- UID
- 22350
注册时间2006-10-1
阅读权限30
最后登录1970-1-1
龙战于野
TA的每日心情 | 奋斗
2017-6-11 12:16 |
|---|
签到天数: 10 天 [LV.3]偶尔看看II
|
【破文标题】金秘书家庭理财 1.3注册算法
【破文作者】XXNB
【作者邮箱】支持PYG
【作者主页】binbinbin7456.ys168.com
【破解工具】OD
【破解平台】XPsp2
【软件名称】金秘书家庭理财 1.3
【软件大小】1224KB
【原版下载】http://www.newhua.com/soft/52975.htm
【保护方式】
【软件简介】金秘书家庭理财是帮助个人、 家庭、小型企业理财的好帮手,能很方便的知道客户消费了多少钱,收入多少钱,现有现金多少,
存款多少。能快速的满足客户的各种统计需求!
用这个软件的原因:
. 怎么口袋又瘪了呢?
. 我们是不是经常不知道钱到哪里去了呢?
. 实在是收入都差不多,为何同事,朋友好象都比我过得充裕?
. 为什么每到年底 月底就捉肩见肘呢?
. 是不是经常想拥有这样一个软件,她可以每天都记录我的收支情况呢?
. 是不是经常想查查一段时间的消费与收入的情况呢?
.........
用这个软件吧!她可以很精细的记录和统计您的收支情况。以及现金和银行储蓄的余额。
且做为共享软件,我们将不断的推陈出新。让您不断体会该软件的实用性、 精确性 。
软件大小:1224KB
软件语言:简体中文
软件类别:国产软件/共享版/财务管理
运行环境:Win9x/Me/NT/2000/XP/2003
加入时间:2006-11-21 10:41:06
【破解声明】菜鸟向高手学习!只是交流学习!
------------------------------------------------------------------------
首先用PEID的插件Krypto ANALyzer就看到有MD5算法。没想到还是明码比较。
字符串搜索“您已经成为我们的正式用户!感谢您的注册,您将可以免费升级和获得我们的售后服务!” 可以来到下面下断:
【破解过程】00452EA0 . 6A FF push -1
00452EA2 . 68 1C6F4600 push 00466F1C ; SE 处理程序安装
00452EA7 . 64:A1 0000000>mov eax, dword ptr fs:[0]
00452EAD . 50 push eax
00452EAE . 64:8925 00000>mov dword ptr fs:[0], esp
00452EB5 . 81EC 0C010000 sub esp, 10C
00452EBB . 53 push ebx
00452EBC . 55 push ebp
00452EBD . 56 push esi
00452EBE . 8BF1 mov esi, ecx
00452EC0 . 57 push edi
00452EC1 . 8D4C24 20 lea ecx, dword ptr [esp+20]
00452EC5 . E8 308A0000 call <jmp.&MFC42.#540>
00452ECA . 8D4C24 14 lea ecx, dword ptr [esp+14]
00452ECE . C78424 240100>mov dword ptr [esp+124], 0
00452ED9 . E8 1C8A0000 call <jmp.&MFC42.#540>
00452EDE . 8D4C24 1C lea ecx, dword ptr [esp+1C]
00452EE2 . C68424 240100>mov byte ptr [esp+124], 1
00452EEA . E8 0B8A0000 call <jmp.&MFC42.#540>
00452EEF . 8D4C24 10 lea ecx, dword ptr [esp+10]
00452EF3 . C68424 240100>mov byte ptr [esp+124], 2
00452EFB . E8 FA890000 call <jmp.&MFC42.#540>
00452F00 . 8D4C24 18 lea ecx, dword ptr [esp+18]
00452F04 . C68424 240100>mov byte ptr [esp+124], 3
00452F0C . E8 E9890000 call <jmp.&MFC42.#540>
00452F11 . 8D4424 20 lea eax, dword ptr [esp+20]
00452F15 . 8BCE mov ecx, esi
00452F17 . 50 push eax
00452F18 . 68 2B040000 push 42B
00452F1D . C68424 2C0100>mov byte ptr [esp+12C], 4
00452F25 . E8 4A8B0000 call <jmp.&MFC42.#3097>
