〖网际营销〗V2.4 注册算法分析
作者:PaulYoung (属于 China Cracking Group )
软件:网际营销 V2.4
下载:http://www.shd.com.cn/software/download_js.asp?id=18 ( 1668
KB )
简介:帮助您发布供求信息、宣传网站、推广产品、寻找客户,让您利用互联网非常简便地做成生意。
加密:一机一码
工具:SoftICE 4.05 334
日期:2001.11.03
_________________________________________________________________________________________________
本软件注册码是 XXXX-XXXX-XXXX-XXXX 格式,序列号的位数是不固定的。
填入假注册码,如"ABCD-EFGH-IJKL-MNOP"后,用 SoftICE 下断点 bpx hmemcpy , 中断后按
F12 12下(13次出错),F10单步跟踪……
:005066AE 8B45F4
mov eax, dword ptr [ebp-0C]
:005066B1 8D55F8
lea edx, dword ptr [ebp-08]
:005066B4 E89337F0FF call 00409E4C
:005066B9 8D45FC
lea eax, dword ptr [ebp-04]
:005066BC E8BFD8EFFF call 00403F80
:005066C1 BB01000000 mov ebx,
00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005066ED(C)
|
:005066C6 8BFB
mov edi, ebx
:005066C8 03FF
add edi, edi
:005066CA 4F
dec edi
:005066CB 8D45F0
lea eax, dword ptr [ebp-10]
:005066CE 50
push eax
:005066CF B901000000 mov ecx,
00000001
:005066D4 8BD7
mov edx, edi
:005066D6 8B45F8
mov eax, dword ptr [ebp-08] //把序列号保存到EAX
:005066D9 E82ADDEFFF call 00404408
:005066DE 8B55F0
mov edx, dword ptr [ebp-10] //取出序列号第1位
:005066E1 8D45FC
lea eax, dword ptr [ebp-04]
:005066E4 E81FDBEFFF call 00404208
:005066E9 43
inc ebx //EBX这个变量记录循环次数
:005066EA 83FB05
cmp ebx, 00000005 //EBX等于5吗
:005066ED 75D7
jne 005066C6 //不等则继续循环取序列号3,5,7位
:005066EF 8D45EC
lea eax, dword ptr [ebp-14]
:005066F2 50
push eax
:005066F3 B904000000 mov ecx,
00000004
:005066F8 BA01000000 mov edx,
00000001
:005066FD 8B45FC
mov eax, dword ptr [ebp-04]
:00506700 E803DDEFFF call 00404408
//把序列号的1,3,5,7位重新排列成串
:00506705 8B45EC
mov eax, dword ptr [ebp-14]
:00506708 50
push eax
:00506709 8D45E4
lea eax, dword ptr [ebp-1C]
:0050670C 50
push eax
:0050670D 8D55E0
lea edx, dword ptr [ebp-20]
:00506710 8B8610030000 mov eax, dword
ptr [esi+00000310]
:00506716 E82DFBF2FF call 00436248
:0050671B 8B45E0
mov eax, dword ptr [ebp-20]
:0050671E B901000000 mov ecx,
00000001
:00506723 BA01000000 mov edx,
00000001
:00506728 E8DBDCEFFF call 00404408
:0050672D FF75E4
push [ebp-1C]
:00506730 8D45DC
lea eax, dword ptr [ebp-24]
:00506733 50
push eax
:00506734 8D55D8
lea edx, dword ptr [ebp-28]
:00506737 8B8608030000 mov eax, dword
ptr [esi+00000308]
:0050673D E806FBF2FF call 00436248
:00506742 8B45D8
mov eax, dword ptr [ebp-28]
:00506745 B901000000 mov ecx,
00000001
:0050674A BA02000000 mov edx,
00000002
:0050674F E8B4DCEFFF call 00404408
:00506754 FF75DC
push [ebp-24]
:00506757 8D45D4
lea eax, dword ptr [ebp-2C]
:0050675A 50
push eax
:0050675B 8D55D0
lea edx, dword ptr [ebp-30]
:0050675E 8B8604030000 mov eax, dword
ptr [esi+00000304]
:00506764 E8DFFAF2FF call 00436248
:00506769 8B45D0
mov eax, dword ptr [ebp-30]
:0050676C B901000000 mov ecx,
00000001
