飘云阁

用户名  找回密码
 加入我们

QQ登录

只需一步,快速开始

查看: 7861|回复: 13

[原创] NETGATE系列软件之USB注册算法分析笔记

[复制链接]
  • TA的每日心情
    慵懒
    2015-8-14 00:08
  • 签到天数: 25 天

    [LV.4]偶尔看看III

    发表于 2014-9-10 08:15:00 | 显示全部楼层 |阅读模式
    这是当时调试分析的笔记,看得懂的则看,看不懂勿怪。。大牛们就飘过了。。



    1. =======================以下为算法CALL===============================
    2. 004083B0 /$ 6A FF PUSH -0x1 ; 这里是算法3
    3. 004083B2 |. 68 A73B4200 PUSH USBRecov.00423BA7
    4. 004083B7 |. 64:A1 0000000>MOV EAX, DWORD PTR FS:[0]
    5. 004083BD |. 50 PUSH EAX
    6. 004083BE |. 81EC B0000000 SUB ESP, 0xB0
    7. 004083C4 |. 53 PUSH EBX
    8. 004083C5 |. 56 PUSH ESI
    9. 004083C6 |. A1 80BD4300 MOV EAX, DWORD PTR DS:[0x43BD80]
    10. 004083CB |. 33C4 XOR EAX, ESP
    11. 004083CD |. 50 PUSH EAX
    12. 004083CE |. 8D8424 BC0000>LEA EAX, DWORD PTR SS:[ESP+0xBC]
    13. 004083D5 |. 64:A3 0000000>MOV DWORD PTR FS:[0], EAX
    14. 004083DB |. C78424 C40000>MOV DWORD PTR SS:[ESP+0xC4], 0x0
    15. 004083E6 |. C74424 1C 000>MOV DWORD PTR SS:[ESP+0x1C], 0x0
    16. 004083EE |. C78424 C40000>MOV DWORD PTR SS:[ESP+0xC4], 0x2 ; 下面为加入特征字串
    17. 004083F9 |. 6A 38 PUSH 0x38 ; 8
    18. 004083FB |. 8D8424 D40000>LEA EAX, DWORD PTR SS:[ESP+0xD4]
    19. 00408402 |. 50 PUSH EAX
    20. 00408403 |. 8D4C24 34 LEA ECX, DWORD PTR SS:[ESP+0x34]
    21. 00408407 |. 51 PUSH ECX
    22. 00408408 |. E8 E3C8FFFF CALL USBRecov.00404CF0
    23. 0040840D |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x3
    24. 00408415 |. 6A 62 PUSH 0x62 ; b
    25. 00408417 |. 50 PUSH EAX
    26. 00408418 |. 8D5424 5C LEA EDX, DWORD PTR SS:[ESP+0x5C]
    27. 0040841C |. 52 PUSH EDX
    28. 0040841D |. E8 CEC8FFFF CALL USBRecov.00404CF0
    29. 00408422 |. C68424 DC0000>MOV BYTE PTR SS:[ESP+0xDC], 0x4
    30. 0040842A |. 6A 33 PUSH 0x33 ; 3
    31. 0040842C |. 50 PUSH EAX
    32. 0040842D |. 8D4424 58 LEA EAX, DWORD PTR SS:[ESP+0x58]
    33. 00408431 |. 50 PUSH EAX
    34. 00408432 |. E8 B9C8FFFF CALL USBRecov.00404CF0
    35. 00408437 |. C68424 E80000>MOV BYTE PTR SS:[ESP+0xE8], 0x5
    36. 0040843F |. 6A 7A PUSH 0x7A ; z
    37. 00408441 |. 50 PUSH EAX
    38. 00408442 |. 8D4C24 4C LEA ECX, DWORD PTR SS:[ESP+0x4C]
    39. 00408446 |. 51 PUSH ECX
    40. 00408447 |. E8 A4C8FFFF CALL USBRecov.00404CF0
    41. 0040844C |. C68424 F40000>MOV BYTE PTR SS:[ESP+0xF4], 0x6
    42. 00408454 |. 6A 6F PUSH 0x6F ; o
    43. 00408456 |. 50 PUSH EAX
    44. 00408457 |. 8D9424 8C0000>LEA EDX, DWORD PTR SS:[ESP+0x8C]
    45. 0040845E |. 52 PUSH EDX
    46. 0040845F |. E8 8CC8FFFF CALL USBRecov.00404CF0
    47. 00408464 |. 83C4 3C ADD ESP, 0x3C
    48. 00408467 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x8
    49. 0040846F |. 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20]
    50. 00408473 |. E8 784A0000 CALL USBRecov.0040CEF0
    51. 00408478 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x9
    52. 00408480 |. 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38]
    53. 00408484 |. E8 674A0000 CALL USBRecov.0040CEF0
    54. 00408489 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xA
    55. 00408491 |. 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48]
    56. 00408495 |. E8 564A0000 CALL USBRecov.0040CEF0
    57. 0040849A |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xB
    58. 004084A2 |. 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C]
    59. 004084A6 |. E8 454A0000 CALL USBRecov.0040CEF0
    60. 004084AB |. 8B4424 58 MOV EAX, DWORD PTR SS:[ESP+0x58]
    61. 004084AF |. 85C0 TEST EAX, EAX ; 用户名加上特征字串,这里加上的是8b3zo
    62. 004084B1 |. 74 05 JE SHORT USBRecov.004084B8 ; ASCII "CrackVip8b3zo"
    63. 004084B3 |. 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
    64. 004084B6 |. EB 07 JMP SHORT USBRecov.004084BF
    65. 004084B8 |> 33C9 XOR ECX, ECX
    66. 004084BA |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
    67. 004084BF |> 51 PUSH ECX
    68. 004084C0 |. 50 PUSH EAX
    69. 004084C1 |. E8 2AE6FFFF CALL USBRecov.00406AF0 ; 变换算法,使用户名加密
    70. 004084C6 |. 51 PUSH ECX
    71. 004084C7 |. 8D4424 60 LEA EAX, DWORD PTR SS:[ESP+0x60]
    72. 004084CB |. 8BCC MOV ECX, ESP
    73. 004084CD |. 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
    74. 004084D1 |. 50 PUSH EAX
    75. 004084D2 |. E8 E9490000 CALL USBRecov.0040CEC0
    76. 004084D7 |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0xC
