- UID
- 12795
注册时间2006-5-10
阅读权限20
最后登录1970-1-1
以武会友
 
该用户从未签到
|
标 题: 【原创】三六七超市管理系统2007日用品版v3.5.2.0算法分析
作 者: KuNgBiM
时 间: 2007-03-13,19:50
链 接: http://bbs.pediy.com/showthread.php?threadid=40987
【文章标题】: 三六七超市管理系统2007日用品版v3.5.2.0算法分析
【文章作者】: KuNgBiM
【作者邮箱】: [email protected]
【作者主页】: http://www.crkcn.com
【软件名称】: 三六七超市管理系统2007日用品版v3.5.2.0
【软件大小】: 7.10MB
【下载地址】: 自己搜索下载
【加壳方式】: ASPack 2.12
【保护方式】: 序列号+功能限制
【编写语言】: Borland Delphi 4.0 - 5.0
【使用工具】: OD
【操作平台】: 盗版XPsp2
【软件介绍】: (略)
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
试炼信息:
用户名:KuNgBiM
试炼码:99999999999999999999999999
程序ASPack 2.12加壳,脱之~~OD装载程序,利用字符插件搜索来到:
006D10FC |> \8D55 F0 lea edx, dword ptr [ebp-10] ; 查找后来到这里设断,F9运行
006D10FF |. 8B83 DC020000 mov eax, dword ptr [ebx+2DC]
006D1105 |. E8 2E71D6FF call 00438238 ; 获取用户名
006D110A |. 8B45 F0 mov eax, dword ptr [ebp-10] ; ASCII "KuNgBiM"
006D110D |. 8D55 FC lea edx, dword ptr [ebp-4]
006D1110 |. E8 038CD3FF call 00409D18
006D1115 |. 8D55 EC lea edx, dword ptr [ebp-14]
006D1118 |. 8B83 E0020000 mov eax, dword ptr [ebx+2E0]
006D111E |. E8 1571D6FF call 00438238 ; 获取试炼码
006D1123 |. 8B45 EC mov eax, dword ptr [ebp-14] ; ASCII "99999999999999999999999999"
006D1126 |. 8D55 F8 lea edx, dword ptr [ebp-8]
006D1129 |. E8 EA8BD3FF call 00409D18
006D112E |. 837D FC 00 cmp dword ptr [ebp-4], 0 ; 用户名是否为0
006D1132 |. 0F84 B5000000 je 006D11ED ; 跳则GAME OVER
006D1138 |. 837D F8 00 cmp dword ptr [ebp-8], 0 ; 试炼码是否为0
006D113C |. 74 7C je short 006D11BA ; 跳则GAME OVER
006D113E |. 8B4D F8 mov ecx, dword ptr [ebp-8]
006D1141 |. 8B55 FC mov edx, dword ptr [ebp-4]
006D1144 |. 8BC3 mov eax, ebx
006D1146 |. E8 05020000 call 006D1350 ; ★算法CALL,跟进★
006D114B |. 84C0 test al, al
006D114D |. 74 38 je short 006D1187 ; 跳则GAME OVER
006D114F |. 8B83 EC020000 mov eax, dword ptr [ebx+2EC]
006D1155 |. 8B40 58 mov eax, dword ptr [eax+58]
006D1158 |. BA 00800000 mov edx, 8000
006D115D |. E8 BABFD4FF call 0041D11C
006D1162 |. BA 7C126D00 mov edx, 006D127C ; 注册成功,我们将为您提供更多的专业服务
006D1167 |. 8B83 EC020000 mov eax, dword ptr [ebx+2EC]
006D116D |. E8 F670D6FF call 00438268
006D1172 |. BA 5C126D00 mov edx, 006D125C ; 关闭
006D1177 |. 8B83 E4020000 mov eax, dword ptr [ebx+2E4]
