吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 9180|回复: 19
收起左侧

[原创] 160个CM之21——算法分析及注册机

[复制链接]
肥牛 发表于 2017-6-15 00:21
本帖最后由 肥牛 于 2017-6-15 00:31 编辑

昨天看帖子,CM52那篇帖子只做了爆破,没有分析算法,所以想着是不是我把算法做出来。结果做到一半儿的时候突然想,何必呢,人家都没做,我干嘛去做?换一个吧!
今天中午午休期间,就从160个CM里随便就找了一个21(Cabeca.exe),正好是我熟悉的DELPHI做的,就用它吧。
不过做完了,说实话,这个CM太简单了。不知道为什么没有给评难度分,我觉得能给评一星就不错了。但是反过来想,这个CM倒是特别适合新手练习。
程序运行,在中文环境下,窗口显示不全,需要鼠标拉动窗体才能显示全。
如果输入不全的情况下,会有如下提示:
1.png
注册码输入不正确的情况下,有如下提示:
2.png
好了,那我们就开始破解了。首先还是先查一下程序有没有壳(好像160里面基础的CM都没有加壳),其实查壳还有一个目的,就是能看出来这个程序是用什么语言写的,我们就可以对症下药了。
3.png
显示是无壳的,而且是用DELPHI写的。那就好办了。对于DELPHI写的程序,我的习惯是先用DeDe或者IDR分析代码,分析不明白的时候再上OD跟踪调试。
用IDR加载Cabeca.exe,发现它只有两个事件。首先看try按钮的点击事件:
[Asm] 纯文本查看 复制代码
Unit1.TForm1.Button1Click
0042D3C4        push        ebp
0042D3C5        mov         ebp,esp
0042D3C7        xor         ecx,ecx
0042D3C9        push        ecx
0042D3CA        push        ecx
0042D3CB        push        ecx
0042D3CC        push        ecx
0042D3CD        push        ebx
0042D3CE        mov         ebx,eax
0042D3D0        xor         eax,eax
0042D3D2        push        ebp
0042D3D3        push        42D5AD
0042D3D8        push        dword ptr fs:[eax]
0042D3DB        mov         dword ptr fs:[eax],esp
0042D3DE        cmp         dword ptr ds:[42F714],0;变量A
0042D3E5>       je          0042D42C
0042D3E7        cmp         dword ptr ds:[42F718],0;变量B
0042D3EE>       je          0042D42C
0042D3F0        lea         edx,[ebp-4]
0042D3F3        mov         eax,dword ptr [ebx+1E0];TForm1.Edit1:TEdit
0042D3F9        call        TControl.GetText
0042D3FE        cmp         dword ptr [ebp-4],0		//判断Edit1也就是用户名是否为空
0042D402>       je          0042D42C
0042D404        lea         edx,[ebp-8]
0042D407        mov         eax,dword ptr [ebx+1E4];TForm1.Edit2:TEdit
0042D40D        call        TControl.GetText
0042D412        cmp         dword ptr [ebp-8],0		//判断Edit2也就是第一个注册码是否为空
0042D416>       je          0042D42C
0042D418        lea         edx,[ebp-0C]
0042D41B        mov         eax,dword ptr [ebx+1EC];TForm1.Edit3:TEdit
0042D421        call        TControl.GetText
0042D426        cmp         dword ptr [ebp-0C],0	//判断Edit3也就是第二个注册码是否为空
0042D42A>       jne         0042D470
0042D42C        mov         eax,42D5C4;'Fill all boxes first dumb!'
0042D431        call        ShowMessage			//跳出错误提示
0042D436        xor         eax,eax
0042D438        mov         [0042F714],eax;变量A
0042D43D        xor         eax,eax
0042D43F        mov         [0042F718],eax;变量B
0042D444        xor         edx,edx
0042D446        mov         eax,dword ptr [ebx+1E0];TForm1.Edit1:TEdit
0042D44C        call        TControl.SetText
0042D451        xor         edx,edx
0042D453        mov         eax,dword ptr [ebx+1E4];TForm1.Edit2:TEdit
0042D459        call        TControl.SetText
0042D45E        xor         edx,edx
0042D460        mov         eax,dword ptr [ebx+1EC];TForm1.Edit3:TEdit
0042D466        call        TControl.SetText		//以上代码是把三个输入框的内容清空
0042D46B>       jmp         0042D58A
0042D470        cmp         dword ptr ds:[42F714],0;变量A
0042D477>       je          0042D4E5
0042D479        cmp         dword ptr ds:[42F718],0;变量B
0042D480>       je          0042D4E5
0042D482        lea         edx,[ebp-10]
0042D485        mov         eax,[0042F714];变量A
0042D48A        call        IntToStr			//整数转字符串
0042D48F        mov         eax,dword ptr [ebp-10]
0042D492        push        eax
0042D493        lea         edx,[ebp-4]
0042D496        mov         eax,dword ptr [ebx+1E4];TForm1.Edit2:TEdit
0042D49C        call        TControl.GetText		//取第一个注册码
