- UID
- 12203
注册时间2006-5-5
阅读权限20
最后登录1970-1-1
以武会友
TA的每日心情 | 开心 2022-6-20 07:54 |
---|
签到天数: 21 天 [LV.4]偶尔看看III
|
楼主 |
发表于 2006-5-12 14:50:04
|
显示全部楼层
抱歉这个软件是夜之魂前辈所发的破文
整篇文章如下
我对破文内得计算不懂想请教前辈
1. 第五位的ASC码+第七位=第十位+第十一位
注.第五位的ASC码+第七位=第十位+第十一位,是指用户名还是注册码
如第5位为(i) asc码=69+第7位=75=第十位+第十一位?
2. 第六位注册码就是用户名的ASC的值与位数的商
第六位注册码(h)ASC的值=68与位数的商如何计算
3. 第八位+第九位的注册码的ASC值=用户名的第二位ASC值+用户名第七位的值
如何计算
4. 第十位和第十一位的和能将2整除 注意:这里限制了第五位和第七位
如何计算
注册码第十三位和注册码第六位的和不是偶数,即和不能整除2
如何计算
5. 第十三,十四,十五的和再加上用户名的位数等于10A
10A是指16进制还是10进制10A计算后又是多少
户名的第六位
再次感谢大大
再OCN做的一个初级算法的练习
【文章名称】:算法练习2!
【文章作者】:夜之魂
【作者邮件】:[email protected]
【破解工具】:OD PEID
【保护方式】:MASM32 / TASM32
【软件限制】:
【破解难度】:简单
============================================================
【软件介绍】
主要是学习最基本的算法,学习基本的汇编语言!
============================================================
【破解分析过程】
填入用户名 yezhihuin 注册码 123456789 下断BP GetDlgItemTextA,断下后来到
0040150C |. FF75 08 push dword ptr ss:[ebp+8] ; |hWnd
0040150F |. E8 4A010000 call <jmp.&user32.GetDlgItemTex>; \GetDlgItemTextA
00401514 |. 8D0D 20304000 lea ecx,dword ptr ds:[403020] ; 获得用户名的位数,这里我用的是yezhihun 8位
0040151A |. 890D A0304000 mov dword ptr ds:[4030A0],ecx
00401520 |. A3 A4304000 mov dword ptr ds:[4030A4],eax
00401525 |. 833D A4304000 0>cmp dword ptr ds:[4030A4],4 ; 比较用户名是否大于四位
0040152C |. 73 04 jnb short CrackMe.00401532 ; 大于或等于转移
0040152E |. C9 leave
0040152F |. C2 1000 retn 10
00401532 |> 68 00010000 push 100 ; /Count = 100 (256.)
00401537 |. 68 AC304000 push CrackMe.004030AC ; |Buffer = CrackMe.004030AC
0040153C |. 68 ED030000 push 3ED ; |ControlID = 3ED (1005.)
