吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 8153|回复: 9
收起左侧

[分享] MP3超强铃声转换器破文

[复制链接]
小黑冰 发表于 2008-9-1 01:22
http://www.onlinedown.net/soft/46970.htm就是这个下载地址罗```````
感谢★明/aiq琴★兄 提供软件````

1.PEID查壳为Microsoft Visual C++ 6.0 没加壳我们可以想到什么 作者没有加壳保护程序的意识 应该好搞
2.OD载入查找ASCODE码
超级字串参考+,项目 686
地址=0043013C
反汇编=push mp3trtg.004AC1A8
文本字串=请输入您的姓名。
双击来到代码处
3.
输入我们假码
xiaoheibing
123456789
C:\Program Files\AnMing\key.dat 注册成功写入KEY文件
可以知道是KEY文件类型软件
4.
00430106push -1
00430108push mp3trtg.0047428C
0043010Dpush eax
0043010Emov dword ptr fs:[0],esp
00430115sub esp,228
0043011Bpush esi
0043011Cmov esi,ecx
0043011Epush 1
00430120call mp3trtg.004675B0 ;取注册名
00430125mov eax,dword ptr ds:[esi+5C] ;注册名到EAX
00430128push mp3trtg.004B25EC ; /Arg2 = 004B25EC
0043012Dpush eax; |Arg1
0043012Ecall mp3trtg.0044E22F ; \比较我们是否输入了注册名
00430133add esp,8
00430136test eax,eax
00430138jnz short mp3trtg.0043015C;必须跳
0043013Apush eax; /Arg3
0043013Bpush eax; |Arg2
0043013Cpush mp3trtg.004AC1A8 ; |请输入您的姓名。
00430141call mp3trtg.0046AACC ; \mp3trtg.0046AACC
00430146pop esi
00430147mov ecx,dword ptr ss:[esp+228]
0043014Emov dword ptr fs:[0],ecx
00430155add esp,234
0043015Bretn
0043015Clea ecx,dword ptr ss:[esp+10]
00430160call mp3trtg.00463F06
00430165mov eax,dword ptr ds:[4ADDC0]
0043016Amov dword ptr ss:[esp+234],0
00430175mov dword ptr ss:[esp+4],eax
00430179lea ecx,dword ptr ss:[esp+128]
00430180push 104; /BufSize = 104 (260.)
00430185push ecx; |PathBuffer
00430186push 0; |hModule = NULL
00430188mov byte ptr ss:[esp+240],1 ; |
00430190call dword ptr ds:[<&KERNEL32.GetMo>; \GetModuleFileNameA
00430196lea edx,dword ptr ss:[esp+128];应该找程序目录
0043019Dlea ecx,dword ptr ss:[esp+C]
004301A1push edx
004301A2call mp3trtg.00462BE3
004301A7push eax
004301A8lea ecx,dword ptr ss:[esp+8]
004301ACmov byte ptr ss:[esp+238],2
004301B4call mp3trtg.00462CAE
004301B9lea ecx,dword ptr ss:[esp+C]
004301BDmov byte ptr ss:[esp+234],1
004301C5call mp3trtg.00462B75
004301CApush 5C
004301CClea ecx,dword ptr ss:[esp+8]
004301D0call mp3trtg.00460593
004301D5cmp eax,-1
004301D8je short mp3trtg.0043020D ;检测注册KEY 必须跳 写入KEY
004301DAinc eax
004301DBlea ecx,dword ptr ss:[esp+4]
004301DFpush eax
004301E0lea eax,dword ptr ss:[esp+10]
004301E4push eax
004301E5call mp3trtg.0046051B
004301EApush eax
004301EBlea ecx,dword ptr ss:[esp+8]
004301EFmov byte ptr ss:[esp+238],3
004301F7call mp3trtg.00462CAE
004301FClea ecx,dword ptr ss:[esp+C]
00430200mov byte ptr ss:[esp+234],1
00430208call mp3trtg.00462B75
0043020Dpush mp3trtg.004A72D0 ;key.dat
00430212lea ecx,dword ptr ss:[esp+8]
00430216call mp3trtg.00462F51
0043021Bmov ecx,dword ptr ss:[esp+4]
0043021Fpush 0; /Arg3 = 00000000
00430221push 8001 ; |Arg2 = 00008001
00430226push ecx; |Arg1
00430227lea ecx,dword ptr ss:[esp+1C] ; |
0043022Bcall mp3trtg.00464018 ; \关键CALL
00430230test eax,eax
00430232jnz short mp3trtg.00430253
00430234mov edx,dword ptr ss:[esp+4]
00430238push eax; /Arg3
00430239push 9001 ; |Arg2 = 00009001
0043023Epush edx; |Arg1
0043023Flea ecx,dword ptr ss:[esp+1C] ; |
00430243call mp3trtg.00464018 ; \mp3trtg.00464018
00430248test eax,eax
0043024Ajnz short mp3trtg.00430253
0043024Cmov ecx,esi
0043024Ecall mp3trtg.00465163
00430253push 0
00430255lea ecx,dword ptr ss:[esp+14]
00430259call mp3trtg.004642E6
0043025Emov eax,dword ptr ds:[4AC1A0]
00430263mov cx,word ptr ds:[4AC1A4]
0043026Amov dl,byte ptr ds:[4AC1A6]
00430270mov dword ptr ss:[esp+20],eax
00430274lea eax,dword ptr ss:[esp+8]
00430278mov word ptr ss:[esp+24],cx
0043027Dpush 4; /Arg2 = 00000004
0043027Fmov byte ptr ss:[esp+2A],dl ; |
00430283push eax; |Arg1
00430284lea ecx,dword ptr ss:[esp+18] ; |
00430288mov byte ptr ss:[esp+2E],0; |
0043028Dmov dword ptr ss:[esp+10],7 ; |
00430295call mp3trtg.0046416F ; \取文件目录拉
0043029Alea ecx,dword ptr ss:[esp+20]
0043029Epush 7; /Arg2 = 00000007
004302A0push ecx; |Arg1
004302A1lea ecx,dword ptr ss:[esp+18] ; |
004302A5call mp3trtg.0046416F ; \取注册名
004302AAmov eax,dword ptr ds:[esi+5C]
004302ADxor ecx,ecx
004302AFmov edx,dword ptr ds:[eax-8]
004302B2test edx,edx
004302B4jle short mp3trtg.004302CB
004302B6mov dl,byte ptr ds:[eax+ecx];依次取注册名各位
004302B9xor dl,64 ;DL=DL XOR 64