    77. 004084DF |. 8D8C24 AC0000>LEA ECX, DWORD PTR SS:[ESP+0xAC]
    78. 004084E6 |. 51 PUSH ECX
    79. 004084E7 |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0xB
    80. 004084EF |. E8 4CE5FFFF CALL USBRecov.00406A40
    81. 004084F4 |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0xD ; 下面为加入特征字串
    82. 004084FC |. 6A 63 PUSH 0x63 ; c
    83. 004084FE |. 8D9424 F00000>LEA EDX, DWORD PTR SS:[ESP+0xF0]
    84. 00408505 |. 52 PUSH EDX
    85. 00408506 |. 8D4424 38 LEA EAX, DWORD PTR SS:[ESP+0x38]
    86. 0040850A |. 50 PUSH EAX
    87. 0040850B |. E8 E0C7FFFF CALL USBRecov.00404CF0
    88. 00408510 |. C68424 E00000>MOV BYTE PTR SS:[ESP+0xE0], 0xE
    89. 00408518 |. 6A 36 PUSH 0x36 ; 6
    90. 0040851A |. 50 PUSH EAX
    91. 0040851B |. 8D4C24 5C LEA ECX, DWORD PTR SS:[ESP+0x5C]
    92. 0040851F |. 51 PUSH ECX
    93. 00408520 |. E8 CBC7FFFF CALL USBRecov.00404CF0
    94. 00408525 |. C68424 EC0000>MOV BYTE PTR SS:[ESP+0xEC], 0xF
    95. 0040852D |. 6A 65 PUSH 0x65 ; e
    96. 0040852F |. 50 PUSH EAX
    97. 00408530 |. 8D5424 78 LEA EDX, DWORD PTR SS:[ESP+0x78]
    98. 00408534 |. 52 PUSH EDX
    99. 00408535 |. E8 B6C7FFFF CALL USBRecov.00404CF0
    100. 0040853A |. C68424 F80000>MOV BYTE PTR SS:[ESP+0xF8], 0x10
    101. 00408542 |. 6A 74 PUSH 0x74 ; t
    102. 00408544 |. 50 PUSH EAX
    103. 00408545 |. 8D4424 68 LEA EAX, DWORD PTR SS:[ESP+0x68]
    104. 00408549 |. 50 PUSH EAX
    105. 0040854A |. E8 A1C7FFFF CALL USBRecov.00404CF0
    106. 0040854F |. 83C4 40 ADD ESP, 0x40
    107. 00408552 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x11
    108. 0040855A |. 6A 65 PUSH 0x65 ; e
    109. 0040855C |. 50 PUSH EAX
    110. 0040855D |. 8D4C24 68 LEA ECX, DWORD PTR SS:[ESP+0x68]
    111. 00408561 |. 51 PUSH ECX
    112. 00408562 |. E8 89C7FFFF CALL USBRecov.00404CF0 ; 邮箱加入特征字串c6ete
    113. 00408567 |. 83C4 0C ADD ESP, 0xC
    114. 0040856A |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x13
    115. 00408572 |. 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C]
    116. 00408576 |. E8 75490000 CALL USBRecov.0040CEF0
    117. 0040857B |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x14
    118. 00408583 |. 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48]
    119. 00408587 |. E8 64490000 CALL USBRecov.0040CEF0
    120. 0040858C |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x15
    121. 00408594 |. 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38]
    122. 00408598 |. E8 53490000 CALL USBRecov.0040CEF0
    123. 0040859D |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x16
    124. 004085A5 |. 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20]
    125. 004085A9 |. E8 42490000 CALL USBRecov.0040CEF0
    126. 004085AE |. 8B4424 64 MOV EAX, DWORD PTR SS:[ESP+0x64]
    127. 004085B2 |. 85C0 TEST EAX, EAX
    128. 004085B4 |. 74 05 JE SHORT USBRecov.004085BB
    129. 004085B6 |. 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
    130. 004085B9 |. EB 07 JMP SHORT USBRecov.004085C2
    131. 004085BB |> 33C9 XOR ECX, ECX
    132. 004085BD |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
    133. 004085C2 |> 51 PUSH ECX
    134. 004085C3 |. 50 PUSH EAX
    135. 004085C4 |. E8 27E5FFFF CALL USBRecov.00406AF0 ; 变形算法
    136. 004085C9 |. 51 PUSH ECX
    137. 004085CA |. 8D5424 6C LEA EDX, DWORD PTR SS:[ESP+0x6C]
    138. 004085CE |. 8BCC MOV ECX, ESP
    139. 004085D0 |. 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
    140. 004085D4 |. 52 PUSH EDX
    141. 004085D5 |. E8 E6480000 CALL USBRecov.0040CEC0
    142. 004085DA |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x17
    143. 004085E2 |. 8D8424 9C0000>LEA EAX, DWORD PTR SS:[ESP+0x9C]
    144. 004085E9 |. 50 PUSH EAX
    145. 004085EA |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x16
    146. 004085F2 |. E8 49E4FFFF CALL USBRecov.00406A40 ; MD5
    147. 004085F7 |. 83C4 10 ADD ESP, 0x10
    148. 004085FA |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x18
    149. 00408602 |. 6A FF PUSH -0x1
    150. 00408604 |. 68 E03E4300 PUSH USBRecov.00433EE0
    151. 00408609 |. 8D4C24 18 LEA ECX, DWORD PTR SS:[ESP+0x18]
    152. 0040860D |. E8 0E520000 CALL USBRecov.0040D820
    153. 00408612 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19
    154. 0040861A |. 68 BC91E911 PUSH 0x11E991BC ; 这个是什么数字,转成数字后是300519868,经过分析这里为软