00401541 |. FF75 08 push dword ptr ss:[ebp+8] ; |hWnd
00401544 |. E8 15010000 call <jmp.&user32.GetDlgItemTex>; \GetDlgItemTextA
00401549 |. A3 A8304000 mov dword ptr ds:[4030A8],eax ; 注册码的位数进 mov dword ptr ds:[4030A8]
0040154E |. 83F8 10 cmp eax,10 ; 比较是否等于16位
00401551 74 04 je short CrackMe.00401557 ; 相等则跳
00401553 |. C9 leave
00401554 |. C2 1000 retn 10
00401557 |> 8D0D AC304000 lea ecx,dword ptr ds:[4030AC] ; 载入注册码
0040155D |. 890D AC314000 mov dword ptr ds:[4031AC],ecx
00401563 |. E8 00FBFFFF call CrackMe.00401068 ; 比较第一位注册码是否为H
00401568 |. 33C0 xor eax,eax ; eax 清零
0040156A |. E8 2EFBFFFF call CrackMe.0040109D ; 比较第二位注册码
0040156F |. 0BC2 or eax,edx ; OR后EAX0014060B
00401571 |. E8 5CFBFFFF call CrackMe.004010D2 ; 比较的三位注册码
00401576 |. 85C0 test eax,eax
00401578 |. E8 8AFBFFFF call CrackMe.00401107 ; 比较第四位注册码
0040157D |. 33C8 xor ecx,eax
0040157F |. E8 B8FBFFFF call CrackMe.0040113C ; 第五位,第七位,第十一位和第十位注册码
00401584 |. F7D1 not ecx
00401586 |. FF35 A4304000 push dword ptr ds:[4030A4]
0040158C |. FF35 AC314000 push dword ptr ds:[4031AC]
00401592 |. E8 77FCFFFF call CrackMe.0040120E ; 第六位注册码
00401597 |. 030D A4304000 add ecx,dword ptr ds:[4030A4]
0040159D |. E8 FFFBFFFF call CrackMe.004011A1 ; 第八位和第九位注册码
004015A2 |. 91 xchg eax,ecx ; 交换
004015A3 |. D1E0 shl eax,1 ; 位移
004015A5 |. 8BD0 mov edx,eax
004015A7 |. E8 A6FCFFFF call CrackMe.00401252 ; 第十位和第十一位的和能将2整除
004015AC |. B8 78563412 mov eax,12345678
004015B1 |. E8 EDFCFFFF call CrackMe.004012A3 ; 第十二位,好像是任意数
004015B6 |. 03C1 add eax,ecx
004015B8 |. E8 32FDFFFF call CrackMe.004012EF ; 第十三位的值加上第六位的值后和是奇数
004015BD |. 33C9 xor ecx,ecx
004015BF |. FF35 A0304000 push dword ptr ds:[4030A0]
004015C5 |. E8 63FAFFFF call CrackMe.0040102D ; 取用户名的和
004015CA |. E8 71FDFFFF call CrackMe.00401340 ; 第十四,十五的值
004015CF |. 03CB add ecx,ebx
004015D1 |. 68 00010000 push 100 ; /Count = 100 (256.)
004015D6 |. 68 AC304000 push CrackMe.004030AC ; |Buffer = CrackMe.004030AC
004015DB |. 68 ED030000 push 3ED ; |ControlID = 3ED (1005.)
004015E0 |. FF75 08 push dword ptr ss:[ebp+8] ; |hWnd
004015E3 |. E8 76000000 call <jmp.&user32.GetDlgItemTex>; \GetDlgItemTextA
004015E8 |. 8BC8 mov ecx,eax
004015EA |. C1C1 05 rol ecx,5
004015ED |. 8BC1 mov eax,ecx
004015EF |. E8 ACFDFFFF call CrackMe.004013A0 ; 这里是用户名的第十六位,和用户名的第六位相同
004015F4 |. 2BC1 sub eax,ecx
004015F6 |. 813D B0314000 F>cmp dword ptr ds:[4031B0],0FFF
00401600 75 14 jnz short CrackMe.00401616 ; 爆破点
00401602 |. 6A 40 push 40 ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
00401604 |. 68 D0204000 push CrackMe.004020D0 ; |Title = "Congratulations"
00401609 |. 68 C1204000 push CrackMe.004020C1 ; |Text = "GOOD JOB, MAN!" 成功标志
0040160E |. FF75 08 push dword ptr ss:[ebp+8] ; |hOwner