0042D4A1        mov         edx,dword ptr [ebp-4]
0042D4A4        pop         eax
0042D4A5        call        @LStrCmp			//字符串比较
0042D4AA>       jne         0042D4E5
0042D4AC        lea         edx,[ebp-10]
0042D4AF        mov         eax,[0042F718];变量B
0042D4B4        call        IntToStr			//整数转字符串
0042D4B9        mov         eax,dword ptr [ebp-10]
0042D4BC        push        eax
0042D4BD        lea         edx,[ebp-4]
0042D4C0        mov         eax,dword ptr [ebx+1EC];TForm1.Edit3:TEdit
0042D4C6        call        TControl.GetText		//去第二个注册码
0042D4CB        mov         edx,dword ptr [ebp-4]
0042D4CE        pop         eax
0042D4CF        call        @LStrCmp			//字符串比较
0042D4D4>       jne         0042D4E5
0042D4D6        mov         eax,42D5E8;'Hmmm.... Cracked... Congratulations idiot! :-)'
0042D4DB        call        ShowMessage			//成功提示
0042D4E0>       jmp         0042D58A
0042D4E5        cmp         dword ptr ds:[42F714],0;变量A
0042D4EC>       je          0042D521
0042D4EE        cmp         dword ptr ds:[42F718],0;变量B
0042D4F5>       je          0042D521
0042D4F7        lea         edx,[ebp-10]
0042D4FA        mov         eax,[0042F714];变量A
0042D4FF        call        IntToStr
0042D504        mov         eax,dword ptr [ebp-10]
0042D507        push        eax
0042D508        lea         edx,[ebp-4]
0042D50B        mov         eax,dword ptr [ebx+1E4];TForm1.Edit2:TEdit
0042D511        call        TControl.GetText
0042D516        mov         edx,dword ptr [ebp-4]
0042D519        pop         eax
0042D51A        call        @LStrCmp
0042D51F>       jne         0042D54B
0042D521        lea         edx,[ebp-10]
0042D524        mov         eax,[0042F718];变量B
0042D529        call        IntToStr
0042D52E        mov         eax,dword ptr [ebp-10]
0042D531        push        eax
0042D532        lea         edx,[ebp-4]
0042D535        mov         eax,dword ptr [ebx+1EC];TForm1.Edit3:TEdit
0042D53B        call        TControl.GetText
0042D540        mov         edx,dword ptr [ebp-4]
0042D543        pop         eax
0042D544        call        @LStrCmp
0042D549>       je          0042D58A
0042D54B        mov         eax,42D620;'Nice try... but is incorrect... Dumb..'
0042D550        call        ShowMessage
0042D555        xor         eax,eax
0042D557        mov         [0042F714],eax;变量A
0042D55C        xor         eax,eax
0042D55E        mov         [0042F718],eax;变量B
0042D563        xor         edx,edx
0042D565        mov         eax,dword ptr [ebx+1E0];TForm1.Edit1:TEdit
0042D56B        call        TControl.SetText
0042D570        xor         edx,edx
0042D572        mov         eax,dword ptr [ebx+1E4];TForm1.Edit2:TEdit
0042D578        call        TControl.SetText
0042D57D        xor         edx,edx
0042D57F        mov         eax,dword ptr [ebx+1EC];TForm1.Edit3:TEdit
0042D585        call        TControl.SetText
0042D58A        xor         eax,eax
0042D58C        pop         edx
0042D58D        pop         ecx
0042D58E        pop         ecx
0042D58F        mov         dword ptr fs:[eax],edx
0042D592        push        42D5B4
0042D597        lea         eax,[ebp-10]
0042D59A        call        @LStrClr
0042D59F        lea         eax,[ebp-0C]
0042D5A2        mov         edx,3
0042D5A7        call        @LStrArrayClr
0042D5AC        ret
0042D5AD>       jmp         @HandleFinally
0042D5B2>       jmp         0042D597
0042D5B4        pop         ebx
0042D5B5        mov         esp,ebp
0042D5B7        pop         ebp
0042D5B8        ret
说实话,我看这段代码简直有些吃惊,这也太简单了,简单的一塌糊涂,一眼就看明白是咋回事了。
变量A的值转字符串后与输入的第一个注册码相比,变量B的值转字符串后与输入的第二个注册码相比。是的,就这么简单。
