BC 4.2.10 64位简单爆破和其自身的六板斧

冥界3大法王 · 发表于 2019-7-15 08:18

本帖最后由冥界3大法王于 2019-7-25 08:35 编辑

[Asm] 纯文本查看 复制代码

论坛搜索了下，发现H老大曾经发过。
所以直接搜索下  sales@脱敏处理很要命 

0000000000BFDD0E | 48 8D 05 | lea rax,qword ptr ds:[BFDDD0]             | rax:"1822-9597", 0000000000BFDDD0:L"sales@脱敏处理很要命

找到3处，然后断的位置不理想 ，但F8向下不久看到 

0000000000BFD73E | 4C 8D 05 | lea r8,qword ptr ds:[BFD830]              | 0000000000BFD830:L"trial.key"

==================================================

启动时第1处：

00000000014F5076 | 48 8D 05 | lea rax,qword ptr ds:[14F7B7C]            | 00000000014F7B7C:L"sales@脱敏处理很要命 

00000000014F507D | 48 89 85 | mov qword ptr ss:[rbp+1E8],rax            |

00000000014F5084 | C6 85 F0 | mov byte ptr ss:[rbp+1F0],11              |

00000000014F508B | 48 8D 8D | lea rcx,qword ptr ss:[rbp+200]            |

00000000014F5092 | 48 8B 95 | mov rdx,qword ptr ss:[rbp+1F8]            |

00000000014F5099 | 4C 8D 85 | lea r8,qword ptr ss:[rbp+1D8]             |

00000000014F50A0 | 41 C7 C1 | mov r9d,1                                 |

00000000014F50A7 | E8 64 BA | call 你懂的,2.440B10                    |

00000000014F50AC | 48 89 D9 | mov rcx,rbx                               |

00000000014F50AF | 48 8B 95 | mov rdx,qword ptr ss:[rbp+200]            |

00000000014F50B6 | 41 B0 01 | mov r8b,1                                 |

00000000014F50B9 | 4C 0F B7 | movzx r9,word ptr ds:[14F7BB0]            |

00000000014F50C1 | C7 44 24 | mov dword ptr ss:[rsp+20],0               |

00000000014F50C9 | E8 52 6A | call 你懂的,2.BEBB20                    |

00000000014F50CE | 83 2D DB | sub dword ptr ds:[20B9BB0],1              |

00000000014F50D5 | E9 AD 27 | jmp 你懂的,2.14F7887                    |

00000000014F50DA | 48 8B 05 | mov rax,qword ptr ds:[208E4E0]            |

00000000014F50E1 | 48 8B 00 | mov rax,qword ptr ds:[rax]                |

00000000014F50E4 | 83 78 10 | cmp dword ptr ds:[rax+10],0               |

00000000014F50E8 | 0F 85 26 | jne 你懂的,2.14F5214                    | 这里

==================================================

对于这种key注册码的软件有几种定位方法：

1.搜索

begin key start(一般就这几个字符，自行组合尝试）

begin key end（也可能是license 等，其他类似英文单词）

一般位于读取秘钥的过程中

2.必然有黑名单关键字列表

通常把字符串复制出去之后

EmEditor中，使用正则复合搜索来定位也是一种方法 



下面的内容，显然定位到的key判断的过程中

0000000000BFD731 | E8 0A CF | call 你懂的,2.89A640                    |

0000000000BFD736 | 48 8D 4D | lea rcx,qword ptr ss:[rbp+40]             | [rbp+40]:"1822-9597"

0000000000BFD73A | 48 8B 55 | mov rdx,qword ptr ss:[rbp+38]             | [rbp+38]:"1822-9597"权密钥已被吊销:\r\n           1822-9597\r\n要了解更多细节，联系\r\nsales@

0000000000BFD73E | 4C 8D 05 | lea r8,qword ptr ds:[BFD830]              | 0000000000BFD830:L"trial.key"