:00506771 BA03000000 mov edx,
00000003
:00506776 E88DDCEFFF call 00404408
:0050677B FF75D4
push [ebp-2C]
:0050677E 8D45CC
lea eax, dword ptr [ebp-34]
:00506781 50
push eax
:00506782 8D55C8
lea edx, dword ptr [ebp-38]
:00506785 8B86F8020000 mov eax, dword
ptr [esi+000002F8]
:0050678B E8B8FAF2FF call 00436248
:00506790 8B45C8
mov eax, dword ptr [ebp-38]
:00506793 B901000000 mov ecx,
00000001
:00506798 BA04000000 mov edx,
00000004
:0050679D E866DCEFFF call 00404408
:005067A2 FF75CC
push [ebp-34]
:005067A5 8D45E8
lea eax, dword ptr [ebp-18]
:005067A8 BA04000000 mov edx,
00000004
:005067AD E80EDBEFFF call 004042C0
:005067B2 8B55E8
mov edx, dword ptr [ebp-18]
:005067B5 58
pop eax
:005067B6 E855DBEFFF call 00404310
//把序列号1,3,5,7位排列而成的数与 "AFKP" 比较
:005067BB 0F854A010000 jne 0050690B
//不等则跳,跳则出错
:005067C1 8D45C4
lea eax, dword ptr [ebp-3C]
:005067C4 50
push eax
:005067C5 8D55C0
lea edx, dword ptr [ebp-40]
:005067C8 8B8610030000 mov eax, dword
ptr [esi+00000310]
:005067CE E875FAF2FF call 00436248
:005067D3 8B45C0
mov eax, dword ptr [ebp-40]
:005067D6 B901000000 mov ecx,
00000001
:005067DB BA04000000 mov edx,
00000004
:005067E0 E823DCEFFF call 00404408
:005067E5 8B45C4
mov eax, dword ptr [ebp-3C]
:005067E8 50
push eax
:005067E9 8D45BC
lea eax, dword ptr [ebp-44]
:005067EC 50
push eax
:005067ED 8B45F8
mov eax, dword ptr [ebp-08]
:005067F0 E80BDAEFFF call 00404200
:005067F5 8BD0
mov edx, eax
:005067F7 83EA03
sub edx, 00000003
:005067FA B901000000 mov ecx,
00000001
:005067FF 8B45F8
mov eax, dword ptr [ebp-08]
:00506802 E801DCEFFF call 00404408
:00506807 8B55BC
mov edx, dword ptr [ebp-44]
:0050680A 58
pop eax
:0050680B E800DBEFFF call 00404310
//序列号倒数第 4 位等于 "D" 吗
:00506810 0F85F5000000 jne 0050690B //不等则错
:00506816 8D45B8
lea eax, dword ptr [ebp-48]
:00506819 50
push eax
:0050681A 8D55B4
lea edx, dword ptr [ebp-4C]
:0050681D 8B8608030000 mov eax, dword
ptr [esi+00000308]
:00506823 E820FAF2FF call 00436248
:00506828 8B45B4
mov eax, dword ptr [ebp-4C]
:0050682B B901000000 mov ecx,
00000001
:00506830 BA03000000 mov edx,
00000003
:00506835 E8CEDBEFFF call 00404408
:0050683A 8B45B8
mov eax, dword ptr [ebp-48]
:0050683D 50
push eax
:0050683E 8D45B0
lea eax, dword ptr [ebp-50]
:00506841 50
push eax
:00506842 8B45F8
mov eax, dword ptr [ebp-08]
:00506845 E8B6D9EFFF call 00404200
:0050684A 8BD0
mov edx, eax
:0050684C 83EA02
sub edx, 00000002
:0050684F B901000000 mov ecx,
00000001
:00506854 8B45F8
mov eax, dword ptr [ebp-08]
:00506857 E8ACDBEFFF call 00404408
:0050685C 8B55B0
mov edx, dword ptr [ebp-50]
:0050685F 58
pop eax
:00506860 E8ABDAEFFF call 00404310
//序列号倒数第 3 位等于 "G" 吗
:00506865 0F85A0000000 jne 0050690B
//不等则错
:0050686B 8D45AC
lea eax, dword ptr [ebp-54]
:0050686E 50
push eax
:0050686F 8D55A8
