- UID
- 66880
注册时间2010-5-23
阅读权限30
最后登录1970-1-1
龙战于野
TA的每日心情 | 开心
2023-6-2 15:44 |
|---|
签到天数: 18 天 [LV.4]偶尔看看III
|
本帖最后由 blackk 于 2011-7-8 13:54 编辑
【破文标题】高效e人 Ver2.98(Build 243) 算法分析
【破文作者】Blackk
【作者邮箱】191477631@qq.com
【作者主页】Http://Blackk.co.cc
【破解工具】OD
【破解平台】XP SP3
【软件名称】高效e人 Ver2.98(Build 243)
【软件大小】3.96 MB
【原版下载】http://www.gaoxiaoeren.com/download.htm
【破解声明】本解密分析文章仅限用于学习和研究目的,不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。
------------------------------------------------------------------------
【破解过程】bp MessageBoxExA
//算法入口
00B4378C /$ 55 push ebp
00B4378D |. 8BEC mov ebp, esp
00B4378F |. 33C9 xor ecx, ecx
00B43791 |. 51 push ecx
00B43792 |. 51 push ecx
00B43793 |. 51 push ecx
00B43794 |. 51 push ecx
00B43795 |. 51 push ecx
00B43796 |. 53 push ebx
00B43797 |. 8BD8 mov ebx, eax
00B43799 |. 33C0 xor eax, eax
00B4379B |. 55 push ebp
00B4379C |. 68 A038B400 push 00B438A0
00B437A1 |. 64:FF30 push dword ptr fs:[eax]
00B437A4 |. 64:8920 mov dword ptr fs:[eax], esp
00B437A7 |. 8D55 F8 lea edx, dword ptr [ebp-8]
00B437AA |. 8BC3 mov eax, ebx
00B437AC |. E8 53010000 call 00B43904 ; 取用户名
00B437B1 |. 8B45 F8 mov eax, dword ptr [ebp-8]
00B437B4 |. E8 CB198CFF call 00405184 ; 取用户名长度
00B437B9 |. 85C0 test eax, eax
00B437BB |. 75 3E jnz short 00B437FB ; 验证是否输入用户名
00B437BD |. A0 AC38B400 mov al, byte ptr [B438AC]
00B437C2 |. 50 push eax
00B437C3 |. B2 01 mov dl, 1
00B437C5 |. A1 08179400 mov eax, dword ptr [941708]
00B437CA |. E8 256DE0FF call 0094A4F4
00B437CF |. 8D55 F4 lea edx, dword ptr [ebp-C]
00B437D2 |. E8 6962E0FF call 00949A40
00B437D7 |. 8B55 F4 mov edx, dword ptr [ebp-C]
00B437DA |. 33C9 xor ecx, ecx
00B437DC |. A1 E87D8800 mov eax, dword ptr [887DE8]
00B437E1 |. E8 3A59D4FF call 00889120
00B437E6 |. 8B93 28030000 mov edx, dword ptr [ebx+328]
00B437EC |. A1 347D8800 mov eax, dword ptr [887D34]
00B437F1 |. E8 8A51D4FF call 00888980
00B437F6 |. E8 F1EE8CFF call 004126EC
00B437FB |> E8 D0EAFCFF call 00B122D0
00B43800 |. 8945 FC mov dword ptr [ebp-4], eax
00B43803 |. 33C0 xor eax, eax
00B43805 |. 55 push ebp
00B43806 |. 68 7E38B400 push 00B4387E
00B4380B |. 64:FF30 push dword ptr fs:[eax]
00B4380E |. 64:8920 mov dword ptr fs:[eax], esp
00B43811 |. 8D55 F0 lea edx, dword ptr [ebp-10]
00B43814 |. 8BC3 mov eax, ebx
00B43816 |. E8 95000000 call 00B438B0 ; 取注册码
00B4381B |. 8B55 F0 mov edx, dword ptr [ebp-10]