0000000000BFD745 | E8 86 74 | call 你懂的,2.414BD0                    |

0000000000BFD74A | 48 8D 4D | lea rcx,qword ptr ss:[rbp+30]             |

0000000000BFD74E | E8 CD CE | call 你懂的,2.89A620                    |

0000000000BFD753 | 48 8D 4D | lea rcx,qword ptr ss:[rbp+48]             |

0000000000BFD757 | E8 B4 51 | call 你懂的,2.412910                    |

0000000000BFD75C | 48 8B 4D | mov rcx,qword ptr ss:[rbp+20]             | [rbp+20]:"1822-9597"

0000000000BFD760 | 48 8B 55 | mov rdx,qword ptr ss:[rbp+30]             |

0000000000BFD764 | 49 89 C0 | mov r8,rax                                |

0000000000BFD767 | E8 44 61 | call 你懂的,2.8538B0                    |

0000000000BFD76C | 84 C0    | test al,al                                |

0000000000BFD76E | 74 12    | je 你懂的,2.BFD782                      |

0000000000BFD770 | 48 8B 4D | mov rcx,qword ptr ss:[rbp+20]             | [rbp+20]:"1822-9597"

0000000000BFD774 | 48 8B 55 | mov rdx,qword ptr ss:[rbp+48]             |

0000000000BFD778 | E8 F3 F1 | call 你懂的,2.BFC970                    |

0000000000BFD77D | 88 45 2F | mov byte ptr ss:[rbp+2F],al               |

0000000000BFD780 | EB 30    | jmp 你懂的,2.BFD7B2                     |

0000000000BFD782 | 48 8B 4D | mov rcx,qword ptr ss:[rbp+40]             | [rbp+40]:"1822-9597"

0000000000BFD786 | E8 15 F0 | call 你懂的,2.99C7A0                    |

0000000000BFD78B | 84 C0    | test al,al                                |

0000000000BFD78D | 74 12    | je 你懂的,2.BFD7A1                      |

0000000000BFD78F | 48 8B 4D | mov rcx,qword ptr ss:[rbp+20]             | [rbp+20]:"1822-9597"

0000000000BFD793 | 48 8B 55 | mov rdx,qword ptr ss:[rbp+40]             | [rbp+40]:"1822-9597"权密钥已被吊销:\r\n           1822-9597\r\n要了解更多细节，联系\r\nsales@





0000000000BFC6D8 | 48 C7 45 | mov qword ptr ss:[rbp+48],0               | [rbp+48]:"---"

0000000000BFC6E0 | 90       | nop                                     下面这种典型的key字符串 

0000000000BFC6E1 | 48 8D 4D | lea rcx,qword ptr ss:[rbp+48]             | [rbp+48]:"---"Td2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0JahFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9tq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcBrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIySNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+---ENDLICENSEKEY-----"   结束授权钥匙

0000000000BFC6E5 | 48 8B 55 | mov rdx,qword ptr ss:[rbp+28]             |

0000000000BFC6E9 | 4C 8D 05 | lea r8,qword ptr ds:[BFC7C8]              | 0000000000BFC7C8:L"你哥哥叫保密处理.txt"

0000000000BFC6F0 | E8 DB 84 | call 你懂的,2.414BD0                    |

0000000000BFC6F5 | 48 8B 45 | mov rax,qword ptr ss:[rbp+20]             |

0000000000BFC6F9 | 48 8D 44 | lea rax,qword ptr ds:[rax+rbp+60]         |

0000000000BFC6FE | 48 8B CD | mov rcx,rbp                               |

0000000000BFC701 | 48 F7 D9 | neg rcx                                   | rcx:"H1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0JahFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9tq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcBrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIySNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+---ENDLICENSEKEY-----"

0000000000BFC704 | 48 8B 0C | mov rcx,qword ptr ds:[rax+rcx]            | rcx:"H1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0JahFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9tq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcBrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIySNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+---ENDLICENSEKEY-----"

0000000000BFC708 | 48 8B 55 | mov rdx,qword ptr ss:[rbp+48]             | [rbp+48]:"---"