00452F2A . 8D4C24 14 lea ecx, dword ptr [esp+14] ; 用户名
00452F2E . 51 push ecx
00452F2F . 68 2D040000 push 42D
00452F34 . 8BCE mov ecx, esi
00452F36 . E8 398B0000 call <jmp.&MFC42.#3097>
00452F3B . 8D5424 1C lea edx, dword ptr [esp+1C] ; 邮箱
00452F3F . 8BCE mov ecx, esi
00452F41 . 52 push edx
00452F42 . 68 2E040000 push 42E
00452F47 . E8 288B0000 call <jmp.&MFC42.#3097>
00452F4C . 8D4424 10 lea eax, dword ptr [esp+10] ; 地址
00452F50 . 8BCE mov ecx, esi
00452F52 . 50 push eax
00452F53 . 68 2F040000 push 42F
00452F58 . E8 178B0000 call <jmp.&MFC42.#3097>
00452F5D . 8D4C24 18 lea ecx, dword ptr [esp+18] ; 注册日期
00452F61 . 51 push ecx
00452F62 . 68 30040000 push 430
00452F67 . 8BCE mov ecx, esi ; 这上面一段代码是对称的哦
00452F69 . E8 068B0000 call <jmp.&MFC42.#3097>
00452F6E . 8B5424 20 mov edx, dword ptr [esp+20] ; 输入的注册码
00452F72 . 8B3D 84894600 mov edi, dword ptr [<&MSVCRT._mbscmp>; msvcrt._mbscmp
00452F78 . 68 80E24700 push 0047E280 ; /s2 = ""
00452F7D . 52 push edx ; |s1
00452F7E . FFD7 call edi ; \_mbscmp
00452F80 . 83C4 08 add esp, 8
00452F83 . 85C0 test eax, eax
00452F85 . 74 4C je short 00452FD3 ; 用户名是否为空
00452F87 . 8B4424 14 mov eax, dword ptr [esp+14]
00452F8B . 68 80E24700 push 0047E280
00452F90 . 50 push eax
00452F91 . FFD7 call edi
00452F93 . 83C4 08 add esp, 8
00452F96 . 85C0 test eax, eax
00452F98 . 74 39 je short 00452FD3 ; 邮箱是否为空
00452F9A . 8B4C24 1C mov ecx, dword ptr [esp+1C]
00452F9E . 68 80E24700 push 0047E280
00452FA3 . 51 push ecx
00452FA4 . FFD7 call edi
00452FA6 . 83C4 08 add esp, 8
00452FA9 . 85C0 test eax, eax
00452FAB . 74 26 je short 00452FD3 ; 地址是否为空
00452FAD . 8B5424 10 mov edx, dword ptr [esp+10]
00452FB1 . 68 80E24700 push 0047E280
00452FB6 . 52 push edx
00452FB7 . FFD7 call edi
00452FB9 . 83C4 08 add esp, 8
00452FBC . 85C0 test eax, eax
00452FBE . 74 13 je short 00452FD3 ; 注册日前是否为空
00452FC0 . 8B4424 18 mov eax, dword ptr [esp+18]
00452FC4 . 68 80E24700 push 0047E280
00452FC9 . 50 push eax
00452FCA . FFD7 call edi
00452FCC . 83C4 08 add esp, 8
00452FCF . 85C0 test eax, eax
00452FD1 . 75 10 jnz short 00452FE3 ; 注册码是否为空
00452FD3 > 6A 00 push 0
00452FD5 . 6A 00 push 0
00452FD7 . 68 38DF4700 push 0047DF38 ; 尊敬的客户!你需要在右边的网站上注册后,正确的填写用户
、邮箱、地区、注册日期和取得的密码就可以注册啦!
