- UID
- 58584
注册时间2009-1-25
阅读权限30
最后登录1970-1-1
龙战于野
TA的每日心情 | 慵懒
2015-10-9 11:25 |
|---|
签到天数: 1 天 [LV.1]初来乍到
|
本帖最后由 老万 于 2011-2-4 20:40 编辑
【破文标题】Open Video Converter 3.3.1.6算法分析
【破文作者】老万
【破解工具】peid,od
【破解平台】xp
【原版下载】http://search.newhua.com/softdown/27574_2.htm
【软件简介】
Open Video Converter 是一款易于使用的视频转换,分割和编辑工具.它能转换多个视频格式如MPG, AVI, ASF, WMV到AVI 文件. 它能改变帧尺寸,帧频,视频和音频压缩编码.主要功能有: -转换MPEG,WMV,ASF,MPG,VCD,OGM,DAT,SVCD为AVI. 支持DIVX,XVID编码. -分割视频文件 -改变帧尺寸,调整视频屏幕高宽比. -通过选择不同编码率改变视频文件大小 -改变AVI文件的视频和音频压缩编码.
【破解声明】请不要将本软件用于非法用途,否则后果自负!
【破解过程】
PEID查壳:Microsoft Visual C++ v7.0
直接来到关键地方:
0041FBE0 . 55 push ebp
0041FBE1 . 8BF1 mov esi,ecx
0041FBE3 . E8 98060200 call VideoCon.00440280 ; 获取用户名
0041FBE8 . 8B46 70 mov eax,dword ptr ds:[esi+0x70]
0041FBEB . 8B78 F4 mov edi,dword ptr ds:[eax-0xC]
0041FBEE . 83FF 02 cmp edi,0x2 ; 用户名长度比较
0041FBF1 . 0F8D E0000000 jge VideoCon.0041FCD7
0041FBF7 . E8 84490200 call VideoCon.00444580
0041FBFC . 8B10 mov edx,dword ptr ds:[eax]
0041FBFE . 8BC8 mov ecx,eax
0041FC00 . FF52 0C call dword ptr ds:[edx+0xC]
0041FC03 . 83C0 10 add eax,0x10
0041FC06 . 894424 18 mov dword ptr ss:[esp+0x18],eax
0041FC0A . 6A 67 push 0x67
0041FC0C . 8D4424 20 lea eax,dword ptr ss:[esp+0x20]
.....................................
0041FCD7 > \8B46 74 mov eax,dword ptr ds:[esi+0x74] ; 假注册码送入eax
0041FCDA . 8B40 F4 mov eax,dword ptr ds:[eax-0xC] ; 假注册码长度送入eax
0041FCDD . 83F8 08 cmp eax,0x8 ; 假注册码长度与8比较
0041FCE0 . 53 push ebx
.......................................