0000000000BFC70C | E8 8F 02 | call 你懂的,2.BFC9A0                    | 可能有用

0000000000BFC711 | 84 C0    | test al,al                                |

0000000000BFC713 | 75 39    | jne 你懂的,2.BFC74E                     |

0000000000BFC715 | 48 8D 4D | lea rcx,qword ptr ss:[rbp+38]             |

0000000000BFC719 | 48 8B 55 | mov rdx,qword ptr ss:[rbp+48]             | [rbp+48]:"---"

0000000000BFC71D | 4C 8D 05 | lea r8,qword ptr ds:[BFC7EC]              | 0000000000BFC7EC:L".txt"

0000000000BFC724 | E8 A7 84 | call 你懂的,2.414BD0                    |

0000000000BFC729 | 48 8B 45 | mov rax,qword ptr ss:[rbp+20]             |

0000000000BFC72D | 48 8D 44 | lea rax,qword ptr ds:[rax+rbp+60]         |

0000000000BFC732 | 48 8B CD | mov rcx,rbp                               |

0000000000BFC735 | 48 F7 D9 | neg rcx                                   | rcx:"H1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0JahFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9tq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcBrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIySNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+---ENDLICENSEKEY-----"

0000000000BFC738 | 48 8B 0C | mov rcx,qword ptr ds:[rax+rcx]            | rcx:"H1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0JahFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9tq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcBrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIySNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+---ENDLICENSEKEY-----"

0000000000BFC73C | 48 8B 55 | mov rdx,qword ptr ss:[rbp+38]             |

0000000000BFC740 | E8 5B 02 | call 你懂的,2.BFC9A0                    |

0000000000BFC745 | 84 C0    | test al,al                                |

0000000000BFC747 | 75 05    | jne 你懂的,2.BFC74E                     |

0000000000BFC749 | 48 33 C0 | xor rax,rax                               | rax:"H1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0JahFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9tq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcBrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIySNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+---ENDLICENSEKEY-----"

0000000000BFC74C | EB 02    | jmp 你懂的,2.BFC750                     |

0000000000BFC74E | B0 01    | mov al,1                                  |

0000000000BFC750 | 88 45 37 | mov byte ptr ss:[rbp+37],al               |

0000000000BFC753 | 90       | nop                                       |

0000000000BFC754 | 48 8D 4D | lea rcx,qword ptr ss:[rbp+38]             |

0000000000BFC758 | E8 63 61 | call 你懂的,2.4128C0                    |

0000000000BFC75D | 48 8D 4D | lea rcx,qword ptr ss:[rbp+48]             | [rbp+48]:"---"Td2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0JahFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9tq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcBrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIySNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+---ENDLICENSEKEY-----"

0000000000BFC761 | E8 5A 61 | call 你懂的,2.4128C0                    |

0000000000BFC766 | 48 0F B6 | movzx rax,byte ptr ss:[rbp+37]            |

0000000000BFC76B | 48 8D 65 | lea rsp,qword ptr ss:[rbp+50]             |

0000000000BFC76F | 5D       | pop rbp                                   |

0000000000BFC770 | C3       | ret                                       |

0000000000BFC771 | 48 8D 80 | lea rax,qword ptr ds:[rax]                | rax:"H1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0JahFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9tq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcBrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIySNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+---ENDLICENSEKEY-----"

0000000000BFC778 | 48 8D 04 | lea rax,qword ptr ds:[rax]                | rax:"H1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0JahFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9tq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcBrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIySNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+---ENDLICENSEKEY-----", rax*1:"H1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0JahFbqTmYskatMTgPyjv











接下来看下面的代码：

0000000000BFA0F6 | 48 8D 0D | lea rcx,qword ptr ds:[BFA3A0]             | 0000000000BFA3A0:L"--- BEGIN LICENSE KEY ---"

0000000000BFA0FD | 48 8B 95 | mov rdx,qword ptr ss:[rbp+88]             | [rbp+88]:L"--- BEGIN LICENSE KEY ---\r\nH1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJ\r\nvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0Ja\r\nhFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9t\r\nq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcB\r\nrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIyS\r\nNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+\r\n--- END LICENSE KEY -----\r\n"

