMP ESI, 0x3E7
0048CA0B |. 7F 04 JG SHORT bigjig.0048CA11
0048CA0D |. 3BC2 CMP EAX, EDX ; eax必须和EDX相等,否则为错误
0048CA0F |. 74 04 JE SHORT bigjig.0048CA15
0048CA11 |> B3 01 MOV BL, 0x1
0048CA13 |. EB 02 JMP SHORT bigjig.0048CA17
0048CA15 |> 33DB XOR EBX, EBX
0048CA17 |> 33C0 XOR EAX, EAX
0048CA19 |. 5A POP EDX
0048CA1A |. 59 POP ECX
0048CA1B |. 59 POP ECX
0048CA1C |. 64:8910 MOV DWORD PTR FS:[EAX], EDX
0048CA1F |. 68 39CA4800 PUSH bigjig.0048CA39
0048CA24 |> 8D45 EC LEA EAX, DWORD PTR SS:[EBP-0x14]
0048CA27 |. BA 05000000 MOV EDX, 0x5
0048CA2C |. E8 E371F7FF CALL bigjig.00403C14
0048CA31 \. C3 RETN
总结
算法用户名,随机5位,大写字线,第6位为校验码,长度必须为6位。
注册码:共计11位,前四位为BJ4-
第8位为-
第5到7位随机生成,生成范围为100~999
第9到11位为关键,算法是5-7位的ASCII和右移1位,设置不A
384h-A+用户名的第一位ASCII-3倍的校验码ASCII
比如我的CRACK--->算出校验码为G
C---->ASCII=43h
G---->ASCII=47h------>3*47h=D5h
比如第5-7位为123--->123=7Bh------>shr 1----->7Bh shr 1=3Dh
所以第9-11位为384h-3Dh+43h-D5h=2B5h=693
----------------------------------------------------------------
所以注册码为:BJ4-123-693
附上注册机源码
- unit Unit1;
- interface
- uses
- Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
- Dialogs, StdCtrls;
- type
- TForm1 = class(TForm)
- edt1: TEdit;
- edt2: TEdit;
- edt3: TEdit;
- lbl1: TLabel;
- lbl2: TLabel;
- lbl3: TLabel;
- btn1: TButton;
- Label1: TLabel;
- lbl4: TLabel;
- procedure btn1Click(Sender: TObject);
- private
- { Private declarations }
- public
- { Public declarations }
- end;
- var
- Form1: TForm1;
- implementation
- {$R *.dfm}
- procedure TForm1.btn1Click(Sender: TObject);
- var str1,str2:string;
- i,S1,S2,S3:Integer;
- begin
- str1:=UpperCase(Trim(edt1.Text));
- S1:=0;
- if Length(str1) <> 5 then
- begin
- ShowMessage('用户名长度必须为5位');
- Exit;
- end;
- for i:=1 to Length(str1) do
- begin
- S1:=S1+ord(str1[i]);
- end;
- S1:=S1 div 5;
- str2:=Char(S1);
- edt2.Text:= str1+str2;
- Randomize;
- S2:=Random(899)+100;
- S3:=$384-(S2 shr 1)+ord(str1[1])-(S1*3);
- edt3.Text:='BJ4-'+ IntToStr(S2)+'-'+inttostr(S3);
- end;
- end.
注册机下载:
BigJig _KeyGen.rar
(164.22 KB, 下载次数: 12)
|
|
IP卡
发表于 2014-7-1 23:20:49
提升卡
置顶卡
变色卡
千斤顶
显身卡
楼主
发表于 2014-7-2 00:08:26
发表于 2014-7-2 00:57:32
发表于 2014-7-2 08:02:15
发表于 2014-7-2 08:25:18