0041FD96 > \8B46 70 mov eax,dword ptr ds:[esi+0x70] ; 用户名ASCII码送入eax
0041FD99 . 8B48 F4 mov ecx,dword ptr ds:[eax-0xC]
0041FD9C . 85C9 test ecx,ecx
0041FD9E . 7D 0A jge XVideoCon.0041FDAA
0041FDA0 . 68 57000780 push 0x80070057
0041FDA5 . E8 5615FEFF call VideoCon.00401300
0041FDAA > 8A10 mov dl,byte ptr ds:[eax] ; 用户名第1位ASCII码送入dl
0041FDAC . 8B46 70 mov eax,dword ptr ds:[esi+0x70]
0041FDAF . 3968 F4 cmp dword ptr ds:[eax-0xC],ebp
0041FDB2 . 7D 0A jge XVideoCon.0041FDBE
0041FDB4 . 68 57000780 push 0x80070057
0041FDB9 . E8 4215FEFF call VideoCon.00401300
0041FDBE > 8A40 01 mov al,byte ptr ds:[eax+0x1]
0041FDC1 . 884424 11 mov byte ptr ss:[esp+0x11],al
0041FDC5 . 8B46 70 mov eax,dword ptr ds:[esi+0x70]
0041FDC8 . 8B48 F4 mov ecx,dword ptr ds:[eax-0xC]
0041FDCB . 85C9 test ecx,ecx
0041FDCD . 7D 0A jge XVideoCon.0041FDD9
0041FDCF . 68 57000780 push 0x80070057
0041FDD4 . E8 2715FEFF call VideoCon.00401300
0041FDD9 > 8B4E 70 mov ecx,dword ptr ds:[esi+0x70]
0041FDDC . 8A18 mov bl,byte ptr ds:[eax]
0041FDDE . 3969 F4 cmp dword ptr ds:[ecx-0xC],ebp
0041FDE1 . 7D 0A jge XVideoCon.0041FDED
0041FDE3 . 68 57000780 push 0x80070057
0041FDE8 . E8 1315FEFF call VideoCon.00401300
0041FDED > 0FB6C2 movzx eax,dl ; 用户名第1位ASCII码值送入eax
0041FDF0 . 83C8 41 or eax,0x41 ; 与0X41或运算
0041FDF3 . 99 cdq
0041FDF4 . BD 0A000000 mov ebp,0xA ; ebp=0XA
0041FDF9 . F7FD idiv ebp ; 相除,取余数
0041FDFB . 0FB64424 11 movzx eax,byte ptr ss:[esp+0x11] ; 用户名第2位ASCII码值送入eax
0041FE00 . 83C8 56 or eax,0x56 ; 与0X56或运算
0041FE03 . 885424 16 mov byte ptr ss:[esp+0x16],dl ; [esp+0x16]存放真码第1位
0041FE07 . 99 cdq
0041FE08 . F7FD idiv ebp ; 相除,取余数
0041FE0A . 0FB6C3 movzx eax,bl ; 用户名第1位ASCII码值送入eax
0041FE0D . 83C8 49 or eax,0x49 ; 与0X49或运算
0041FE10 . 8BDD mov ebx,ebp ; ebx=ebp=0XA
0041FE12 . 885424 11 mov byte ptr ss:[esp+0x11],dl ; [esp+0x11]存放真码第2位
0041FE16 . 99 cdq
0041FE17 . F7FB idiv ebx ; 相除,取余数
0041FE19 . 0FB641 01 movzx eax,byte ptr ds:[ecx+0x1] ; 用户名第2位ASCII码值送入eax
0041FE1D . 83C8 43 or eax,0x43 ; 与0X43或运算
0041FE20 . 8BCD mov ecx,ebp ; ecx=ebp=0XA
0041FE22 . 885424 17 mov byte ptr ss:[esp+0x17],dl ; [esp+0x17]存放真码第3位
0041FE26 . 99 cdq
0041FE27 . F7F9 idiv ecx ; 相除,取余数
0041FE29 . 33C0 xor eax,eax ; 寄存器清空
0041FE2B . 33C9 xor ecx,ecx
0041FE2D . 85FF test edi,edi
0041FE2F . 885424 18 mov byte ptr ss:[esp+0x18],dl ; [esp+0x18]存放真码第4位