到这里,想爆破的同学也很容易看出在哪两个点进行修改就可以完成爆破了吧?我就不说了,这个太小儿科了。
可是变量A和变量B是什么呢?从哪里来的?
(注:变量A和变量B是我改的备注,原来的名字是gvar_0042F714和gvar_0042F718)
我前面说了,这个程序一共只有两个事件,我们去看另一个事件。这个事件是Edit1KeyPress,也就是注册名输入框的按键按下事件,每输入一个字符都会触发这个事件:
[Asm] 纯文本查看 复制代码
Unit1.TForm1.Edit1KeyPress
0042CE30        xor         edx,edx                        //清空EDX
0042CE32        mov         dl,byte ptr [ecx]                //按键的ASCII放到DX的低位字节,因为EDX=0,所以相当于把这个ASCII存入EDX
0042CE34        add         edx,0FFFFFFF8                //EDX=EDX-8
0042CE37        cmp         edx,72                        //判断EDX是不是十进制的114。因为前面是减了8,所以原始值应该是122,也就是字符'z'
0042CE3A>       ja          0042D3C0                        //如果大于则直接跳转结束
0042CE40        mov         dl,byte ptr [edx+42CE4D]        //这里很关键,需要大家计算一下了,比如我们输入的是大写字母A,它的ASCII码是0x41,
                                                                                         //减去8以后得0x39,那么0x39+0x42CE4D=0x42CE86,往下找,0042CE86对应的是27
                                                                                         //(在IDR里显示的是16进制的1B,复制出来变成10进制的27了),再把27存到EDX中
0042CE46        jmp         dword ptr [edx*4+42CEC0]        //27(10进制)=1B(16进制),0x1B*4+0x42CEC0=0x42CF2C。0042CF2C对应的是0042D186,跳转到这个地址
0042CE4D        db          53
0042CE4E        db          0
0042CE4F        db          0
0042CE50        db          0
0042CE51        db          0
0042CE52        db          0
0042CE53        db          0
0042CE54        db          0
0042CE55        db          0
0042CE56        db          0
0042CE57        db          0
0042CE58        db          0
0042CE59        db          0
0042CE5A        db          0
0042CE5B        db          0
0042CE5C        db          0
0042CE5D        db          0
0042CE5E        db          0
0042CE5F        db          0
0042CE60        db          0
0042CE61        db          0
0042CE62        db          0
0042CE63        db          0
0042CE64        db          0
0042CE65        db          0
0042CE66        db          0
0042CE67        db          0
0042CE68        db          0
0042CE69        db          0
0042CE6A        db          0
0042CE6B        db          0
0042CE6C        db          0
0042CE6D        db          0
0042CE6E        db          0
0042CE6F        db          0
0042CE70        db          0
0042CE71        db          0
0042CE72        db          0
0042CE73        db          0
0042CE74        db          0
0042CE75        db          0
0042CE76        db          0
0042CE77        db          0
0042CE78        db          0
0042CE79        db          0
0042CE7A        db          0
0042CE7B        db          0
0042CE7C        db          0
0042CE7D        db          0
0042CE7E        db          0
0042CE7F        db          0
0042CE80        db          0
0042CE81        db          0
0042CE82        db          0
0042CE83        db          0
0042CE84        db          0
0042CE85        db          0
0042CE86        db          27
0042CE87        db          28
0042CE88        db          29
0042CE89        db          30
0042CE8A        db          31
0042CE8B        db          32
0042CE8C        db          33
0042CE8D        db          34
0042CE8E        db          35
0042CE8F        db          36
0042CE90        db          37
0042CE91        db          38
0042CE92        db          39
0042CE93        db          40
0042CE94        db          41
0042CE95        db          42
0042CE96        db          43
0042CE97        db          44
0042CE98        db          45
0042CE99        db          46
0042CE9A        db          47
0042CE9B        db          48