00401611 |. E8 5A000000 call <jmp.&user32.MessageBoxA> ; \MessageBoxA
00401616 |> C705 B0314000 0>mov dword ptr ds:[4031B0],0
一下是各个CALL的内容
--------------------------------------------------------------------------------------------------------------------
00401068 $ 53 push ebx
00401069 56 db 56 ; CHAR 'V'
0040106A 57 db 57 ; CHAR 'W'
0040106B 6A db 6A ; CHAR 'j'
0040106C 00 db 00
0040106D . FF35 AC314000 push dword ptr ds:[4031AC]
00401073 . E8 D8FFFFFF call CrackMe.00401050 ; 这里提取假注册码的第一个字节
00401078 . 83F8 48 cmp eax,48 ; 与48比较(48的ASC为H)
0040107B . 74 0F je short CrackMe.0040108C
0040107D . 6A 00 push 0
0040107F . FF35 B0314000 push dword ptr ds:[4031B0]
00401085 . E8 76FFFFFF call CrackMe.00401000
0040108A . EB 0D jmp short CrackMe.00401099
0040108C > 6A 01 push 1
0040108E . FF35 B0314000 push dword ptr ds:[4031B0]
00401094 . E8 67FFFFFF call CrackMe.00401000
00401099 > 5F pop edi
0040109A . 5E pop esi
0040109B . 5B pop ebx
0040109C . C3 retn
--------------------------------------------------------------------------------------------------------------------
0040109D /$ 53 push ebx
0040109E |. 56 push esi
0040109F |. 57 push edi
004010A0 |. 6A 01 push 1
004010A2 |. FF35 AC314000 push dword ptr ds:[4031AC]
004010A8 |. E8 A3FFFFFF call CrackMe.00401050 ; 提取第二位注册码
004010AD |. 83F8 54 cmp eax,54 ; 与54比较(54的ASC码为T)
004010B0 74 0F je short CrackMe.004010C1
004010B2 |. 6A 00 push 0
004010B4 |. FF35 B0314000 push dword ptr ds:[4031B0]
004010BA |. E8 41FFFFFF call CrackMe.00401000
004010BF |. EB 0D jmp short CrackMe.004010CE
004010C1 |> 6A 02 push 2
004010C3 |. FF35 B0314000 push dword ptr ds:[4031B0]
004010C9 |. E8 32FFFFFF call CrackMe.00401000
004010CE |> 5F pop edi
004010CF |. 5E pop esi
004010D0 |. 5B pop ebx
004010D1 \. C3 retn
--------------------------------------------------------------------------------------------------------------------
004010D2 /$ 53 push ebx
004010D3 |. 56 push esi
004010D4 |. 57 push edi
004010D5 |. 6A 02 push 2
004010D7 |. FF35 AC314000 push dword ptr ds:[4031AC]
004010DD |. E8 6EFFFFFF call CrackMe.00401050 ; 获得的三位注册码
004010E2 |. 83F8 2D cmp eax,2D ; 比较
004010E5 |. 74 0F je short CrackMe.004010F6
004010E7 |. 6A 00 push 0
004010E9 |. FF35 B0314000 push dword ptr ds:[4031B0]
004010EF |. E8 0CFFFFFF call CrackMe.00401000
004010F4 |. EB 0D jmp short CrackMe.00401103
004010F6 |> 6A 04 push 4
004010F8 |. FF35 B0314000 push dword ptr ds:[4031B0]
004010FE |. E8 FDFEFFFF call CrackMe.00401000
00401103 |> 5F pop edi
00401104 |. 5E pop esi
00401105 |. 5B pop ebx
00401106 \. C3 retn
--------------------------------------------------------------------------------------------------------------------
00401107 /$ 53 push ebx