0041FE33 . 7E 1F jle XVideoCon.0041FE54
0041FE35 > 85C9 test ecx,ecx
0041FE37 . 0F8C E6000000 jl VideoCon.0041FF23
0041FE3D . 8B56 70 mov edx,dword ptr ds:[esi+0x70]
0041FE40 . 3B4A F4 cmp ecx,dword ptr ds:[edx-0xC]
0041FE43 . 0F8F DA000000 jg VideoCon.0041FF23
0041FE49 . 0FB6140A movzx edx,byte ptr ds:[edx+ecx] ; 计算用户名的ASCII码累加值,送入eax
0041FE4D . 03C2 add eax,edx
0041FE4F . 41 inc ecx
0041FE50 . 3BCF cmp ecx,edi
0041FE52 .^ 7C E1 jl XVideoCon.0041FE35
0041FE54 > 99 cdq
0041FE55 . B9 0A000000 mov ecx,0xA ; ecx=0XA
0041FE5A . F7F9 idiv ecx ; 相除,取余数
0041FE5C . 8B46 74 mov eax,dword ptr ds:[esi+0x74] ; 假注册码送入eax
0041FE5F . 8B48 F4 mov ecx,dword ptr ds:[eax-0xC] ; 假注册码长度送入ecx
0041FE62 . 85C9 test ecx,ecx
0041FE64 . 885424 19 mov byte ptr ss:[esp+0x19],dl ; [esp+0x19]存放真码第5位
0041FE68 . 7D 0A jge XVideoCon.0041FE74
0041FE6A . 68 57000780 push 0x80070057
0041FE6F . E8 8C14FEFF call VideoCon.00401300
0041FE74 > 8A10 mov dl,byte ptr ds:[eax] ; 假注册码第1位送入dl
0041FE76 . 8B4E 74 mov ecx,dword ptr ds:[esi+0x74] ; 假注册码送入ecx
0041FE79 . 8379 F4 01 cmp dword ptr ds:[ecx-0xC],0x1
0041FE7D . 885424 1A mov byte ptr ss:[esp+0x1A],dl ; 假注册码第1位送入[esp+0x1A]
0041FE81 . 7D 0A jge XVideoCon.0041FE8D
0041FE83 . 68 57000780 push 0x80070057
0041FE88 . E8 7314FEFF call VideoCon.00401300
0041FE8D > 8A41 01 mov al,byte ptr ds:[ecx+0x1] ; 假注册码第2位送入al
0041FE90 . 8B4E 74 mov ecx,dword ptr ds:[esi+0x74]
0041FE93 . 884424 12 mov byte ptr ss:[esp+0x12],al ; 假注册码第2位送入[esp+0x12]
0041FE97 . 8379 F4 02 cmp dword ptr ds:[ecx-0xC],0x2
0041FE9B . 7D 0A jge XVideoCon.0041FEA7
0041FE9D . 68 57000780 push 0x80070057
0041FEA2 . E8 5914FEFF call VideoCon.00401300
0041FEA7 > 8A49 02 mov cl,byte ptr ds:[ecx+0x2] ; 假注册码第3位送入cl
0041FEAA . 884C24 13 mov byte ptr ss:[esp+0x13],cl ; 假注册码第3位送入[esp+0x13]
0041FEAE . 8B4E 74 mov ecx,dword ptr ds:[esi+0x74]
0041FEB1 . 8379 F4 03 cmp dword ptr ds:[ecx-0xC],0x3
0041FEB5 . 7D 0A jge XVideoCon.0041FEC1
0041FEB7 . 68 57000780 push 0x80070057
0041FEBC . E8 3F14FEFF call VideoCon.00401300
0041FEC1 > 8A41 03 mov al,byte ptr ds:[ecx+0x3] ; 假注册码第4位送入al
0041FEC4 . 8B4E 74 mov ecx,dword ptr ds:[esi+0x74]
0041FEC7 . 884424 14 mov byte ptr ss:[esp+0x14],al ; 假注册码第4位送入[esp+0x14]
0041FECB . 8379 F4 04 cmp dword ptr ds:[ecx-0xC],0x4
0041FECF . 7D 0A jge XVideoCon.0041FEDB
0041FED1 . 68 57000780 push 0x80070057