    155. 件特征
    156. 0040861F |. 8D4C24 14 LEA ECX, DWORD PTR SS:[ESP+0x14]
    157. 00408623 |. E8 E8530000 CALL USBRecov.0040DA10 ; 取其中的后面8位数字?
    158. 00408628 |. 6A FF PUSH -0x1
    159. 0040862A |. 68 E03E4300 PUSH USBRecov.00433EE0
    160. 0040862F |. 8D4C24 74 LEA ECX, DWORD PTR SS:[ESP+0x74]
    161. 00408633 |. E8 E8510000 CALL USBRecov.0040D820
    162. 00408638 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1A ; 再加上特征字串
    163. 00408640 |. 6A 6B PUSH 0x6B ; k
    164. 00408642 |. 50 PUSH EAX
    165. 00408643 |. 8D8C24 800000>LEA ECX, DWORD PTR SS:[ESP+0x80]
    166. 0040864A |. 51 PUSH ECX
    167. 0040864B |. E8 A0C6FFFF CALL USBRecov.00404CF0
    168. 00408650 |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x1B
    169. 00408658 |. 6A 72 PUSH 0x72 ; r
    170. 0040865A |. 50 PUSH EAX
    171. 0040865B |. 8D5424 34 LEA EDX, DWORD PTR SS:[ESP+0x34]
    172. 0040865F |. 52 PUSH EDX
    173. 00408660 |. E8 8BC6FFFF CALL USBRecov.00404CF0
    174. 00408665 |. C68424 DC0000>MOV BYTE PTR SS:[ESP+0xDC], 0x1C
    175. 0040866D |. 6A 78 PUSH 0x78 ; x
    176. 0040866F |. 50 PUSH EAX
    177. 00408670 |. 8D4424 58 LEA EAX, DWORD PTR SS:[ESP+0x58]
    178. 00408674 |. 50 PUSH EAX
    179. 00408675 |. E8 76C6FFFF CALL USBRecov.00404CF0
    180. 0040867A |. C68424 E80000>MOV BYTE PTR SS:[ESP+0xE8], 0x1D
    181. 00408682 |. 6A 35 PUSH 0x35 ; 5
    182. 00408684 |. 50 PUSH EAX
    183. 00408685 |. 8D4C24 74 LEA ECX, DWORD PTR SS:[ESP+0x74]
    184. 00408689 |. 51 PUSH ECX
    185. 0040868A |. E8 61C6FFFF CALL USBRecov.00404CF0
    186. 0040868F |. B3 1E MOV BL, 0x1E ; 长度吗?30
    187. 00408691 |. 889C24 F40000>MOV BYTE PTR SS:[ESP+0xF4], BL
    188. 00408698 |. 6A 6C PUSH 0x6C ; l
    189. 0040869A |. 50 PUSH EAX
    190. 0040869B |. 8D5424 64 LEA EDX, DWORD PTR SS:[ESP+0x64]
    191. 0040869F |. 52 PUSH EDX
    192. 004086A0 |. E8 4BC6FFFF CALL USBRecov.00404CF0
    193. 004086A5 |. 83C4 3C ADD ESP, 0x3C
    194. 004086A8 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1F
    195. 004086B0 |. 50 PUSH EAX
    196. 004086B1 |. 8D4C24 14 LEA ECX, DWORD PTR SS:[ESP+0x14]
    197. 004086B5 |. E8 16500000 CALL USBRecov.0040D6D0
    198. 004086BA |. 889C24 C40000>MOV BYTE PTR SS:[ESP+0xC4], BL
    199. 004086C1 |. 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C]
    200. 004086C5 |. E8 26480000 CALL USBRecov.0040CEF0
    201. 004086CA |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1D
    202. 004086D2 |. 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48]
    203. 004086D6 |. E8 15480000 CALL USBRecov.0040CEF0
    204. 004086DB |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1C
    205. 004086E3 |. 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38]
    206. 004086E7 |. E8 04480000 CALL USBRecov.0040CEF0
    207. 004086EC |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1B
    208. 004086F4 |. 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20]
    209. 004086F8 |. E8 F3470000 CALL USBRecov.0040CEF0
    210. 004086FD |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1A
    211. 00408705 |. 8D4C24 78 LEA ECX, DWORD PTR SS:[ESP+0x78]
    212. 00408709 |. E8 E2470000 CALL USBRecov.0040CEF0
    213. 0040870E |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19