00452FDC . 8BCE mov ecx, esi
00452FDE . E8 AD890000 call <jmp.&MFC42.#4224>
00452FE3 > 8D4C24 10 lea ecx, dword ptr [esp+10]
00452FE7 . E8 68890000 call <jmp.&MFC42.#6282>
00452FEC . 8D4C24 10 lea ecx, dword ptr [esp+10]
00452FF0 . E8 59890000 call <jmp.&MFC42.#6283>
00452FF5 . 8D4C24 14 lea ecx, dword ptr [esp+14]
00452FF9 . E8 56890000 call <jmp.&MFC42.#6282>
00452FFE . 8D4C24 14 lea ecx, dword ptr [esp+14]
00453002 . E8 47890000 call <jmp.&MFC42.#6283>
00453007 . B9 10000000 mov ecx, 10
0045300C . 33C0 xor eax, eax
0045300E . 8D7C24 55 lea edi, dword ptr [esp+55]
00453012 . C64424 54 00 mov byte ptr [esp+54], 0
00453017 . F3:AB rep stos dword ptr es:[edi]
00453019 . 8D4C24 2C lea ecx, dword ptr [esp+2C]
0045301D . 8D6E 60 lea ebp, dword ptr [esi+60]
00453020 . E8 D5880000 call <jmp.&MFC42.#540>
00453025 . 8D4C24 24 lea ecx, dword ptr [esp+24]
00453029 . C68424 240100>mov byte ptr [esp+124], 5
00453031 . E8 C4880000 call <jmp.&MFC42.#540>
00453036 . 8D4C24 10 lea ecx, dword ptr [esp+10]
0045303A . 68 30DF4700 push 0047DF30 ; fuck
0045303F . 8D5424 2C lea edx, dword ptr [esp+2C] ; 作者真幽默哦
00453043 . B3 06 mov bl, 6
00453045 . 51 push ecx
00453046 . 52 push edx
00453047 . 889C24 300100>mov byte ptr [esp+130], bl
0045304E . E8 8D8A0000 call <jmp.&MFC42.#924>
00453053 . 8D4C24 14 lea ecx, dword ptr [esp+14]
00453057 . 8D5424 34 lea edx, dword ptr [esp+34]
0045305B . 51 push ecx
0045305C . 50 push eax
0045305D . 52 push edx
0045305E . C68424 300100>mov byte ptr [esp+130], 7
00453066 . E8 37890000 call <jmp.&MFC42.#922>
0045306B . 50 push eax
0045306C . 8D4C24 30 lea ecx, dword ptr [esp+30]
00453070 . C68424 280100>mov byte ptr [esp+128], 8
00453078 . E8 F5880000 call <jmp.&MFC42.#858>
0045307D . 8D4C24 34 lea ecx, dword ptr [esp+34]
00453081 . C68424 240100>mov byte ptr [esp+124], 7
00453089 . E8 3C880000 call <jmp.&MFC42.#800>
0045308E . 8D4C24 28 lea ecx, dword ptr [esp+28]
00453092 . 889C24 240100>mov byte ptr [esp+124], bl
00453099 . E8 2C880000 call <jmp.&MFC42.#800>
0045309E . 8B45 00 mov eax, dword ptr [ebp]
004530A1 . 8BCD mov ecx, ebp
004530A3 . FF50 0C call dword ptr [eax+C] ; 连接起来了。
004530A6 . 8B4424 2C mov eax, dword ptr [esp+2C] ; "[email protected]" 连接后的字符串
004530AA . 8B55 00 mov edx, dword ptr [ebp]
004530AD . 8B48 F8 mov ecx, dword ptr [eax-8] ; 位数到ecx
004530B0 . 51 push ecx ; 位数入栈
004530B1 . 50 push eax ; 长字符串入栈
004530B2 . 8BCD mov ecx, ebp
004530B4 . FF52 04 call dword ptr [edx+4]
004530B7 . 8B45 00 mov eax, dword ptr [ebp]
004530BA . 8D4C24 54 lea ecx, dword ptr [esp+54]
004530BE . 51 push ecx
004530BF . 8BCD mov ecx, ebp
004530C1 . FF50 08 call dword ptr [eax+8]
004530C4 . B9 20000000 mov ecx, 20
004530C9 . 33C0 xor eax, eax
004530CB . 8DBC24 990000>lea edi, dword ptr [esp+99]
004530D2 . C68424 980000>mov byte ptr [esp+98], 0
004530DA . 8D9424 980000>lea edx, dword ptr [esp+98]
004530E1 . F3:AB rep stos dword ptr es:[edi]
004530E3 . 52 push edx
004530E4 . 8D4424 58 lea eax, dword ptr [esp+58]
004530E8 . 6A 10 push 10
004530EA . 50 push eax
004530EB . E8 40FDFFFF call 00452E30 ; 这个是MD5算法,跟进就知道了,
