飘云阁T6万能写卡器软件的破解分析

Dxer 发表于 2018-4-23 15:54:57

T6万能写卡器软件的破解分析

本帖最后由 Dxer 于 2018-4-23 16:05 编辑

注册后打开是这样的：

00460560 55          push ebp
00460561 68 98074600 push T6万能写.00460798
00460566 64:FF30       push dword ptr fs:
00460569 64:8920       mov dword ptr fs:,esp
0046056C B2 01       mov dl,0x1
0046056E A1 2CEC4500 mov eax,dword ptr ds:
00460573 E8 DC35FAFF call T6万能写.00403B54
00460578 8BD8          mov ebx,eax
0046057A 68 B0074600 push T6万能写.004607B0                   ; ASCII "wulili"
0046057F 8D95 18FEFFFF lea edx,dword ptr ss:
00460585 8B86 00030000 mov eax,dword ptr ds:
0046058B E8 7473FDFF call T6万能写.00437904
00460590 FFB5 18FEFFFF push dword ptr ss:          ; ASCII "6E769E425E0F7341020A4637539A0457"
00460596 68 C0074600 push T6万能写.004607C0                   ; ASCII "liyueyue"
0046059B 8D95 14FEFFFF lea edx,dword ptr ss:
004605A1 8B86 00030000 mov eax,dword ptr ds:
004605A7 E8 5873FDFF call T6万能写.00437904
004605AC FFB5 14FEFFFF push dword ptr ss:          ; ASCII "6E769E425E0F7341020A4637539A0457"
004605B2 8D85 1CFEFFFF lea eax,dword ptr ss:
004605B8 BA 04000000 mov edx,0x4
004605BD E8 CE46FAFF call T6万能写.00404C90
004605C2 8B95 1CFEFFFF mov edx,dword ptr ss:       ; ASCII "wulili6E769E425E0F7341020A4637539A0457liyueyue6E769E425E0F7341020A4637539A0457"
004605C8 8D4D EC       lea ecx,dword ptr ss:
004605CB 8BC3          mov eax,ebx
004605CD E8 5EE4FFFF call T6万能写.0045EA30
004605D2 8D8D 10FEFFFF lea ecx,dword ptr ss:
004605D8 8D55 EC       lea edx,dword ptr ss:
004605DB 8B03          mov eax,dword ptr ds:
004605DD E8 BEE4FFFF call T6万能写.0045EAA0
004605E2 8B85 10FEFFFF mov eax,dword ptr ss:       ; ASCII "AD7E2077C837C70098DBE2226579B091"
004605E8 8D55 FC       lea edx,dword ptr ss:
004605EB E8 5083FAFF call T6万能写.00408940
004605F0 8BC3          mov eax,ebx                            ; ASCII "341020A4637539A0457"
004605F2 E8 8D35FAFF call T6万能写.00403B84
004605F7 B2 01       mov dl,0x1
004605F9 A1 2CEC4500 mov eax,dword ptr ds:
004605FE E8 5135FAFF call T6万能写.00403B54
00460603 8BD8          mov ebx,eax
00460605 68 B0074600 push T6万能写.004607B0                   ; ASCII "wulili"
0046060A FF75 FC       push dword ptr ss:          ; ASCII "ad7e2077c837c70098dbe2226579b091"
0046060D 68 C0074600 push T6万能写.004607C0                   ; ASCII "liyueyue"
00460612 FF75 FC       push dword ptr ss:          ; ASCII "ad7e2077c837c70098dbe2226579b091"
00460615 8D85 0CFEFFFF lea eax,dword ptr ss:
0046061B BA 04000000 mov edx,0x4
00460620 E8 6B46FAFF call T6万能写.00404C90
00460625 8B95 0CFEFFFF mov edx,dword ptr ss:       ; ASCII "wuliliad7e2077c837c70098dbe2226579b091liyueyuead7e2077c837c70098dbe2226579b091"
0046062B 8D4D EC       lea ecx,dword ptr ss:
0046062E 8BC3          mov eax,ebx
00460630 E8 FBE3FFFF call T6万能写.0045EA30
00460635 8D8D 08FEFFFF lea ecx,dword ptr ss:
0046063B 8D55 EC       lea edx,dword ptr ss:
0046063E 8B03          mov eax,dword ptr ds:
00460640 E8 5BE4FFFF call T6万能写.0045EAA0
00460645 8B85 08FEFFFF mov eax,dword ptr ss:       ; ASCII "5B0DAF97D81BFEE7B0E32B0EFE15364C"
0046064B 8D55 FC       lea edx,dword ptr ss:
0046064E E8 ED82FAFF call T6万能写.00408940
00460653 8BC3          mov eax,ebx
00460655 E8 2A35FAFF call T6万能写.00403B84
0046065A 8D95 04FEFFFF lea edx,dword ptr ss:
00460660 8B86 04030000 mov eax,dword ptr ds:
00460666 E8 9972FDFF call T6万能写.00437904                   ;