    214. 00408716 |. 8D4C24 6C LEA ECX, DWORD PTR SS:[ESP+0x6C]
    215. 0040871A |. E8 D1470000 CALL USBRecov.0040CEF0 ; 上面的字串,再加特征码,这个特征码是固定的
    216. 0040871F |. 8B4424 14 MOV EAX, DWORD PTR SS:[ESP+0x14] ; ASCII "300519868krx5l"
    217. 00408723 |. 85C0 TEST EAX, EAX
    218. 00408725 |. 74 05 JE SHORT USBRecov.0040872C
    219. 00408727 |. 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
    220. 0040872A |. EB 07 JMP SHORT USBRecov.00408733
    221. 0040872C |> 33C9 XOR ECX, ECX
    222. 0040872E |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
    223. 00408733 |> 51 PUSH ECX
    224. 00408734 |. 50 PUSH EAX
    225. 00408735 |. E8 B6E3FFFF CALL USBRecov.00406AF0
    226. 0040873A |. 51 PUSH ECX
    227. 0040873B |. 8D4424 1C LEA EAX, DWORD PTR SS:[ESP+0x1C]
    228. 0040873F |. 8BCC MOV ECX, ESP
    229. 00408741 |. 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
    230. 00408745 |. 50 PUSH EAX
    231. 00408746 |. E8 75470000 CALL USBRecov.0040CEC0
    232. 0040874B |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x20
    233. 00408753 |. 8D8C24 B80000>LEA ECX, DWORD PTR SS:[ESP+0xB8]
    234. 0040875A |. 51 PUSH ECX
    235. 0040875B |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x19
    236. 00408763 |. E8 D8E2FFFF CALL USBRecov.00406A40 ; MD5运算
    237. 00408768 |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x21
    238. 00408770 |. 83C4 04 ADD ESP, 0x4
    239. 00408773 |. 8D9424 B80000>LEA EDX, DWORD PTR SS:[ESP+0xB8]
    240. 0040877A |. 8BCC MOV ECX, ESP
    241. 0040877C |. 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
    242. 00408780 |. 52 PUSH EDX
    243. 00408781 |. E8 3A470000 CALL USBRecov.0040CEC0 ; 刚刚取到的MD5值
    244. 00408786 |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x22
    245. 0040878E |. 68 1C494300 PUSH USBRecov.0043491C ; -
    246. 00408793 |. 83EC 0C SUB ESP, 0xC
    247. 00408796 |. 8BF4 MOV ESI, ESP
    248. 00408798 |. 89A424 B80000>MOV DWORD PTR SS:[ESP+0xB8], ESP
    249. 0040879F |. 83EC 0C SUB ESP, 0xC
    250. 004087A2 |. 8D8424 B80000>LEA EAX, DWORD PTR SS:[ESP+0xB8]
    251. 004087A9 |. 8BCC MOV ECX, ESP
    252. 004087AB |. 89A424 E00000>MOV DWORD PTR SS:[ESP+0xE0], ESP
    253. 004087B2 |. 50 PUSH EAX
    254. 004087B3 |. E8 08470000 CALL USBRecov.0040CEC0
    255. 004087B8 |. B3 23 MOV BL, 0x23
    256. 004087BA |. 889C24 EC0000>MOV BYTE PTR SS:[ESP+0xEC], BL
    257. 004087C1 |. 68 1C494300 PUSH USBRecov.0043491C ; -
    258. 004087C6 |. 83EC 0C SUB ESP, 0xC
    259. 004087C9 |. 8D9424 D80000>LEA EDX, DWORD PTR SS:[ESP+0xD8]
    260. 004087D0 |. 8BCC MOV ECX, ESP
    261. 004087D2 |. 896424 7C MOV DWORD PTR SS:[ESP+0x7C], ESP
    262. 004087D6 |. 52 PUSH EDX
    263. 004087D7 |. E8 E4460000 CALL USBRecov.0040CEC0
    264. 004087DC |. C68424 FC0000>MOV BYTE PTR SS:[ESP+0xFC], 0x24
    265. 004087E4 |. 8D8424 B00000>LEA EAX, DWORD PTR SS:[ESP+0xB0]
    266. 004087EB |. 50 PUSH EAX
    267. 004087EC |. 889C24 000100>MOV BYTE PTR SS:[ESP+0x100], BL
    268. 004087F3 |. E8 B894FFFF CALL USBRecov.00401CB0
    269. 004087F8 |. 83C4 14 ADD ESP, 0x14
    270. 004087FB |. C68424 EC0000>MOV BYTE PTR SS:[ESP+0xEC], 0x25
    271. 00408803 |. 50 PUSH EAX
    272. 00408804 |. B3 26 MOV BL, 0x26 ; 26?
    273. 00408806 |. 56 PUSH ESI