00B4381E |. 8B45 FC mov eax, dword ptr [ebp-4]
00B43821 |. E8 86C9E0FF call 009501AC ; 算法CALL
//算法CALL
009501AC /$ 55 push ebp
009501AD |. 8BEC mov ebp,esp
009501AF |. B9 06000000 mov ecx,0x6
009501B4 |> 6A 00 /push 0x0
009501B6 |. 6A 00 |push 0x0
009501B8 |. 49 |dec ecx
009501B9 |.^ 75 F9 \jnz short Efficien.009501B4
009501BB |. 53 push ebx
009501BC |. 56 push esi
009501BD |. 57 push edi
009501BE |. 8BF2 mov esi,edx
009501C0 |. 8BF8 mov edi,eax
009501C2 |. 33C0 xor eax,eax
009501C4 |. 55 push ebp
009501C5 |. 68 85039500 push Efficien.00950385
009501CA |. 64:FF30 push dword ptr fs:[eax]
009501CD |. 64:8920 mov dword ptr fs:[eax],esp
009501D0 |. 33DB xor ebx,ebx
009501D2 |. 8B47 08 mov eax,dword ptr ds:[edi+0x8]
009501D5 |. E8 AA4FABFF call Efficien.00405184
009501DA |. 50 push eax
009501DB |. 8B47 0C mov eax,dword ptr ds:[edi+0xC]
009501DE |. E8 A14FABFF call Efficien.00405184
009501E3 |. C1E0 02 shl eax,0x2
009501E6 |. 5A pop edx
009501E7 |. 03D0 add edx,eax
009501E9 |. 83C2 1B add edx,0x1B
009501EC |. 42 inc edx
009501ED |. 52 push edx
009501EE |. 8BC6 mov eax,esi
009501F0 |. E8 8F4FABFF call Efficien.00405184
009501F5 |. 5A pop edx
009501F6 |. 3BD0 cmp edx,eax
009501F8 |. 0F85 6C010000 jnz Efficien.0095036A ; 验证注册码是否37位
009501FE |. 8D4D F0 lea ecx,[local.4]
00950201 |. 8BD6 mov edx,esi
00950203 |. 8BC7 mov eax,edi
00950205 |. E8 8E010000 call Efficien.00950398
0095020A |. 8D45 FC lea eax,[local.1]
0095020D |. 50 push eax
0095020E |. 8B47 08 mov eax,dword ptr ds:[edi+0x8]
00950211 |. E8 6E4FABFF call Efficien.00405184
00950216 |. 8BF0 mov esi,eax
00950218 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC]
0095021B |. E8 644FABFF call Efficien.00405184
00950220 |. 03F0 add esi,eax
00950222 |. 8BCE mov ecx,esi
00950224 |. BA 01000000 mov edx,0x1
00950229 |. 8B45 F0 mov eax,[local.4]
0095022C |. E8 B351ABFF call Efficien.004053E4
00950231 |. 8D45 EC lea eax,[local.5]
00950234 |. 8B4F 0C mov ecx,dword ptr ds:[edi+0xC]
00950237 |. 8B57 08 mov edx,dword ptr ds:[edi+0x8]
0095023A |. E8 914FABFF call Efficien.004051D0
0095023F |. 8B55 EC mov edx,[local.5]
00950242 |. 8B45 FC mov eax,[local.1]
00950245 |. E8 16CAABFF call Efficien.0040CC60 ; 比较前6位是否为EP200-
0095024A |. 84C0 test al,al
0095024C |. 0F84 18010000 je Efficien.0095036A
00950252 |. 8D45 E8 lea eax,[local.6]