00401108 |. 56 push esi
00401109 |. 57 push edi
0040110A |. 6A 03 push 3
0040110C |. FF35 AC314000 push dword ptr ds:[4031AC]
00401112 |. E8 39FFFFFF call CrackMe.00401050 ; 提取第四位注册码
00401117 |. 83F8 37 cmp eax,37 ; 比较是否是:“7”
0040111A 74 0F je short CrackMe.0040112B
0040111C |. 6A 00 push 0
0040111E |. FF35 B0314000 push dword ptr ds:[4031B0]
00401124 |. E8 D7FEFFFF call CrackMe.00401000
00401129 |. EB 0D jmp short CrackMe.00401138
0040112B |> 6A 08 push 8
0040112D |. FF35 B0314000 push dword ptr ds:[4031B0]
00401133 |. E8 C8FEFFFF call CrackMe.00401000
00401138 |> 5F pop edi
00401139 |. 5E pop esi
0040113A |. 5B pop ebx
0040113B \. C3 retn
--------------------------------------------------------------------------------------------------------------------
0040113C /$ 53 push ebx
0040113D |. 56 push esi
0040113E |. 57 push edi
0040113F |. 6A 04 push 4
00401141 |. FF35 AC314000 push dword ptr ds:[4031AC]
00401147 |. E8 04FFFFFF call CrackMe.00401050 ; 提取第五位注册码
0040114C |. 8BD8 mov ebx,eax ; 注册码的值进EBX
0040114E |. 6A 06 push 6
00401150 |. FF35 AC314000 push dword ptr ds:[4031AC]
00401156 |. E8 F5FEFFFF call CrackMe.00401050 ; 提取第七位注册码
0040115B |. 03D8 add ebx,eax ; 第五位的ASC码和第七位的相加进EBX
0040115D |. 6A 09 push 9
0040115F |. FF35 AC314000 push dword ptr ds:[4031AC]
00401165 |. E8 E6FEFFFF call CrackMe.00401050 ; 提取第十位注册码
0040116A |. 8BD0 mov edx,eax ; 注册码的值进EDX
0040116C |. 6A 0A push 0A
0040116E |. FF35 AC314000 push dword ptr ds:[4031AC]
00401174 |. E8 D7FEFFFF call CrackMe.00401050 ; 第十一位注册码
00401179 |. 03D0 add edx,eax ; 第十一位的ASC码和第十位的相加进EDX
0040117B |. 33DA xor ebx,edx ; 异或运算的值进EBX,主要看是否为零
0040117D |. 0BDB or ebx,ebx ; 或运算,如果是零就跳转
0040117F |. 74 0F je short CrackMe.00401190
00401181 |. 6A 00 push 0
00401183 |. FF35 B0314000 push dword ptr ds:[4031B0]
00401189 |. E8 72FEFFFF call CrackMe.00401000
0040118E |. EB 0D jmp short CrackMe.0040119D
00401190 |> 6A 10 push 10
00401192 |. FF35 B0314000 push dword ptr ds:[4031B0]
00401198 |. E8 63FEFFFF call CrackMe.00401000
0040119D |> 5F pop edi
0040119E |. 5E pop esi
0040119F |. 5B pop ebx
004011A0 \. C3 retn
--------------------------------------------------------------------------------------------------------------------
004011A1 /$ 53 push ebx
004011A2 |. 56 push esi
004011A3 |. 57 push edi
004011A4 |. 6A 07 push 7
004011A6 |. FF35 AC314000 push dword ptr ds:[4031AC]
004011AC |. E8 9FFEFFFF call CrackMe.00401050 ; 取第八位注册码
004011B1 |. 8BD8 mov ebx,eax
004011B3 |. 6A 08 push 8
004011B5 |. FF35 AC314000 push dword ptr ds:[4031AC]
004011BB |. E8 90FEFFFF call CrackMe.00401050 ; 取第九位注册码
004011C0 |. 03D8 add ebx,eax
004011C2 |. 6A 01 push 1
004011C4 |. FF35 A0304000 push dword ptr ds:[4030A0]
004011CA |. E8 81FEFFFF call CrackMe.00401050 ; 取用户名第二位