lea edx, dword ptr [ebp-58]
:00506872 8B8604030000 mov eax, dword
ptr [esi+00000304]
:00506878 E8CBF9F2FF call 00436248
:0050687D 8B45A8
mov eax, dword ptr [ebp-58]
:00506880 B901000000 mov ecx,
00000001
:00506885 BA02000000 mov edx,
00000002
:0050688A E879DBEFFF call 00404408
:0050688F 8B45AC
mov eax, dword ptr [ebp-54]
:00506892 50
push eax
:00506893 8D45A4
lea eax, dword ptr [ebp-5C]
:00506896 50
push eax
:00506897 8B45F8
mov eax, dword ptr [ebp-08]
:0050689A E861D9EFFF call 00404200
:0050689F 8BD0
mov edx, eax
:005068A1 4A
dec edx
:005068A2 B901000000 mov ecx,
00000001
:005068A7 8B45F8
mov eax, dword ptr [ebp-08]
:005068AA E859DBEFFF call 00404408
:005068AF 8B55A4
mov edx, dword ptr [ebp-5C]
:005068B2 58
pop eax
:005068B3 E858DAEFFF call 00404310
//序列号倒数第 2 位等于 "J" 吗
:005068B8 7551
jne 0050690B //不等则错
:005068BA 8D45A0
lea eax, dword ptr [ebp-60]
:005068BD 50
push eax
:005068BE 8D559C
lea edx, dword ptr [ebp-64]
:005068C1 8B86F8020000 mov eax, dword
ptr [esi+000002F8]
:005068C7 E87CF9F2FF call 00436248
:005068CC 8B459C
mov eax, dword ptr [ebp-64]
:005068CF B901000000 mov ecx,
00000001
:005068D4 BA01000000 mov edx,
00000001
:005068D9 E82ADBEFFF call 00404408
:005068DE 8B45A0
mov eax, dword ptr [ebp-60]
:005068E1 50
push eax
:005068E2 8D4598
lea eax, dword ptr [ebp-68]
:005068E5 50
push eax
:005068E6 8B45F8
mov eax, dword ptr [ebp-08]
:005068E9 E812D9EFFF call 00404200
:005068EE 8BD0
mov edx, eax
:005068F0 83EA00
sub edx, 00000000
:005068F3 B901000000 mov ecx,
00000001
:005068F8 8B45F8
mov eax, dword ptr [ebp-08]
:005068FB E808DBEFFF call 00404408
:00506900 8B5598
mov edx, dword ptr [ebp-68]
:00506903 58
pop eax
:00506904 E807DAEFFF call 00404310
//序列号倒数第 1 位等于 "M" 吗
:00506909 7430
je 0050693B //不等则错
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:005067BB(C), :00506810(C), :00506865(C), :005068B8(C)
//就是上面的四处验证
|
:0050690B 6A10
push 00000010
* Possible StringData Ref from Code Obj ->"错误"
|
:0050690D B9A06A5000 mov ecx,
00506AA0
* Possible StringData Ref from Code Obj ->" 注 册 号 错 误! "
|
:00506912 BAA86A5000 mov edx,
00506AA8
:00506917 A188FD5100 mov eax,
dword ptr [0051FD88]
:0050691C 8B00
mov eax, dword ptr [eax]
:0050691E E861E5F4FF call 00454E84
:00506923 A1F40A5200 mov eax,
dword ptr [00520AF4]
:00506928 8B8010030000 mov eax, dword
ptr [eax+00000310]
:0050692E 8B10
mov edx, dword ptr [eax]
:00506930 FF92B0000000 call dword ptr
[edx+000000B0]
:00506936 E9A7000000 jmp 005069E2
算法总结:为了叙述的方便,我用 S1,S2,S3...S16 分别指代注册码的 1 - 16 位。
序列号第 1 位=S1
序列号第 3 位=S6
序列号第 5 位=S11
序列号第 7 位=S16
序列号倒数第 4 位=S4
序列号倒数第 3 位=S7
序列号倒数第 2 位=S10
序列号倒数第 1 位=S13
其余的可为任意字符或数字。
这么简单的算法,写注册机应该非常容易吧,留给大家练练手吧。
如有错误,请多多批评指正。
- 标 题:〖网际营销〗V2.4 注册算法分析 (11千字)
- 作 者:paulyoung
- 时 间:2001-11-3 23:12:26
- 链 接:http://bbs.pediy.com