0000000000BFA104 | 41 C7 C0 | mov r8d,1                                 |

0000000000BFA10B | E8 90 AF | call 你懂的,2.4150A0                    |

0000000000BFA110 | 89 C3    | mov ebx,eax                               |

0000000000BFA112 | 85 DB    | test ebx,ebx                              |

0000000000BFA114 | 7E 03    | jle 你懂的,2.BFA119                     |

0000000000BFA116 | 83 C3 19 | add ebx,19                                |

0000000000BFA119 | 48 8D 0D | lea rcx,qword ptr ds:[BFA3E0]             | 0000000000BFA3E0:L"--- END LICENSE KEY -----"

0000000000BFA120 | 48 8B 95 | mov rdx,qword ptr ss:[rbp+88]             | [rbp+88]:L"--- BEGIN LICENSE KEY ---\r\nH1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJ\r\nvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0Ja\r\nhFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9t\r\nq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcB\r\nrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIyS\r\nNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+\r\n--- END LICENSE KEY -----\r\n"

0000000000BFA127 | 41 89 D8 | mov r8d,ebx                               |

0000000000BFA12A | E8 71 AF | call 你懂的,2.4150A0                    |

0000000000BFA12F | 85 C0    | test eax,eax                              |

0000000000BFA131 | 75 17    | jne 你懂的,2.BFA14A                     |

0000000000BFA133 | 48 33 C0 | xor rax,rax                               |

0000000000BFA136 | 48 83 BD | cmp qword ptr ss:[rbp+88],0               | [rbp+88]:L"--- BEGIN LICENSE KEY ---\r\nH1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJ\r\nvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0Ja\r\nhFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9t\r\nq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcB\r\nrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIyS\r\nNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+\r\n--- END LICENSE KEY -----\r\n"

0000000000BFA13E | 74 0A    | je 你懂的,2.BFA14A                      |

0000000000BFA140 | 48 8B 85 | mov rax,qword ptr ss:[rbp+88]             | [rbp+88]:L"--- BEGIN LICENSE KEY ---\r\nH1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJ\r\nvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0Ja\r\nhFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9t\r\nq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcB\r\nrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIyS\r\nNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+\r\n--- END LICENSE KEY -----\r\n"

0000000000BFA147 | 8B 40 FC | mov eax,dword ptr ds:[rax-4]              |

0000000000BFA14A | 2B C3    | sub eax,ebx                               |

0000000000BFA14C | 89 C3    | mov ebx,eax                               |

0000000000BFA14E | 48 8D 0D | lea rcx,qword ptr ds:[BFA420]             | 0000000000BFA420:L"--------你姐叫保密--------"

0000000000BFA155 | 48 8B 95 | mov rdx,qword ptr ss:[rbp+88]             | [rbp+88]:L"--- BEGIN LICENSE KEY ---\r\nH1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJ\r\nvC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0Ja\r\nhFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9t\r\nq2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcB\r\nrWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIyS\r\nNisHFBTcWJS0sC5BTFwrtfLEE9lEwz2bxHQpWJiu12ZeKpi+7oUSqebX+\r\n--- END LICENSE KEY -----\r\n"





0000000000853834 | 75 E1    | jne 你懂的,2.853817                     |

0000000000853836 | 90       | nop                                       |

0000000000853837 | 48 8B 45 | mov rax,qword ptr ss:[rbp+40]             | [rbp+40]:L"J:\\0.上帝之约光盘\\汇编破解工具包\\BC4.2.10\\trial.key"

000000000085383B | 48 3B 45 | cmp rax,qword ptr ss:[rbp+48]             | [rbp+48]:"--- BEGIN LICENSE KEY ---\r\nm+41WZYj0Tg9I4g8I9-Pz9V4+N6TgUrVMk7Y-TRt4fYezsj+aStoqYdy+\r\n-OJ9+SLzHH1TMRs-neCy+RymFq-rylkqUsWCoh6kY2CibY7qOSE2jqdAZ\r\nqIgdHIPaUfwMMbpiohBOoNWXBoEPR7WGNI+3Few8nOlY3faO4N7bKa1bX\r\n5S0ZfkUqdkypgdD7-zvPDoC3b-0tR32sqLvkgNjrn4vU2s3x+vHK0Tm80\r\nMIssir1lY8N947zub1LcaNkPShY2YfyNYaMoySbSqMmUi+lr06QmPg1Ws\r\nsxiY5KQ9bz48vgfgt1+u4z1jWe6azagQUBMbNORnzSqBMJ9LRpcwKpaZE\r\n--- END LICENSE KEY -----\r"