0046066B 8B85 04FEFFFF mov eax,dword ptr ss:       ; ASCII "01234567899876543210"
00460671 8B55 FC       mov edx,dword ptr ss:       ; ASCII "5b0daf97d81bfee7b0e32b0efe15364c"
00460674 E8 1783FAFF call T6万能写.00408990                   ; 内存注册机
00460679 85C0          test eax,eax
0046067B 0F85 B0000000 jnz T6万能写.00460731
00460681 B8 D4074600 mov eax,T6万能写.004607D4                ; ASCII "c:\writecard"
00460686 E8 098BFAFF call T6万能写.00409194
0046068B 84C0          test al,al
0046068D 75 0A       jnz short T6万能写.00460699
0046068F B8 D4074600 mov eax,T6万能写.004607D4                ; ASCII "c:\writecard"
00460694 E8 E38CFAFF call T6万能写.0040937C
00460699 BA EC074600 mov edx,T6万能写.004607EC                ; ASCII "c:\writecard\tmp.o"
0046069E 8D85 20FEFFFF lea eax,dword ptr ss:
004606A4 E8 8B29FAFF call T6万能写.00403034
004606A9 8D85 20FEFFFF lea eax,dword ptr ss:
004606AF E8 1C27FAFF call T6万能写.00402DD0
004606B4 E8 4B25FAFF call T6万能写.00402C04
004606B9 8D95 00FEFFFF lea edx,dword ptr ss:
004606BF 8B86 04030000 mov eax,dword ptr ds:
004606C5 E8 3A72FDFF call T6万能写.00437904
004606CA 8B95 00FEFFFF mov edx,dword ptr ss:
004606D0 8D85 20FEFFFF lea eax,dword ptr ss:
004606D6 E8 1149FAFF call T6万能写.00404FEC
004606DB E8 5C2FFAFF call T6万能写.0040363C
004606E0 E8 1F25FAFF call T6万能写.00402C04
004606E5 8D85 20FEFFFF lea eax,dword ptr ss:
004606EB E8 0C2AFAFF call T6万能写.004030FC
004606F0 E8 0F25FAFF call T6万能写.00402C04
004606F5 B8 08084600 mov eax,T6万能写.00460808                ; ASCII "Form1"
004606FA E8 8942FBFF call T6万能写.00414988
004606FF 85C0          test eax,eax
00460701 75 16       jnz short T6万能写.00460719
00460703 8BCE          mov ecx,esi
00460705 B2 01       mov dl,0x1
00460707 A1 6C084600 mov eax,dword ptr ds:
0046070C E8 17F2FEFF call T6万能写.0044F928
00460711 8B15 3C6A4800 mov edx,dword ptr ds:       ; T6万能写.00487E2C
00460717 8902          mov dword ptr ds:,eax
00460719 A1 3C6A4800 mov eax,dword ptr ds:
0046071E 8B00          mov eax,dword ptr ds:
00460720 E8 8B35FFFF call T6万能写.00453CB0
00460725 A1 247E4800 mov eax,dword ptr ds:
0046072A E8 7935FFFF call T6万能写.00453CA8
0046072F EB 16       jmp short T6万能写.00460747
00460731 B8 18084600 mov eax,T6万能写.00460818
00460736 E8 6109FDFF call T6万能写.0043109C
0046073B A1 04694800 mov eax,dword ptr ds:
00460740 8B00          mov eax,dword ptr ds:
00460742 E8 B56BFFFF call T6万能写.004572FC
00460747 33C0          xor eax,eax
00460749 5A          pop edx
0046074A 59          pop ecx
0046074B 59          pop ecx
0046074C 64:8910       mov dword ptr fs:,edx
0046074F 68 9F074600 push T6万能写.0046079F
00460754 8D85 00FEFFFF lea eax,dword ptr ss:
0046075A BA 02000000 mov edx,0x2
0046075F E8 D041FAFF call T6万能写.00404934
00460764 8D85 08FEFFFF lea eax,dword ptr ss:
0046076A BA 03000000 mov edx,0x3
0046076F E8 C041FAFF call T6万能写.00404934
00460774 8D85 14FEFFFF lea eax,dword ptr ss:
0046077A BA 02000000 mov edx,0x2
0046077F E8 B041FAFF call T6万能写.00404934
00460784 8D85 1CFEFFFF lea eax,dword ptr ss:
0046078A E8 8141FAFF call T6万能写.00404910
0046078F 8D45 FC       lea eax,dword ptr ss:
00460792 E8 7941FAFF call T6万能写.00404910
00460797 C3          retn
00460798^ E9 4F3BFAFF jmp T6万能写.004042EC
0046079D^ EB B5       jmp short T6万能写.00460754
0046079F 5E          pop esi
004607A0 5B          pop ebx
004607A1 8BE5          mov esp,ebp
004607A3 5D          pop ebp
004607A4 C3          retn

