好友
阅读权限30
听众
最后登录1970-1-1
|
小黑冰
发表于 2008-8-28 09:40
来吧,算法入门连载(五)
[ 录入者:admin | 时间:2008-02-13 00:23:06 | 作者:冷血书生 | 来源:www.crack520.cn | 浏览:119次 ]
【破解日期】 2007年2月25日
【破解作者】 冷血书生
【作者邮箱】 meiyou
【作者主页】 http://www.crack520.cn
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 Arash RJ CrackMe 1.6
【下载地址】
【软件大小】 216kb
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
00418A67 mov edx,dword ptr ss:[ebp-20]
00418A6A lea ecx,dword ptr ss:[ebp-24]
00418A6D mov dword ptr ss:[ebp-20],edi
00418A70 call ebx
00418A72 lea edx,dword ptr ss:[ebp-24]
00418A75 push edx
00418A76 call CrackMe_.0041CCE0; md5(用户名)
00418A7B mov edx,eax ; eax保存结果
00418A7D lea ecx,dword ptr ss:[ebp-38]
00418A80 call ebx
00418A82 mov eax,dword ptr ds:[esi]
00418A84 push esi
00418A85 call dword ptr ds:[eax+300]
00418A8B lea ecx,dword ptr ss:[ebp-48]
00418A8E push eax
00418A8F push ecx
00418A90 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaObjSet
00418A96 mov edx,dword ptr ds:[eax]
00418A98 lea ecx,dword ptr ss:[ebp-28]
00418A9B push ecx
00418A9C push eax
00418A9D mov dword ptr ss:[ebp-190],eax
00418AA3 call dword ptr ds:[edx+A0]
00418AA9 cmp eax,edi
00418AAB fclex
00418AAD jge short CrackMe_.00418AC7
00418AAF mov edx,dword ptr ss:[ebp-190]
00418AB5 push 0A0
00418ABA push CrackMe_.00418344
00418ABF push edx
00418AC0 push eax
00418AC1 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
00418AC7 mov edx,dword ptr ss:[ebp-28]
00418ACA lea ecx,dword ptr ss:[ebp-2C]
00418ACD mov dword ptr ss:[ebp-28],edi
00418AD0 call ebx
00418AD2 lea eax,dword ptr ss:[ebp-2C]
00418AD5 push eax
00418AD6 call CrackMe_.0041CCE0
00418ADB mov edx,eax
00418ADD lea ecx,dword ptr ss:[ebp-3C]
00418AE0 call ebx
00418AE2 mov eax,dword ptr ss:[ebp-34] ; eax保存结果
00418AE5 lea ecx,dword ptr ss:[ebp-6C]
00418AE8 mov dword ptr ss:[ebp-54],eax
00418AEB push ecx
00418AEC lea edx,dword ptr ss:[ebp-5C]
00418AEF push 5
00418AF1 lea eax,dword ptr ss:[ebp-7C]
00418AF4 push edx
00418AF5 push eax
00418AF6 mov dword ptr ss:[ebp-64],6
00418AFD mov dword ptr ss:[ebp-6C],2
00418B04 mov dword ptr ss:[ebp-34],edi
00418B07 mov dword ptr ss:[ebp-5C],8
00418B0E call dword ptr ds:[<&MSVBVM60.#63>; MSVBVM60.rtcMidCharVar
00418B14 lea ecx,dword ptr ss:[ebp-7C]
00418B17 lea edx,dword ptr ss:[ebp-8C]
00418B1D push ecx
00418B1E push edx
00418B1F call dword ptr ds:[<&MSVBVM60.#51>; MSVBVM60.rtcLowerCaseVar
00418B25 mov eax,dword ptr ss:[ebp-38] ; 第一次取值到小写
00418B28 lea ecx,dword ptr ss:[ebp-9C]
00418B2E mov dword ptr ss:[ebp-94],eax
00418B34 lea eax,dword ptr ss:[ebp-AC]
00418B3A push eax