    274. 00408807 |. 889C24 F40000>MOV BYTE PTR SS:[ESP+0xF4], BL
    275. 0040880E |. E8 1D94FFFF CALL USBRecov.00401C30
    276. 00408813 |. 83C4 14 ADD ESP, 0x14
    277. 00408816 |. C68424 E00000>MOV BYTE PTR SS:[ESP+0xE0], 0x27
    278. 0040881E |. 8D8C24 880000>LEA ECX, DWORD PTR SS:[ESP+0x88]
    279. 00408825 |. 51 PUSH ECX
    280. 00408826 |. 889C24 E40000>MOV BYTE PTR SS:[ESP+0xE4], BL
    281. 0040882D |. E8 7E94FFFF CALL USBRecov.00401CB0
    282. 00408832 |. 83C4 14 ADD ESP, 0x14
    283. 00408835 |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x28
    284. 0040883D |. 8BB424 D80000>MOV ESI, DWORD PTR SS:[ESP+0xD8]
    285. 00408844 |. 50 PUSH EAX
    286. 00408845 |. 56 PUSH ESI
    287. 00408846 |. C68424 D80000>MOV BYTE PTR SS:[ESP+0xD8], 0x2A
    288. 0040884E |. E8 DD93FFFF CALL USBRecov.00401C30
    289. 00408853 |. 83C4 14 ADD ESP, 0x14
    290. 00408856 |. BB 01000000 MOV EBX, 0x1
    291. 0040885B |. 895C24 1C MOV DWORD PTR SS:[ESP+0x1C], EBX
    292. 0040885F |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x29
    293. 00408867 |. 8D4C24 6C LEA ECX, DWORD PTR SS:[ESP+0x6C]
    294. 0040886B |. E8 80460000 CALL USBRecov.0040CEF0
    295. 00408870 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x21
    296. 00408878 |. 8D4C24 78 LEA ECX, DWORD PTR SS:[ESP+0x78]
    297. 0040887C |. E8 6F460000 CALL USBRecov.0040CEF0
    298. 00408881 |. 83EC 0C SUB ESP, 0xC
    299. 00408884 |. 8BCC MOV ECX, ESP
    300. 00408886 |. 896424 50 MOV DWORD PTR SS:[ESP+0x50], ESP
    301. 0040888A |. 56 PUSH ESI
    302. 0040888B |. E8 30460000 CALL USBRecov.0040CEC0
    303. 00408890 |. C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x2B
    304. 00408898 |. 8D9424 900000>LEA EDX, DWORD PTR SS:[ESP+0x90]
    305. 0040889F |. 52 PUSH EDX
    306. 004088A0 |. C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x21
    307. 004088A8 |. E8 93E1FFFF CALL USBRecov.00406A40 ; 再MD5
    308. 004088AD |. 83C4 10 ADD ESP, 0x10
    309. 004088B0 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x2C
    310. 004088B8 |. 8D8424 840000>LEA EAX, DWORD PTR SS:[ESP+0x84]
    311. 004088BF |. 50 PUSH EAX
    312. 004088C0 |. 8BCE MOV ECX, ESI
    313. 004088C2 |. E8 29470000 CALL USBRecov.0040CFF0
    314. 004088C7 |. 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
    315. 004088CA |. 85C0 TEST EAX, EAX
    316. 004088CC |. 74 12 JE SHORT USBRecov.004088E0
    317. 004088CE |. 8378 F8 08 CMP DWORD PTR DS:[EAX-0x8], 0x8
    318. 004088D2 |. 7C 0C JL SHORT USBRecov.004088E0
    319. 004088D4 |. 6A 07 PUSH 0x7 ; 第7个替换
    320. 004088D6 |. 8BCE MOV ECX, ESI
    321. 004088D8 |. E8 D3440000 CALL USBRecov.0040CDB0
    322. 004088DD |. C600 2D MOV BYTE PTR DS:[EAX], 0x2D ; -
    323. 004088E0 |> 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
    324. 004088E3 |. 85C0 TEST EAX, EAX
    325. 004088E5 |. 74 12 JE SHORT USBRecov.004088F9
    326. 004088E7 |. 8378 F8 10 CMP DWORD PTR DS:[EAX-0x8], 0x10
    327. 004088EB |. 7C 0C JL SHORT USBRecov.004088F9
    328. 004088ED |. 6A 0F PUSH 0xF ; 第F(15)个替换-
    329. 004088EF |. 8BCE MOV ECX, ESI
    330. 004088F1 |. E8 BA440000 CALL USBRecov.0040CDB0
    331. 004088F6 |. C600 2D MOV BYTE PTR DS:[EAX], 0x2D
    332. 004088F9 |> 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
