易速仓库管理系统(单机版) 1.38注册算法简单分析(新手入门,高手飘过)
本帖最后由 asmstock 于 2011-10-9 15:52 编辑【文章标题】: 易速仓库管理系统(单机版) 1.38注册算法简单分析【文章作者】: asmstock【软件名称】: 易速仓库管理系统(单机版) 1.38【下载地址】: 自己搜索下载
【加壳方式】: 无
【保护方式】: 注册码
【编写语言】: Delphi
【使用工具】: OD peid
【操作平台】: XP SP3
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!--------------------------------------------------------------------------------启动程序,程序未注册会显示提示注册的对话框:点注册按钮弹出注册对话框,输入假码,点注册按钮弹出注册码错误提示框:用peid对主程序
查壳,显示 Borland Delphi 6.0 - 7.0 ,无壳,是Delphi编写的。用od载入主程序F9运行,查找注册码失败的字符串,找到后定位如下代码:006890B6
push ebp006890B7
push cangku.006891F5006890BC
push dword ptr fs:006890BF
mov dword ptr fs:,esp006890C2
mov eax,dword ptr ss:006890C5
call cangku.00689388
006890CA
test al,al006890CC
je cangku.006891AD
//跳向注册失败006890D2
xor eax,eax006890D4
push ebp006890D5
push cangku.00689191006890DA
push dword ptr fs:006890DD
mov dword ptr fs:,esp006890E0
mov dl,0x1006890E2
mov eax,dword ptr ds:006890E7
call cangku.0044E478006890EC
mov ebx,eax006890EE
mov edx,0x80000002006890F3
mov eax,ebx006890F5
call cangku.0044E554006890FA
mov cl,0x1006890FC
mov edx,cangku.0068920C
;
Software\yisusoft\cangku00689101
mov eax,ebx00689103
call cangku.0044E69800689108
lea edx,dword ptr ss:0068910B
mov eax,dword ptr ss:0068910E
mov eax,dword ptr ds:00689114
call cangku.0048EED000689119
mov eax,dword ptr ss:0068911C
lea edx,dword ptr ss:0068911F
call cangku.004099E400689124
mov ecx,dword ptr ss:00689127
mov edx,cangku.00689230
;
Name
//注册成功将机器码写入注册表0068912C
mov eax,ebx0068912E
call cangku.0044EDA000689133
lea edx,dword ptr ss:00689136
mov eax,dword ptr ss:00689139
mov eax,dword ptr ds:0068913F
call cangku.0048EED000689144
mov eax,dword ptr ss:00689147
lea edx,dword ptr ss:0068914A
call cangku.004099E40068914F
mov ecx,dword ptr ss:00689152
mov edx,cangku.00689240
;
Pass
//注册成功将注册码写入注册表00689157
mov eax,ebx00689159
call cangku.0044EDA00068915E
mov eax,ebx00689160
call cangku.00403B4C00689165
push 0x4000689167
push cangku.00689248
;
软件注册0068916C
push cangku.00689254
;
注册成功,本程序所有功能限制下次启动时将被自动解除,欢迎您成为我们正式版本用户!00689171
mov eax,dword ptr ss:00689174
call cangku.0049591C00689179
push eax
; |hOwner0068917A
call <jmp.&user32.MessageBoxA>
; \MessageBoxA0068917F
mov eax,dword ptr ss:00689182
call cangku.004ACD0800689187
xor eax,eax00689189
pop edx0068918A
pop ecx0068918B
pop ecx0068918C
mov dword ptr fs:,edx0068918F
jmp short cangku.006891C700689191
jmp cangku.0040402C00689196
mov eax,dword ptr ss:00689199
call cangku.004ACD080068919E
mov eax,dword ptr ss:006891A1
call cangku.006892C8006891A6
call cangku.00404458006891AB
jmp short cangku.006891C7006891AD
push 0x40006891AF
push cangku.00689248
;
软件注册006891B4
push cangku.006892A4
;
注册失败,请检查您的注册名和注册码!006891B9