0041FED6 . E8 2514FEFF call VideoCon.00401300
0041FEDB > 8A49 04 mov cl,byte ptr ds:[ecx+0x4] ; 假注册码第5位送入cl
0041FEDE . 884C24 15 mov byte ptr ss:[esp+0x15],cl ; 假注册码第5位送入[esp+0x15]
0041FEE2 . 8B4E 74 mov ecx,dword ptr ds:[esi+0x74]
0041FEE5 . 8379 F4 05 cmp dword ptr ds:[ecx-0xC],0x5
0041FEE9 . 7D 0A jge XVideoCon.0041FEF5
0041FEEB . 68 57000780 push 0x80070057
0041FEF0 . E8 0B14FEFF call VideoCon.00401300
0041FEF5 > 8A41 05 mov al,byte ptr ds:[ecx+0x5] ; 假注册码第6位送入al
0041FEF8 . 8B4E 74 mov ecx,dword ptr ds:[esi+0x74]
0041FEFB . 8B79 F4 mov edi,dword ptr ds:[ecx-0xC]
0041FEFE . 83FF 06 cmp edi,0x6
0041FF01 . 884424 1B mov byte ptr ss:[esp+0x1B],al ; 假注册码第6位送入[esp+0x1B]
0041FF05 . 7D 0A jge XVideoCon.0041FF11
0041FF07 . 68 57000780 push 0x80070057
0041FF0C . E8 EF13FEFF call VideoCon.00401300
0041FF11 > 8B7E 74 mov edi,dword ptr ds:[esi+0x74]
0041FF14 . 8B6F F4 mov ebp,dword ptr ds:[edi-0xC]
0041FF17 . 8A41 06 mov al,byte ptr ds:[ecx+0x6] ; 假注册码第7位送入al
0041FF1A . BB 07000000 mov ebx,0x7
0041FF1F . 3BEB cmp ebp,ebx
0041FF21 . 7D 0A jge XVideoCon.0041FF2D
0041FF23 > 68 57000780 push 0x80070057
0041FF28 . E8 D313FEFF call VideoCon.00401300
0041FF2D > 8A4F 07 mov cl,byte ptr ds:[edi+0x7] ; 假注册码第8位送入cl
0041FF30 . 0FB66C24 16 movzx ebp,byte ptr ss:[esp+0x16] ; 真码第1位送入ebp
0041FF35 . 0FB6FA movzx edi,dl ; 假注册码第1位送入edi
0041FF38 . 83EF 30 sub edi,0x30
0041FF3B . 3BEF cmp ebp,edi ; 真假注册码第1位比较
0041FF3D 75 48 jnz XVideoCon.0041FF87
0041FF3F . 0FB65424 12 movzx edx,byte ptr ss:[esp+0x12]
0041FF44 . 0FB67C24 11 movzx edi,byte ptr ss:[esp+0x11]
0041FF49 . 83EA 30 sub edx,0x30
0041FF4C . 3BFA cmp edi,edx ; 真假注册码第2位比较
0041FF4E 75 33 jnz XVideoCon.0041FF83
0041FF50 . 0FB65424 13 movzx edx,byte ptr ss:[esp+0x13]
0041FF55 . 0FB67C24 17 movzx edi,byte ptr ss:[esp+0x17]
0041FF5A . 83EA 30 sub edx,0x30
0041FF5D . 3BFA cmp edi,edx ; 真假注册码第3位比较
0041FF5F 75 22 jnz XVideoCon.0041FF83
0041FF61 . 0FB65424 14 movzx edx,byte ptr ss:[esp+0x14]
0041FF66 . 0FB67C24 18 movzx edi,byte ptr ss:[esp+0x18]
0041FF6B . 83EA 30 sub edx,0x30
0041FF6E . 3BFA cmp edi,edx ; 真假注册码第4位比较
0041FF70 75 11 jnz XVideoCon.0041FF83
0041FF72 . 0FB65424 15 movzx edx,byte ptr ss:[esp+0x15]
0041FF77 . 0FB67C24 19 movzx edi,byte ptr ss:[esp+0x19]
0041FF7C . 83EA 30 sub edx,0x30
0041FF7F . 3BFA cmp edi,edx ; 真假注册码第5位比较