    333. 004088FC |. 85C0 TEST EAX, EAX
    334. 004088FE |. 74 12 JE SHORT USBRecov.00408912
    335. 00408900 |. 8378 F8 18 CMP DWORD PTR DS:[EAX-0x8], 0x18
    336. 00408904 |. 7C 0C JL SHORT USBRecov.00408912
    337. 00408906 |. 6A 17 PUSH 0x17 ; 第0x17个位置替换-
    338. 00408908 |. 8BCE MOV ECX, ESI
    339. 0040890A |. E8 A1440000 CALL USBRecov.0040CDB0
    340. 0040890F |. C600 2D MOV BYTE PTR DS:[EAX], 0x2D ; -
    341. 00408912 |> 8BCE MOV ECX, ESI
    342. 00408914 |. E8 F74A0000 CALL USBRecov.0040D410
    343. 00408919 |. 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
    344. 0040891C |. 85C0 TEST EAX, EAX
    345. 0040891E |. 74 05 JE SHORT USBRecov.00408925
    346. 00408920 |. 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
    347. 00408923 |. EB 02 JMP SHORT USBRecov.00408927
    348. 00408925 |> 33C9 XOR ECX, ECX
    349. 00408927 |> 85C0 TEST EAX, EAX
    350. 00408929 |. 75 05 JNZ SHORT USBRecov.00408930
    351. 0040892B |. B8 E03E4300 MOV EAX, USBRecov.00433EE0
    352. 00408930 |> 51 PUSH ECX
    353. 00408931 |. 50 PUSH EAX
    354. 00408932 |. E8 D9E1FFFF CALL USBRecov.00406B10 ; 替换字串0为E
    355. 00408937 |. 83C4 08 ADD ESP, 0x8
    356. 0040893A |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x21
    357. 00408942 |. 8D8C24 840000>LEA ECX, DWORD PTR SS:[ESP+0x84]
    358. 00408949 |. E8 A2450000 CALL USBRecov.0040CEF0
    359. 0040894E |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19
    360. 00408956 |. 8D8C24 AC0000>LEA ECX, DWORD PTR SS:[ESP+0xAC]
    361. 0040895D |. E8 8E450000 CALL USBRecov.0040CEF0
    362. 00408962 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x18
    363. 0040896A |. 8D4C24 10 LEA ECX, DWORD PTR SS:[ESP+0x10]
    364. 0040896E |. E8 7D450000 CALL USBRecov.0040CEF0
    365. 00408973 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x16
    366. 0040897B |. 8D8C24 900000>LEA ECX, DWORD PTR SS:[ESP+0x90]
    367. 00408982 |. E8 69450000 CALL USBRecov.0040CEF0
    368. 00408987 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xD
    369. 0040898F |. 8D4C24 60 LEA ECX, DWORD PTR SS:[ESP+0x60]
    370. 00408993 |. E8 58450000 CALL USBRecov.0040CEF0
    371. 00408998 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xB
    372. 004089A0 |. 8D8C24 A00000>LEA ECX, DWORD PTR SS:[ESP+0xA0]
    373. 004089A7 |. E8 44450000 CALL USBRecov.0040CEF0
    374. 004089AC |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x2
    375. 004089B4 |. 8D4C24 54 LEA ECX, DWORD PTR SS:[ESP+0x54]
    376. 004089B8 |. E8 33450000 CALL USBRecov.0040CEF0
    377. 004089BD |. 889C24 C40000>MOV BYTE PTR SS:[ESP+0xC4], BL
    378. 004089C4 |. 8D8C24 D00000>LEA ECX, DWORD PTR SS:[ESP+0xD0]
    379. 004089CB |. E8 20450000 CALL USBRecov.0040CEF0
    380. 004089D0 |. C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x0
    381. 004089D8 |. 8D8C24 DC0000>LEA ECX, DWORD PTR SS:[ESP+0xDC]
    382. 004089DF |. E8 0C450000 CALL USBRecov.0040CEF0
    383. 004089E4 |. 8BC6 MOV EAX, ESI
    384. 004089E6 |. 8B8C24 BC0000>MOV ECX, DWORD PTR SS:[ESP+0xBC]
    385. 004089ED |. 64:890D 00000>MOV DWORD PTR FS:[0], ECX
    386. 004089F4 |. 59 POP ECX
    387. 004089F5 |. 5E POP ESI
    388. 004089F6 |. 5B POP EBX
    389. 004089F7 |. 81C4 BC000000 ADD ESP, 0xBC
    390. 004089FD \. C3 RETN