0042CE9C        db          50
0042CE9D        db          49
0042CE9E        db          51
0042CE9F        db          52
0042CEA0        db          0
0042CEA1        db          0
0042CEA2        db          0
0042CEA3        db          0
0042CEA4        db          0
0042CEA5        db          0
0042CEA6        db          1
0042CEA7        db          2
0042CEA8        db          3
0042CEA9        db          4
0042CEAA        db          5
0042CEAB        db          6
0042CEAC        db          7
0042CEAD        db          8
0042CEAE        db          9
0042CEAF        db          10
0042CEB0        db          11
0042CEB1        db          12
0042CEB2        db          13
0042CEB3        db          14
0042CEB4        db          15
0042CEB5        db          16
0042CEB6        db          17
0042CEB7        db          18
0042CEB8        db          19
0042CEB9        db          20
0042CEBA        db          21
0042CEBB        db          22
0042CEBC        db          24
0042CEBD        db          23
0042CEBE        db          25
0042CEBF        db          26
0042CEC0        dd          0042D3C0
0042CEC4        dd          0042CF98
0042CEC8        dd          0042CFAA
0042CECC        dd          0042CFBC
0042CED0        dd          0042CFD1
0042CED4        dd          0042CFE6
0042CED8        dd          0042CFF8
0042CEDC        dd          0042D00A
0042CEE0        dd          0042D01C
0042CEE4        dd          0042D02E
0042CEE8        dd          0042D040
0042CEEC        dd          0042D055
0042CEF0        dd          0042D067
0042CEF4        dd          0042D07C
0042CEF8        dd          0042D08E
0042CEFC        dd          0042D0A0
0042CF00        dd          0042D0B5
0042CF04        dd          0042D0CA
0042CF08        dd          0042D0DF
0042CF0C        dd          0042D0F4
0042CF10        dd          0042D105
0042CF14        dd          0042D117
0042CF18        dd          0042D129
0042CF1C        dd          0042D13B
0042CF20        dd          0042D14D
0042CF24        dd          0042D15F
0042CF28        dd          0042D171
0042CF2C        dd          0042D186
0042CF30        dd          0042D19B
0042CF34        dd          0042D1AD
0042CF38        dd          0042D1C2
0042CF3C        dd          0042D1D7
0042CF40        dd          0042D1EC
0042CF44        dd          0042D201
0042CF48        dd          0042D216
0042CF4C        dd          0042D22B
0042CF50        dd          0042D240
0042CF54        dd          0042D255
0042CF58        dd          0042D26A
0042CF5C        dd          0042D27F
0042CF60        dd          0042D294
0042CF64        dd          0042D2A9
0042CF68        dd          0042D2BE
0042CF6C        dd          0042D2D3
0042CF70        dd          0042D2E8
0042CF74        dd          0042D2FD
0042CF78        dd          0042D312
0042CF7C        dd          0042D327
0042CF80        dd          0042D33C
0042CF84        dd          0042D351
0042CF88        dd          0042D366
0042CF8C        dd          0042D37B
0042CF90        dd          0042D390
0042CF94        dd          0042D3A5
0042CF98        add         dword ptr ds:[42F714],427;变量A
0042CFA2        add         dword ptr ds:[42F718],79;变量B
0042CFA9        ret
0042CFAA        add         dword ptr ds:[42F714],6BC;变量A
0042CFB4        add         dword ptr ds:[42F718],6F;变量B
0042CFBB        ret
0042CFBC        add         dword ptr ds:[42F714],491;变量A
0042CFC6        add         dword ptr ds:[42F718],2E2;变量B
0042CFD0        ret
0042CFD1        add         dword ptr ds:[42F714],474D;变量A
