MTV**相册8.5试用版注册-新手可以参考下
新手:bjjgq软件:MTV**相册8.5
工具:OD
先查壳,PIED: ASProtect 1.2x - 1.3x -> Alexey Solodovnikov ,在网上找了很多脚本也不成,也没有找到现成的工具,就带壳调试吧。
这只是一个试用版的,注册的时候会弹出一个对话框,要求输入用户名和注册码,随便录入一个,就会有错误的提示,F12断下来后看堆栈,然后逐步反推就可以找到关键的部分:
0085DBB0/.55 push ebp
0085DBB1|.8BEC mov ebp,esp
0085DBB3|.B9 05000000 mov ecx,5
0085DBB8|>6A 00 /push 0
0085DBBA|.6A 00 |push 0
0085DBBC|.49 |dec ecx
0085DBBD|.^ 75 F9 \jnz short MTVAlbum.0085DBB8
0085DBBF|.53 push ebx
0085DBC0|.8BD8 mov ebx,eax
0085DBC2|.33C0 xor eax,eax
0085DBC4|.55 push ebp
0085DBC5|.68 30DD8500 push MTVAlbum.0085DD30
0085DBCA|.64:FF30 push dword ptr fs:
0085DBCD|.64:8920 mov dword ptr fs:,esp
0085DBD0|.8D55 F8 lea edx,
0085DBD3|.8B83 94030000 mov eax,dword ptr ds:
0085DBD9|.E8 C6D5D1FF call MTVAlbum.0057B1A4
0085DBDE|.8B45 F8 mov eax, ;读取用户名
0085DBE1|.8D55 FC lea edx,
0085DBE4|.E8 F381BBFF call MTVAlbum.00415DDC
0085DBE9|.837D FC 00 cmp ,0 ;判断用户名是否为空
0085DBED|.0F84 E2000000 je MTVAlbum.0085DCD5
0085DBF3|.8D55 F0 lea edx,
0085DBF6|.8B83 98030000 mov eax,dword ptr ds:
0085DBFC|.E8 A3D5D1FF call MTVAlbum.0057B1A4 ;读取注册码
0085DC01|.8B45 F0 mov eax,
0085DC04|.8D55 F4 lea edx,
0085DC07|.E8 D081BBFF call MTVAlbum.00415DDC
0085DC0C|.837D F4 00 cmp ,0 ;判断码是否为空
0085DC10|.0F84 BF000000 je MTVAlbum.0085DCD5
0085DC16|.33D2 xor edx,edx
0085DC18|.8B83 9C030000 mov eax,dword ptr ds:
0085DC1E|.8B08 mov ecx,dword ptr ds:
0085DC20|.FF51 74 call dword ptr ds:
0085DC23|.8D55 E8 lea edx,
0085DC26|.8B83 98030000 mov eax,dword ptr ds:
0085DC2C|.E8 73D5D1FF call MTVAlbum.0057B1A4
0085DC31|.8B45 E8 mov eax, ;注册码
0085DC34|.8D55 EC lea edx,
0085DC37|.E8 A081BBFF call MTVAlbum.00415DDC
0085DC3C|.8B45 EC mov eax,
0085DC3F|.50 push eax
0085DC40|.8D55 E0 lea edx,
0085DC43|.8B83 94030000 mov eax,dword ptr ds:
0085DC49|.E8 56D5D1FF call MTVAlbum.0057B1A4
0085DC4E|.8B45 E0 mov eax, ;用户名
0085DC51|.8D55 E4 lea edx,
0085DC54|.E8 8381BBFF call MTVAlbum.00415DDC
0085DC59|.8B55 E4 mov edx,
0085DC5C|.8BC3 mov eax,ebx
0085DC5E|.59 pop ecx
0085DC5F|.E8 A8FCFFFF call MTVAlbum.0085D90C ;这个地方会做什么呢?见下文
0085DC64|.84C0 test al,al
0085DC66|.75 3E jnz short MTVAlbum.0085DCA6
0085DC68|.8D55 DC lea edx,
0085DC6B|.B8 48DD8500 mov eax,MTVAlbum.0085DD48 ;UNICODE "t8e3qNPDu6fD+7vy16Ky4cLro6zH68Gqz7W/qrei1d+5usLy1f3KvbDmo6E="
0085DC70|.E8 6F6BF8FF call MTVAlbum.007E47E4 ;解密上面的字符串
0085DC75|.8B45 DC mov eax,