000000000085383F | 0F 85 3E | jne 你懂的,2.853783                     |

00000000008503B4 | E8 57 25 | call 你懂的,2.412910                    |

00000000008503B9 | EB 17    | jmp 你懂的,2.8503D2                     |

00000000008503BB | 48 8B 85 | mov rax,qword ptr ss:[rbp+4B8]            |

00000000008503C2 | 48 8D 48 | lea rcx,qword ptr ds:[rax+8]              |

00000000008503C6 | 48 8D 15 | lea rdx,qword ptr ds:[851A08]             | 0000000000851A08:"Invalid"  有效关键字，无效的！一般这个不远要慢F8



00000000008503CD | E8 5E 2C | call 你懂的,2.413030                    |

00000000008503D2 | E8 19 5F | call 你懂的,2.4462F0                    |

00000000008503D7 | 48 8B 85 | mov rax,qword ptr ss:[rbp+4B0]            |

00000000008503DE | F2 0F 11 | movsd qword ptr ds:[rax+1A0],xmm0         |

00000000008503E6 | 48 83 BD | cmp qword ptr ss:[rbp+4C0],0              | [rbp+4C0]:"m+41WZYj0Tg9I4g8I9-Pz9V4+N6TgUrVMk7Y-TRt4fYezsj+aStoqYdy+-OJ9+SLzHH1TMRs-neCy+RymFq-rylkqUsWCoh6kY2CibY7qOSE2jqdAZqIgdHIPaUfwMMbpiohBOoNWXBoEPR7WGNI+3Few8nOlY3faO4N7bKa1bX5S0ZfkUqdkypgdD7-zvPDoC3b-0tR32sqLvkgNjrn4vU2s3x+vHK0Tm80MIssir1lY8N947zub1LcaNkPShY2YfyNYaMoySbSqMmUi+lr06QmPg1WssxiY5KQ9bz48vgfgt1+u4z1jWe6azagQUBMbNORnzSqBMJ9LRpcwKpaZE"

00000000008503EE | 75 67    | jne 你懂的,2.850457                     |

00000000008503F0 | 80 BD C8 | cmp byte ptr ss:[rbp+4C8],0               |

00000000008503F7 | 75 2F    | jne 你懂的,2.850428                     |

00000000008503F9 | 48 8B 85 | mov rax,qword ptr ss:[rbp+4B0]            |







000000000085030A | E8 B1 C9 | call 你懂的,2.40CCC0                    ========================》

000000000085030F | 80 BD C8 | cmp byte ptr ss:[rbp+4C8],2               |

0000000000850316 | 0F 84 9F | je 你懂的,2.8503BB                      | 然而并不是







00000000008503B4 | E8 57 25 | call 你懂的,2.412910                    |

00000000008503B9 | EB 17    | jmp 你懂的,2.8503D2                     |

00000000008503BB | 48 8B 85 | mov rax,qword ptr ss:[rbp+4B8]            |

00000000008503C2 | 48 8D 48 | lea rcx,qword ptr ds:[rax+8]              |

00000000008503C6 | 48 8D 15 | lea rdx,qword ptr ds:[851A08]             | 0000000000851A08:"Invalid"

