网聪系列软件注册码算法分析
-
聪系列软件注册码算法分析即注册机编写
目标软件:网聪邮址搜神,网聪邮件特快,网聪邮件巡捕,网聪邮件管家
!http://www.NetSmartSoft.onchina.net
破解工具:dede
注册机编程工具:delphi
破解目的:个人兴趣,学习delphi编程。
难度级别:简易
这几天尝试破解了几个软件,但都没完全搞定,功力差了一点,为了增加信心,所以找了个国产的开刀,没想运气不错,还算比较简单。
现在就开始把:这四个软件加密类型一样,强度极低,以网聪邮址搜神为例简单说说!
用dede打开,反编译后,先看看form里的资源,找到填写注册的那个过程,以搜神为例是Tform1.N13Click,
0049E3F4 55 push ebp
0049E3F5 8BEC mov ebp, esp
0049E3F7 83C4D4 add esp, -$2C
0049E3FA 53 push ebx
0049E3FB 56 push esi
0049E3FC 33C9 xor ecx, ecx
0049E3FE 894DD4 mov [ebp-$2C], ecx
0049E401 894DF4 mov [ebp-$0C], ecx
0049E404 8BD8 mov ebx, eax
0049E406 33C0 xor eax, eax
0049E408 55 push ebp
* Possible String Reference to: '榕O?腓^[嬪]?
|
0049E409 688AE54900 push $0049E58A
***** TRY
|
0049E40E 64FF30 push dword ptr fs:[eax]
0049E411 648920 mov fs:[eax], esp
0049E414 8D45F4 lea eax, [ebp-$0C]
* Possible String Reference to: '00000000'
|
0049E417 BAA0E54900 mov edx, $0049E5A0
* Reference to: system.@LStrLAsg;
|
0049E41C E8B757F6FF call 00403BD8
0049E421 8D4DF4 lea ecx, [ebp-$0C]
* Possible String Reference to: '请输入您的软件注册码'
|
0049E424 BAB4E54900 mov edx, $0049E5B4
* Possible String Reference to: '登记注册'
|
0049E429 B8D4E54900 mov eax, $0049E5D4
* Reference to: dialogs.InputQuery(System.AnsiString;System.AnsiString;System.AnsiString):System.Boolean;
|
0049E42E E88D2DFBFF call 004511C0
0049E433 3C01 cmp al, $01
0049E435 0F8531010000 jnz 0049E56C
0049E43B 8D55D4 lea edx, [ebp-$2C]
0049E43E 8B45F4 mov eax, [ebp-$0C]
* Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
|
0049E441 E8A6A1F6FF call 004085EC
0049E446 8B45D4 mov eax, [ebp-$2C]
* Reference to: sysutils.StrToInt64(System.AnsiString):System.Int64;
|
0049E449 E8BEA3F6FF call 0040880C <----你输入的注册码转成数值类型
0049E44E 8945F8 mov [ebp-$08], eax
0049E451 8955FC mov [ebp-$04], edx
0049E454 6A00 push $00
0049E456 6A35 push $35 <----除数因子
0049E458 8B45F8 mov eax, [ebp-$08]
0049E45B 8B55FC mov edx, [ebp-$04]
* Reference to: system.@_lldiv;
|
0049E45E E8BF7EF6FF call 00406322 <----除法运算
0049E463 8945F8 mov [ebp-$08], eax
0049E466 8955FC mov [ebp-$04], edx
0049E469 8B45F8 mov eax, [ebp-$08]
0049E46C 8B55FC mov edx, [ebp-$04]
0049E46F 2DF2350100 sub eax, $000135F2 <----减去这个因子
0049E474 83DA00 sbb edx, +$00
0049E477 8945F8 mov [ebp-$08], eax
0049E47A 8955FC mov [ebp-$04], edx
0049E47D 8D45D8 lea eax, [ebp-$28]
|
0049E480 E8FBCBFFFF call 0049B080 <----获取cpuid
0049E485 8B45D8 mov eax, [ebp-$28]
0049E488 99 cdq
0049E489 8945E8 mov [ebp-$18], eax
0049E48C 8955EC mov [ebp-$14], edx
0049E48F 8B45F8 mov eax, [ebp-$08]
0049E492 8B55FC mov edx, [ebp-$04]
0049E495 3B55EC cmp edx, [ebp-$14] <----比较
0049E498 0F85B9000000 jnz 0049E557
0049E49E 3B45E8 cmp eax, [ebp-$18]
0049E4A1 0F85B0000000 jnz 0049E557
0049E4A7 B201 mov dl, $01
0049E4A9 A1F4F74800 mov eax, dword ptr [$48F7F4]
|
0049E4AE E84114FFFF call 0048F8F4
0049E4B3 8BF0 mov esi, eax
0049E4B5 BA02000080 mov edx, $80000002
0049E4BA 8BC6 mov eax, esi
* Reference to: registry.TRegistry.SetRootKey(TRegistry;Windows.HKEY);
|
0049E4BC E8D314FFFF call 0048F994 <----成功后写入注册表
0049E4C1 B101 mov cl, $01
* Possible String Reference to: 'Software\Microsoft\Windows\CurrentV
| ersion\netsmartsoft\smartsearch'
|
0049E4C3 BAE8E54900 mov edx, $0049E5E8
0049E4C8 8BC6 mov eax, esi
* Reference to: registry.TRegistry.OpenKey(TRegistry;System.AnsiString;System.Boolean):System.Boolean;
|
0049E4CA E82915FFFF call 0048F9F8
0049E4CF 84C0 test al, al
0049E4D1 740E jz 0049E4E1
0049E4D3 33C9 xor ecx, ecx
* Possible String Reference to: 'gc_id'
|
0049E4D5 BA34E64900 mov edx, $0049E634
0049E4DA 8BC6 mov eax, esi
* Reference to: registry.TRegistry.WriteInteger(TRegistry;System.AnsiString;System.Integer);
|
0049E4DC E8B716FFFF call 0048FB98
0049E4E1 8BC6 mov eax, esi
* Reference to: registry.TRegistry.CloseKey(TRegistry);
|
0049E4E3 E87C14FFFF call 0048F964
0049E4E8 8BC6 mov eax, esi
* Reference to: system.TObject.Free(TObject);
|
0049E4EA E84549F6FF call 00402E34
0049E4EF 6A00 push $00
0049E4F1 668B0D3CE64900 mov cx, word ptr [$49E63C]
0049E4F8 B202 mov dl, $02
* Possible String Reference to: '软件登记注册成功!'
