- UID
- 14878
注册时间2006-6-4
阅读权限30
最后登录1970-1-1
龙战于野
该用户从未签到
|
【破文标题】里诺进销存管理软件算法分析
【破文作者】黑夜彩虹
【破解工具】OD
【破解平台】Windows 2K&XP
【软件名称】里诺进销存管理软件(单机版)V2.75
【软件大小】
【原版下载】Google
【保护方式】注册码
【软件简介】里诺进销存管理系统是是一个集“进、销、存、财”四位一体的全功能商贸管理软件。软件界面设计简洁,美观。其人性化
的软件流程,使普通用户不需培训也能很快掌握软件操作使用方法,上手极易。强大报表与集成查询功能是本软件的最大特
色,所有功能在用户需要的使用地方自然体现,不用打开多个窗口重复查询。
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
【破解过程】
一、安装软件后,运行注册有错误提示。PEiD查无壳。
软件是Borland Delphi 6.0 - 7.0编写。
运行,注册名:VXin 试练码:123456
二、OD载入后,超级ASCII参串
****************************
从而找到程序注册检测代码段:
超级字串参考+ , 条目 5341
地址=00655B04
反汇编=PUSH jxc.00655BE0
文本字串=注册成功,本程序所有功能限制下次启动时将被自动解除,欢迎您成为我们正式版本用户! //双击
00655A5D . E8 A6020000 CALL jxc.00655D08 //这里下断(关键CALL)
00655A62 . 84C0 TEST AL,AL
00655A64 . 0F84 DB000000 JE jxc.00655B45 //这里比较,相等就跳,跳则死
00655A6A . 33C0 XOR EAX,EAX
...............中间代码省略........................
00655AF8 . E8 67E0DAFF CALL jxc.00403B64
00655AFD . 6A 40 PUSH 40
00655AFF . 68 D45B6500 PUSH jxc.00655BD4 ; 软件注册
00655B04 . 68 E05B6500 PUSH jxc.00655BE0 ; 注册成功,本程序所有功能限制下次启动时将被自动解除,欢迎您成为我们正式版本用户!
00655B09 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00655B0C . E8 6793E3FF CALL jxc.0048EE78
00655B11 . 50 PUSH EAX ; |hOwner
00655B12 . E8 9925DBFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
...............中间代码省略........................
00655B43 . /EB 1A JMP SHORT jxc.00655B5F
00655B45 > |6A 40 PUSH 40
00655B47 . |68 D45B6500 PUSH jxc.00655BD4 ; 软件注册
00655B4C . |68 305C6500 PUSH jxc.00655C30 ; 注册失败,请检查您的注册名和注册码!
00655B51 . |8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00655B54 . |E8 1F93E3FF CALL jxc.0048EE78
00655B59 . |50 PUSH EAX ; |hOwner
00655B5A . |E8 5125DBFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
运行,停在下断处,F7跟进
00655D08 /$ 55 PUSH EBP
00655D09 |. 8BEC MOV EBP,ESP
00655D0B |. B9 04000000 MOV ECX,4
...............中间省略N行代码..............
00655D27 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00655D2A |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
00655D2D |. 8B86 08030000 MOV EAX,DWORD PTR DS:[ESI+308] ; DS:[0156C548]=0156EAF8, (ASCII "LZG") 不管,继续单步
00655D33 |. E8 3827E3FF CALL jxc.00488470 ; EAX 0156EAF8 ASCII "LZG"
00655D38 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 堆栈 SS:[0012EBFC]=0156EA8C, (ASCII "123456")
00655D3B |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4] ; EAX 0156EA8C ASCII "123456"
00655D3E |. E8 093DDBFF CALL jxc.00409A4C
00655D43 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 堆栈 SS:[0012EC00]=01566A4C, (ASCII "123456")
00655D46 |. 50 PUSH EAX ; EAX 01566A4C ASCII "123456"
00655D47 |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
00655D4A |. 8B86 04030000 MOV EAX,DWORD PTR DS:[ESI+304] ; DS:[0156C544]=0156E7AC, (ASCII "LZG") EAX=01566A4C, (ASCII "123456")
00655D50 |. E8 1B27E3FF CALL jxc.00488470 ; EAX 0156E7AC ASCII "LZG"
00655D55 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; 堆栈 SS:[0012EBF0]=014ED60C, (ASCII "VXin")
00655D58 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10] ; EAX 014ED60C ASCII "VXin"
00655D5B |. E8 EC3CDBFF CALL jxc.00409A4C
00655D60 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] ; 堆栈 SS:[0012EBF4]=014D1C60, (ASCII "VXin")
00655D63 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C] ; EDX 014D1C60 ASCII "VXin"
00655D66 |. 8BC6 MOV EAX,ESI
00655D68 |. E8 FF000000 CALL jxc.00655E6C ; F7
00655D6D |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] ; 堆栈 SS:[0012EBF8]=01561BC0, (ASCII "JXCw-E696268d5-8767")
00655D70 |. 58 POP EAX ; ASCII码压入EDX
00655D71 |. E8 EEF0DAFF CALL jxc.00404E64
00655D76 |. 75 50 JNZ SHORT jxc.00655DC8 ; 比较,不等则跳
00655D78 |. B3 01 MOV BL,1
...............中间省略N行代码..............