006D117D |. E8 E670D6FF call 00438268
006D1182 |. E9 97000000 jmp 006D121E
006D1187 |> 8B83 EC020000 mov eax, dword ptr [ebx+2EC]
006D118D |. 8B40 58 mov eax, dword ptr [eax+58]
006D1190 |. BA FF000000 mov edx, 0FF
006D1195 |. E8 82BFD4FF call 0041D11C
006D119A |. BA AC126D00 mov edx, 006D12AC ; 注册码验证失败
006D119F |. 8B83 EC020000 mov eax, dword ptr [ebx+2EC]
006D11A5 |. E8 BE70D6FF call 00438268
006D11AA |. 8B83 E0020000 mov eax, dword ptr [ebx+2E0]
006D11B0 |. 8B10 mov edx, dword ptr [eax]
006D11B2 |. FF92 B0000000 call dword ptr [edx+B0]
006D11B8 |. EB 64 jmp short 006D121E
006D11BA |> 8B83 EC020000 mov eax, dword ptr [ebx+2EC]
006D11C0 |. 8B40 58 mov eax, dword ptr [eax+58]
006D11C3 |. BA FF000000 mov edx, 0FF
006D11C8 |. E8 4FBFD4FF call 0041D11C
006D11CD |. BA C4126D00 mov edx, 006D12C4 ; 注册码必须填写
006D11D2 |. 8B83 EC020000 mov eax, dword ptr [ebx+2EC]
006D11D8 |. E8 8B70D6FF call 00438268
006D11DD |. 8B83 E0020000 mov eax, dword ptr [ebx+2E0]
006D11E3 |. 8B10 mov edx, dword ptr [eax]
006D11E5 |. FF92 B0000000 call dword ptr [edx+B0]
006D11EB |. EB 31 jmp short 006D121E
006D11ED |> 8B83 EC020000 mov eax, dword ptr [ebx+2EC]
006D11F3 |. 8B40 58 mov eax, dword ptr [eax+58]
006D11F6 |. BA FF000000 mov edx, 0FF
006D11FB |. E8 1CBFD4FF call 0041D11C
006D1200 |. BA DC126D00 mov edx, 006D12DC ; 公司名称必须填写
006D1205 |. 8B83 EC020000 mov eax, dword ptr [ebx+2EC]
006D120B |. E8 5870D6FF call 00438268
006D1210 |. 8B83 DC020000 mov eax, dword ptr [ebx+2DC]
006D1216 |. 8B10 mov edx, dword ptr [eax]
006D1218 |. FF92 B0000000 call dword ptr [edx+B0]
006D121E |> 33C0 xor eax, eax
006D1220 |. 5A pop edx
006D1221 |. 59 pop ecx
006D1222 |. 59 pop ecx
006D1223 |. 64:8910 mov dword ptr fs:[eax], edx
006D1226 |. 68 4D126D00 push 006D124D
006D122B |> 8D45 EC lea eax, dword ptr [ebp-14]
006D122E |. BA 03000000 mov edx, 3
006D1233 |. E8 102CD3FF call 00403E48
006D1238 |. 8D45 F8 lea eax, dword ptr [ebp-8]
006D123B |. BA 02000000 mov edx, 2
006D1240 |. E8 032CD3FF call 00403E48
006D1245 \. C3 retn
006D1246 .^ E9 3926D3FF jmp 00403884
006D124B .^ EB DE jmp short 006D122B
006D124D . 5B pop ebx
006D124E . 8BE5 mov esp, ebp
006D1250 . 5D pop ebp
006D1251 . C3 retn ; 挂掉!