0085DC78|.E8 E370F8FF call MTVAlbum.007E4D60
0085DC7D|.B2 01 mov dl,1
0085DC7F|.8B83 9C030000 mov eax,dword ptr ds:
0085DC85|.8B08 mov ecx,dword ptr ds:
0085DC87|.FF51 74 call dword ptr ds:
0085DC8A|.6A 01 push 1
0085DC8C|.6A 00 push 0
0085DC8E|.6A 00 push 0
0085DC90|.68 C4DD8500 push MTVAlbum.0085DDC4 ;UNICODE "http://www.fhsoft.net/buy_MTVAlbum.htm"
0085DC95|.6A 00 push 0
0085DC97|.8BC3 mov eax,ebx
0085DC99|.E8 1A1BC8FF call MTVAlbum.004DF7B8
0085DC9E|.50 push eax ; |hWnd
0085DC9F|.E8 644DC1FF call MTVAlbum.00472A08 ; \ShellExecuteW
0085DCA4|.EB 2F jmp short MTVAlbum.0085DCD5
0085DCA6|>8D55 D8 lea edx,
0085DCA9|.B8 20DE8500 mov eax,MTVAlbum.0085DE20 ;UNICODE "x+vPyLXHwr3V/cq9sObTw7unt/7O8cf4o6zPwtTY1f3KvbDmsLLXsLrz1NnXorLho6E="
0085DCAE|.E8 316BF8FF call MTVAlbum.007E47E4 ;解密上面的字符串为
0085DCB3|.8B45 D8 mov eax,
0085DCB6|.E8 A570F8FF call MTVAlbum.007E4D60 ;弹出对话框
0085DCBB|.6A 01 push 1
0085DCBD|.6A 00 push 0
0085DCBF|.6A 00 push 0
0085DCC1|.68 ACDE8500 push MTVAlbum.0085DEAC ;UNICODE "http://www.fhsoft.net/UserLogin"
0085DCC6|.6A 00 push 0
0085DCC8|.8BC3 mov eax,ebx
0085DCCA|.E8 E91AC8FF call MTVAlbum.004DF7B8
0085DCCF|.50 push eax ; |hWnd
0085DCD0|.E8 334DC1FF call MTVAlbum.00472A08 ; \ShellExecuteW
0085DCD5|>33C0 xor eax,eax
0085DCD7|.5A pop edx
0085DCD8|.59 pop ecx
0085DCD9|.59 pop ecx
0085DCDA|.64:8910 mov dword ptr fs:,edx
0085DCDD|.68 37DD8500 push MTVAlbum.0085DD37
0085DCE2|>8D45 D8 lea eax,
0085DCE5|.BA 02000000 mov edx,2
0085DCEA|.E8 719EBAFF call MTVAlbum.00407B60
0085DCEF|.8D45 E0 lea eax,
0085DCF2|.E8 619EBAFF call MTVAlbum.00407B58
0085DCF7|.8D45 E4 lea eax,
0085DCFA|.E8 599EBAFF call MTVAlbum.00407B58
0085DCFF|.8D45 E8 lea eax,
0085DD02|.E8 519EBAFF call MTVAlbum.00407B58
0085DD07|.8D45 EC lea eax,
0085DD0A|.E8 499EBAFF call MTVAlbum.00407B58
0085DD0F|.8D45 F0 lea eax,
0085DD12|.E8 419EBAFF call MTVAlbum.00407B58
0085DD17|.8D45 F4 lea eax,
0085DD1A|.E8 399EBAFF call MTVAlbum.00407B58
0085DD1F|.8D45 F8 lea eax,
0085DD22|.E8 319EBAFF call MTVAlbum.00407B58
0085DD27|.8D45 FC lea eax,
0085DD2A|.E8 299EBAFF call MTVAlbum.00407B58
0085DD2F\.C3 retn
0085DD30 .^ E9 9F84BAFF jmp MTVAlbum.004061D4
0085DD35 .^ EB AB jmp short MTVAlbum.0085DCE2
0085DD37 .5B pop ebx
0085DD38 .8BE5 mov esp,ebp
0085DD3A .5D pop ebp
0085DD3B .C3 retn
0085D90C/$55 push ebp
0085D90D|.8BEC mov ebp,esp
0085D90F|.83C4 F8 add esp,-8