00655E83 |. 8BF9 MOV EDI,ECX
00655E85 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX ; EDX=014D1C60, (ASCII "VXin")
00655E88 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 堆栈 SS:[0012EBBC]=014D1C60, (ASCII "VXin")
00655E8B |. E8 78F0DAFF CALL jxc.00404F08 ; EAX 014D1C60 ASCII "VXin"
00655E90 |. 33C0 XOR EAX,EAX ; EAX=014D1C60, (ASCII "VXin")
00655E92 |. 55 PUSH EBP
00655E93 |. 68 2D606500 PUSH jxc.0065602D
00655E98 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
00655E9B |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
00655E9E |. 8BC7 MOV EAX,EDI
00655EA0 |. E8 B3EBDAFF CALL jxc.00404A58
00655EA5 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 堆栈 SS:[0012EBBC]=014D1C60, (ASCII "VXin")
00655EA8 |. E8 6BEEDAFF CALL jxc.00404D18 ; EAX 014D1C60 ASCII "VXin"
00655EAD |. 8BF0 MOV ESI,EAX
00655EAF |. 85F6 TEST ESI,ESI
00655EB1 |. 7E 26 JLE SHORT jxc.00655ED9
00655EB3 |. BB 01000000 MOV EBX,1
00655EB8 |> 8D4D EC /LEA ECX,DWORD PTR SS:[EBP-14]
00655EBB |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4] ; 堆栈 SS:[0012EBBC]=014D1C60, (ASCII "VXin")
00655EBE |. 0FB64418 FF |MOVZX EAX,BYTE PTR DS:[EAX+EBX-1] ; 循环取用户名的ASCII码
00655EC3 |. 33D2 |XOR EDX,EDX ;
00655EC5 |. E8 9A42DBFF |CALL jxc.0040A164
00655ECA |. 8B55 EC |MOV EDX,DWORD PTR SS:[EBP-14] ; ASCII码入EDX
00655ECD |. 8D45 F8 |LEA EAX,DWORD PTR SS:[EBP-8]
00655ED0 |. E8 4BEEDAFF |CALL jxc.00404D20
00655ED5 |. 43 |INC EBX
00655ED6 |. 4E |DEC ESI
00655ED7 |.^ 75 DF \JNZ SHORT jxc.00655EB8
00655ED9 |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 堆栈 SS:[0012EBB8]=014ED7AC, (ASCII "5658696E")
00655EDC |. E8 37EEDAFF CALL jxc.00404D18
00655EE1 |. 8BF0 MOV ESI,EAX
00655EE3 |. 85F6 TEST ESI,ESI
00655EE5 |. 7E 2C JLE SHORT jxc.00655F13
00655EE7 |. BB 01000000 MOV EBX,1
00655EEC |> 8B45 F8 /MOV EAX,DWORD PTR SS:[EBP-8] ; 堆栈 SS:[0012EBB8]=014ED7AC, (ASCII "5658696E")
00655EEF |. E8 24EEDAFF |CALL jxc.00404D18
00655EF4 |. 2BC3 |SUB EAX,EBX
00655EF6 |. 8B55 F8 |MOV EDX,DWORD PTR SS:[EBP-8] ; 堆栈 SS:[0012EBB8]=014ED7AC, (ASCII "5658696E") EDX=014ED7B2, (ASCII "6E")
00655EF9 |. 8A1402 |MOV DL,BYTE PTR DS:[EDX+EAX] ; ASCII码,由尾至头重新排列
00655EFC |. 8D45 E8 |LEA EAX,DWORD PTR SS:[EBP-18]
00655EFF |. E8 3CEDDAFF |CALL jxc.00404C40
00655F04 |. 8B55 E8 |MOV EDX,DWORD PTR SS:[EBP-18]
00655F07 |. 8D45 F4 |LEA EAX,DWORD PTR SS:[EBP-C]
00655F0A |. E8 11EEDAFF |CALL jxc.00404D20
00655F0F |. 43 |INC EBX
00655F10 |. 4E |DEC ESI
00655F11 |.^ 75 D9 \JNZ SHORT jxc.00655EEC
00655F13 |> 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00655F16 |. 50 PUSH EAX
00655F17 |. B9 04000000 MOV ECX,4
00655F1C |. BA 01000000 MOV EDX,1
00655F21 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 堆栈 SS:[0012EBB4]=01565830, (ASCII "E6968565")
00655F24 |. E8 4FF0DAFF CALL jxc.00404F78 ; EAX 01565830 ASCII "E6968565"
00655F29 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
00655F2C |. 50 PUSH EAX
00655F2D |. B9 04000000 MOV ECX,4
00655F32 |. BA 05000000 MOV EDX,5
00655F37 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 堆栈 SS:[0012EBB4]=01565830, (ASCII "E6968565")
00655F3A |. E8 39F0DAFF CALL jxc.00404F78 ; EAX 01565830 ASCII "E6968565"
00655F3F |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; 堆栈 SS:[0012EBB8]=0156D880, (ASCII "E696")
00655F42 |. E8 D1EDDAFF CALL jxc.00404D18 ; EAX 0156D880 ASCII "E696"
00655F47 |. 83F8 04 CMP EAX,4
00655F4A |. 7D 2F JGE SHORT jxc.00655F7B
...............中间省略N行代码..............
