重灌一遍:ShowDep 4.0 beta 1 brute-force attack (8千字)
-
http://www.showdep.com
用穷举法找到个注册码,输入之后说“Thank you”但是会引起非法操作,
why?我又没运行SoftICE。估计还是注册码的长度不对,看了一下它存
在注册表中的注册码,似乎应是64个字符(即32字节)。
Name: Registered User
Code: DB883980
下面是穷举程序的主要部分:
.DATA
UserName db 100 dup (0)
RegCodeString db 16 dup (0)
RegCode dd 3 dup (?)
StringFormat db "%08lX", 0
Serial dd ?
NameLen dd ?
NotFound db "no valid serial found.", 0
Seed dd 3 dup(?)
Old_ESP dd ?
temp dd ?
_hInst dd ?
_hWnd dd ?
_hIcon dd ?
_hDlg dd ?
MagicTable dd 00000000h, 77073096h, 0EE0E612Ch, 990951BAh
dd 076DC419h, 706AF48Fh, 0E963A535h, 9E6495A3h
dd 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh, 97D2D988h
dd 09B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh
dd 1ADAD47Dh, 6DDDE4EBh, 0F4D4B551h, 83D385C7h
dd 136C9856h, 646BA8C0h, 0FD62F97Ah, 8A65C9ECh
dd 14015C4Fh, 63066CD9h, 0FA0F3D63h, 8D080DF5h
dd 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh
dd 35B5A8FAh, 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h
dd 32D86CE3h, 45DF5C75h, 0DCD60DCFh, 0ABD13D59h
dd 26D930ACh, 51DE003Ah, 0C8D75180h, 0BFD06116h
dd 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h
dd 2F6F7C87h, 58684C11h, 0C1611DABh, 0B6662D3Dh
dd 76DC4190h, 01DB7106h, 98D220BCh, 0EFD5102Ah
dd 71B18589h, 06B6B51Fh, 9FBFE4A5h, 0E8B8D433h
dd 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 086D3D2Dh, 91646C97h, 0E6635C01h
dd 6B6B51F4h, 1C6C6162h, 856530D8h, 0F262004Eh
dd 6C0695EDh, 1B01A57Bh, 8208F4C1h, 0F50FC457h
dd 65B0D9C6h, 12B7E950h, 8BBEB8EAh, 0FCB9887Ch
dd 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h
dd 4ADFA541h, 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh
dd 4369E96Ah, 346ED9FCh, 0AD678846h, 0DA60B8D0h
dd 44042D73h, 33031DE5h, 0AA0A4C5Fh, 0DD0D7CC9h
dd 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh
dd 5EDEF90Eh, 29D9C998h, 0B0D09822h, 0C7D7A8B4h
dd 59B33D17h, 2EB40D81h, 0B7BD5C3Bh, 0C0BA6CADh
dd 0EDB88320h, 9ABFB3B6h, 03B6E20Ch, 74B1D29Ah
dd 0EAD54739h, 9DD277AFh, 04DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h
dd 0E40ECF0Bh, 9309FF9Dh, 0A00AE27h, 7D079EB1h
dd 0F00F9344h, 8708A3D2h, 1E01F268h, 6906C2FEh
dd 0F762575Dh, 806567CBh, 196C3671h, 6E6B06E7h
dd 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h
dd 0D6D6A3E8h, 0A1D1937Eh, 38D8C2C4h, 4FDFF252h
dd 0D1BB67F1h, 0A6BC5767h, 3FB506DDh, 48B2364Bh
dd 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h, 41047A60h
dd 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h
dd 0CC0C7795h, 0BB0B4703h, 220216B9h, 5505262Fh
dd 0C5BA3BBEh, 0B2BD0B28h, 2BB45A92h, 5CB36A04h
dd 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh, 5BDEAE1Dh
dd 9B64C2B0h, 0EC63F226h, 756AA39Ch, 026D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 05005713h
dd 95BF4A82h, 0E2B87A14h, 7BB12BAEh, 0CB61B38h
dd 92D28E9Bh, 0E5D5BE0Dh, 7CDCEFB7h, 0BDBDF21h
dd 86D3D2D4h, 0F1D4E242h, 68DDB3F8h, 1FDA836Eh
dd 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch
dd 8F659EFFh, 0F862AE69h, 616BFFD3h, 166CCF45h
dd 0A00AE278h, 0D70DD2EEh, 4E048354h, 3903B3C2h
dd 0A7672661h, 0D06016F7h, 4969474Dh, 3E6E77DBh
dd 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h
dd 0BDBDF21Ch, 0CABAC28Ah, 53B39330h, 24B4A3A6h
dd 0BAD03605h, 0CDD70693h, 54DE5729h, 23D967BFh
dd 0B3667A2Eh, 0C4614AB8h, 5D681B02h, 2A6F2B94h
dd 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
;---------------------------------------------------------------------------
GenKey proc
push ebp
push 64h
push offset UserName
push IDC_NAME
push [_hDlg]
call GetDlgItemTextA
test eax, eax
jz ExitProc0
mov [NameLen], eax
mov [Old_ESP], esp
mov esp, 12345678h
mov esi, 23456789h
mov edi, 34567890h
mov ecx, [NameLen]
mov ebp, offset UserName
name_iteration:
mov eax, esp
xor al, [ebp]
movzx ebx, al
shr esp, 8
xor esp, [MagicTable+ebx*4]
mov eax, esp
and eax, 0ffh
add eax, esi
mov edx, 08088405h
mul edx
inc eax
mov esi, eax
shr eax, 24
xor eax, edi
movzx ebx, al
shr edi, 8
xor edi, [MagicTable+ebx*4]
inc ebp
loop name_iteration
mov [Seed], esp
mov [Seed+4], esi
mov [Seed+8], edi
mov dword ptr [Serial], 0
brute_force:
mov eax, [Serial]
mov [RegCode], eax
mov dword ptr [RegCode+4], 00000000h
mov dword ptr [RegCode+8], 00000000h
mov esp, [Seed]
mov esi, [Seed+4]
mov edi, [Seed+8]
mov ecx, 0Ch
mov ebp, offset RegCode
serial_iteration:
mov eax, esp
xor al, [ebp]
movzx ebx, al
shr esp, 8
xor esp, [MagicTable+ebx*4]
mov eax, esp
and eax, 0ffh
add eax, esi
mov edx, 08088405h
mul edx
inc eax
mov esi, eax
shr eax, 24
xor eax, edi
movzx ebx, al
shr edi, 8
xor edi, [MagicTable+ebx*4]
inc ebp
loop serial_iteration
; mov eax, [Serial]
; xor edx, edx
; mov ebx, 10000
; div ebx
; test edx, edx
; jnz continue
; mov [temp], esp
; mov esp, [Old_ESP]
; pushad
; push [Serial]
; push offset StringFormat
; push offset RegCodeString
; call _wsprintfA
; add esp, 12
; push offset RegCodeString
; push IDC_KEY
; push [_hDlg]
; call SetDlgItemTextA
; popad
; mov esp, [temp]
continue:
test edi, edi
jz serial_found
dec dword ptr [Serial]
jnz brute_force
jmp not_found
serial_found:
mov esp, [Old_ESP]
push [Serial]
push offset StringFormat
push offset RegCodeString
call _wsprintfA
add esp, 12
push offset RegCodeString
jmp DisplayResult
not_found:
mov esp, [Old_ESP]
push offset NotFound
DisplayResult:
push IDC_KEY
push [_hDlg]
call SetDlgItemTextA
ExitProc0:
pop ebp
ret
GenKey endp
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>