004011CF |. 8BD0 mov edx,eax
004011D1 |. 8B0D A4304000 mov ecx,dword ptr ds:[4030A4]
004011D7 |. 83E9 02 sub ecx,2
004011DA |. 51 push ecx
004011DB |. FF35 A0304000 push dword ptr ds:[4030A0]
004011E1 |. E8 6AFEFFFF call CrackMe.00401050 ; 取用户名七位
004011E6 |. 03D0 add edx,eax ; 取的用户名的两位ASC码之和
004011E8 |. 33DA xor ebx,edx ; 看是否相等
004011EA |. 0BDB or ebx,ebx
004011EC 74 0F je short CrackMe.004011FD ; 相等则跳
004011EE |. 6A 00 push 0
004011F0 |. FF35 B0314000 push dword ptr ds:[4031B0]
004011F6 |. E8 05FEFFFF call CrackMe.00401000
004011FB |. EB 0D jmp short CrackMe.0040120A
004011FD |> 6A 40 push 40
004011FF |. FF35 B0314000 push dword ptr ds:[4031B0]
00401205 |. E8 F6FDFFFF call CrackMe.00401000
0040120A |> 5F pop edi
0040120B |. 5E pop esi
0040120C |. 5B pop ebx
0040120D \. C3 retn
--------------------------------------------------------------------------------------------------------------------
0040120E /$ 55 push ebp
0040120F |. 8BEC mov ebp,esp
00401211 |. 53 push ebx
00401212 |. 56 push esi
00401213 |. 57 push edi
00401214 |. 68 20304000 push CrackMe.00403020 ; ASCII "3424r"
00401219 |. E8 0FFEFFFF call CrackMe.0040102D ; 取注册码的ASC码之和
0040121E |. F77D 0C idiv dword ptr ss:[ebp+C] ; 注册码之和除以位数
00401221 |. 8B0D AC314000 mov ecx,dword ptr ds:[4031AC]
00401227 |. 0FB649 05 movzx ecx,byte ptr ds:[ecx+5] ; 这里取注册码的第六位
0040122B |. 3BC1 cmp eax,ecx ; 从这里来看,这第六位注册码就是用户名的ASC的值与位数的商
0040122D 74 0F je short CrackMe.0040123E
0040122F |. 6A 00 push 0
00401231 |. FF35 B0314000 push dword ptr ds:[4031B0]
00401237 |. E8 C4FDFFFF call CrackMe.00401000
0040123C |. EB 0D jmp short CrackMe.0040124B
0040123E |> 6A 20 push 20
00401240 |. FF35 B0314000 push dword ptr ds:[4031B0]
00401246 |. E8 B5FDFFFF call CrackMe.00401000
0040124B |> 5F pop edi
0040124C |. 5E pop esi
0040124D |. 5B pop ebx
0040124E |. C9 leave
0040124F \. C2 0800 retn 8
--------------------------------------------------------------------------------------------------------------------
00401252 /$ 53 push ebx
00401253 |. 56 push esi
00401254 |. 57 push edi
00401255 |. 6A 09 push 9
00401257 |. FF35 AC314000 push dword ptr ds:[4031AC]
0040125D |. E8 EEFDFFFF call CrackMe.00401050 ; 取第十位注册码
00401262 |. 8BD8 mov ebx,eax
00401264 |. 6A 0A push 0A
00401266 |. FF35 AC314000 push dword ptr ds:[4031AC]
0040126C |. E8 DFFDFFFF call CrackMe.00401050 ; 取第十一位注册码
00401271 |. 03C3 add eax,ebx ; 第十位和第十一位的和
00401273 |. B9 02000000 mov ecx,2
00401278 |. 33D2 xor edx,edx
0040127A |. F7F9 idiv ecx ; 看是否有余数
0040127C |. 0BD2 or edx,edx
0040127E |. 74 0F je short CrackMe.0040128F
00401280 |. 6A 00 push 0
00401282 |. FF35 B0314000 push dword ptr ds:[4031B0]
00401288 |. E8 73FDFFFF call CrackMe.00401000