0042CFDB        add         dword ptr ds:[42F718],2FA;变量B
0042CFE5        ret
0042CFE6        add         dword ptr ds:[42F714],400;变量A
0042CFF0        add         dword ptr ds:[42F718],0E;变量B
0042CFF7        ret
0042CFF8        add         dword ptr ds:[42F714],6D0;变量A
0042D002        add         dword ptr ds:[42F718],0D;变量B
0042D009        ret
0042D00A        add         dword ptr ds:[42F714],67D;变量A
0042D014        add         dword ptr ds:[42F718],0C;变量B
0042D01B        ret
0042D01C        add         dword ptr ds:[42F714],750;变量A
0042D026        add         dword ptr ds:[42F718],0B;变量B
0042D02D        ret
0042D02E        add         dword ptr ds:[42F714],43C;变量A
0042D038        add         dword ptr ds:[42F718],63;变量B
0042D03F        ret
0042D040        add         dword ptr ds:[42F714],764;变量A
0042D04A        add         dword ptr ds:[42F718],378;变量B
0042D054        ret
0042D055        add         dword ptr ds:[42F714],0C0;变量A
0042D05F        add         dword ptr ds:[42F718],4D;变量B
0042D066        ret
0042D067        add         dword ptr ds:[42F714],277D;变量A
0042D071        add         dword ptr ds:[42F718],22B;变量B
0042D07B        ret
0042D07C        add         dword ptr ds:[42F714],81E;变量A
0042D086        add         dword ptr ds:[42F718],5A;变量B
0042D08D        ret
0042D08E        add         dword ptr ds:[42F714],0E07;变量A
0042D098        add         dword ptr ds:[42F718],62;变量B
0042D09F        ret
0042D0A0        add         dword ptr ds:[42F714],8E;变量A
0042D0AA        add         dword ptr ds:[42F718],1D2C;变量B
0042D0B4        ret
0042D0B5        add         dword ptr ds:[42F714],9A670;变量A
0042D0BF        add         dword ptr ds:[42F718],8C7F3;变量B
0042D0C9        ret
0042D0CA        add         dword ptr ds:[42F714],0D57;变量A
0042D0D4        add         dword ptr ds:[42F718],288;变量B
0042D0DE        ret
0042D0DF        add         dword ptr ds:[42F714],5FEB;变量A
0042D0E9        add         dword ptr ds:[42F718],21A;变量B
0042D0F3        ret
0042D0F4        add         dword ptr ds:[42F714],8B0;变量A
0042D0FE        inc         dword ptr ds:[42F718];变量B
0042D104        ret
0042D105        add         dword ptr ds:[42F714],4BB;变量A
0042D10F        add         dword ptr ds:[42F718],40;变量B
0042D116        ret
0042D117        add         dword ptr ds:[42F714],8C2;变量A
0042D121        add         dword ptr ds:[42F718],4B;变量B
0042D128        ret
0042D129        add         dword ptr ds:[42F714],1CA6;变量A
0042D133        add         dword ptr ds:[42F718],4E;变量B
0042D13A        ret
0042D13B        add         dword ptr ds:[42F714],395;变量A
0042D145        add         dword ptr ds:[42F718],26;变量B
0042D14C        ret
0042D14D        add         dword ptr ds:[42F714],251E;变量A
0042D157        add         dword ptr ds:[42F718],5;变量B
0042D15E        ret
0042D15F        add         dword ptr ds:[42F714],2D13;变量A
0042D169        add         dword ptr ds:[42F718],8;变量B
0042D170        ret
0042D171        add         dword ptr ds:[42F714],1900;变量A
0042D17B        add         dword ptr ds:[42F718],1C8;变量B
0042D185        ret
0042D186        add         dword ptr ds:[42F714],428;变量A                //变量A=变量A+0X428
0042D190        add         dword ptr ds:[42F718],1610;变量B                //变量B=变量B+0x1610
0042D19A        ret
0042D19B        add         dword ptr ds:[42F714],0B1630;变量A
0042D1A5        add         dword ptr ds:[42F718],2;变量B
0042D1AC        ret
0042D1AD        add         dword ptr ds:[42F714],0D86;变量A
0042D1B7        add         dword ptr ds:[42F718],270F;变量B
0042D1C1        ret
0042D1C2        add         dword ptr ds:[42F714],11A4;变量A