004530F0 . 8B5424 24 mov edx, dword ptr [esp+24] ; 假码
004530F4 . 8D8C24 A40000>lea ecx, dword ptr [esp+A4] ; 真码出现了
004530FB . 51 push ecx ; /s2
004530FC . 52 push edx ; |s1
004530FD . FF15 84894600 call dword ptr [<&MSVCRT._mbscmp>] ; \看堆栈和气势就知道要比较了。晕
00453103 . 83C4 14 add esp, 14
00453106 . 85C0 test eax, eax
00453108 . 0F85 F0020000 jnz 004533FE ; 关键跳转。不等的话就完蛋了
0045310E . 8D4424 20 lea eax, dword ptr [esp+20] ; 下面是注册成功信息
00453112 . 8D4C24 30 lea ecx, dword ptr [esp+30]
00453116 . 50 push eax
00453117 . 68 14DF4700 push 0047DF14 ; update regsoft set rname ='
0045311C . 51 push ecx
0045311D . E8 7E8A0000 call <jmp.&MFC42.#926>
00453122 . 68 08DF4700 push 0047DF08 ; ', remail='
00453127 . 8D5424 3C lea edx, dword ptr [esp+3C]
0045312B . 50 push eax
0045312C . 52 push edx
0045312D . C68424 300100>mov byte ptr [esp+130], 9
00453135 . E8 A6890000 call <jmp.&MFC42.#924>
0045313A . 8D4C24 14 lea ecx, dword ptr [esp+14]
0045313E . 8D5424 4C lea edx, dword ptr [esp+4C]
00453142 . 51 push ecx
00453143 . 50 push eax
00453144 . 52 push edx
00453145 . C68424 300100>mov byte ptr [esp+130], 0A
0045314D . E8 50880000 call <jmp.&MFC42.#922>
00453152 . 68 FCDE4700 push 0047DEFC ; ', rdate='
00453157 . 50 push eax
00453158 . 8D4424 58 lea eax, dword ptr [esp+58]
0045315C . C68424 2C0100>mov byte ptr [esp+12C], 0B
00453164 . 50 push eax
00453165 . E8 76890000 call <jmp.&MFC42.#924>
0045316A . 8D4C24 10 lea ecx, dword ptr [esp+10]
0045316E . 8D5424 44 lea edx, dword ptr [esp+44]
00453172 . 51 push ecx
00453173 . 50 push eax
00453174 . 52 push edx
00453175 . C68424 300100>mov byte ptr [esp+130], 0C
0045317D . E8 20880000 call <jmp.&MFC42.#922>
00453182 . 68 F0DE4700 push 0047DEF0 ; ', rarea='
00453187 . 50 push eax
00453188 . 8D4424 50 lea eax, dword ptr [esp+50]
0045318C . C68424 2C0100>mov byte ptr [esp+12C], 0D
00453194 . 50 push eax
00453195 . E8 46890000 call <jmp.&MFC42.#924>
0045319A . 8D4C24 1C lea ecx, dword ptr [esp+1C]
0045319E . 8D5424 40 lea edx, dword ptr [esp+40]
004531A2 . 51 push ecx
004531A3 . 50 push eax
004531A4 . 52 push edx
004531A5 . C68424 300100>mov byte ptr [esp+130], 0E
004531AD . E8 F0870000 call <jmp.&MFC42.#922>
004531B2 . 68 E4DE4700 push 0047DEE4 ; ', rpwd='
004531B7 . 50 push eax
004531B8 . 8D4424 44 lea eax, dword ptr [esp+44]
004531BC . C68424 2C0100>mov byte ptr [esp+12C], 0F
004531C4 . 50 push eax
004531C5 . E8 16890000 call <jmp.&MFC42.#924>
004531CA . 8D4C24 18 lea ecx, dword ptr [esp+18]
004531CE . 8D5424 34 lea edx, dword ptr [esp+34]
004531D2 . 51 push ecx
004531D3 . 50 push eax
004531D4 . 52 push edx
004531D5 . C68424 300100>mov byte ptr [esp+130], 10
004531DD . E8 C0870000 call <jmp.&MFC42.#922>
004531E2 . 68 D4DE4700 push 0047DED4 ; ' where id =1
004531E7 . 50 push eax
004531E8 . 8D4424 30 lea eax, dword ptr [esp+30]
004531EC . C68424 2C0100>mov byte ptr [esp+12C], 11
004531F4 . 50 push eax
004531F5 . E8 E6880000 call <jmp.&MFC42.#924>
004531FA . 50 push eax
004531FB . 8D4C24 28 lea ecx, dword ptr [esp+28]
004531FF . C68424 280100>mov byte ptr [esp+128], 12
00453207 . E8 66870000 call <jmp.&MFC42.#858>