0040128D |. EB 10 jmp short CrackMe.0040129F
0040128F |> 68 80000000 push 80
00401294 |. FF35 B0314000 push dword ptr ds:[4031B0]
0040129A |. E8 61FDFFFF call CrackMe.00401000
0040129F |> 5F pop edi
004012A0 |. 5E pop esi
004012A1 |. 5B pop ebx
004012A2 \. C3 retn
--------------------------------------------------------------------------------------------------------------------
004012A3 /$ 53 push ebx
004012A4 |. 56 push esi
004012A5 |. 57 push edi
004012A6 |. 33D2 xor edx,edx ; EDX清零
004012A8 |. A1 A4304000 mov eax,dword ptr ds:[4030A4] ; 注册码位数进EAX
004012AD |. B9 03000000 mov ecx,3
004012B2 |. F7F9 idiv ecx
004012B4 |. 8BF2 mov esi,edx ; 余数进ESI
004012B6 |. 6A 0B push 0B
004012B8 |. FF35 AC314000 push dword ptr ds:[4031AC]
004012BE |. E8 8DFDFFFF call CrackMe.00401050
004012C3 |. 83E8 30 sub eax,30 ; 第十二位的值减去30】,没发现什么作用
004012C6 |. 33D6 xor edx,esi
004012C8 |. 0BD2 or edx,edx
004012CA |. 74 0F je short CrackMe.004012DB
004012CC |. 6A 00 push 0
004012CE |. FF35 B0314000 push dword ptr ds:[4031B0]
004012D4 |. E8 27FDFFFF call CrackMe.00401000
004012D9 |. EB 10 jmp short CrackMe.004012EB
004012DB |> 68 00010000 push 100
004012E0 |. FF35 B0314000 push dword ptr ds:[4031B0]
004012E6 |. E8 15FDFFFF call CrackMe.00401000
004012EB |> 5F pop edi
004012EC |. 5E pop esi
004012ED |. 5B pop ebx
004012EE \. C3 retn
--------------------------------------------------------------------------------------------------------------------
004012EF /$ 53 push ebx
004012F0 |. 56 push esi
004012F1 |. 57 push edi
004012F2 |. 6A 0C push 0C
004012F4 |. FF35 AC314000 push dword ptr ds:[4031AC]
004012FA |. E8 51FDFFFF call CrackMe.00401050 ; 取第十三位
004012FF |. 8BD8 mov ebx,eax ; 取得字符进EBX
00401301 |. 6A 05 push 5
00401303 |. FF35 AC314000 push dword ptr ds:[4031AC]
00401309 |. E8 42FDFFFF call CrackMe.00401050 ; 取第六位注册码
0040130E |. 03C3 add eax,ebx ; 第十三位和第六位的和
00401310 |. B9 02000000 mov ecx,2
00401315 |. 33D2 xor edx,edx ; 清零,位余数腾空,嘿嘿
00401317 |. F7F9 idiv ecx
00401319 |. 0BD2 or edx,edx ; 看是否能够整除
0040131B |. 75 0F jnz short CrackMe.0040132C ; 不能整除则跳
0040131D |. 6A 00 push 0
0040131F |. FF35 B0314000 push dword ptr ds:[4031B0]
00401325 |. E8 D6FCFFFF call CrackMe.00401000
0040132A |. EB 10 jmp short CrackMe.0040133C
0040132C |> 68 00020000 push 200
00401331 |. FF35 B0314000 push dword ptr ds:[4031B0]
00401337 |. E8 C4FCFFFF call CrackMe.00401000
0040133C |> 5F pop edi
0040133D |. 5E pop esi
0040133E |. 5B pop ebx
0040133F \. C3 retn
--------------------------------------------------------------------------------------------------------------------
00401340 /$ 53 push ebx
00401341 |. 56 push esi
00401342 |. 57 push edi
00401343 |. 6A 0C push 0C
00401345 |. FF35 AC314000 push dword ptr ds:[4031AC]