004302BCmov byte ptr ss:[esp+ecx+A8],dl
004302C3mov edx,dword ptr ds:[eax-8]
004302C6inc ecx
004302C7cmp ecx,edx
004302C9jl short mp3trtg.004302B6 ;注册名计算到第11位
004302CBmov ecx,dword ptr ds:[eax-8]
004302CElea edx,dword ptr ss:[esp+8]
004302D2push 4; /Arg2 = 00000004
004302D4push edx; |Arg1
004302D5mov byte ptr ss:[esp+ecx+B0],0; |
004302DDmov eax,dword ptr ds:[eax-8]; |
004302E0lea ecx,dword ptr ss:[esp+18] ; |
004302E4mov dword ptr ss:[esp+10],eax ; |
004302E8call mp3trtg.0046416F ; \mp3trtg.0046416F
004302EDmov eax,dword ptr ss:[esp+8]
004302F1lea ecx,dword ptr ss:[esp+A8]
004302F8push eax; /Arg2
004302F9push ecx; |Arg1
004302FAlea ecx,dword ptr ss:[esp+18] ; |
004302FEcall mp3trtg.0046416F ; \取密码
00430303mov eax,dword ptr ds:[esi+60]
00430306xor ecx,ecx
00430308mov edx,dword ptr ds:[eax-8];密码位数到EDX
0043030Btest edx,edx
0043030Djle short mp3trtg.00430321;密码为空跳
0043030Fmov dl,byte ptr ds:[eax+ecx]
00430312xor dl,64
00430315mov byte ptr ss:[esp+ecx+28],dl
00430319mov edx,dword ptr ds:[eax-8]
0043031Cinc ecx
0043031Dcmp ecx,edx
0043031Fjl short mp3trtg.0043030F ;计算密码
00430321mov ecx,dword ptr ds:[eax-8]
00430324lea edx,dword ptr ss:[esp+8]
00430328push 4; /Arg2 = 00000004
0043032Apush edx; |Arg1
0043032Bmov byte ptr ss:[esp+ecx+30],0; |
00430330mov eax,dword ptr ds:[eax-8]; |
00430333lea ecx,dword ptr ss:[esp+18] ; |
00430337mov dword ptr ss:[esp+10],eax ; |
0043033Bcall mp3trtg.0046416F ; \mp3trtg.0046416F
00430340mov eax,dword ptr ss:[esp+8]
00430344lea ecx,dword ptr ss:[esp+28]
00430348push eax; /Arg2
00430349push ecx; |Arg1
0043034Alea ecx,dword ptr ss:[esp+18] ; |
0043034Ecall mp3trtg.0046416F ; \mp3trtg.0046416F
00430353lea ecx,dword ptr ss:[esp+10]
00430357call mp3trtg.00464233
0043035Cmov ecx,esi
0043035Ecall mp3trtg.00465163
00430363push 0
00430365push 0
00430367push mp3trtg.004AC188 ;请重启本软件以生效!
0043036Cmov ecx,esi
0043036Ecall mp3trtg.00466D68
00430373call mp3trtg.00463266
00430378test eax,eax
0043037Aje short mp3trtg.00430385
0043037Cmov edx,dword ptr ds:[eax]
0043037Emov ecx,eax
00430380call dword ptr ds:[edx+74]
00430383jmp short mp3trtg.00430387
00430385xor eax,eax
00430387mov eax,dword ptr ds:[eax+1C]
0043038Apush 0; /lParam = 0
0043038Cpush 0; |wParam = 0
0043038Epush 12 ; |Message = WM_QUIT
00430390push eax; |hWnd
00430391call dword ptr ds:[<&USER32.PostMes>; \PostMessageA
00430397lea ecx,dword ptr ss:[esp+4]
0043039Bmov byte ptr ss:[esp+234],0
004303A3call mp3trtg.00462B75
004303A8lea ecx,dword ptr ss:[esp+10]
004303ACmov dword ptr ss:[esp+234],-1
004303B7call mp3trtg.00463F5B
004303BCmov ecx,dword ptr ss:[esp+22C]
004303C3pop esi
004303C4mov dword ptr fs:[0],ecx
004303CBadd esp,234
004303D1retn
004303D2nop
004303D3nop
004303D4nop
004303D5nop
004303D6nop
004303D7nop
004303D8nop
004303D9nop
004303DAnop
004303DBnop
004303DCnop
004303DDnop
004303DEnop
004303DFnop
004303E0push -1
004303E2push mp3trtg.004742B6 ;SE 句柄安装
004303E7mov eax,dword ptr fs:[0]
004303EDpush eax
004303EEmov dword ptr fs:[0],esp
004303F5sub esp,0BC
004303FBlea ecx,dword ptr ss:[esp+4]
004303FFcall mp3trtg.00424D10
00430404push mp3trtg.004A7CD0 ;http://www.sharebank.com.cn/soft/softbuy.php?soid=15879
00430409lea ecx,dword ptr ss:[esp+4]
0043040Dmov dword ptr ss:[esp+C8],0
00430418call mp3trtg.00462BE3
0043041Dmov eax,dword ptr ss:[esp]
00430421push 5; /Arg2 = 00000005
00430423push eax; |Arg1
00430424lea ecx,dword ptr ss:[esp+C]; |
00430428mov byte ptr ss:[esp+CC],1; |
00430430call mp3trtg.00425540 ; \mp3trtg.00425540
00430435lea ecx,dword ptr ss:[esp]
00430439mov byte ptr ss:[esp+C4],0
00430441call mp3trtg.00462B75
00430446lea ecx,dword ptr ss:[esp+4]
0043044Amov dword ptr ss:[esp+C4],-1
00430455call mp3trtg.00424DD0
0043045Amov ecx,dword ptr ss:[esp+BC]
00430461mov dword ptr fs:[0],ecx
00430468add esp,0C8
0043046Eretn
0043046Fnop
00430470mov cl,byte ptr ds:[4B5489]
00430476mov al,1
00430478test al,cl
0043047Ajnz short mp3trtg.00430484
0043047Cor cl,al
0043047Emov byte ptr ds:[4B5489],cl
00430484jmp mp3trtg.00430490
00430489nop
0043048Anop
0043048Bnop
0043048Cnop
0043048Dnop
0043048Enop
0043048Fnop
00430490push mp3trtg.00406460 ;入口地址
00430495call mp3trtg.0044D67D
0043049Apop ecx
0043049Bretn