跟进:006D1146
006D1350 $ 55 push ebp ; 跟进来到
006D1351 . 8BEC mov ebp, esp
006D1353 . 51 push ecx
006D1354 . B9 08000000 mov ecx, 8
006D1359 > 6A 00 push 0
006D135B . 6A 00 push 0
006D135D . 49 dec ecx
006D135E .^ 75 F9 jnz short 006D1359
006D1360 . 51 push ecx
006D1361 . 874D FC xchg dword ptr [ebp-4], ecx
006D1364 . 53 push ebx
006D1365 . 56 push esi
006D1366 . 57 push edi
006D1367 . 894D F4 mov dword ptr [ebp-C], ecx
006D136A . 8955 F8 mov dword ptr [ebp-8], edx
006D136D . 8945 FC mov dword ptr [ebp-4], eax
006D1370 . 8B45 F8 mov eax, dword ptr [ebp-8]
006D1373 . E8 F02ED3FF call 00404268
006D1378 . 8B45 F4 mov eax, dword ptr [ebp-C]
006D137B . E8 E82ED3FF call 00404268
006D1380 . 33C0 xor eax, eax
006D1382 . 55 push ebp
006D1383 . 68 72156D00 push 006D1572
006D1388 . 64:FF30 push dword ptr fs:[eax]
006D138B . 64:8920 mov dword ptr fs:[eax], esp
006D138E . 33C0 xor eax, eax
006D1390 . 55 push ebp
006D1391 . 68 F9146D00 push 006D14F9
006D1396 . 64:FF30 push dword ptr fs:[eax]
006D1399 . 64:8920 mov dword ptr fs:[eax], esp
006D139C . A1 34EB7700 mov eax, dword ptr [77EB34]
006D13A1 . 8B00 mov eax, dword ptr [eax]
006D13A3 . 05 6C030000 add eax, 36C
006D13A8 . 8B55 F8 mov edx, dword ptr [ebp-8]
006D13AB . E8 C82AD3FF call 00403E78 ; 获取固定字符串
006D13B0 . 8D45 DC lea eax, dword ptr [ebp-24]
006D13B3 . B9 8C156D00 mov ecx, 006D158C ; spadger
006D13B8 . 8B55 F8 mov edx, dword ptr [ebp-8]
006D13BB . E8 402DD3FF call 00404100 ; 用户名+固定字符串
006D13C0 . 8B55 DC mov edx, dword ptr [ebp-24]
006D13C3 . 8D45 E0 lea eax, dword ptr [ebp-20]
006D13C6 . E8 3932D3FF call 00404604 ; 验证是否组合成功(算法CALL)
006D13CB . 8B45 E0 mov eax, dword ptr [ebp-20] ; UNICODE "KuNgBiMspadger"
006D13CE . 8D55 E4 lea edx, dword ptr [ebp-1C]
006D13D1 . E8 2E56FFFF call 006C6A04 ; 算法结果A=LCase(MD5(用户名+固定字符串))
006D13D6 . 8B45 E4 mov eax, dword ptr [ebp-1C] ; UNICODE "a3e0585a9dabdd33d619dd0c19744feb"
006D13D9 . 8D55 E8 lea edx, dword ptr [ebp-18]
006D13DC . E8 2356FFFF call 006C6A04 ; 算法结果B=LCase(MD5(算法结果A))
006D13E1 . 8B55 E8 mov edx, dword ptr [ebp-18] ; ASCII "c74b4952dec5b0c61a77a2754beacd87"
006D13E4 . 8D45 F0 lea eax, dword ptr [ebp-10]
006D13E7 . E8 902CD3FF call 0040407C ; 从算法结果B中开始重新组合注册码
006D13EC . 8D45 D8 lea eax, dword ptr [ebp-28]
006D13EF . 50 push eax
006D13F0 . B9 05000000 mov ecx, 5 ; 取5位
006D13F5 . 33D2 xor edx, edx ; 从首位取
006D13F7 . 8B45 F0 mov eax, dword ptr [ebp-10] ; ASCII "c74b4952dec5b0c61a77a2754beacd87"