0040134B |. E8 00FDFFFF call CrackMe.00401050 ; 取第十三位
00401350 |. 8BD8 mov ebx,eax
00401352 |. 6A 0D push 0D
00401354 |. FF35 AC314000 push dword ptr ds:[4031AC]
0040135A |. E8 F1FCFFFF call CrackMe.00401050 ; 取第十四位
0040135F |. 03D8 add ebx,eax ; 第十三位和第十四位的和
00401361 |. 6A 0E push 0E
00401363 |. FF35 AC314000 push dword ptr ds:[4031AC]
00401369 |. E8 E2FCFFFF call CrackMe.00401050 ; 取第十五位
0040136E |. 03C3 add eax,ebx ; 到这里是将十三,十四,十五的和进EAX
00401370 |. 0305 A4304000 add eax,dword ptr ds:[4030A4] ; 十三,十四,十五的和再加上用户名的位数
00401376 |. 3D 0A010000 cmp eax,10A ; 是否等于10A
0040137B 74 0F je short CrackMe.0040138C
0040137D |. 6A 00 push 0
0040137F |. FF35 B0314000 push dword ptr ds:[4031B0]
00401385 |. E8 76FCFFFF call CrackMe.00401000
0040138A |. EB 10 jmp short CrackMe.0040139C
0040138C |> 68 00040000 push 400
00401391 |. FF35 B0314000 push dword ptr ds:[4031B0]
00401397 |. E8 64FCFFFF call CrackMe.00401000
0040139C |> 5F pop edi
0040139D |. 5E pop esi
0040139E |. 5B pop ebx
0040139F \. C3 retn
--------------------------------------------------------------------------------------------------------------------
004013A0 /$ 53 push ebx
004013A1 |. 56 push esi
004013A2 |. 57 push edi
004013A3 |. 6A 0F push 0F
004013A5 |. FF35 AC314000 push dword ptr ds:[4031AC]
004013AB |. E8 A0FCFFFF call CrackMe.00401050 ; 取第十六位
004013B0 |. 8BD8 mov ebx,eax
004013B2 |. 8B0D A4304000 mov ecx,dword ptr ds:[4030A4]
004013B8 |. 49 dec ecx
004013B9 |. 49 dec ecx
004013BA |. 51 push ecx
004013BB |. FF35 A0304000 push dword ptr ds:[4030A0]
004013C1 |. E8 8AFCFFFF call CrackMe.00401050 ; 取用户名第六位
004013C6 |. 33C3 xor eax,ebx ; 注册码的第十六位与用户名的第六位比较
004013C8 |. 0BC0 or eax,eax
004013CA 74 0F je short CrackMe.004013DB
004013CC |. 6A 00 push 0
004013CE |. FF35 B0314000 push dword ptr ds:[4031B0]
004013D4 |. E8 27FCFFFF call CrackMe.00401000
004013D9 |. EB 10 jmp short CrackMe.004013EB
004013DB |> 68 00080000 push 800
004013E0 |. FF35 B0314000 push dword ptr ds:[4031B0]
004013E6 |. E8 15FCFFFF call CrackMe.00401000
004013EB |> 5F pop edi
004013EC |. 5E pop esi
004013ED |. 5B pop ebx
004013EE \. C3 retn
--------------------------------------------------------------------------------------------------------------------
============================================================
【破解分析过程总结】
z这个软件不难,断到后立刻来到关键算法,非常适合象我这种菜鸟!嘿嘿!
主要算法:
前四位是固定的HT-7
第五位的ASC码+第七位=第十位+第十一位
第六位注册码就是用户名的ASC的值与位数的商
第八位+第九位的注册码的ASC值=用户名的第二位ASC值+用户名第七位的值
第十位和第十一位的和能将2整除 注意:这里限制了第五位和第七位
第十二位是任意数
注册码第十三位和注册码第六位的和不是偶数,即和不能整除2
第十三,十四,十五的和再加上用户名的位数等于10A
第十六位为用户名的第六位
我的注册码
yezhihun
HT-71n3ln3101Yxu
我是一只菜鸟,我要努力学习,再学习!
============================================================
*************本文章版权归: 【夜之魂】 所有************* |
|