00418B3B push 2
00418B3D lea edx,dword ptr ss:[ebp-BC]
00418B43 push ecx
00418B44 push edx
00418B45 mov dword ptr ss:[ebp-A4],3
00418B4F mov dword ptr ss:[ebp-AC],2
00418B59 mov dword ptr ss:[ebp-38],edi
00418B5C mov dword ptr ss:[ebp-9C],8
00418B66 call dword ptr ds:[<&MSVBVM60.#63>; MSVBVM60.rtcMidCharVar
00418B6C lea eax,dword ptr ss:[ebp-BC]
00418B72 lea ecx,dword ptr ss:[ebp-CC]
00418B78 push eax
00418B79 push ecx
00418B7A call dword ptr ds:[<&MSVBVM60.#52>; MSVBVM60.rtcUpperCaseVar
00418B80 mov eax,dword ptr ss:[ebp-3C] ; 第二次取值到大写
00418B83 lea edx,dword ptr ss:[ebp-FC]
00418B89 mov dword ptr ss:[ebp-E4],eax
00418B8F push edx
00418B90 lea eax,dword ptr ss:[ebp-EC]
00418B96 push 7
00418B98 lea ecx,dword ptr ss:[ebp-10C]
00418B9E push eax
00418B9F push ecx
00418BA0 mov dword ptr ss:[ebp-F4],0A
00418BAA mov dword ptr ss:[ebp-FC],2
00418BB4 mov dword ptr ss:[ebp-3C],edi
00418BB7 mov dword ptr ss:[ebp-EC],8
00418BC1 call dword ptr ds:[<&MSVBVM60.#63>; MSVBVM60.rtcMidCharVar
00418BC7 lea edx,dword ptr ss:[ebp-10C]
00418BCD lea eax,dword ptr ss:[ebp-11C]
00418BD3 push edx
00418BD4 push eax
00418BD5 call dword ptr ds:[<&MSVBVM60.#51>; MSVBVM60.rtcLowerCaseVar
00418BDB mov ecx,dword ptr ds:[esi]; 第三次取值到小写
00418BDD push esi
00418BDE call dword ptr ds:[ecx+308]
00418BE4 lea edx,dword ptr ss:[ebp-4C]
00418BE7 push eax
00418BE8 push edx
00418BE9 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaObjSet
00418BEF mov ecx,dword ptr ds:[eax]
00418BF1 lea edx,dword ptr ss:[ebp-30]
00418BF4 push edx
00418BF5 push eax
00418BF6 mov dword ptr ss:[ebp-198],eax
00418BFC call dword ptr ds:[ecx+A0]
00418C02 fclex
00418C04 cmp eax,edi
00418C06 jge short CrackMe_.00418C20
00418C08 mov ecx,dword ptr ss:[ebp-198]
00418C0E push 0A0
00418C13 push CrackMe_.00418344
00418C18 push ecx
00418C19 push eax
00418C1A call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaHresultCheckObj
00418C20 mov eax,dword ptr ss:[ebp-30]
00418C23 lea edx,dword ptr ss:[ebp-8C]
00418C29 mov dword ptr ss:[ebp-134],eax
00418C2F lea eax,dword ptr ss:[ebp-CC]
00418C35 push edx
00418C36 lea ecx,dword ptr ss:[ebp-DC]
00418C3C push eax
00418C3D push ecx
00418C3E mov dword ptr ss:[ebp-30],edi
00418C41 mov dword ptr ss:[ebp-13C],8008
00418C4B call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaVarCat
00418C51 push eax
00418C52 lea edx,dword ptr ss:[ebp-11C]
00418C58 lea eax,dword ptr ss:[ebp-12C]
00418C5E push edx
00418C5F push eax
00418C60 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaVarCat
00418C66 lea ecx,dword ptr ss:[ebp-13C]
00418C6C push eax