0045320C . 8D4C24 28 lea ecx, dword ptr [esp+28]
00453210 . C68424 240100>mov byte ptr [esp+124], 11
00453218 . E8 AD860000 call <jmp.&MFC42.#800>
0045321D . 8D4C24 34 lea ecx, dword ptr [esp+34]
00453221 . C68424 240100>mov byte ptr [esp+124], 10
00453229 . E8 9C860000 call <jmp.&MFC42.#800>
0045322E . 8D4C24 3C lea ecx, dword ptr [esp+3C]
00453232 . C68424 240100>mov byte ptr [esp+124], 0F
0045323A . E8 8B860000 call <jmp.&MFC42.#800>
0045323F . 8D4C24 40 lea ecx, dword ptr [esp+40]
00453243 . C68424 240100>mov byte ptr [esp+124], 0E
0045324B . E8 7A860000 call <jmp.&MFC42.#800>
00453250 . 8D4C24 48 lea ecx, dword ptr [esp+48]
00453254 . C68424 240100>mov byte ptr [esp+124], 0D
0045325C . E8 69860000 call <jmp.&MFC42.#800>
00453261 . 8D4C24 44 lea ecx, dword ptr [esp+44]
00453265 . C68424 240100>mov byte ptr [esp+124], 0C
0045326D . E8 58860000 call <jmp.&MFC42.#800>
00453272 . 8D4C24 50 lea ecx, dword ptr [esp+50]
00453276 . C68424 240100>mov byte ptr [esp+124], 0B
0045327E . E8 47860000 call <jmp.&MFC42.#800>
00453283 . 8D4C24 4C lea ecx, dword ptr [esp+4C]
00453287 . C68424 240100>mov byte ptr [esp+124], 0A
0045328F . E8 36860000 call <jmp.&MFC42.#800>
00453294 . 8D4C24 38 lea ecx, dword ptr [esp+38]
00453298 . C68424 240100>mov byte ptr [esp+124], 9
004532A0 . E8 25860000 call <jmp.&MFC42.#800>
004532A5 . 8D4C24 30 lea ecx, dword ptr [esp+30]
004532A9 . 889C24 240100>mov byte ptr [esp+124], bl
004532B0 . E8 15860000 call <jmp.&MFC42.#800>
004532B5 . 6A 01 push 1
004532B7 . 6A 00 push 0
004532B9 . 8D4C24 2C lea ecx, dword ptr [esp+2C]
004532BD . E8 BEF4FAFF call 00402780
004532C2 . 51 push ecx
004532C3 . 8BCC mov ecx, esp
004532C5 . 896424 44 mov dword ptr [esp+44], esp
004532C9 . 50 push eax
004532CA . E8 21F6FAFF call 004028F0
004532CF . 8D4C24 3C lea ecx, dword ptr [esp+3C]
004532D3 . 889C24 300100>mov byte ptr [esp+130], bl
004532DA . 51 push ecx
004532DB . 8D8E C0000000 lea ecx, dword ptr [esi+C0]
004532E1 . E8 CAF3FAFF call 004026B0
004532E6 . 8BC8 mov ecx, eax
004532E8 . E8 C3F8FAFF call 00402BB0
004532ED . 8B4424 30 mov eax, dword ptr [esp+30]
004532F1 . 85C0 test eax, eax
004532F3 . 74 06 je short 004532FB
004532F5 . 8B10 mov edx, dword ptr [eax]
004532F7 . 50 push eax
004532F8 . FF52 08 call dword ptr [edx+8]
004532FB > 6A 00 push 0
004532FD . 6A 00 push 0
004532FF . 68 88DE4700 push 0047DE88 ; 您已经成为我们的正式用户!感谢您的注册,您将可以免费升
级和获得我们的售后服务!
00453304 . 8BCE mov ecx, esi
00453306 . E8 85860000 call <jmp.&MFC42.#4224>
0045330B . 68 60DE4700 push 0047DE60 ; 您已经成为我们的正式用户!感谢您的注册!
00453310 . 68 31040000 push 431
------------------------------------------------------------------------
【破解总结】
------------------------------------------------------------------------
整个算法只和你输入的注册日期和邮箱有关系。其它的信息只要不为空就行。
注册码=MD5(注册日期fuck邮箱地址)
例如::
如果你输入的注册时间是:20061121
邮箱是:[email protected]
那么把他们和fuck连接,即:[email protected]。
得到这个字符串后就用MD5算法计算这个字符串,我们将得到:
7DB31A7DB926DDCFF52FE2A478CFF4E7
这个字符串就是注册码。
[ 本帖最后由 binbinbin 于 2006-11-21 21:53 编辑 ] |
|
IP卡
发表于 2006-11-21 17:55:59
提升卡
置顶卡
变色卡
千斤顶
显身卡
楼主
发表于 2006-11-21 19:38:55
