支付宝自动支付程序1.1算法分析
本帖最后由 shenaset 于 2009-3-11 22:10 编辑【文章标题】: 支付宝自动支付程序1.1算法分析
【文章作者】: .........
【作者邮箱】: .........
【作者主页】: .........
【作者QQ号】: .........
【软件名称】: 支付宝自动支付程序1.1
【下载地址】: http://bbs.52pojie.cn/thread-20234-1-1.html
【作者声明】: 无聊呀无聊,好无聊
--------------------------------------------------------------------------------
【详细过程】
脱壳就不说了,很简单,算法也很简单,就我无聊
0047D92F|.53 PUSH EBX
0047D930|.56 PUSH ESI
0047D931|.8945 FC MOV DWORD PTR SS:,EAX
0047D934|.33C0 XOR EAX,EAX
0047D936|.55 PUSH EBP
0047D937|.68 92DA4700 PUSH Unpack_.0047DA92
0047D93C|.64:FF30 PUSH DWORD PTR FS:
0047D93F|.64:8920 MOV DWORD PTR FS:,ESP
0047D942|.8D45 F8 LEA EAX,DWORD PTR SS:
0047D945|.E8 BAFDFFFF CALL Unpack_.0047D704
0047D94A|.8B45 F8 MOV EAX,DWORD PTR SS: ;机器码放到EAX里
0047D94D|.E8 E269F8FF CALL Unpack_.00404334 ;取机器码位数
0047D952|.8BF0 MOV ESI,EAX ;机器码位数放到ESI里
0047D954|.85F6 TEST ESI,ESI
0047D956|.7E 29 JLE SHORT Unpack_.0047D981
0047D958|.BB 01000000 MOV EBX,1
0047D95D|>8B45 F8 /MOV EAX,DWORD PTR SS: ;机器码放到EAX里
0047D960|.0FB64418 FF |MOVZX EAX,BYTE PTR DS: ;取注册码各位ASCII码放到EAX里
0047D965|.8D53 01 |LEA EDX,DWORD PTR DS: ;从2开始递加放到EDX里
0047D968|.F7EA |IMUL EDX ;a1=AX*EDX
0047D96A|.8D55 EC |LEA EDX,DWORD PTR SS:
0047D96D|.E8 06ABF8FF |CALL Unpack_.00408478 ;#1算法(进去)
0047D972|.8B55 EC |MOV EDX,DWORD PTR SS: ;#1结果放到EDX里
0047D975|.8D45 F4 |LEA EAX,DWORD PTR SS:
0047D978|.E8 BF69F8FF |CALL Unpack_.0040433C ;#1合并
0047D97D|.43 |INC EBX
0047D97E|.4E |DEC ESI ;机器码位数递减
0047D97F|.^ 75 DC \JNZ SHORT Unpack_.0047D95D ;不相等则跳
0047D981|>8D55 E8 LEA EDX,DWORD PTR SS:
0047D984|.8B45 FC MOV EAX,DWORD PTR SS:
0047D987|.8B80 00030000 MOV EAX,DWORD PTR DS:
0047D98D|.E8 AA34FDFF CALL Unpack_.00450E3C
0047D992|.8B55 E8 MOV EDX,DWORD PTR SS:
0047D995|.8B45 F4 MOV EAX,DWORD PTR SS:
0047D998|.E8 E36AF8FF CALL Unpack_.00404480
0047D99D|.74 0F JE SHORT Unpack_.0047D9AE ;关键跳
0047D99F|.B8 A8DA4700 MOV EAX,Unpack_.0047DAA8 ;注册失败!
0047D9A4|.E8 DF4AFBFF CALL Unpack_.00432488
0047D9A9|.E9 A7000000 JMP Unpack_.0047DA55
#1
00408478/$56 PUSH ESI
00408479|.89E6 MOV ESI,ESP
0040847B|.83EC 10 SUB ESP,10
0040847E|.31C9 XOR ECX,ECX
00408480|.52 PUSH EDX
00408481|.31D2 XOR EDX,EDX
00408483|.E8 A4FFFFFF CALL Unpack_.0040842C ;#1-1算法(进去)
00408488|.89F2 MOV EDX,ESI
0040848A|.58 POP EAX
0040848B|.E8 D4BCFFFF CALL Unpack_.00404164
00408490|.83C4 10 ADD ESP,10
00408493|.5E POP ESI
00408494\.C3 RETN
#1-1
0040842C/$08C9 OR CL,CL
0040842E|.75 17 JNZ SHORT Unpack_.00408447
00408430|.09C0 OR EAX,EAX
00408432|.79 0E JNS SHORT Unpack_.00408442
00408434|.F7D8 NEG EAX
00408436|.E8 07000000 CALL Unpack_.00408442
0040843B|.B0 2D MOV AL,2D
0040843D|.41 INC ECX
0040843E|.4E DEC ESI
0040843F|.8806 MOV BYTE PTR DS:,AL
00408441|.C3 RETN
00408442|$B9 0A000000 MOV ECX,0A ;0A放到ECX里
00408447|>52 PUSH EDX
00408448|.56 PUSH ESI
00408449|>31D2 /XOR EDX,EDX ;EDX清零
0040844B|.F7F1 |DIV ECX ;a2=EAX/ECX
0040844D|.4E |DEC ESI ;ESI递减
0040844E|.80C2 30 |ADD DL,30 ;a3=a2的余数+30
00408451|.80FA 3A |CMP DL,3A ;DL与3A比较
00408454|.72 03 |JB SHORT Unpack_.00408459 ;小于则跳
00408456|.80C2 07 |ADD DL,7 ;DL+7
00408459|>8816 |MOV BYTE PTR DS:,DL
0040845B|.09C0 |OR EAX,EAX ;EAX异或
0040845D|.^ 75 EA \JNZ SHORT Unpack_.00408449 ;如果EAX为0就不跳了
0040845F|.59 POP ECX
00408460|.5A POP EDX
00408461|.29F1 SUB ECX,ESI
00408463|.29CA SUB EDX,ECX
00408465|.76 10 JBE SHORT Unpack_.00408477
00408467|.01D1 ADD ECX,EDX
00408469|.B0 30 MOV AL,30
0040846B|.29D6 SUB ESI,EDX
0040846D|.EB 03 JMP SHORT Unpack_.00408472
0040846F|>880432 /MOV BYTE PTR DS:,AL
00408472|>4A DEC EDX
00408473|.^ 75 FA \JNZ SHORT Unpack_.0040846F
00408475|.8806 MOV BYTE PTR DS:,AL
00408477\>C3 RETN
--------------------------------------------------------------------------------
【经验总结】
算法
a1=机器码各ASCII码*2(递加)
a2=a1/0A
a3=a2(余数)+30
如果大于3A则再加个7
a4=a2(整数)/OA
a5=a4(余数)+30
以此类推,直到EAX为0
再把a3,a5...转成文本
分析后发现:
注册码=机器码各ASCII码*2(递加) 再转成十进制
注册机:
--------------------------------------------------------------------------------
【版权声明】: 怎么会有版权呢,没版权
2009-3-11
-------------------------------------------------------------------------------- 很好很强大``:victory: 这么厉害哦 大大太厲害了!
下載學習. 向楼主学习,分析详细。 我的目标呢!! 牛人啊!!!!!!!!!!!!!!!!!!!!!!!! 软件不错,谢谢原创作者提供!
页:
[1]