- UID
- 1132
注册时间2005-4-20
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 无聊
2020-4-10 17:02 |
|---|
签到天数: 5 天 [LV.2]偶尔看看I
|
【破解日期】 2007年6月4日
【破解作者】 冷血书生
【作者邮箱】 mei
【作者主页】 http://www.126sohu.com
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 XXXX拨号器 9.8
【下载地址】 自己搜索
【软件简介】 本软件适用于teltel网络免费电话的自动拨号,无论线路是否高峰,1分钟拨通,速度15/每秒,可存储100个常用号码,速度飞快,让您拨打网络电话更方便快捷
【软件大小】 575KB
【加壳方式】 aspack
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
刚在论坛看到xss发的文章,于是产生看看算法的念头,发现竟然是个软东西
004047DC call AutoTel1.Te_controls::TTeEdi>
004047E1 mov edx,dword ptr ss:[ebp-C] ; 机器码
004047E4 lea eax,dword ptr ss:[ebp-10]
004047E7 call AutoTel1.00534930
004047EC inc dword ptr ds:[ebx+1C]
004047EF lea ecx,dword ptr ss:[ebp-10]
004047F2 push ecx
004047F3 lea eax,dword ptr ss:[ebp-4]
004047F6 mov word ptr ds:[ebx+10],20
004047FC push eax
004047FD xor edx,edx
004047FF mov dword ptr ss:[ebp-8],edx
00404802 lea ecx,dword ptr ss:[ebp-8]
00404805 push ecx
00404806 inc dword ptr ds:[ebx+1C]
00404809 call AutoTel1.00402688 ; 生成机器码
0040480E add esp,8
00404811 lea eax,dword ptr ss:[ebp-8]
00404814 pop edx
00404815 call AutoTel1.00534AFC ; 判断是否生成机器码
0040481A test al,al
0040481C je AutoTel1.004048A9 ; 没生成就跳
00404822 xor ecx,ecx
00404824 mov dword ptr ss:[ebp-18],ecx
00404827 lea edx,dword ptr ss:[ebp-18]
0040482A inc dword ptr ds:[ebx+1C]
0040482D mov eax,dword ptr ds:[esi+300]
00404833 call AutoTel1.Te_controls::TTeEdi>
00404838 mov edx,dword ptr ss:[ebp-18]
0040483B lea eax,dword ptr ss:[ebp-1C]
0040483E call AutoTel1.00534930
00404843 inc dword ptr ds:[ebx+1C]
00404846 lea ecx,dword ptr ss:[ebp-1C]
00404849 push ecx
0040484A lea eax,dword ptr ss:[ebp-4]
0040484D push eax
0040484E xor edx,edx
00404850 mov dword ptr ss:[ebp-14],edx
00404853 lea ecx,dword ptr ss:[ebp-14]
00404856 push ecx
00404857 inc dword ptr ds:[ebx+1C]
0040485A call AutoTel1.004026FC ; 算法
0040485F add esp,8
00404862 lea eax,dword ptr ss:[ebp-14]
00404865 pop edx
00404866 call AutoTel1.00534AFC ; 判断注册码真假
0040486B test al,al
0040486D lea eax,dword ptr ss:[ebp-1C]
00404870 setne cl ; 为假 就完了
00404873 and ecx,1
00404876 mov edx,2
0040487B push ecx
0040487C dec dword ptr ds:[ebx+1C]
0040487F call AutoTel1.00534A2C
00404884 dec dword ptr ds:[ebx+1C]
00404887 lea eax,dword ptr ss:[ebp-18]
0040488A mov edx,2
0040488F call AutoTel1.00534E5C
00404894 dec dword ptr ds:[ebx+1C]
00404897 lea eax,dword ptr ss:[ebp-14]
0040489A mov edx,2
0040489F call AutoTel1.00534A2C
004048A4 pop ecx
004048A5 test ecx,ecx
004048A7 jnz short AutoTel1.004048AD ; 上面标志位判断为假就不跳
004048A9 xor eax,eax
004048AB jmp short AutoTel1.004048B2
004048AD mov eax,1 ; 注册成功标志
004048B2 push eax
004048B3 dec dword ptr ds:[ebx+1C]
004048B6 lea eax,dword ptr ss:[ebp-10]
004048B9 mov edx,2
004048BE call AutoTel1.00534A2C
004048C3 dec dword ptr ds:[ebx+1C]
004048C6 lea eax,dword ptr ss:[ebp-C]
004048C9 mov edx,2
004048CE call AutoTel1.00534E5C
004048D3 dec dword ptr ds:[ebx+1C]
004048D6 lea eax,dword ptr ss:[ebp-8]
004048D9 mov edx,2
004048DE call AutoTel1.00534A2C
004048E3 pop ecx
004048E4 test cl,cl
004048E6 je AutoTel1.00404A3B ; 跳就OVER
004048EC mov word ptr ds:[ebx+10],2C
004048F2 lea eax,dword ptr ss:[ebp-4]
004048F5 push eax
004048F6 xor edx,edx