00950255 |. 50 push eax
00950256 |. 8B47 08 mov eax,dword ptr ds:[edi+0x8]
00950259 |. E8 264FABFF call Efficien.00405184
0095025E |. 8BD8 mov ebx,eax
00950260 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC]
00950263 |. E8 1C4FABFF call Efficien.00405184
00950268 |. 03C0 add eax,eax
0095026A |. 03D8 add ebx,eax
0095026C |. 8BD3 mov edx,ebx
0095026E |. 83C2 07 add edx,0x7
00950271 |. B9 03000000 mov ecx,0x3
00950276 |. 8B45 F0 mov eax,[local.4]
00950279 |. E8 6651ABFF call Efficien.004053E4 ; 取注册码第17、18、20位=A组
0095027E |. 8B45 E8 mov eax,[local.6]
00950281 |. 50 push eax
00950282 |. 8D45 E4 lea eax,[local.7]
00950285 |. 50 push eax
00950286 |. 8B47 08 mov eax,dword ptr ds:[edi+0x8]
00950289 |. E8 F64EABFF call Efficien.00405184
0095028E |. 8BD8 mov ebx,eax
00950290 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC]
00950293 |. E8 EC4EABFF call Efficien.00405184
00950298 |. 03D8 add ebx,eax
0095029A |. 8BD3 mov edx,ebx
0095029C |. 42 inc edx
0095029D |. B9 06000000 mov ecx,0x6
009502A2 |. 8B45 F0 mov eax,[local.4]
009502A5 |. E8 3A51ABFF call Efficien.004053E4 ; 取注册码第7、9、10、12、13、15位=B组
009502AA |. 8B55 E4 mov edx,[local.7]
009502AD |. 8D45 F8 lea eax,[local.2]
009502B0 |. 59 pop ecx
009502B1 |. E8 1A4FABFF call Efficien.004051D0 ; A、B组组合
009502B6 |. 8D45 E0 lea eax,[local.8]
009502B9 |. 50 push eax
009502BA |. 8B47 08 mov eax,dword ptr ds:[edi+0x8]
009502BD |. E8 C24EABFF call Efficien.00405184
009502C2 |. 8BD8 mov ebx,eax
009502C4 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC]
009502C7 |. E8 B84EABFF call Efficien.00405184
009502CC |. 8D0440 lea eax,dword ptr ds:[eax+eax*2]
009502CF |. 03D8 add ebx,eax
009502D1 |. 8BD3 mov edx,ebx
009502D3 |. 83C2 0D add edx,0xD
009502D6 |. B9 06000000 mov ecx,0x6
009502DB |. 8B45 F0 mov eax,[local.4]
009502DE |. E8 0151ABFF call Efficien.004053E4 ; 取注册码第28、29、30、32、33、34位=C组
009502E3 |. 8B45 E0 mov eax,[local.8]
009502E6 |. 50 push eax
009502E7 |. 8D45 DC lea eax,[local.9]
009502EA |. 50 push eax
009502EB |. 8B47 08 mov eax,dword ptr ds:[edi+0x8]
009502EE |. E8 914EABFF call Efficien.00405184
009502F3 |. 8BD8 mov ebx,eax
009502F5 |. 8B47 0C mov eax,dword ptr ds:[edi+0xC]
009502F8 |. E8 874EABFF call Efficien.00405184
009502FD |. 03C0 add eax,eax
009502FF |. 03D8 add ebx,eax
00950301 |. 8BD3 mov edx,ebx
00950303 |. 83C2 0A add edx,0xA
