- UID
- 28352
注册时间2007-2-21
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 开心
2024-5-1 14:44 |
|---|
签到天数: 2 天 [LV.1]初来乍到
|
【破文标题】ColorSchemer Studio 2.0算法分析
【破文作者】tianxj
【作者邮箱】[email protected]
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD,DeDe
【破解平台】Windows XP sp3
【软件名称】ColorSchemer Studio 2.0
【软件大小】2407KB
【软件语言】英文
【软件类别】国外软件/动画制作
【软件授权】共享版
【运行环境】Windows All
【更新时间】2009-3-10
【原版下载】http://www.onlinedown.net/soft/67358.htm
【保护方式】注册码
【软件简介】ColorSchemer Studio 是一个专业的配色程序,能以最简易、快速、直观的方式建立配色方案。是图像、网页等相关设计领域最便利的工具软件。主要功能如下:
-创建保存调色板
-定义各种调和色
-通过联网可以获得更多定制颜色
-创建基于图片调色板
-创建自定义实时展示的配色公式
-通过内建方案转换单色到完全色
-合成颜色并创建渐变混合
-通过变体调色板来查找近似或相关颜色
-即时预览配色方案在网页布局中的实际应用效果
-RGB 和 CMYK 颜色模式快速切换
-模拟色盲颜色显示
-方便的颜色方案输出打印
-强大的导入导出功能,兼容各类热门图形图像软件以及格式等等
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、对ColorSchemer Studio.exe查壳为Borland Delphi 6.0 - 7.0
**************************************************************
二、用搜索字符串就可以快速到达关键部位
- 0053506C . 55 push ebp
- 0053506D . 8BEC mov ebp, esp
- 0053506F . B9 05000000 mov ecx, 5
- 00535074 > 6A 00 push 0
- 00535076 . 6A 00 push 0
- 00535078 . 49 dec ecx
- 00535079 .^ 75 F9 jnz short 00535074
- 0053507B . 53 push ebx
- 0053507C . 8BD8 mov ebx, eax
- 0053507E . 33C0 xor eax, eax
- 00535080 . 55 push ebp
- 00535081 . 68 4F525300 push 0053524F
- 00535086 . 64:FF30 push dword ptr fs:[eax]
- 00535089 . 64:8920 mov dword ptr fs:[eax], esp
- 0053508C . 8D55 F4 lea edx, dword ptr [ebp-C]
- 0053508F . 8B83 0C030000 mov eax, dword ptr [ebx+30C]
- 00535095 . E8 960EF2FF call 00455F30
- 0053509A . 8B45 F4 mov eax, dword ptr [ebp-C] ; //试炼码
- 0053509D . 8D55 F8 lea edx, dword ptr [ebp-8]
- 005350A0 . E8 933DEDFF call 00408E38
- 005350A5 . A0 5C525300 mov al, byte ptr [53525C]
- 005350AA . 50 push eax
- 005350AB . 8D45 F0 lea eax, dword ptr [ebp-10]
- 005350AE . 50 push eax
- 005350AF . 33C9 xor ecx, ecx
- 005350B1 . BA 68525300 mov edx, 00535268 ; -
- 005350B6 . 8B45 F8 mov eax, dword ptr [ebp-8]
- 005350B9 . E8 A293EDFF call 0040E460 ; //去掉试炼码中的"-"
- 005350BE . 8B55 F0 mov edx, dword ptr [ebp-10] ; //试炼码
- 005350C1 . 8D45 F8 lea eax, dword ptr [ebp-8]
- 005350C4 . E8 EFF3ECFF call 004044B8
- 005350C9 . 8D55 EC lea edx, dword ptr [ebp-14]
- 005350CC . 8B83 FC020000 mov eax, dword ptr [ebx+2FC]
- 005350D2 . E8 590EF2FF call 00455F30
- 005350D7 . 8B45 EC mov eax, dword ptr [ebp-14] ; //定单号
- 005350DA . E8 01F6ECFF call 004046E0
- 005350DF . 83F8 08 cmp eax, 8
- 005350E2 . 0F85 FC000000 jnz 005351E4 ; //定单号长度不是8则跳
- 005350E8 . 8D55 E4 lea edx, dword ptr [ebp-1C]
- 005350EB . 8B83 FC020000 mov eax, dword ptr [ebx+2FC]
- 005350F1 . E8 3A0EF2FF call 00455F30
- 005350F6 . 8B55 E4 mov edx, dword ptr [ebp-1C] ; //定单号
- 005350F9 . 8D4D E8 lea ecx, dword ptr [ebp-18]
- 005350FC . 8BC3 mov eax, ebx
- 005350FE . E8 A9020000 call 005353AC ; //算法CALL
- 00535103 . 8B45 E8 mov eax, dword ptr [ebp-18] ; //注册码