    复制代码



    $+28 > 00A62C54 ASCII "1E32A25-7B2D9E4-6D62B8C-559A2E63"
    0012ED58 00A62C54 ASCII "E62E51E-E85C1D2-2BCF48C-791D4946"

    >0012ED58 00A62C54 ASCII "E62E51E-E85C1D2-2BCF48C-791D4946"
    >

    CrackVip
    CrackVip@qq.com
    E62E51E-E85C1D2-2BCF48C-791D4946

    EAX 00000000
    ECX 00433EE1 USBRecov.00433EE1
    EDX 00A6449D ASCII "4ce6db3d030f90eea1d40f4c5c56b4f"
    EAX 0012F0B0
    ECX 00433EE1 USBRecov.00433EE1
    EDX 00A64E65 ASCII "5a3523cd7106b9552b874cb26c99e71"
    EAX 0012F014
    ECX 00434965 USBRecov.00434965
    EDX 00A64509 ASCII "4cb26c99e71"
    EAX 0012F014
    ECX 00434939 USBRecov.00434939
    EDX 00A6450D ASCII "6c99e71"


    软件版本特征码


    4415=<2<ov|1h
    ========MD5======================
    d2c1cc6258f65227e7835fc416191e3f (32)
    58f65227e7835fc4 (16)

    **me
    hehe112233@qq.com
    4444444-3333333-2222222-1111111

    EAX 0012F0B0
    ECX 00433EE1 USBRecov.00433EE1
    EDX 00A64E7D ASCII ""
    bf3820b3ea6c781ac9c608dc403d24f

    EAX 0012EDC0
    ECX 00433EE1 USBRecov.00433EE1
    "9d0a5d0ff71be8dbf5ac618ba3195db"

    堆栈 SS:[0012ECAC]=00A64B34, (ASCII "1111111-2222222c6ete300519868")
    EAX=0012ECA8

    5555555)6666666g2apa74415=<2<
    -----》》》》MD5
    a6853cdc095af227aabca40cccf15655

    a6853cdc095af227aabca40cccf15655
    " dc095af227aabca40cccf15655"
    在第7位加入-,并转大写
    ASCII "A6853C-C095AF227"
    =============================================================
    用户名加上特征字串------>>>ASCII "CrackVip8b3zo"
    然后异或算法,得到加密后的字串 ASCII "GvegoRmt<f7~k"