mov eax,dword ptr ss:006891BC
call cangku.0049591C006891C1
push eax
; |hOwner006891C2
call <jmp.&user32.MessageBoxA>
; \MessageBoxA006891C7
xor eax,eax006891C9
pop edx在006890C5下F2断点,输入假码,单击注册按钮,断下来,F7进入这个call,关键代码如下:(略去n行代码)006893E0
|>mov edx,006893E3
|>lea ecx,006893E6
|>mov eax,esi006893E8
|>call cangku.006894EC
//将机器码计算成注册码006893ED
|>mov edx,006893F0
|>pop eax006893F1
|>call cangku.00404E7C
//比较真假注册码006893F6
|>jnz short cangku.00689448006893F8
|>mov bl,0x1006893FA
|>lea edx,006893FD
|>mov eax,dword ptr ds:00689403
|>call cangku.0048EED000689408
|>mov eax,0068940B
|>lea edx,0068940E
|>call cangku.004099E4 F7跟进006893E8
|>call cangku.006894EC ,注册码计算详细代码如下: 006894ED
|>mov ebp,esp006894EF
|>push ecx006894F0
|>mov ecx,0x4006894F5
|>/push 0x0006894F7
|>|push 0x0006894F9
|>|dec ecx006894FA
|>\jnz short cangku.006894F5006894FC
|>push ecx006894FD
|>xchg ,ecx00689500
|>push ebx00689501
|>push esi00689502
|>push edi00689503
|>mov edi,ecx00689505
|>mov ,edx00689508
|>mov eax,0068950B
|>call cangku.00404F2000689510
|>xor eax,eax00689512
|>push ebp00689513
|>push cangku.006896AD00689518
|>push dword ptr fs:0068951B
|>mov dword ptr fs:,esp0068951E
|>mov eax,edi00689520
|>call cangku.00404A6000689525
|>mov eax,00689528
|>call cangku.00404D300068952D
|>mov esi,eax0068952F
|>test esi,esi
//esi存放的是机器码的位数00689531
|>jle short cangku.0068955900689533
|>mov ebx,0x100689538
|>/lea ecx,0068953B
|>|mov eax,0068953E
|>|movzx eax,byte ptr ds:00689543
|>|xor edx,edx00689545
|>|call cangku.00409FB80068954A
|>|mov edx,0068954D
|>|lea eax,00689550
|>|call cangku.00404D3800689555
|>|inc ebx00689556
|>|dec esi00689557
|>\jnz short cangku.00689538
//循环取机器码每位得到机器码的ASCII码字符串,例如我的机器码为:00000000000000000001,得到字符串为:303030303030303030303030303030303030303100689559
|>mov eax,0068955C
|>call cangku.00404D3000689561
|>mov esi,eax00689563
|>test esi,esi00689565
|>jle short cangku.0068959300689567
|>mov ebx,0x10068956C
|>/mov eax,0068956F
|>|call cangku.00404D3000689574
|>|sub eax,ebx00689576
|>|mov edx,00689579
|>|mov dl,byte ptr ds:0068957C
|>|lea eax,0068957F
|>|call cangku.00404C4800689584
|>|mov edx,00689587
|>|lea eax,0068958A
|>|call cangku.00404D380068958F
|>|inc ebx00689590
|>|dec esi00689591
|>\jnz short cangku.0068956C
//将得到的字符串:3030303030303030303030303030303030303031颠倒过来变成:130303030303030303030303030303030303030300689593
|>lea eax,00689596
|>push eax00689597
|>mov ecx,0x40068959C
|>mov edx,0x1006895A1
|>mov eax,006895A4
|>call cangku.00404F90
//取字符串的前4位备用(后面要用到),我的机器为1303006895A9
|>lea eax,006895AC
|>push eax006895AD
|>mov ecx,0x4006895B2
|>mov edx,0x5006895B7
|>mov eax,006895BA
|>call cangku.00404F90
//取字符串的第5位到第8位备用(后面要用到),我的机器为0303 006895BF
|>mov eax,006895C2