00418C6D push ecx
00418C6E call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaVarTstEq
00418C74 mov dword ptr ss:[ebp-1A0],eax; 经典比较
00418C7A lea edx,dword ptr ss:[ebp-3C]
00418C7D lea eax,dword ptr ss:[ebp-38]
00418C80 push edx
00418C81 lea ecx,dword ptr ss:[ebp-34]
00418C84 push eax
00418C85 lea edx,dword ptr ss:[ebp-2C]
00418C88 push ecx
00418C89 lea eax,dword ptr ss:[ebp-24]
00418C8C push edx
00418C8D lea ecx,dword ptr ss:[ebp-1C]
00418C90 push eax
00418C91 push ecx
00418C92 push 6
00418C94 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeStrList
00418C9A lea edx,dword ptr ss:[ebp-4C]
00418C9D lea eax,dword ptr ss:[ebp-48]
00418CA0 push edx
00418CA1 lea ecx,dword ptr ss:[ebp-44]
00418CA4 push eax
00418CA5 lea edx,dword ptr ss:[ebp-40]
00418CA8 push ecx
00418CA9 push edx
00418CAA push 4
00418CAC call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeObjList
00418CB2 lea eax,dword ptr ss:[ebp-13C]
00418CB8 lea ecx,dword ptr ss:[ebp-12C]
00418CBE push eax
00418CBF lea edx,dword ptr ss:[ebp-11C]
00418CC5 push ecx
00418CC6 lea eax,dword ptr ss:[ebp-DC]
00418CCC push edx
00418CCD lea ecx,dword ptr ss:[ebp-10C]
00418CD3 push eax
00418CD4 lea edx,dword ptr ss:[ebp-FC]
00418CDA push ecx
00418CDB lea eax,dword ptr ss:[ebp-EC]
00418CE1 push edx
00418CE2 lea ecx,dword ptr ss:[ebp-CC]
00418CE8 push eax
00418CE9 lea edx,dword ptr ss:[ebp-8C]
00418CEF push ecx
00418CF0 lea eax,dword ptr ss:[ebp-BC]
00418CF6 push edx
00418CF7 lea ecx,dword ptr ss:[ebp-AC]
00418CFD push eax
00418CFE lea edx,dword ptr ss:[ebp-9C]
00418D04 push ecx
00418D05 lea eax,dword ptr ss:[ebp-7C]
00418D08 push edx
00418D09 lea ecx,dword ptr ss:[ebp-6C]
00418D0C push eax
00418D0D lea edx,dword ptr ss:[ebp-5C]
00418D10 push ecx
00418D11 push edx
00418D12 push 0F
00418D14 call dword ptr ds:[<&MSVBVM60.__v>; MSVBVM60.__vbaFreeVarList
00418D1A mov eax,dword ptr ds:[esi]
00418D1C add esp,70
00418D1F cmp word ptr ss:[ebp-1A0],di
00418D26 push esi
00418D27 je CrackMe_.00419424
00418D2D call dword ptr ds:[eax+300]
00418D33 lea ecx,dword ptr ss:[ebp-40]
--------------------------------------------------------------------------------
算法小结:
1, md5(用户名)=A
2, 取A的5--10位,值为小写,记为B
3, 取A的2--4位, 值为大写,记为C
4, 取A的7--16位,值为小写,记为D
5, B & C & D == > 注册码
易语言注册机源代码:
.版本 2
.支持库 dp1
.子程序 _按钮1_被单击
.局部变量 a, 文本型
.局部变量 b, 文本型
.局部变量 c, 文本型
.局部变量 d, 文本型
.局部变量 e, 文本型
.局部变量 f, 文本型
.如果 (编辑框1.内容 = “”)
信息框 (“请先输入用户号!”, 16, “提示”)
.否则
a = 取数据摘要 (到字节集 (编辑框1.内容))
b = 取文本中间 (a, 5, 6)
c = 到大写 (取文本中间 (a, 2, 3))
d = 取文本中间 (a, 7, 10)
e = b + c + d
编辑框2.内容 = 到文本 (e) |
|