- 00535106 . 8B55 F8 mov edx, dword ptr [ebp-8] ; //试炼码
- 00535109 . E8 1EF7ECFF call 0040482C ; //比较CALL
- 0053510E . 0F85 D0000000 jnz 005351E4 ; //关键跳转
- 00535114 . B2 01 mov dl, 1
- 00535116 . A1 80C54300 mov eax, dword ptr [43C580]
- 0053511B . E8 6075F0FF call 0043C680
- 00535120 . 8945 FC mov dword ptr [ebp-4], eax
- 00535123 . 33C0 xor eax, eax
- 00535125 . 55 push ebp
- 00535126 . 68 DD515300 push 005351DD
- 0053512B . 64:FF30 push dword ptr fs:[eax]
- 0053512E . 64:8920 mov dword ptr fs:[eax], esp
- 00535131 . 33C9 xor ecx, ecx
- 00535133 . BA 74525300 mov edx, 00535274 ; \software\microsoft\icss2
- 00535138 . 8B45 FC mov eax, dword ptr [ebp-4]
- 0053513B . E8 4476F0FF call 0043C784
- 00535140 . 8D55 E0 lea edx, dword ptr [ebp-20]
- 00535143 . 8B83 FC020000 mov eax, dword ptr [ebx+2FC]
- 00535149 . E8 E20DF2FF call 00455F30
- 0053514E . 8B4D E0 mov ecx, dword ptr [ebp-20]
- 00535151 . BA 98525300 mov edx, 00535298 ; o
- 00535156 . 8B45 FC mov eax, dword ptr [ebp-4]
- 00535159 . E8 C277F0FF call 0043C920
- 0053515E . 8B4D F8 mov ecx, dword ptr [ebp-8]
- 00535161 . BA A4525300 mov edx, 005352A4 ; k
- 00535166 . 8B45 FC mov eax, dword ptr [ebp-4]
- 00535169 . E8 B277F0FF call 0043C920
- 0053516E . 6A 40 push 40
- 00535170 . B9 A8525300 mov ecx, 005352A8 ; registration complete
- 00535175 . BA C0525300 mov edx, 005352C0 ; thank you for registering colorschemer studio! your software is now fully functional.
- 0053517A . A1 90C35300 mov eax, dword ptr [53C390]
- 0053517F . 8B00 mov eax, dword ptr [eax]
- 00535181 . E8 0625F4FF call 0047768C
- 00535186 . 8D55 D8 lea edx, dword ptr [ebp-28]
- 00535189 . 8B83 FC020000 mov eax, dword ptr [ebx+2FC]
- 0053518F . E8 9C0DF2FF call 00455F30
- 00535194 . 8B4D D8 mov ecx, dword ptr [ebp-28]
- 00535197 . 8D45 DC lea eax, dword ptr [ebp-24]
- 0053519A . BA 20535300 mov edx, 00535320 ; order number:
- 0053519F . E8 88F5ECFF call 0040472C
- 005351A4 . 8B55 DC mov edx, dword ptr [ebp-24]
- 005351A7 . A1 94C05300 mov eax, dword ptr [53C094]
- 005351AC . 8B00 mov eax, dword ptr [eax]
- 005351AE . 8B80 04030000 mov eax, dword ptr [eax+304]
- 005351B4 . E8 A70DF2FF call 00455F60
- 005351B9 . C683 10030000>mov byte ptr [ebx+310], 1
- 005351C0 . 8BC3 mov eax, ebx
- 005351C2 . E8 A1EAF3FF call 00473C68
- 005351C7 . 33C0 xor eax, eax
- 005351C9 . 5A pop edx
- 005351CA . 59 pop ecx
- 005351CB . 59 pop ecx
- 005351CC . 64:8910 mov dword ptr fs:[eax], edx
- 005351CF . 68 FC515300 push 005351FC
- 005351D4 > 8D45 FC lea eax, dword ptr [ebp-4]
- 005351D7 . E8 1C99EDFF call 0040EAF8
- 005351DC . C3 retn
- 005351DD .^ E9 BEEAECFF jmp 00403CA0
- 005351E2 .^ EB F0 jmp short 005351D4
- 005351E4 > 6A 10 push 10
- 005351E6 . B9 30535300 mov ecx, 00535330 ; invalid license key
- 005351EB . BA 44535300 mov edx, 00535344 ; the license key you have provided is invalid. please recheck your order number and registration key.