00000000008503CD | E8 5E 2C | call 你懂的,2.413030                    |

00000000008503D2 | E8 19 5F | call 你懂的,2.4462F0                    |

00000000008503D7 | 48 8B 85 | mov rax,qword ptr ss:[rbp+4B0]            |

00000000008503DE | F2 0F 11 | movsd qword ptr ds:[rax+1A0],xmm0         |

00000000008503E6 | 48 83 BD | cmp qword ptr ss:[rbp+4C0],0              | [rbp+4C0]:"m+41WZYj0Tg9I4g8I9-Pz9V4+N6TgUrVMk7Y-TRt4fYezsj+aStoqYdy+-OJ9+SLzHH1TMRs-neCy+RymFq-rylkqUsWCoh6kY2CibY7qOSE2jqdAZqIgdHIPaUfwMMbpiohBOoNWXBoEPR7WGNI+3Few8nOlY3faO4N7bKa1bX5S0ZfkUqdkypgdD7-zvPDoC3b-0tR32sqLvkgNjrn4vU2s3x+vHK0Tm80MIssir1lY8N947zub1LcaNkPShY2YfyNYaMoySbSqMmUi+lr06QmPg1WssxiY5KQ9bz48vgfgt1+u4z1jWe6azagQUBMbNORnzSqBMJ9LRpcwKpaZE"

00000000008503EE | 75 67    | jne 你懂的,2.850457                     | 跳走了

接下来不完就到了下面的地方



0000000000850DD4 | E8 17 A9 | call 你懂的,2.46B6F0                    | 断在启动过程中

0000000000850DD9 | 84 C0    | test al,al                                |

0000000000850DDB | 74 3E    | je 你懂的,2.850E1B                      | 这句我们EB 3E 就注册成功了!

0000000000850DDD | 48 8B 85 | mov rax,qword ptr ss:[rbp+4B0]            |

0000000000850DE4 | C6 80 00 | mov byte ptr ds:[rax+600],2               |

0000000000850DEB | 48 8B 85 | mov rax,qword ptr ss:[rbp+4B0]            |

0000000000850DF2 | C6 80 01 | mov byte ptr ds:[rax+601],F               |

0000000000850DF9 | 48 8B 85 | mov rax,qword ptr ss:[rbp+4B0]            |

0000000000850E00 | C7 80 98 | mov dword ptr ds:[rax+198],29             | 29:')'

0000000000850E0A | 48 8B 8D | mov rcx,qword ptr ss:[rbp+4B0]           

0000000000850E11 | E8 CA 2D | call 你懂的,2.853BE0                    | 已被吊销

0000000000850E16 | E9 42 0A | jmp 你懂的,2.85185D                      

0000000000850E1B | 48 0F B6 | movzx rax,byte ptr ss:[rbp+F9]            

ctrl+home 0000000000850200 | 55       | push rbp                              函数头部在这！

上面为你演示了过黑名单转正的方法，另外该软件还有另外的六板斧
更新检测
联网
天数限制：定位注册表 HKEY_CURRENT_USER\Software\Scooter Software
就是下面这个键值了CacheID

也有人说 BCUnrar.dll 把这个文件删除或重名，我试过了不行，貌似是传统方法

也有人说删除 \AppData\Roaming\Scooter Software\BC4\BCState.xml这个文件就去除了状态
这个貌似在联网状态下生效

tydzjing · 发表于 2019-7-15 10:45

过于逼真，不易展示？
这是什么？

ytahdou · 发表于 2019-7-15 11:37

不明白这款软件是干啥的。

jccforever · 发表于 2019-7-15 08:40

谢谢分享只是不知道这是个什么软件？

bamyoo · 发表于 2019-7-15 08:47

BC，Beyond Compare，文件对比的工具。

zhgxue · 发表于 2019-7-15 08:48

谢谢分享

shghe · 发表于 2019-7-15 09:16

法王大仙，法力无边~~~

冥界3大法王 · 发表于 2019-7-15 09:23

shghe 发表于 2019-7-15 09:16
法王大仙，法力无边~~~

快赶上跳大绳的了。。。

chenyadi · 发表于 2019-7-15 11:57

又学习了，不错的

laobenlang · 发表于 2019-7-15 12:01

这个要上精华了！

帐号		自动登录	找回密码
密码			注册[Register]

[原创] BC 4.2.10 64位简单爆破和其自身的六板斧

免费评分

本帖被以下淘专辑推荐:

[原创] BC 4.2.10 64位简单爆破 和 其自身的六板斧

免费评分

本帖被以下淘专辑推荐:

[原创] BC 4.2.10 64位简单爆破和其自身的六板斧