0085D912|.53 push ebx
0085D913|.894D F8 mov ,ecx ;注册码
0085D916|.8955 FC mov ,edx ;用户名
0085D919|.8B45 FC mov eax,
0085D91C|.E8 2FA2BAFF call MTVAlbum.00407B50 ;修改标志位
0085D921|.8B45 F8 mov eax,
0085D924|.E8 27A2BAFF call MTVAlbum.00407B50
0085D929|.33C0 xor eax,eax
0085D92B|.55 push ebp
0085D92C|.68 95DA8500 push MTVAlbum.0085DA95
0085D931|.64:FF30 push dword ptr fs:
0085D934|.64:8920 mov dword ptr fs:,esp
0085D937|.B3 01 mov bl,1
0085D939|.837D FC 00 cmp ,0 ;比较用户名
0085D93D|.75 07 jnz short MTVAlbum.0085D946
0085D93F|.33DB xor ebx,ebx
0085D941|.E9 34010000 jmp MTVAlbum.0085DA7A
0085D946|>8B45 FC mov eax,
0085D949|.85C0 test eax,eax
0085D94B|.74 16 je short MTVAlbum.0085D963
0085D94D|.8BD0 mov edx,eax
0085D94F|.83EA 0A sub edx,0A
0085D952|.66:833A 02 cmp word ptr ds:,2 ;local.1-10=2
0085D956|.74 0B je short MTVAlbum.0085D963
0085D958|.8D45 FC lea eax,
0085D95B|.8B55 FC mov edx,
0085D95E|.E8 6593BAFF call MTVAlbum.00406CC8
0085D963|>85C0 test eax,eax
0085D965|.74 05 je short MTVAlbum.0085D96C
0085D967|.83E8 04 sub eax,4
0085D96A|.8B00 mov eax,dword ptr ds:
0085D96C|>83F8 06 cmp eax,6 ;用户名长度是否为6
0085D96F|.7D 04 jge short MTVAlbum.0085D975
0085D971|.B0 01 mov al,1
0085D973|.EB 24 jmp short MTVAlbum.0085D999
0085D975|>8B45 FC mov eax,
0085D978|.85C0 test eax,eax
0085D97A|.74 16 je short MTVAlbum.0085D992
0085D97C|.8BD0 mov edx,eax
0085D97E|.83EA 0A sub edx,0A
0085D981|.66:833A 02 cmp word ptr ds:,2
0085D985|.74 0B je short MTVAlbum.0085D992
0085D987|.8D45 FC lea eax,
0085D98A|.8B55 FC mov edx,
0085D98D|.E8 3693BAFF call MTVAlbum.00406CC8
0085D992|>66:8338 55 cmp word ptr ds:,55 ;用户名是否以U开头
0085D996|.0F95C0 setne al
0085D999|>84C0 test al,al
0085D99B|.74 04 je short MTVAlbum.0085D9A1
0085D99D|.B0 01 mov al,1
0085D99F|.EB 3A jmp short MTVAlbum.0085D9DB
0085D9A1|>8B45 FC mov eax,
0085D9A4|.85C0 test eax,eax
0085D9A6|.74 16 je short MTVAlbum.0085D9BE
0085D9A8|.8BD0 mov edx,eax
0085D9AA|.83EA 0A sub edx,0A
0085D9AD|.66:833A 02 cmp word ptr ds:,2
0085D9B1|.74 0B je short MTVAlbum.0085D9BE
0085D9B3|.8D45 FC lea eax,
0085D9B6|.8B55 FC mov edx,
0085D9B9|.E8 0A93BAFF call MTVAlbum.00406CC8
0085D9BE|>85C0 test eax,eax
0085D9C0|.74 05 je short MTVAlbum.0085D9C7
0085D9C2|.83E8 04 sub eax,4
0085D9C5|.8B00 mov eax,dword ptr ds:
0085D9C7|>8B55 FC mov edx,
0085D9CA|.0FB74442 FE movzx eax,word ptr ds:
0085D9CF|.83C0 D0 add eax,-30