006D13FA . E8 BD2ED3FF call 004042BC ; 取位作为★注册码A段★
006D13FF . FF75 D8 push dword ptr [ebp-28] ; ASCII "c74b4"
006D1402 . 68 9C156D00 push 006D159C ; 取“-”并连接
006D1407 . 8D45 D4 lea eax, dword ptr [ebp-2C]
006D140A . 50 push eax
006D140B . B9 05000000 mov ecx, 5 ; 取5位
006D1410 . BA 05000000 mov edx, 5 ; 从第5位取
006D1415 . 8B45 F0 mov eax, dword ptr [ebp-10] ; ASCII "c74b4952dec5b0c61a77a2754beacd87"
006D1418 . E8 9F2ED3FF call 004042BC ; 取位作为★注册码B段★
006D141D . FF75 D4 push dword ptr [ebp-2C] ; ASCII "4952d"
006D1420 . 68 9C156D00 push 006D159C ; 取“-”并连接
006D1425 . 8D45 D0 lea eax, dword ptr [ebp-30]
006D1428 . 50 push eax
006D1429 . B9 05000000 mov ecx, 5 ; 取5位
006D142E . BA 0A000000 mov edx, 0A ; 从第10位取
006D1433 . 8B45 F0 mov eax, dword ptr [ebp-10] ; ASCII "c74b4952dec5b0c61a77a2754beacd87"
006D1436 . E8 812ED3FF call 004042BC ; 取位作为★注册码C段★
006D143B . FF75 D0 push dword ptr [ebp-30] ; ASCII "ec5b0"
006D143E . 68 9C156D00 push 006D159C ; 取“-”并连接
006D1443 . 8D45 CC lea eax, dword ptr [ebp-34]
006D1446 . 50 push eax
006D1447 . B9 05000000 mov ecx, 5 ; 取5位
006D144C . BA 0F000000 mov edx, 0F ; 从第15位取
006D1451 . 8B45 F0 mov eax, dword ptr [ebp-10] ; ASCII "c74b4952dec5b0c61a77a2754beacd87"
006D1454 . E8 632ED3FF call 004042BC ; 取位作为★注册码D段★
006D1459 . FF75 CC push dword ptr [ebp-34] ; ASCII "c61a7"
006D145C . 8D45 EC lea eax, dword ptr [ebp-14]
006D145F . BA 07000000 mov edx, 7
006D1464 . E8 0B2DD3FF call 00404174
006D1469 . 8D45 C4 lea eax, dword ptr [ebp-3C]
006D146C . 8B55 F4 mov edx, dword ptr [ebp-C]
006D146F . E8 9031D3FF call 00404604
006D1474 . 8B45 C4 mov eax, dword ptr [ebp-3C]
006D1477 . 8D55 C8 lea edx, dword ptr [ebp-38]
006D147A . E8 8555FFFF call 006C6A04
006D147F . 8B45 C8 mov eax, dword ptr [ebp-38]
006D1482 . 50 push eax
006D1483 . 8D45 BC lea eax, dword ptr [ebp-44]
006D1486 . 8B55 EC mov edx, dword ptr [ebp-14]
006D1489 . E8 7631D3FF call 00404604 ; 重新组合后的注册码(真码)
006D148E . 8B45 BC mov eax, dword ptr [ebp-44] ; UNICODE "c74b4-4952d-ec5b0-c61a7"
006D1491 . 8D55 C0 lea edx, dword ptr [ebp-40]
006D1494 . E8 6B55FFFF call 006C6A04 ; LCase(MD5(真码))
006D1499 . 8B55 C0 mov edx, dword ptr [ebp-40] ; UNICODE "b8eb02c9081b4b60a410bb9ebf41e1f2"
006D149C . 58 pop eax ; UNICODE "c220732ec07b22455c4761dcc7f924f9"
006D149D . E8 3632D3FF call 004046D8 ; 验证不等则挂
006D14A2 . 75 3F jnz short 006D14E3 ; 跳则GAME OVER