- 005351F0 . A1 90C35300 mov eax, dword ptr [53C390]
- 005351F5 . 8B00 mov eax, dword ptr [eax]
- 005351F7 . E8 9024F4FF call 0047768C
- 005351FC . 33C0 xor eax, eax
- 005351FE . 5A pop edx
- 005351FF . 59 pop ecx
- 00535200 . 59 pop ecx
- 00535201 . 64:8910 mov dword ptr fs:[eax], edx
- 00535204 . 68 56525300 push 00535256
- 00535209 > 8D45 D8 lea eax, dword ptr [ebp-28]
- 0053520C . E8 0FF2ECFF call 00404420
- 00535211 . 8D45 DC lea eax, dword ptr [ebp-24]
- 00535214 . E8 07F2ECFF call 00404420
- 00535219 . 8D45 E0 lea eax, dword ptr [ebp-20]
- 0053521C . BA 02000000 mov edx, 2
- 00535221 . E8 1EF2ECFF call 00404444
- 00535226 . 8D45 E8 lea eax, dword ptr [ebp-18]
- 00535229 . E8 F2F1ECFF call 00404420
- 0053522E . 8D45 EC lea eax, dword ptr [ebp-14]
- 00535231 . E8 EAF1ECFF call 00404420
- 00535236 . 8D45 F0 lea eax, dword ptr [ebp-10]
- 00535239 . E8 E2F1ECFF call 00404420
- 0053523E . 8D45 F4 lea eax, dword ptr [ebp-C]
- 00535241 . E8 DAF1ECFF call 00404420
- 00535246 . 8D45 F8 lea eax, dword ptr [ebp-8]
- 00535249 . E8 D2F1ECFF call 00404420
- 0053524E . C3 retn
- 0053524F .^ E9 4CEAECFF jmp 00403CA0
- 00535254 .^ EB B3 jmp short 00535209
- 00535256 . 5B pop ebx
- 00535257 . 8BE5 mov esp, ebp
- 00535259 . 5D pop ebp
- 0053525A . C3 retn
跟进算法CALL
- 005353AC /$ 55 push ebp
- 005353AD |. 8BEC mov ebp, esp
- 005353AF |. 6A 00 push 0
- 005353B1 |. 6A 00 push 0
- 005353B3 |. 6A 00 push 0
- 005353B5 |. 6A 00 push 0
- 005353B7 |. 6A 00 push 0
- 005353B9 |. 6A 00 push 0
- 005353BB |. 6A 00 push 0
- 005353BD |. 6A 00 push 0
- 005353BF |. 53 push ebx
- 005353C0 |. 56 push esi
- 005353C1 |. 8BD9 mov ebx, ecx
- 005353C3 |. 8BF2 mov esi, edx
- 005353C5 |. 33C0 xor eax, eax
- 005353C7 |. 55 push ebp
- 005353C8 |. 68 7E545300 push 0053547E
- 005353CD |. 64:FF30 push dword ptr fs:[eax]
- 005353D0 |. 64:8920 mov dword ptr fs:[eax], esp
- 005353D3 |. 8D55 F8 lea edx, dword ptr [ebp-8]
- 005353D6 |. B8 94545300 mov eax, 00535494 ; css2
- 005353DB |. E8 E4A1F5FF call 0048F5C4 ; //将"CSS2"作标准MD5运算,取小写
- 005353E0 |. 8D45 F0 lea eax, dword ptr [ebp-10]
- 005353E3 |. 50 push eax
- 005353E4 |. B9 08000000 mov ecx, 8
- 005353E9 |. 33D2 xor edx, edx
- 005353EB |. 8BC6 mov eax, esi
- 005353ED |. E8 4EF5ECFF call 00404940
- 005353F2 |. 8B45 F0 mov eax, dword ptr [ebp-10] ; //定单号
- 005353F5 |. 8D55 F4 lea edx, dword ptr [ebp-C]
- 005353F8 |. E8 EB37EDFF call 00408BE8
- 005353FD |. 8B45 F4 mov eax, dword ptr [ebp-C]
- 00535400 |. 8D55 FC lea edx, dword ptr [ebp-4]
- 00535403 |. E8 BCA1F5FF call 0048F5C4 ; //将订单号作标准MD5运算,取小写
- 00535408 |. 8D45 E8 lea eax, dword ptr [ebp-18]
- 0053540B |. 8B4D F8 mov ecx, dword ptr [ebp-8] ; //"CSS2"MD5值小写
- 0053540E |. 8B55 FC mov edx, dword ptr [ebp-4] ; //订单号MD5值小写
- 00535411 |. E8 16F3ECFF call 0040472C ; //将两个字符串相连
- 00535416 |. 8B45 E8 mov eax, dword ptr [ebp-18] ; //相连字符串