算法CALL
1C 28
D13
5 5
2 2
C 12
11
D 13
6 6
D 13
2 21CD52C1D6D23
3 3 2813521211361323

55 85 86 87 80 81 82 83 92 93
56
57
50
51
52
53
5C
5D
堆栈地址=0012CFF4, (ASCII "UVWPQRS\]")
ecx=7C810E16 (kernel32.7C810E16)

2813521211361323858687808182839293UVWPQRS\]
注册码


不知道算法CALL分析对不对 请高人用xiaoheibing 来个算法看看```````

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

guoyonghao 发表于 2008-9-1 08:15
我是菜鸟不懂怎么弄这
小李通讯 发表于 2008-9-1 08:39
哇,强人,好象看懂了点,希望黑冰兄多写些分析算法的文章,越详细越好 [s:40][s:40][s:40]
guoyonghao 发表于 2008-9-1 18:39
路过!!!!!!!!!!!!!!!!路过!!!!!!!!!!!!!!!!路过!!!!!!!!!!!!!!!!
xoyo88 发表于 2008-9-1 19:25
不太明白,还另请高手了。
原点 发表于 2008-9-1 19:31
不错,很详细,顶一个 [s:41]
大猫 发表于 2008-9-1 20:38
不太明白...................
寻寻密密 发表于 2008-9-2 16:31
希望黑冰兄多写些分析算法的文章 [s:41]
fuma255 发表于 2009-6-9 18:07
菜鸟不懂怎么弄这
k8319291 发表于 2009-6-9 23:08
高手就是高手,我菜鸟一个,简直就象看天书一样.
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-11-15 01:29

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表