00950306 |. B9 03000000 mov ecx,0x3
0095030B |. 8B45 F0 mov eax,[local.4]
0095030E |. E8 D150ABFF call Efficien.004053E4 ; 取注册码第22、24、25位=D组
00950313 |. 8B55 DC mov edx,[local.9]
00950316 |. 8D45 F4 lea eax,[local.3]
00950319 |. 59 pop ecx
0095031A |. E8 B14EABFF call Efficien.004051D0 ; C、D组组合
0095031F |. 8D4D F4 lea ecx,[local.3]
小结:
1. 取注册码第17、18、20位=A组
2. 取注册码第7、9、10、12、13、15位=B组
3. A、B组合(B在前A在后)
4. 取注册码第28、29、30、32、33、34位=C组
5. 取注册码第22、24、25位=D组
6. C和D组合(D在前C在后)
//接下来
00950322 |. 8D55 F8 lea edx,[local.2]
00950325 |. 8BC7 mov eax,edi
00950327 |. E8 64010000 call Efficien.00950490 ; 两组数据移位运算
0095032C |. 8D45 D0 lea eax,[local.12]
0095032F |. 50 push eax
00950330 |. 8B4F 04 mov ecx,dword ptr ds:[edi+0x4]
00950333 |. 8B55 F8 mov edx,[local.2]
00950336 |. A1 78F79400 mov eax,dword ptr ds:[0x94F778]
0095033B |. E8 28FCFFFF call Efficien.0094FF68 ; 加密运算1
00950340 |. 8B55 D0 mov edx,[local.12]
00950343 |. 8D4D D4 lea ecx,[local.11]
00950346 |. A1 847C8800 mov eax,dword ptr ds:[0x887C84]
0095034B |. E8 6CA2F3FF call Efficien.0088A5BC ; 加密运算2
00950350 |. 8B55 D4 mov edx,[local.11]
00950353 |. 8D4D D8 lea ecx,[local.10]
00950356 |. 8BC7 mov eax,edi
00950358 |. E8 DBFDFFFF call Efficien.00950138 ; 取加密2的奇数位
0095035D |. 8B45 D8 mov eax,[local.10]
00950360 |. 8B55 F4 mov edx,[local.3]
00950363 |. E8 F8C8ABFF call Efficien.0040CC60 ; 比较...相等就注册成功
//移位运算入口
00950490 /$ 55 push ebp
00950491 |. 8BEC mov ebp,esp
00950493 |. 51 push ecx
00950494 |. B9 09000000 mov ecx,0x9
00950499 |> 6A 00 /push 0x0
0095049B |. 6A 00 |push 0x0
0095049D |. 49 |dec ecx
0095049E |.^ 75 F9 \jnz short Efficien.00950499
009504A0 |. 51 push ecx
009504A1 |. 874D FC xchg [local.1],ecx
009504A4 |. 53 push ebx
009504A5 |. 56 push esi
按以下方式两组数据交替移位
009504D0 |. B9 01000000 mov ecx,0x1
009504D5 |. BA 01000000 mov edx,0x1
009504E9 |. B9 01000000 mov ecx,0x1
009504EE |. BA 08000000 mov edx,0x8
00950502 |. B9 01000000 mov ecx,0x1
00950507 |. BA 04000000 mov edx,0x4
0095051B |. B9 01000000 mov ecx,0x1
00950520 |. BA 07000000 mov edx,0x7
00950534 |. B9 01000000 mov ecx,0x1
00950539 |. BA 05000000 mov edx,0x5
0095054D |. B9 01000000 mov ecx,0x1
00950552 |. BA 09000000 mov edx,0x9
00950566 |. B9 01000000 mov ecx,0x1
0095056B |. BA 02000000 mov edx,0x2
0095057F |. B9 01000000 mov ecx,0x1
00950584 |. BA 03000000 mov edx,0x3