0042D1CC        add         dword ptr ds:[42F718],46FF33C;变量B
0042D1D6        ret
0042D1D7        add         dword ptr ds:[42F714],11F0A;变量A
0042D1E1        add         dword ptr ds:[42F718],8B3C;变量B
0042D1EB        ret
0042D1EC        add         dword ptr ds:[42F714],3CC2;变量A
0042D1F6        add         dword ptr ds:[42F718],8618;变量B
0042D200        ret
0042D201        add         dword ptr ds:[42F714],3E1A8;变量A
0042D20B        add         dword ptr ds:[42F718],6C81C;变量B
0042D215        ret
0042D216        add         dword ptr ds:[42F714],91E4;变量A
0042D220        add         dword ptr ds:[42F718],27E945;变量B
0042D22A        ret
0042D22B        add         dword ptr ds:[42F714],6B42;变量A
0042D235        add         dword ptr ds:[42F718],2FC7C3;变量B
0042D23F        ret
0042D240        add         dword ptr ds:[42F714],516A4;变量A
0042D24A        add         dword ptr ds:[42F718],0B8F47C;变量B
0042D254        ret
0042D255        add         dword ptr ds:[42F714],4345A;变量A
0042D25F        add         dword ptr ds:[42F718],115C7;变量B
0042D269        ret
0042D26A        add         dword ptr ds:[42F714],1BFDD9;变量A
0042D274        add         dword ptr ds:[42F718],12B54;变量B
0042D27E        ret
0042D27F        add         dword ptr ds:[42F714],286D;变量A
0042D289        add         dword ptr ds:[42F718],0B348C;变量B
0042D293        ret
0042D294        add         dword ptr ds:[42F714],401;变量A
0042D29E        add         dword ptr ds:[42F718],357CE174;变量B
0042D2A8        ret
0042D2A9        add         dword ptr ds:[42F714],674;变量A
0042D2B3        add         dword ptr ds:[42F718],317CD7;变量B
0042D2BD        ret
0042D2BE        add         dword ptr ds:[42F714],9C;变量A
0042D2C8        add         dword ptr ds:[42F718],7DD834;变量B
0042D2D2        ret
0042D2D3        add         dword ptr ds:[42F714],156;变量A
0042D2DD        add         dword ptr ds:[42F718],39CD0;变量B
0042D2E7        ret
0042D2E8        add         dword ptr ds:[42F714],8627;变量A
0042D2F2        add         dword ptr ds:[42F718],0BF44A;变量B
0042D2FC        ret
0042D2FD        add         dword ptr ds:[42F714],748190;变量A
0042D307        add         dword ptr ds:[42F718],854686;变量B
0042D311        ret
0042D312        add         dword ptr ds:[42F714],0A568;变量A
0042D31C        add         dword ptr ds:[42F718],13220;变量B
0042D326        ret
0042D327        add         dword ptr ds:[42F714],15592;变量A
0042D331        add         dword ptr ds:[42F718],302E;变量B
0042D33B        ret
0042D33C        add         dword ptr ds:[42F714],1DD9;变量A
0042D346        add         dword ptr ds:[42F718],1C43;变量B
0042D350        ret
0042D351        add         dword ptr ds:[42F714],266A;变量A
0042D35B        add         dword ptr ds:[42F718],2BA96C08;变量B
0042D365        ret
0042D366        add         dword ptr ds:[42F714],3CC0;变量A
0042D370        add         dword ptr ds:[42F718],4EFC8;变量B
0042D37A        ret
0042D37B        add         dword ptr ds:[42F714],8311;变量A
0042D385        add         dword ptr ds:[42F718],1C46;变量B
0042D38F        ret
0042D390        add         dword ptr ds:[42F714],0CE1B;变量A
0042D39A        add         dword ptr ds:[42F718],0B1664;变量B
0042D3A4        ret
0042D3A5        xor         edx,edx
0042D3A7        mov         eax,dword ptr [eax+1E0];TForm1.Edit1:TEdit
0042D3AD        call        TControl.SetText
0042D3B2        xor         eax,eax                                //EAX=0
0042D3B4        mov         [0042F714],eax;变量A                //变量A=0
0042D3B9        xor         eax,eax
0042D3BB        mov         [0042F718],eax;变量B                //变量B=0
0042D3C0        ret