006D14A4 . 68 A8156D00 push 006D15A8 ; update info_shop set s_usetimes=88,s_regname="
006D14A9 . FF75 F8 push dword ptr [ebp-8]
006D14AC . 68 E0156D00 push 006D15E0 ; ",s_regno="
006D14B1 . FF75 F4 push dword ptr [ebp-C]
006D14B4 . 68 F4156D00 push 006D15F4 ; "
006D14B9 . 8D45 B8 lea eax, dword ptr [ebp-48]
006D14BC . BA 05000000 mov edx, 5
006D14C1 . E8 AE2CD3FF call 00404174
006D14C6 . 8B55 B8 mov edx, dword ptr [ebp-48]
006D14C9 . A1 34EB7700 mov eax, dword ptr [77EB34]
006D14CE . 8B00 mov eax, dword ptr [eax]
006D14D0 . E8 23660800 call 00757AF8
006D14D5 . 8B45 FC mov eax, dword ptr [ebp-4]
006D14D8 . C680 F4020000 >mov byte ptr [eax+2F4], 1
006D14DF . B3 01 mov bl, 1
006D14E1 . EB 0C jmp short 006D14EF
006D14E3 > 8B45 FC mov eax, dword ptr [ebp-4]
006D14E6 . C680 F4020000 >mov byte ptr [eax+2F4], 0
006D14ED . 33DB xor ebx, ebx
006D14EF > 33C0 xor eax, eax
006D14F1 . 5A pop edx
006D14F2 . 59 pop ecx
006D14F3 . 59 pop ecx
006D14F4 . 64:8910 mov dword ptr fs:[eax], edx
006D14F7 . EB 2F jmp short 006D1528
006D14F9 .^ E9 D220D3FF jmp 004035D0
006D14FE . E8 8DBDD3FF call 0040D290
006D1503 . 8B50 04 mov edx, dword ptr [eax+4]
006D1506 . A1 34EB7700 mov eax, dword ptr [77EB34]
006D150B . 8B00 mov eax, dword ptr [eax]
006D150D . B9 00166D00 mov ecx, 006D1600 ; 请输入用户名和密码,点击登录
006D1512 . E8 89630800 call 007578A0
006D1517 . 8B45 FC mov eax, dword ptr [ebp-4]
006D151A . C680 F4020000 >mov byte ptr [eax+2F4], 0
006D1521 . 33DB xor ebx, ebx
006D1523 . E8 0424D3FF call 0040392C
006D1528 > 33C0 xor eax, eax
006D152A . 5A pop edx
006D152B . 59 pop ecx
006D152C . 59 pop ecx
006D152D . 64:8910 mov dword ptr fs:[eax], edx
006D1530 . 68 79156D00 push 006D1579
006D1535 > 8D45 B8 lea eax, dword ptr [ebp-48]
006D1538 . E8 E728D3FF call 00403E24
006D153D . 8D45 BC lea eax, dword ptr [ebp-44]
006D1540 . BA 04000000 mov edx, 4
006D1545 . E8 5E2FD3FF call 004044A8
006D154A . 8D45 CC lea eax, dword ptr [ebp-34]
006D154D . BA 05000000 mov edx, 5
006D1552 . E8 F128D3FF call 00403E48
006D1557 . 8D45 E0 lea eax, dword ptr [ebp-20]
006D155A . BA 03000000 mov edx, 3
006D155F . E8 442FD3FF call 004044A8
006D1564 . 8D45 EC lea eax, dword ptr [ebp-14]
006D1567 . BA 04000000 mov edx, 4
006D156C . E8 D728D3FF call 00403E48
006D1571 . C3 retn
006D1572 .^ E9 0D23D3FF jmp 00403884
006D1577 .^ EB BC jmp short 006D1535
006D1579 . 8BC3 mov eax, ebx
006D157B . 5F pop edi
006D157C . 5E pop esi