00950598 |. B9 01000000 mov ecx,0x1
0095059D |. BA 06000000 mov edx,0x6
---------------------------------------
009505BD |. B9 01000000 mov ecx,0x1
009505C2 |. BA 07000000 mov edx,0x7
009505D6 |. B9 01000000 mov ecx,0x1
009505DB |. BA 08000000 mov edx,0x8
009505EF |. B9 01000000 mov ecx,0x1
009505F4 |. BA 06000000 mov edx,0x6
00950608 |. B9 01000000 mov ecx,0x1
0095060D |. BA 02000000 mov edx,0x2
00950621 |. B9 01000000 mov ecx,0x1
00950626 |. BA 04000000 mov edx,0x4
0095063A |. B9 01000000 mov ecx,0x1
0095063F |. BA 03000000 mov edx,0x3
00950653 |. B9 01000000 mov ecx,0x1
00950658 |. BA 01000000 mov edx,0x1
0095066C |. B9 01000000 mov ecx,0x1
00950671 |. BA 05000000 mov edx,0x5
00950685 |. B9 01000000 mov ecx,0x1
0095068A |. BA 09000000 mov edx,0x9
移位小结:
假设A组=578123567,B组=023568124
先B组:
A[1]-->B[1],B[8]-->B[2],B[4]-->B[3],A[7]-->B[4],A[5]-->B[5],A[9]-->B[6],B[2]-->B[7],A[3]-->B[8],B[6]-->B[9]
再A组:
B[7]-->A[1],A[8]-->A[2],A[6]-->A[3],A[2]-->A[4],A[4]-->A[5],B[3]-->A[6],B[1]-->A[7],B[5]-->A[8],B[9]-->A[9]
移位结果:
A组=163713064,B组=525527288
//加密运算1入口
0094FBC8 /$ 55 push ebp
0094FBC9 |. 8BEC mov ebp,esp
0094FBCB |. 83C4 F0 add esp,-0x10
0094FBCE |. 53 push ebx
0094FBCF |. 56 push esi
加密运算1是以加密移位后的B组数据为依据
0094FC64 |> /8BC3 /mov eax,ebx
0094FC66 |. |25 01000080 |and eax,0x80000001
0094FC6B |. |79 05 |jns short Efficien.0094FC72
0094FC6D |. |48 |dec eax
0094FC6E |. |83C8 FE |or eax,-0x2
0094FC71 |. |40 |inc eax
0094FC72 |> |85C0 |test eax,eax
0094FC74 |. |75 2D |jnz short Efficien.0094FCA3
0094FC76 |. |8BC6 |mov eax,esi
0094FC78 |. |E8 5F57ABFF |call Efficien.004053DC
0094FC7D |. |8D4418 FF |lea eax,dword ptr ds:[eax+ebx-0x1]
0094FC81 |. |50 |push eax
0094FC82 |. |8B06 |mov eax,dword ptr ds:[esi]
0094FC84 |. |0FB64418 FF |movzx eax,byte ptr ds:[eax+ebx-0x1] ; 偶数位依次放入Eax,参与运算
0094FC89 |. |33D2 |xor edx,edx
0094FC8B |. |8A55 F7 |mov dl,byte ptr ss:[ebp-0x9] ; DL=2
0094FC8E |. |03C2 |add eax,edx
0094FC90 |. |83E8 20 |sub eax,0x20
0094FC93 |. |B9 5F000000 |mov ecx,0x5F
0094FC98 |. |99 |cdq
0094FC99 |. |F7F9 |idiv ecx
0094FC9B |. |83C2 20 |add edx,0x20 ; ((Eax-18) Mod 5F)+20
0094FC9E |. |58 |pop eax
0094FC9F |. |8810 |mov byte ptr ds:[eax],dl
0094FCA1 |. |EB 2B |jmp short Efficien.0094FCCE
0094FCA3 |> |8BC6 |mov eax,esi
0094FCA5 |. |E8 3257ABFF |call Efficien.004053DC
0094FCAA |. |8D4418 FF |lea eax,dword ptr ds:[eax+ebx-0x1]