004048F8 mov dword ptr ss:[ebp-20],edx
004048FB lea ecx,dword ptr ss:[ebp-20]
004048FE push ecx
004048FF inc dword ptr ds:[ebx+1C]
00404902 call AutoTel1.00402544
00404907 add esp,8
0040490A dec dword ptr ds:[ebx+1C]
0040490D lea eax,dword ptr ss:[ebp-20]
00404910 mov edx,2
00404915 call AutoTel1.00534A2C
0040491A mov dl,1
0040491C mov eax,dword ptr ds:[49FA8C]
00404921 call AutoTel1.00401EEC
00404926 mov esi,eax
00404928 mov word ptr ds:[ebx+10],14
0040492E mov eax,dword ptr ss:[ebp-4] ; X:\WINDOWS\system32\regww1.dll
00404931 call AutoTel1.004B1370
00404936 test al,al
00404938 je short AutoTel1.0040494B
0040493A mov edx,dword ptr ss:[ebp-4]
0040493D mov eax,esi
0040493F mov ecx,dword ptr ds:[eax]
00404941 call dword ptr ds:[ecx+68]
00404944 mov eax,esi
00404946 mov edx,dword ptr ds:[eax]
00404948 call dword ptr ds:[edx+44]
0040494B mov word ptr ds:[ebx+10],38
00404951 lea ecx,dword ptr ss:[ebp-4]
00404954 push ecx
00404955 xor eax,eax
00404957 mov dword ptr ss:[ebp-24],eax
0040495A lea edx,dword ptr ss:[ebp-24]
0040495D push edx
0040495E inc dword ptr ds:[ebx+1C]
00404961 call AutoTel1.00402688
00404966 add esp,8
00404969 lea edx,dword ptr ss:[ebp-24]
0040496C mov edx,dword ptr ds:[edx]
0040496E mov eax,esi
00404970 call AutoTel1.004A32D0
00404975 dec dword ptr ds:[ebx+1C]
00404978 lea eax,dword ptr ss:[ebp-24]
0040497B mov edx,2
00404980 call AutoTel1.00534A2C
00404985 mov word ptr ds:[ebx+10],44
0040498B lea ecx,dword ptr ss:[ebp-4]
0040498E push ecx
0040498F xor eax,eax
00404991 mov dword ptr ss:[ebp-28],eax
00404994 lea edx,dword ptr ss:[ebp-28]
00404997 push edx
00404998 inc dword ptr ds:[ebx+1C]
0040499B call AutoTel1.004026FC
004049A0 add esp,8
004049A3 lea edx,dword ptr ss:[ebp-28]
004049A6 mov edx,dword ptr ds:[edx]
004049A8 mov eax,esi
004049AA call AutoTel1.004A32D0
004049AF dec dword ptr ds:[ebx+1C]
004049B2 lea eax,dword ptr ss:[ebp-28]
004049B5 mov edx,2
004049BA call AutoTel1.00534A2C
004049BF mov edx,dword ptr ss:[ebp-4]
004049C2 mov eax,esi
004049C4 mov ecx,dword ptr ds:[eax]
004049C6 call dword ptr ds:[ecx+74]
004049C9 mov edi,esi
004049CB mov dword ptr ss:[ebp-30],edi
004049CE test edi,edi
004049D0 je short AutoTel1.004049F0
004049D2 mov eax,dword ptr ds:[edi]
004049D4 mov dword ptr ss:[ebp-2C],eax
004049D7 mov word ptr ds:[ebx+10],5C
004049DD mov edx,3
004049E2 mov eax,dword ptr ss:[ebp-30]
004049E5 mov ecx,dword ptr ds:[eax]
004049E7 call dword ptr ds:[ecx-4]
004049EA mov word ptr ds:[ebx+10],50
004049F0 mov word ptr ds:[ebx+10],68
004049F6 mov edx,AutoTel1.0054B3C8 ; 感谢您注册本软件,注册成功!重新运行程序后生效!
004049FB lea eax,dword ptr ss:[ebp-34]
004049FE call AutoTel1.005348BC
00404A03 inc dword ptr ds:[ebx+1C]
00404A06 mov eax,dword ptr ds:[eax]
00404A08 call AutoTel1.004FCCEC
00404A0D dec dword ptr ds:[ebx+1C]
00404A10 lea eax,dword ptr ss:[ebp-34]
00404A13 mov edx,2
00404A18 call AutoTel1.00534A2C
00404A1D dec dword ptr ds:[ebx+1C]
00404A20 dec dword ptr ds:[ebx+1C]
00404A23 lea eax,dword ptr ss:[ebp-4]
00404A26 mov edx,2
00404A2B call AutoTel1.00534A2C
00404A30 mov ecx,dword ptr ds:[ebx]
00404A32 mov dword ptr fs:[0],ecx
00404A39 jmp short AutoTel1.00404A84
00404A3B mov word ptr ds:[ebx+10],74
00404A41 mov edx,AutoTel1.0054B3F9 ; 软件注册失败!