0085D9D2|.66:83E8 0A sub ax,0A
0085D9D6|.0F92C0 setb al
0085D9D9|.34 01 xor al,1
0085D9DB|>84C0 test al,al ;判断最后一位是否为数字
0085D9DD|.74 07 je short MTVAlbum.0085D9E6
0085D9DF|.33DB xor ebx,ebx
0085D9E1|.E9 94000000 jmp MTVAlbum.0085DA7A
0085D9E6|>837D F8 00 cmp ,0 ;开始检验注册码
0085D9EA|.75 07 jnz short MTVAlbum.0085D9F3
0085D9EC|.33DB xor ebx,ebx
0085D9EE|.E9 87000000 jmp MTVAlbum.0085DA7A
0085D9F3|>8B45 F8 mov eax,
0085D9F6|.85C0 test eax,eax
0085D9F8|.74 16 je short MTVAlbum.0085DA10
0085D9FA|.8BD0 mov edx,eax
0085D9FC|.83EA 0A sub edx,0A
0085D9FF|.66:833A 02 cmp word ptr ds:,2
0085DA03|.74 0B je short MTVAlbum.0085DA10
0085DA05|.8D45 F8 lea eax,
0085DA08|.8B55 F8 mov edx,
0085DA0B|.E8 B892BAFF call MTVAlbum.00406CC8
0085DA10|>85C0 test eax,eax
0085DA12|.74 05 je short MTVAlbum.0085DA19
0085DA14|.83E8 04 sub eax,4
0085DA17|.8B00 mov eax,dword ptr ds:
0085DA19|>83F8 17 cmp eax,17 ;位数是23位就对了
0085DA1C|.74 04 je short MTVAlbum.0085DA22
0085DA1E|.B0 01 mov al,1
0085DA20|.EB 25 jmp short MTVAlbum.0085DA47
0085DA22|>8B45 F8 mov eax,
0085DA25|.85C0 test eax,eax
0085DA27|.74 16 je short MTVAlbum.0085DA3F
0085DA29|.8BD0 mov edx,eax
0085DA2B|.83EA 0A sub edx,0A
0085DA2E|.66:833A 02 cmp word ptr ds:,2
0085DA32|.74 0B je short MTVAlbum.0085DA3F
0085DA34|.8D45 F8 lea eax,
0085DA37|.8B55 F8 mov edx,
0085DA3A|.E8 8992BAFF call MTVAlbum.00406CC8
0085DA3F|>66:8378 0A 2D cmp word ptr ds:,2D ;第6位是‘-’
0085DA44|.0F95C0 setne al
0085DA47|>84C0 test al,al
0085DA49|.74 04 je short MTVAlbum.0085DA4F
0085DA4B|.B0 01 mov al,1
0085DA4D|.EB 25 jmp short MTVAlbum.0085DA74
0085DA4F|>8B45 F8 mov eax,
0085DA52|.85C0 test eax,eax
0085DA54|.74 16 je short MTVAlbum.0085DA6C
0085DA56|.8BD0 mov edx,eax
0085DA58|.83EA 0A sub edx,0A
0085DA5B|.66:833A 02 cmp word ptr ds:,2
0085DA5F|.74 0B je short MTVAlbum.0085DA6C
0085DA61|.8D45 F8 lea eax,
0085DA64|.8B55 F8 mov edx,
0085DA67|.E8 5C92BAFF call MTVAlbum.00406CC8
0085DA6C|>66:8378 16 2D cmp word ptr ds:,2D ;第12位是‘-’
0085DA71|.0F95C0 setne al
0085DA74|>84C0 test al,al
0085DA76|.74 02 je short MTVAlbum.0085DA7A
0085DA78|.33DB xor ebx,ebx
0085DA7A|>33C0 xor eax,eax
0085DA7C|.5A pop edx
0085DA7D|.59 pop ecx
0085DA7E|.59 pop ecx
0085DA7F|.64:8910 mov dword ptr fs:,edx
0085DA82|.68 9CDA8500 push MTVAlbum.0085DA9C
0085DA87|>8D45 F8 lea eax,
0085DA8A|.BA 02000000 mov edx,2
0085DA8F|.E8 CCA0BAFF call MTVAlbum.00407B60