0094FCAE |. |50 |push eax
0094FCAF |. |8B06 |mov eax,dword ptr ds:[esi]
0094FCB1 |. |0FB64418 FF |movzx eax,byte ptr ds:[eax+ebx-0x1] ; 奇数位依次放入Eax,参与运算
0094FCB6 |. |33D2 |xor edx,edx
0094FCB8 |. |8A55 F6 |mov dl,byte ptr ss:[ebp-0xA] ; DL=4
0094FCBB |. |03C2 |add eax,edx
0094FCBD |. |83E8 20 |sub eax,0x20
0094FCC0 |. |B9 5F000000 |mov ecx,0x5F
0094FCC5 |. |99 |cdq
0094FCC6 |. |F7F9 |idiv ecx
0094FCC8 |. |83C2 20 |add edx,0x20
0094FCCB |. |58 |pop eax
0094FCCC |. |8810 |mov byte ptr ds:[eax],dl ; ((Eax-16) Mod 5F)+20
0094FCCE |> |43 |inc ebx
0094FCCF |. |4F |dec edi
0094FCD0 |.^\75 92 \jnz short Efficien.0094FC64
运算结果:
525527288 --> 9497696:<
//把得到的数据反转
0094FCDE |> /8B06 /mov eax,dword ptr ds:[esi]
0094FCE0 |. |8A4418 FF |mov al,byte ptr ds:[eax+ebx-0x1]
0094FCE4 |. |8845 F5 |mov byte ptr ss:[ebp-0xB],al
0094FCE7 |. |8BC6 |mov eax,esi
0094FCE9 |. |E8 EE56ABFF |call Efficien.004053DC
0094FCEE |. |8B55 FC |mov edx,[local.1]
0094FCF1 |. |42 |inc edx
0094FCF2 |. |2BD3 |sub edx,ebx
0094FCF4 |. |8B0E |mov ecx,dword ptr ds:[esi]
0094FCF6 |. |8A5411 FF |mov dl,byte ptr ds:[ecx+edx-0x1]
0094FCFA |. |885418 FF |mov byte ptr ds:[eax+ebx-0x1],dl
0094FCFE |. |8BC6 |mov eax,esi
0094FD00 |. |E8 D756ABFF |call Efficien.004053DC
0094FD05 |. |8B55 FC |mov edx,[local.1]
0094FD08 |. |42 |inc edx
0094FD09 |. |2BD3 |sub edx,ebx
0094FD0B |. |8A4D F5 |mov cl,byte ptr ss:[ebp-0xB]
0094FD0E |. |884C10 FF |mov byte ptr ds:[eax+edx-0x1],cl
0094FD12 |. |43 |inc ebx
0094FD13 |. |4F |dec edi
0094FD14 |.^\75 C8 \jnz short Efficien.0094FCDE
运算结果:
9497696:< --> <:6967949
//以三个单位为一个小组,进行前移一位运算
0094FD1D |> /8B06 /mov eax,dword ptr ds:[esi]
0094FD1F |. |8A4418 FF |mov al,byte ptr ds:[eax+ebx-0x1]
0094FD23 |. |8845 F5 |mov byte ptr ss:[ebp-0xB],al
0094FD26 |. |8BC6 |mov eax,esi
0094FD28 |. |E8 AF56ABFF |call Efficien.004053DC
0094FD2D |. |8B16 |mov edx,dword ptr ds:[esi]
0094FD2F |. |8A141A |mov dl,byte ptr ds:[edx+ebx]
0094FD32 |. |885418 FF |mov byte ptr ds:[eax+ebx-0x1],dl
0094FD36 |. |8BC6 |mov eax,esi
0094FD38 |. |E8 9F56ABFF |call Efficien.004053DC
0094FD3D |. |8B16 |mov edx,dword ptr ds:[esi]
0094FD3F |. |8A541A 01 |mov dl,byte ptr ds:[edx+ebx+0x1]
0094FD43 |. |881418 |mov byte ptr ds:[eax+ebx],dl
0094FD46 |. |8BC6 |mov eax,esi
0094FD48 |. |E8 8F56ABFF |call Efficien.004053DC