00404A46 lea eax,dword ptr ss:[ebp-38]
00404A49 call AutoTel1.005348BC
////////////////////////////////////////////////////////////////////////////////////////////
生成机器码:
////////////////////////////////////////////////////////////////////////////////////////////
00402697 call AutoTel1.0052A998
0040269C push ebx
0040269D call AutoTel1.0040263C ; 取C盘卷标
004026A2 pop ecx
004026A3 mov ebx,eax
004026A5 mov word ptr ss:[ebp-18],8
004026AB xor ebx,19741027 ; 4464CB32 xor 19741027
004026B1 lea eax,dword ptr ss:[ebp-4]
004026B4 mov edx,ebx ; ebx为生成的机器码
004026B6 call AutoTel1.005349E8
004026BB mov edx,eax
004026BD inc dword ptr ss:[ebp-C]
004026C0 mov eax,dword ptr ss:[ebp+8]
004026C3 call AutoTel1.00534A5C
004026C8 mov eax,dword ptr ss:[ebp+8]
004026CB mov edx,2
004026D0 mov word ptr ss:[ebp-18],14
004026D6 push eax
004026D7 lea eax,dword ptr ss:[ebp-4]
004026DA dec dword ptr ss:[ebp-C]
004026DD call AutoTel1.00534A2C
////////////////////////////////////////////////////////////////////////////////////////////
生成注册码:
////////////////////////////////////////////////////////////////////////////////////////////
0040270F call AutoTel1.0052A998
00402714 push ebx
00402715 call AutoTel1.0040263C ; 取C盘卷标
0040271A pop ecx
0040271B mov ebx,eax
0040271D mov word ptr ds:[esi+10],14
00402723 xor ebx,19741027 ; ebx=4464CB32 xor 19741027
00402729 lea eax,dword ptr ss:[ebp-4]
0040272C xor ebx,20030114 ; 机器码 xor 20030114
00402732 mov edx,AutoTel1.005496EF
00402737 call AutoTel1.005348BC
0040273C inc dword ptr ds:[esi+1C]
0040273F lea eax,dword ptr ss:[ebp-8]
00402742 mov word ptr ds:[esi+10],8
00402748 mov word ptr ds:[esi+10],20
0040274E mov edx,ebx
00402750 call AutoTel1.005349E8
00402755 inc dword ptr ds:[esi+1C]
00402758 mov edx,eax
0040275A xor eax,eax
0040275C lea ecx,dword ptr ss:[ebp-C]
0040275F mov dword ptr ss:[ebp-C],eax
00402762 lea eax,dword ptr ss:[ebp-4]
00402765 inc dword ptr ds:[esi+1C]
00402768 call AutoTel1.00534A70
0040276D lea edx,dword ptr ss:[ebp-C]
00402770 push edx
00402771 mov edx,AutoTel1.005496F0 ; wyx
00402776 lea eax,dword ptr ss:[ebp-10]
00402779 call AutoTel1.005348BC
0040277E inc dword ptr ds:[esi+1C]
00402781 xor eax,eax
00402783 mov dword ptr ss:[ebp-14],eax
00402786 lea edx,dword ptr ss:[ebp-10]
00402789 inc dword ptr ds:[esi+1C]
0040278C lea ecx,dword ptr ss:[ebp-14]
0040278F pop eax
00402790 call AutoTel1.00534A70
00402795 lea edx,dword ptr ss:[ebp-14]
00402798 lea eax,dword ptr ss:[ebp-4]
0040279B call AutoTel1.00534A5C
004027A0 dec dword ptr ds:[esi+1C]
004027A3 lea eax,dword ptr ss:[ebp-14]
004027A6 mov edx,2
004027AB call AutoTel1.00534A2C
004027B0 dec dword ptr ds:[esi+1C]
004027B3 lea eax,dword ptr ss:[ebp-10]
004027B6 mov edx,2
004027BB call AutoTel1.00534A2C
004027C0 dec dword ptr ds:[esi+1C]
004027C3 lea eax,dword ptr ss:[ebp-C]
004027C6 mov edx,2
004027CB call AutoTel1.00534A2C
004027D0 dec dword ptr ds:[esi+1C]
004027D3 lea eax,dword ptr ss:[ebp-8]
004027D6 mov edx,2
004027DB call AutoTel1.00534A2C
004027E0 mov word ptr ds:[esi+10],2C
004027E6 lea edx,dword ptr ss:[ebp-4]
004027E9 mov eax,dword ptr ss:[ebp+8]
004027EC call AutoTel1.00534A5C
004027F1 mov eax,dword ptr ss:[ebp+8]
004027F4 mov edx,2
004027F9 mov word ptr ds:[esi+10],38
004027FF push eax
00402800 lea eax,dword ptr ss:[ebp-4]
00402803 dec dword ptr ds:[esi+1C]
00402806 call AutoTel1.00534A2C
0040280B pop eax
////////////////////////////////////////////////////////////////////////////////////////////
小结一下:
1)C盘卷标异或19741027生成机器码
2)机器码异或20030114,结果与wyx连接形成注册码
3)X:\WINDOWS\system32\regww1.dll开始保存使用次数,为0就提示过期,注册成功后,机器码和注册信
息将写入到这里
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! |
|
IP卡
发表于 2007-6-4 09:22:14
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-6-4 09:49:51
发表于 2007-6-7 22:06:05