006D157D . 5B pop ebx
006D157E . 8BE5 mov esp, ebp
006D1580 . 5D pop ebp
006D1581 . C3 retn ; 返回验证信息
跟进“call 00404604”
006C6A04 /$ 55 push ebp ; 算法模块库
006C6A05 |. 8BEC mov ebp, esp
006C6A07 |. 83C4 E4 add esp, -1C
006C6A0A |. 53 push ebx
006C6A0B |. 33C9 xor ecx, ecx
006C6A0D |. 894D F8 mov dword ptr [ebp-8], ecx
006C6A10 |. 894D E4 mov dword ptr [ebp-1C], ecx
006C6A13 |. 8BDA mov ebx, edx
006C6A15 |. 8945 FC mov dword ptr [ebp-4], eax
006C6A18 |. 8D45 FC lea eax, dword ptr [ebp-4]
006C6A1B |. E8 34DED3FF call 00404854
006C6A20 |. 33C0 xor eax, eax
006C6A22 |. 55 push ebp
006C6A23 |. 68 836A6C00 push 006C6A83
006C6A28 |. 64:FF30 push dword ptr fs:[eax]
006C6A2B |. 64:8920 mov dword ptr fs:[eax], esp
006C6A2E |. 8D45 E4 lea eax, dword ptr [ebp-1C]
006C6A31 |. 8B55 FC mov edx, dword ptr [ebp-4]
006C6A34 |. E8 43D6D3FF call 0040407C
006C6A39 |. 8B45 E4 mov eax, dword ptr [ebp-1C]
006C6A3C |. 50 push eax
006C6A3D |. 8D45 E8 lea eax, dword ptr [ebp-18]
006C6A40 |. 50 push eax
006C6A41 |. E8 9EFEFFFF call 006C68E4
006C6A46 |. 8D45 E8 lea eax, dword ptr [ebp-18]
006C6A49 |. 50 push eax
006C6A4A |. 8D45 F8 lea eax, dword ptr [ebp-8]
006C6A4D |. 50 push eax
006C6A4E |. E8 01FFFFFF call 006C6954 ; ★调用算法模块,跟进★
006C6A53 |. 8B55 F8 mov edx, dword ptr [ebp-8] ; 计算结果
006C6A56 |. 8BC3 mov eax, ebx
006C6A58 |. E8 A7DBD3FF call 00404604
006C6A5D |. 33C0 xor eax, eax
006C6A5F |. 5A pop edx
006C6A60 |. 59 pop ecx
006C6A61 |. 59 pop ecx
006C6A62 |. 64:8910 mov dword ptr fs:[eax], edx
006C6A65 |. 68 8A6A6C00 push 006C6A8A
006C6A6A |> 8D45 E4 lea eax, dword ptr [ebp-1C]
006C6A6D |. E8 B2D3D3FF call 00403E24
006C6A72 |. 8D45 F8 lea eax, dword ptr [ebp-8]
006C6A75 |. E8 AAD3D3FF call 00403E24
006C6A7A |. 8D45 FC lea eax, dword ptr [ebp-4]
006C6A7D |. E8 0EDAD3FF call 00404490
006C6A82 \. C3 retn
006C6A83 .^ E9 FCCDD3FF jmp 00403884
006C6A88 .^ EB E0 jmp short 006C6A6A
006C6A8A . 5B pop ebx
006C6A8B . 8BE5 mov esp, ebp
006C6A8D . 5D pop ebp
006C6A8E . C3 retn ; 计算结果返回上一级
跟进:006C6A4E
006C6954 /$ 55 push ebp ; 调用MD5算法模块
006C6955 |. 8BEC mov ebp, esp
006C6957 |. 83C4 E8 add esp, -18
006C695A |. 53 push ebx
006C695B |. 56 push esi
006C695C |. 57 push edi
006C695D |. 33C0 xor eax, eax
006C695F |. 8945 EC mov dword ptr [ebp-14], eax
006C6962 |. 8945 E8 mov dword ptr [ebp-18], eax
006C6965 |. 8B75 0C mov esi, dword ptr [ebp+C]
006C6968 |. 8D7D F0 lea edi, dword ptr [ebp-10]