0094FD4D |. |8A55 F5 |mov dl,byte ptr ss:[ebp-0xB]
0094FD50 |. |885418 01 |mov byte ptr ds:[eax+ebx+0x1],dl
0094FD54 |. |83C3 03 |add ebx,0x3
0094FD57 |> |8B45 FC mov eax,[local.1]
0094FD5A |. |83E8 02 |sub eax,0x2
0094FD5D |. |3BD8 |cmp ebx,eax
0094FD5F |.^\7E BC \jle short Efficien.0094FD1D
运算结果:
<:6967949 --> :6<679499
//加密算法2入口
0088A5BC /$ 53 push ebx
0088A5BD |. 56 push esi
0088A5BE |. 57 push edi
0088A5BF |. 55 push ebp
0088A5C0 |. 83C4 F8 add esp,-0x8
0088A5C3 |. 8BE9 mov ebp,ecx
加密运算2是以加密运算1的结果为依据的运算
//加密算法2
0088A5F0 |> /8B0424 /mov eax,dword ptr ss:[esp]
0088A5F3 |. |8B5424 04 |mov edx,dword ptr ss:[esp+0x4]
0088A5F7 |. |0FB67410 FF |movzx esi,byte ptr ds:[eax+edx-0x1] ; 字符串ASC码依次放入Eax
0088A5FC |. |8BC6 |mov eax,esi
0088A5FE |. |83E0 0F |and eax,0xF ; Eax=Eax and F
0088A601 |. |E8 A6FFFFFF |call Efficien.0088A5AC ; 若Eax的值大于≥A,则Eax+37.否则Eax+30
0088A606 |. |50 |push eax
0088A607 |. |8BC5 |mov eax,ebp
0088A609 |. |E8 CEADB7FF |call Efficien.004053DC
0088A60E |. |5A |pop edx
0088A60F |. |885418 FF |mov byte ptr ds:[eax+ebx-0x1],dl
0088A613 |. |43 |inc ebx
0088A614 |. |8BC6 |mov eax,esi
0088A616 |. |C1E8 04 |shr eax,0x4 ; 将Eax的值右移4位
0088A621 |. E8 B6ADB7FF |call Efficien.004053DC ; 若Eax的值大于≥A,则Eax+37.否则Eax+30
0088A61E |. |50 |push eax
0088A61F |. |8BC5 |mov eax,ebp
0088A621 |. |E8 B6ADB7FF |call Efficien.004053DC
0088A626 |. |5A |pop edx
0088A627 |. |885418 FF |mov byte ptr ds:[eax+ebx-0x1],dl
0088A62B |. |43 |inc ebx
0088A62C |. |FF4424 04 |inc dword ptr ss:[esp+0x4]
0088A630 |. |4F |dec edi
0088A631 |.^\75 BD \jnz short Efficien.0088A5F0
运算结果:
A363C3637393439393
//取加密运算2结果的奇数位为最后结果
00950358 |. E8 DBFDFFFF call Efficien.00950138
得到结果:
A6C679499
将得到的结果和A组数据进行比较,若相同则注册成功
0095035D |. 8B45 D8 mov eax, dword ptr [ebp-28]
00950360 |. 8B55 F4 mov edx, dword ptr [ebp-C]
通过A组数据我们可以分析出A组数据每一位对应的是注册码的第几位,按顺序改成最终结果即可:
修改位数顺序 17、33、30、24、28、10、7、13、20 修改注册码
结果:
A6C679499
A组数据:
163713064
可用注册码:
EP200-A12B4457695828416939095A4769890
------------------------------------------------------------------------
【破解总结】
如有错误请大牛指出
------------------------------------------------------------------------
转载请说明出处 |
评分
-
查看全部评分
|
[复制链接]
IP卡
发表于 2011-7-8 13:49:25
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2011-7-8 15:00:51
发表于 2011-7-8 15:36:33
楼主
发表于 2011-7-9 08:49:25
发表于 2011-7-9 12:49:09
发表于 2011-7-14 10:08:34