|>call cangku.00404D30006895C7
|>cmp eax,0x4006895CA
|>jge short cangku.006895FB006895CC
|>mov eax,006895CF
|>call cangku.00404D30006895D4
|>mov ebx,eax006895D6
|>cmp ebx,0x3006895D9
|>jg short cangku.006895FB006895DB
|>/lea ecx,006895DE
|>|mov eax,ebx006895E0
|>|shl eax,0x2006895E3
|>|xor edx,edx006895E5
|>|call cangku.00409FB8006895EA
|>|mov edx,006895ED
|>|lea eax,006895F0
|>|call cangku.00404D38006895F5
|>|inc ebx006895F6
|>|cmp ebx,0x4006895F9
|>\jnz short cangku.006895DB006895FB
|>mov eax,006895FE
|>call cangku.00404D3000689603
|>cmp eax,0x400689606
|>jge short cangku.0068963700689608
|>mov eax,0068960B
|>call cangku.00404D3000689610
|>mov ebx,eax00689612
|>cmp ebx,0x300689615
|>jg short cangku.0068963700689617
|>/lea ecx,0068961A
|>|mov eax,ebx0068961C
|>|shl eax,0x20068961F
|>|xor edx,edx00689621
|>|call cangku.00409FB800689626
|>|mov edx,00689629
|>|lea eax,0068962C
|>|call cangku.00404D3800689631
|>|inc ebx00689632
|>|cmp ebx,0x400689635
|>\jnz short cangku.0068961700689637
|>lea eax,0068963A
|>mov edx,cangku.006896C4
; 固定字符串 Canku888d66k0068963F
|>call cangku.00404AF800689644
|>lea eax,00689647
|>push eax00689648
|>mov ecx,0x40068964D
|>mov edx,0x100689652
|>mov eax,00689655
|>call cangku.00404F900068965A
|>push 0068965D
|>push cangku.006896DC
;
-00689662
|>push 00689665
|>lea eax,00689668
|>push eax00689669
|>mov ecx,0x50068966E
|>mov edx,0x500689673
|>mov eax,00689676
|>call cangku.00404F900068967B
|>push 0068967E
|>push cangku.006896DC
;
-00689683
|>push 00689686
|>mov eax,edi00689688
|>mov edx,0x60068968D
|>call cangku.00404DF000689692
|>xor eax,eax00689694
|>pop edx00689695
|>pop ecx00689696
|>pop ecx00689697
|>mov dword ptr fs:,edx0068969A
|>push cangku.006896B40068969F
|>lea eax,006896A2
|>mov edx,0xA006896A7
|>call cangku.00404A84 006896AC
\>retn最后将固定字符串 Canku888d66k和从机器码中得来的2个字符串拼成正确的注册码,例如我的注册码为:Cank-1303u888d-0303,实际上注册码计算只用到机器码的最后4位。下面给出c版的注册机:int main(){
char str;
char key;
char code;
unsigned char
temp;
int i;
int n=0;
int len;
printf("请输入机器码\n");
gets(key);
len=strlen(key);
if(len<=0)
{
return 0;
}
for( i=len-1;i>=len-4;i--)
{
temp=(unsigned char)key%16;
str=temp;
n++;
temp=((unsigned char)key)>>4;
str=temp;
n++;
}
code='C';
code='a';
code='n';
code='k';
code='-';
for( i=0;i<=3;i++)
{
code=0x30+str;
}
code='u';
code='8';
code='8';
code='8';
code='d';
code='-';
for( i=4;i<=7;i++)
{
code=0x30+str;
}
code='\0';
puts(code);
getchar();
return 0;}头文件我就不提供了,算法简单适新手玩一玩。--------------------------------------------------------------------------------
【版权声明】: 本文原创于asmstock, 转载请注明作者并保持文章的完整, 谢谢!
2011年10月9日 不错,学习一下 学习了,谢谢提供 不错,不过看着有点累~ 不错 新手学习的好教程 如果要是把排版弄好就更好了,代码可以用代码框加上,这样就会很好看了. 新手学习的好教程 楼主请重新排一下版 谢谢很多看不懂
页:
[1]
2