006C696B |. B9 04000000 mov ecx, 4
006C6970 |. F3:A5 rep movs dword ptr es:[edi], d>
006C6972 |. 8B7D 08 mov edi, dword ptr [ebp+8]
006C6975 |. 33C0 xor eax, eax
006C6977 |. 55 push ebp
006C6978 |. 68 F4696C00 push 006C69F4
006C697D |. 64:FF30 push dword ptr fs:[eax]
006C6980 |. 64:8920 mov dword ptr fs:[eax], esp
006C6983 |. 8BC7 mov eax, edi
006C6985 |. E8 9AD4D3FF call 00403E24
006C698A |. B3 10 mov bl, 10
006C698C |. 8D75 F0 lea esi, dword ptr [ebp-10]
006C698F |> FF37 /push dword ptr [edi]
006C6991 |. 8D45 EC |lea eax, dword ptr [ebp-14]
006C6994 |. 33D2 |xor edx, edx
006C6996 |. 8A16 |mov dl, byte ptr [esi]
006C6998 |. C1EA 04 |shr edx, 4
006C699B |. 83E2 0F |and edx, 0F
006C699E |. 8A92 B0E57700 |mov dl, byte ptr [edx+77E5B0]
006C69A4 |. E8 23D6D3FF |call 00403FCC
006C69A9 |. FF75 EC |push dword ptr [ebp-14]
006C69AC |. 8D45 E8 |lea eax, dword ptr [ebp-18]
006C69AF |. 8A16 |mov dl, byte ptr [esi]
006C69B1 |. 80E2 0F |and dl, 0F
006C69B4 |. 81E2 FF000000 |and edx, 0FF
006C69BA |. 8A92 B0E57700 |mov dl, byte ptr [edx+77E5B0]
006C69C0 |. E8 07D6D3FF |call 00403FCC
006C69C5 |. FF75 E8 |push dword ptr [ebp-18]
006C69C8 |. 8BC7 |mov eax, edi
006C69CA |. BA 03000000 |mov edx, 3
006C69CF |. E8 A0D7D3FF |call 00404174
006C69D4 |. 46 |inc esi
006C69D5 |. FECB |dec bl
006C69D7 |.^ 75 B6 \jnz short 006C698F
006C69D9 |. 33C0 xor eax, eax
006C69DB |. 5A pop edx
006C69DC |. 59 pop ecx
006C69DD |. 59 pop ecx
006C69DE |. 64:8910 mov dword ptr fs:[eax], edx
006C69E1 |. 68 FB696C00 push 006C69FB
006C69E6 |> 8D45 E8 lea eax, dword ptr [ebp-18]
006C69E9 |. BA 02000000 mov edx, 2
006C69EE |. E8 55D4D3FF call 00403E48
006C69F3 \. C3 retn
006C69F4 .^ E9 8BCED3FF jmp 00403884
006C69F9 .^ EB EB jmp short 006C69E6
006C69FB . 5F pop edi
006C69FC . 5E pop esi
006C69FD . 5B pop ebx
006C69FE . 8BE5 mov esp, ebp
006C6A00 . 5D pop ebp
006C6A01 . C2 0800 retn 8 ; 计算完毕返回
【算法总结】
密码表计算式:
LCase(MD5(LCase(MD5(用户名+“spadger”))))
注册码段计算式:
A:Mid(密码表,5)
B:Mid(密码表,5,5)
C:Mid(密码表,10,5)
D:Mid(密码表,15,5)
注册码组合方式:A-B-C-D
----------------------------------------------------------------------------------------------
【经验总结】
不总结了。。。上面都能看懂吧`````这次注册机就不写了`````需要的自己写吧`````
感谢qIwEiXuE、loveboom、闪电狼、AvAtEr{RES}、逐浪、夜凉如水及所有D.C.Team朋友们陪我闲聊!!
----------------------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2007年03月13日 PM 07:37:57 |
|
IP卡
发表于 2007-3-14 23:51:21
提升卡
置顶卡
变色卡
千斤顶
显身卡