0041FF81 . 74 55 je XVideoCon.0041FFD8
0041FF83 > 8A5424 1A mov dl,byte ptr ss:[esp+0x1A] ; 下面是万能密码
0041FF87 > 80FA 35 cmp dl,0x35 ; 假注册码第1位与5比较
0041FF8A 0F85 D7000000 jnz VideoCon.00420067
0041FF90 . 807C24 12 31 cmp byte ptr ss:[esp+0x12],0x31 ; 假注册码第2位与1比较
0041FF95 0F85 CC000000 jnz VideoCon.00420067
0041FF9B . 807C24 13 38 cmp byte ptr ss:[esp+0x13],0x38 ; 假注册码第3位与8比较
0041FFA0 0F85 C1000000 jnz VideoCon.00420067
0041FFA6 . 807C24 14 39 cmp byte ptr ss:[esp+0x14],0x39 ; 假注册码第4位与9比较
0041FFAB 0F85 B6000000 jnz VideoCon.00420067
0041FFB1 . 807C24 15 37 cmp byte ptr ss:[esp+0x15],0x37 ; 假注册码第5位与7比较
0041FFB6 0F85 AB000000 jnz VideoCon.00420067
0041FFBC . 807C24 1B 36 cmp byte ptr ss:[esp+0x1B],0x36 ; 假注册码第6位与6比较
0041FFC1 0F85 A0000000 jnz VideoCon.00420067
0041FFC7 . 3C 32 cmp al,0x32 ; 假注册码第7位与2比较
0041FFC9 0F85 98000000 jnz VideoCon.00420067
0041FFCF . 80F9 39 cmp cl,0x39 ; 假注册码第8位与9比较
0041FFD2 0F85 8F000000 jnz VideoCon.00420067
0041FFD8 > 6A 6A push 0x6A
0041FFDA . 8D4424 24 lea eax,dword ptr ss:[esp+0x24]
0041FFDE . 50 push eax
0041FFDF . B9 506E4900 mov ecx,VideoCon.00496E50 ; >FD
0041FFE4 . E8 7706FFFF call VideoCon.00410660
0041FFE9 . 8B00 mov eax,dword ptr ds:[eax]
0041FFEB . 6A 00 push 0x0
0041FFED . 68 88A14500 push VideoCon.0045A188 ; OK
0041FFF2 . 50 push eax
0041FFF3 . 8BCE mov ecx,esi
0041FFF5 . C74424 3C 060>mov dword ptr ss:[esp+0x3C],0x6
0041FFFD . E8 20020200 call VideoCon.00440222
00420002 . 8D4C24 20 lea ecx,dword ptr ss:[esp+0x20]
00420006 . C74424 30 FFF>mov dword ptr ss:[esp+0x30],-0x1
0042000E . E8 9D37FEFF call VideoCon.004037B0
00420013 . 8B7E 70 mov edi,dword ptr ds:[esi+0x70]
00420016 . E8 B7E40200 call VideoCon.0044E4D2
0042001B . 8B40 04 mov eax,dword ptr ds:[eax+0x4]
0042001E . 57 push edi
0042001F . 68 D4944500 push VideoCon.004594D4 ; username
00420024 . 68 F87A4500 push VideoCon.00457AF8 ; Option
算法:
1.用户名长度大于2位,注册码长度要大于8位
2.用户名第1位ASCII码值与0X41或运算 ,结果除以0XA,余数是真码第1位
3.用户名第2位ASCII码值与0X56或运算 ,结果除以0XA,余数是真码第2位
4.用户名第1位ASCII码值与0X49或运算 ,结果除以0XA,余数是真码第3位
5.用户名第2位ASCII码值与0X43或运算 ,结果除以0XA,余数是真码第4位
6.用户名的ASCII码累加值除以0XA,余数是真码第5位
7.其余各位随意
此软件还有一个万能密码:51897629
【版权声明】本文只在于研究算法和破解思路,请不要用于非法用途。 |
评分
-
查看全部评分
|
[复制链接]
IP卡
发表于 2011-2-4 20:39:38
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2011-2-5 11:17:01
发表于 2011-2-5 11:22:42
发表于 2011-2-5 16:04:00
发表于 2011-2-10 00:24:47