这段代码也非常简单,其实就是一个字典,用输入的字符查字典,得到两个数,分别累加到变量A和变量B中,然后在try按钮点击事件中与输入的注册码进行比对。
于是,注册机也就很容易写了。
[Delphi] 纯文本查看 复制代码
const
  Code: array[0..53, 0..1] of Integer =(($0, $0), ($427, $79),($6BC, $6F),($491,$2E2),($474D,$2FA),($400, $E),($6D0,$D),
                                        ($67D, $C),($750, $B),($43C, $63),($764, $378),($C0, $4D),($277D, $22B),
                                        ($81E, $5A),($E07, $62),($8E, $1D2C),($9A670, $8C7F3),($D57, $288),($5FEB, $21A),
                                        ($8B0, $1),($4BB, $40),($8C2, $4B),($1CA6, $4E),($395, $26),($251E, $5),
                                        ($2D13, $8),($1900, $1C8),($428, $1610),($B1630, $2),($D86, $270F),($11A4, $46FF33C),
                                        ($11F0A, $8B3C),($3CC2, $8618),($3E1A8, $6C81C),($91E4, $27E945),($6B42, $2FC7C3),
                                        ($516A4, $B8F47C),($4345A, $115C7),($1BFDD9, $12B54),($286D, $B348C),($401, $357CE174),
                                        ($674, $317CD7),($9C, $7DD834),($156, $39CD0),($8627, $BF44A),($748190, $854686),($A568, $13220),
                                        ($15592, $302E),($1DD9, $1C43),($266A, $2BA96C08),($3CC0, $4EFC8),($8311, $1C46),($CE1B, $B1664),($-2, $-2));
function TMainFrm.GetCode(C : Byte ; idx : integer): Integer;
begin
  Result :=0;
  C:= C-8;
  if C=$72 then
    Exit;
  Result :=Code[Num[C+1], idx];
end;