- 00535419 |. 8D55 EC lea edx, dword ptr [ebp-14]
- 0053541C |. E8 A3A1F5FF call 0048F5C4 ; //取相连字符串的MD5值,小写
- 00535421 |. 8B45 EC mov eax, dword ptr [ebp-14] ; //相连字符串的MD5值小写
- 00535424 |. 8BD3 mov edx, ebx
- 00535426 |. E8 BD37EDFF call 00408BE8 ; //转大写
- 0053542B |. 8D55 E4 lea edx, dword ptr [ebp-1C]
- 0053542E |. 8B03 mov eax, dword ptr [ebx] ; //相连字符串的MD5值大写
- 00535430 |. E8 F73BF0FF call 0043902C ; //倒转
- 00535435 |. 8B55 E4 mov edx, dword ptr [ebp-1C] ; //相连字符串的MD5值大写倒转字符串
- 00535438 |. 8BC3 mov eax, ebx
- 0053543A |. E8 35F0ECFF call 00404474
- 0053543F |. 8D45 E0 lea eax, dword ptr [ebp-20]
- 00535442 |. 50 push eax
- 00535443 |. 8B03 mov eax, dword ptr [ebx] ; //相连字符串的MD5值大写倒转字符串
- 00535445 |. B9 10000000 mov ecx, 10
- 0053544A |. BA 01000000 mov edx, 1
- 0053544F |. E8 ECF4ECFF call 00404940 ; //取倒转字符串1-16位
- 00535454 |. 8B4D E0 mov ecx, dword ptr [ebp-20] ; //倒转字符串1-16位
- 00535457 |. 8BC3 mov eax, ebx
- 00535459 |. BA 94545300 mov edx, 00535494 ; css2
- 0053545E |. E8 C9F2ECFF call 0040472C ; //将"CSS2"与倒转字符串1-16位相连即得到注册码
- 00535463 |. 33C0 xor eax, eax
- 00535465 |. 5A pop edx
- 00535466 |. 59 pop ecx
- 00535467 |. 59 pop ecx
- 00535468 |. 64:8910 mov dword ptr fs:[eax], edx
- 0053546B |. 68 85545300 push 00535485
- 00535470 |> 8D45 E0 lea eax, dword ptr [ebp-20]
- 00535473 |. BA 08000000 mov edx, 8
- 00535478 |. E8 C7EFECFF call 00404444
- 0053547D \. C3 retn
- 0053547E .^ E9 1DE8ECFF jmp 00403CA0
- 00535483 .^ EB EB jmp short 00535470
- 00535485 . 5E pop esi
- 00535486 . 5B pop ebx
- 00535487 . 8BE5 mov esp, ebp
- 00535489 . 5D pop ebp
- 0053548A . C3 retn
【破解总结】
--------------------------------------------------------------
【算法总结】
以订单号"12345678"为例
1.订单号"12345678"必须为8位
2.分别求固定字符串"CSS2"的MD5值"92767d20ae2d6d175fdfcfc11d656a42"和订单号"12345678"的MD5值"25d55ad283aa400af464c76d713c07ad"
3.将上面两个字符串相连得到"25d55ad283aa400af464c76d713c07ad92767d20ae2d6d175fdfcfc11d656a42"
4.求相连字符串"25d55ad283aa400af464c76d713c07ad92767d20ae2d6d175fdfcfc11d656a42"的MD5值得"5a295f1ddfb79d0021a5936aae9d4c1a"
5.将"5a295f1ddfb79d0021a5936aae9d4c1a"转大写为"5A295F1DDFB79D0021A5936AAE9D4C1A",倒转后为"A1C4D9EAA6395A1200D97BFDD1F592A5"
6.取"A1C4D9EAA6395A1200D97BFDD1F592A5"的1-16位"A1C4D9EAA6395A12"与"CSS2"相连,得到注册码"CSS2A1C4D9EAA6395A12"
--------------------------------------------------------------
【算法注册机】
〖VB代码〗
Private Sub Command1_Click()
If Len(Text1.Text) <> 8 Then
Text2.Text = "输入有误,请重新输入!"
Else
Text2.Text = "CSS2" & Mid(StrReverse(UCase(MD5(LCase(MD5(Text1.Text)) & LCase(MD5("CSS2"))))), 1, 16)
End If
End Sub
--------------------------------------------------------------
【注册信息】
保存在[HKEY_CURRENT_USER\Software\Microsoft\ICSS2]
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! |
评分
-
查看全部评分
|
IP卡
发表于 2009-12-7 22:11:19
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2009-12-8 00:11:49
发表于 2009-12-9 21:12:25
发表于 2009-12-18 20:26:33
发表于 2009-12-18 20:54:26