|
0049E4FA B848E64900 mov eax, $0049E648
|
0049E4FF E8A02BFBFF call 004510A4
0049E504 33D2 xor edx, edx
* Reference to control N13 : TMenuItem
|
0049E506 8B8344030000 mov eax, [ebx+$0344]
* Reference to: menus.TMenuItem.SetEnabled(TMenuItem;System.Boolean);
|
0049E50C E8BBF1F9FF call 0043D6CC
0049E511 33D2 xor edx, edx
* Reference to control SpeedButton8 : TSpeedButton
|
0049E513 8B83DC040000 mov eax, [ebx+$04DC]
0049E519 8B08 mov ecx, [eax]
0049E51B FF515C call dword ptr [ecx+$5C]
* Possible String Reference to: '已注册版本'
|
0049E51E BA64E64900 mov edx, $0049E664
* Reference to control Label7 : TLabel
|
0049E523 8B83E0040000 mov eax, [ebx+$04E0]
* Reference to: controls.TControl.SetText(TControl;System.String);
|
0049E529 E8CAEBF8FF call 0042D0F8
0049E52E B201 mov dl, $01
* Reference to control CoolBar1 : TCoolBar
|
0049E530 8B83F0020000 mov eax, [ebx+$02F0]
0049E536 8B08 mov ecx, [eax]
0049E538 FF515C call dword ptr [ecx+$5C]
0049E53B B201 mov dl, $01
* Reference to control S1 : TMenuItem
|
0049E53D 8B83D4020000 mov eax, [ebx+$02D4]
* Reference to: menus.TMenuItem.SetEnabled(TMenuItem;System.Boolean);
|
0049E543 E884F1F9FF call 0043D6CC
* Reference to control Edit1 : TEdit
|
0049E548 8B830C050000 mov eax, [ebx+$050C]
0049E54E C7400C08000000 mov dword ptr [eax+$0C], $00000008
0049E555 EB15 jmp 0049E56C
0049E557 6A00 push $00
0049E559 668B0D3CE64900 mov cx, word ptr [$49E63C]
0049E560 B201 mov dl, $01
* Possible String Reference to: '软件注册号错误!'
|
0049E562 B878E64900 mov eax, $0049E678
|
0049E567 E8382BFBFF call 004510A4
0049E56C 33C0 xor eax, eax
0049E56E 5A pop edx
0049E56F 59 pop ecx
0049E570 59 pop ecx
0049E571 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '^[嬪]?
|
0049E574 6891E54900 push $0049E591
0049E579 8D45D4 lea eax, [ebp-$2C]
* Reference to: system.@LStrClr(String);
|
0049E57C E8BF55F6FF call 00403B40
0049E581 8D45F4 lea eax, [ebp-$0C]
* Reference to: system.@LStrClr(String);
|
0049E584 E8B755F6FF call 00403B40
0049E589 C3 ret
0049E58A E9C54FF6FF jmp 00403554
0049E58F EBE8 jmp 0049E579
****** END
|
0049E591 5E pop esi
0049E592 5B pop ebx
0049E593 8BE5 mov esp, ebp
0049E595 5D pop ebp
0049E596 C3 ret
所以算法是:注册码=(cpuid(前8位)+135f2h)*35h
其他几个把除数和减法因子改了一下。
注册机源代码:
type
TCPUID = array[1..4] of Longint;
function GetCPUID : TCPUID; assembler; register;
asm
PUSH EBX {Save affected register}
PUSH EDI
MOV EDI,EAX {@Result}
MOV EAX,1
DW $A20F {CPUID Command}
STOSD {CPUID[1]}
MOV EAX,EBX
STOSD {CPUID[2]}
MOV EAX,ECX
STOSD {CPUID[3]}
MOV EAX,EDX
STOSD {CPUID[4]}
POP EDI {Restore registers}
POP EBX
end;
procedure Tform1.BSMorphButton1Click(Sender: TObject);
var
CPUID : TCPUID;
reg : Integer;
begin
CPUID := GetCPUID;
reg:=0;
case ComboBox1.ItemIndex of
-1:with Application do MessageBox('请选择软件', '注意', MB_OK);
0:reg:=(CPUID[1]+ $135f2)*$35;
1:reg:=(CPUID[1]+ $8b23)*$25;
2:reg:=(CPUID[1]+ $1331b)*$36;
3:reg:=(CPUID[1]+ $10053)*$43;
end;
Edit1.Text:=InttoStr(reg);
end;
完成,enjoy
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有22条评论>>