    该特征码MD5后
    fbbbb696856b99fe30fa649668386e8f (32)
    856b99fe30fa6496 (16)
    ============================================================
    邮箱加上特征码------------->>>>>>>>>>crackvip@qq.comc6ete
    然后与4异或算法,得到加密后的字串 ASCII "gvegormtDuu*gkig2apa"
    该特征码MD5后
    f14df3a3320192d94f106b6d306bdd1a (32)
    320192d94f106b6d (16)

    =============================================================
    固定特征码字串
    > 00A64E24 ASCII "300519868krx5l"
    然后与4异或算法,得到加密后的字串 ASCII "74415=<2<ov|1h"

    MD5后

    fa10413a614948270e60f748774e9f83 (32)
    614948270e60f748 (16)
    ==============================================================
    将前面三组MD5中间加“-”号,再次进行MD5(全部为小写)
    fbbbb696856b99fe30fa649668386e8f-f14df3a3320192d94f106b6d306bdd1a-fa10413a614948270e60f748774e9f83

    $-70 > 00A647C4 ASCII "fbbbb696856b99fe30fa649668386e8f-f14df3a3320192d94f106b6d306bdd1a-fa10413a614948270e60f748774e9f83"


    MD5后
    2ae431a6f3aa183cd826dfcc518079f9 (32)
    f3aa183cd826dfcc (16)
    ASCII "2AE431A-F3AA183-D826DFC-518E79F9"


    评分

    参与人数 1飘云币 +40 收起 理由
    GGLHY + 40 你这么牛X,你家Vip知道吗?

    查看全部评分

    PYG19周年生日快乐!
  • TA的每日心情
    开心
    2015-8-23 23:49
  • 签到天数: 27 天

    [LV.4]偶尔看看III

    发表于 2014-9-10 08:20:26 | 显示全部楼层
    我是直接将第3个MD5字符串固化到KeyGen里的

    点评

    你这样就没法做出系列的注册机了。。。  详情 回复 发表于 2014-9-10 12:28
    来坐大腿咯,嘿嘿!  发表于 2014-9-10 10:19
    PYG19周年生日快乐!
  • TA的每日心情
    开心
    2024-12-11 12:41
  • 签到天数: 161 天

    [LV.7]常住居民III

    发表于 2014-9-10 12:07:31 | 显示全部楼层
    Crackvip出趟差,难道真是采阴补阳了?要不然没法解释啊
    PYG19周年生日快乐!
  • TA的每日心情
    慵懒
    2015-8-14 00:08
  • 签到天数: 25 天

    [LV.4]偶尔看看III

     楼主| 发表于 2014-9-10 12:28:17 | 显示全部楼层
    GGLHY 发表于 2014-9-10 08:20
    我是直接将第3个MD5字符串固化到KeyGen里的

    你这样就没法做出系列的注册机了。。。

    点评

    哈哈。我没考虑把它们一网打尽,只找了1个,弄了下KG而已~~~  详情 回复 发表于 2014-9-10 12:44
    PYG19周年生日快乐!
  • TA的每日心情
    开心
    2015-8-23 23:49
  • 签到天数: 27 天

    [LV.4]偶尔看看III

    发表于 2014-9-10 12:44:07 | 显示全部楼层
    crackvip 发表于 2014-9-10 12:28
    你这样就没法做出系列的注册机了。。。

    哈哈。我没考虑把它们一网打尽,只找了1个,弄了下KG而已~~~



    PYG19周年生日快乐!
  • TA的每日心情
    开心
    2025-1-4 10:11
  • 签到天数: 490 天

    [LV.9]以坛为家II

    发表于 2014-9-10 13:26:15 | 显示全部楼层
    看来和Small-Q在酒店里玩过肥皂后,被灌注了功力,强大啊!
    PYG19周年生日快乐!
  • TA的每日心情

    2024-12-4 10:25
  • 签到天数: 465 天

    [LV.9]以坛为家II

    发表于 2014-9-10 20:58:55 | 显示全部楼层
    非常棒..真的
    PYG19周年生日快乐!
  • TA的每日心情

    2015-11-15 17:30
  • 签到天数: 1 天

    [LV.1]初来乍到

    发表于 2014-9-10 21:34:22 | 显示全部楼层
    VIP技术真强大
    PYG19周年生日快乐!
    您需要登录后才可以回帖 登录 | 加入我们

    本版积分规则

    快速回复 返回顶部 返回列表