procedure TMainFrm.InitData;
var
  i: Integer;
begin
  Num[1]:=53;
  for i:=2 to 57 do
    Num[i] :=0;
  for i:=58 to 83 do
    Num[i] := i-31;
  Num[80] :=50;
  Num[81] :=49;
  for i:=84 to 89 do
    Num[i] :=0;
  for i:=90 to 115 do
    Num[i]:=i-89;
  Num[112] :=24;
  Num[113] :=23;
end;

procedure TMainFrm.Button1Click(Sender: PObj);
var
  i, iLen, s1, s2, r : Integer;
  str1 : string;
begin
  str1 :=Trim(edtName.Text);
  iLen :=Length(str1);
  s1 :=0;
  s2 :=0;
  for i:=1 to iLen do
  begin
    r :=GetCode(Ord(str1[i]), 0);
    if r =-2 then
      s1 :=0
    else
      s1 :=s1+r;
    r :=GetCode(Ord(str1[i]), 1);
    if r =-2 then
      s2 :=0
    else
      s2 :=s2+r;
  end;
  edtCode1.Text :=IntToStr(s1);
  edtCode2.Text :=IntToStr(s2);
end;

procedure TMainFrm.Button2Click(Sender: PObj);
begin
  Form.Close();
end;

procedure TMainFrm.KOLForm1Show(Sender: PObj);
begin
  InitData;
  edtName.Focused :=True;
end;

用注册机生成的注册码再去注册,成功!(竟然说我是白痴,可恶!)
4.png

破解这个CM21,没有使用OD,完全凭借IDR反编译,分析代码制作出了注册机。主要是因为我对DELPHI太熟悉了,其他同学可以用OD跟踪调试,一样也可以看懂的。

最后,附上这个CM21(Cabeca.exe)以及我写的注册机。
CM21.rar (148.04 KB, 下载次数: 23)

点评

算法我以后也会弄得,最近考试有点忙,sorry了!  发表于 2017-6-16 19:09

免费评分

参与人数 11威望 +1 吾爱币 +25 热心值 +11 收起 理由
hdwlx + 1 + 1 用心讨论,共获提升!
taczer + 1 + 1 热心回复!
buddama + 1 + 1 热心回复!
zhangbaida + 1 用心讨论,共获提升!
Hmily + 1 + 10 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
守护神艾丽莎 + 1 + 1 用心讨论,共获提升!
Sound + 5 + 1 已经处理,感谢您对吾爱破解论坛的支持!
pwp + 1 + 1 分析得挺详细的,就适合我等新手学习。然而一开始的代码楼主没写注释,直接.
xiaofengzi + 1 + 1 热心回复!
花瓣的淡红 + 1 + 1 热心回复!
黑龍 + 3 + 1 谢谢@Thanks!

查看全部评分

本帖被以下淘专辑推荐:

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

 楼主| 肥牛 发表于 2017-6-15 12:12
panwanpeng 发表于 2017-6-15 12:06
分析得挺详细的,就适合我等新手学习。然而一开始的代码楼主没写注释,直接从16行才写,我就不懂16行之前的 ...

其实16行之前我也不知道是什么意思,DELPHI的程序,基本上每个事件的前面一些代码,都是这样的,所以如果用DeDe打开的情况下,这些代码是在*****Try之前的,我在http://www.52pojie.cn/thread-615448-1-1.html帖子里写了,Try之前的内容可以不用看。
pwp 发表于 2017-6-15 12:16
肥牛 发表于 2017-6-15 12:12
其实16行之前我也不知道是什么意思,DELPHI的程序,基本上每个事件的前面一些代码,都是这样的,所以如果 ...

谢谢楼主百忙之中抽时间回复,我一定会努力学习的
jun57663796 发表于 2017-6-15 00:44
sayuwil 发表于 2017-6-15 00:52
非常感谢,正好学习了,。
海鷫 发表于 2017-6-15 06:39
不错不错,谢谢分享
zq3332427 发表于 2017-6-15 07:52

非常感谢,学习一下
xintian 发表于 2017-6-15 08:42
完全看不懂。
赤水断lu 发表于 2017-6-15 10:10


非常感谢,学习一下
xiaofengzi 发表于 2017-6-15 10:12
好详细,学习了,楼主66哒
瓦特蜀黍 发表于 2017-6-15 10:46
不明觉厉前排出售瓜子{:1_931:}
pwp 发表于 2017-6-15 12:06
分析得挺详细的,就适合我等新手学习。然而一开始的代码楼主没写注释,直接从16行才写,我就不懂16行之前的代码是什么意思了。怀着疑问给个评分,盼望楼主能够答复,谢谢!
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-11-25 07:49

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表