00655F79 |.^ 75 E0 \JNZ SHORT jxc.00655F5B
00655F7B |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; 堆栈 SS:[0012EBB4]=0156DC80, (ASCII "8565")
00655F7E |. E8 95EDDAFF CALL jxc.00404D18
00655F83 |. 83F8 04 CMP EAX,4
...............中间省略N行代码..............
00655FB5 |.^ 75 E0 \JNZ SHORT jxc.00655F97
00655FB7 |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00655FBA |. BA 44606500 MOV EDX,jxc.00656044 ; 00656044=jxc.00656044 (ASCII "JXCw268d58k")
00655FBF |. E8 2CEBDAFF CALL jxc.00404AF0 ; EDX 00656044 ASCII "JXCw268d58k"
00655FC4 |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00655FC7 |. 50 PUSH EAX
00655FC8 |. B9 04000000 MOV ECX,4
00655FCD |. BA 01000000 MOV EDX,1
00655FD2 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; 堆栈 SS:[0012EBB0]=00656044 (jxc.00656044), ASCII "JXCw268d58k"
00655FD5 |. E8 9EEFDAFF CALL jxc.00404F78 ; EAX 00656044 ASCII "JXCw268d58k"
00655FDA |. FF75 DC PUSH DWORD PTR SS:[EBP-24] ; 堆栈 SS:[0012EB9C]=0156505C, (ASCII "JXCw")
00655FDD |. 68 58606500 PUSH jxc.00656058 ; -
00655FE2 |. FF75 F8 PUSH DWORD PTR SS:[EBP-8] ; 堆栈 SS:[0012EBB8]=0156D880, (ASCII "E696")
00655FE5 |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
00655FE8 |. 50 PUSH EAX
00655FE9 |. B9 05000000 MOV ECX,5
00655FEE |. BA 05000000 MOV EDX,5
00655FF3 |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; 堆栈 SS:[0012EBB0]=00656044 (jxc.00656044), ASCII "JXCw268d58k"
00655FF6 |. E8 7DEFDAFF CALL jxc.00404F78 ; EAX 00656044 ASCII "JXCw268d58k"
00655FFB |. FF75 D8 PUSH DWORD PTR SS:[EBP-28] ; 堆栈 SS:[0012EB98]=0156C7AC, (ASCII "268d5")
00655FFE |. 68 58606500 PUSH jxc.00656058 ; -
00656003 |. FF75 F4 PUSH DWORD PTR SS:[EBP-C] ; 堆栈 SS:[0012EBB4]=0156DC80, (ASCII "8565")
00656006 |. 8BC7 MOV EAX,EDI
00656008 |. BA 06000000 MOV EDX,6
0065600D |. E8 C6EDDAFF CALL jxc.00404DD8
00656012 |. 33C0 XOR EAX,EAX
00656014 |. 5A POP EDX
00656015 |. 59 POP ECX
00656016 |. 59 POP ECX
00656017 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0065601A |. 68 34606500 PUSH jxc.00656034
0065601F |> 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
00656022 |. BA 0A000000 MOV EDX,0A
00656027 |. E8 50EADAFF CALL jxc.00404A7C
0065602C \. C3 RETN ; EDX 014D1C60 ASCII "VXin"
0065602D .^ E9 C6E2DAFF JMP jxc.004042F8
00656032 .^ EB EB JMP SHORT jxc.0065601F
00656034 . 5F POP EDI
00656035 . 5E POP ESI
00656036 . 5B POP EBX
00656037 . 8BE5 MOV ESP,EBP
00656039 . 5D POP EBP
0065603A . C3 RETN
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
【算法小结】
用户名:VXin 注册码:JXCw-E696268d5-8565
V=56
X=58
i=69
n=6E
注册码的格式:JXCw 268d5 //固定格式
1、循环取用户名的ASCII码(16进制) 为code1 则等于:5658696E
2、将ASCII码从尾到头重新排列 为code2 则等于:E6968565
3、取ASCII码前4位 为code3 则等于:E696
4、取ASCII码第位5到第8位 为code4 则等于:8565
最后:JXCw- 加 code3 加268d5 加 - 加 code4 就是注册码了
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
第一写算法分析,感谢你看到这里!
【版权声明】本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 黑夜彩虹 于 2006-7-2 14:39 编辑 ] |
|
IP卡
发表于 2006-7-2 10:59:08
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-7-2 15:25:02
发表于 2006-8-18 17:20:38
发表于 2006-8-18 22:38:51
发表于 2006-9-5 18:26:59