算法分析：

;wulili(6E769E425E0F7341020A4637539A0457)liyueyue(6E769E425E0F7341020A4637539A0457)

;wulili+机器码+liyueyue+机器码-->MD5(AD7E2077C837C70098DBE2226579B091)-->第一个MD5值(ad7e2077c837c70098dbe2226579b091)

;wulili(ad7e2077c837c70098dbe2226579b091)liyueyue(ad7e2077c837c70098dbe2226579b091)

;wulili+第一个MD5值(ad7e2077c837c70098dbe2226579b091)+liyueyue+第一个MD5值(ad7e2077c837c70098dbe2226579b091)-->MD5-->注册码(MD5小写)

飘云阁算法注册机源码：

var
//公共变量，不要动
strName,strSn: string;

{----公共函数不要动----}
procedure Init;
begin
strName := edtName.Text;
end;

procedure SetSn;
begin
edtSn.Text := strSn
end;
{----公共函数结束----}
function GetSn(sName: string): string;
begin
Result := LowerCase(MD5('wulili' + sName + 'liyueyue'+ sName));
end;
{----注册机入口----}
begin
Init;
if strName <> '' then
begin
{------这里开始写算法}
strSn := GetSn(strName);
strName := LowerCase(strSn);
strSn := GetSn(strName);
SetSn;
end;
end.
{------------------}
必须谢谢GG大哥的帮助和指导，有你们真好！

一起玩游戏

[PYG]版务督察 发表于 2018-4-23 16:00:51

前排支持胡总~~~

飘云发表于 2018-4-23 16:14:41

666 学习~~

Dxer 发表于 2018-4-23 16:22:22

飘云发表于 2018-4-23 16:14
666 学习~~

完全是跟着你的教程写的，两次MD5和转小写是GG大哥教的。

汗颜……

smallhorse 发表于 2018-4-23 17:51:12

唯keygen者.....服也！！！！

不破不立 发表于 2018-4-23 18:23:53

骑着摩拜来学习

酒醒黄昏 发表于 2018-4-23 18:27:14

膜拜一下大表哥

wgz001 发表于 2018-4-23 20:41:10

胡总带我写注册机

qian15 发表于 2018-4-23 20:51:57

摩拜来学习

阳光宅男 发表于 2018-4-24 08:08:06

v5，这分析的666

页: [1] 2 3

飘云阁's Archiver

T6万能写卡器软件的破解分析