0085DA94\.C3 retn
0085DA95 .^ E9 3A87BAFF jmp MTVAlbum.004061D4
0085DA9A .^ EB EB jmp short MTVAlbum.0085DA87
0085DA9C .8BC3 mov eax,ebx
0085DA9E .5B pop ebx
0085DA9F .59 pop ecx
0085DAA0 .59 pop ecx
0085DAA1 .5D pop ebp
0085DAA2 .C3 retn
用户名:U12345
注册码:15215-61981-98191-11981
规则是这样的:用户名6位,要以U开头,以数字结尾;注册码共23位,每5位中间有一个‘-’分隔,但程序运行到这里只是对用户名和注册码做了简单的判断,并不是正直对的,需要注册的还要在网上进行检验,提示:“请先登陆正式版用户服务区,下载正式版安装后再注册”
下面这段是对一段特殊的字符串进行解密的
007E4738/$55 push ebp
007E4739|.8BEC mov ebp,esp
007E473B|.83C4 F4 add esp,-0C
007E473E|.56 push esi
007E473F|.57 push edi
007E4740|.894D F8 mov ,ecx
007E4743|.85D2 test edx,edx
007E4745|.76 68 jbe short MTVAlbum.007E47AF
007E4747|.8BF8 mov edi,eax
007E4749|.03D7 add edx,edi
007E474B|.8955 F4 mov ,edx
007E474E|.8B55 F8 mov edx,
007E4751|.8B45 0C mov eax,
007E4754|.8B00 mov eax,dword ptr ds:
007E4756|.8B75 08 mov esi,
007E4759|.8B36 mov esi,dword ptr ds:
007E475B|.3B7D F4 cmp edi,
007E475E|.74 3A je short MTVAlbum.007E479A
007E4760|>0FB60F /movzx ecx,byte ptr ds:
007E4763|.8B0C8D 40018B>|mov ecx,dword ptr ds:
007E476A|.47 |inc edi
007E476B|.81F9 FF000000 |cmp ecx,0FF
007E4771|.74 22 |je short MTVAlbum.007E4795
007E4773|.C1E0 06 |shl eax,6
007E4776|.0BC1 |or eax,ecx
007E4778|.4E |dec esi
007E4779|.85F6 |test esi,esi
007E477B|.75 18 |jnz short MTVAlbum.007E4795
007E477D|.8842 02 |mov byte ptr ds:,al
007E4780|.C1E8 08 |shr eax,8
007E4783|.8842 01 |mov byte ptr ds:,al
007E4786|.C1E8 08 |shr eax,8
007E4789|.8802 |mov byte ptr ds:,al
007E478B|.33C0 |xor eax,eax
007E478D|.83C2 03 |add edx,3
007E4790|.BE 04000000 |mov esi,4
007E4795|>3B7D F4 |cmp edi,
007E4798|.^ 75 C6 \jnz short MTVAlbum.007E4760
007E479A|>8B4D 0C mov ecx,
007E479D|.8901 mov dword ptr ds:,eax
007E479F|.8B45 08 mov eax,
007E47A2|.8930 mov dword ptr ds:,esi
007E47A4|.8B45 F8 mov eax,
007E47A7|.50 push eax
007E47A8|.8BC2 mov eax,edx
007E47AA|.5A pop edx
007E47AB|.2BC2 sub eax,edx
007E47AD|.EB 02 jmp short MTVAlbum.007E47B1
007E47AF|>33C0 xor eax,eax
007E47B1|>5F pop edi
007E47B2|.5E pop esi
007E47B3|.8BE5 mov esp,ebp
007E47B5|.5D pop ebp
007E47B6\.C2 0800 retn 8
例如本程序中就是把"x+vPyLXHwr3V/cq9sObTw7unt/7O8cf4o6zPwtTY1f3KvbDmsLLXsLrz1NnXorLho6E="解密成:请先登陆正式版用户服务区,下载正式版安装后再注册
这个软件不好用,简单的编辑功能都没有,会声会影强大多了 谢谢楼主无私奉献 这是干嘛用的 这是干嘛用的 我是小白 不可耻 光荣路过{:1_907:} 学习了啊教程很详细啊 !谢谢楼主! 应一个朋友的要求,所以就试着破了一下,结果发现没那么简单
至于它有什么样的功能我还真不太了解 学习一下 先回复,后下载
页:
[1]
2