《 ACDSEE 2.3 》的另类注册码破解
目标:ACDSEE 2.3
因为自己的机器上有用它,虽有注册码,但不是自己破的,总觉得不舒服。遂自己动手,丰衣足食!
作者:RATARICE[BCG]
工具:TRW2000 1.2
过程:
一、 运行程序,填好注册码:
name:RATARICE[BCG]
code:987654321
二、 启动TRW;CTRL+N、bpx hmemcpy、CTRL+N。
三、 点“OK”。被拦。下bd *;pmodule。代码如下:
015F:00407AA4 LEA EDX,[ESP+7C]
015F:00407AA8 PUSH DWORD 01F5
015F:00407AAD PUSH EDX
015F:00407AAE PUSH DWORD 82
015F:00407AB3 PUSH ESI
015F:00407AB4 CALL EDI
015F:00407AB6 LEA EAX,[ESP+7C]
015F:00407ABA LEA ECX,[ESP+3C]
015F:00407ABE PUSH EAX
015F:00407ABF PUSH ECX
015F:00407AC0 CALL 004072F0 ---------------------->关键CALL
015F:00407AC5 ADD ESP,BYTE +08
015F:00407AC8 TEST EAX,EAX
015F:00407ACA JNG 00407B37 ---------------------->关键跳转
追入上面的CALL。来到:
015F:004072F0 PUSH ESI
015F:004072F1 MOV ESI,[ESP+08]
015F:004072F5 PUSH ESI
015F:004072F6 MOV DWORD [004BE040],00
015F:00407300 CALL 00407330 ---------------------->可能是比较长度
015F:00407305 ADD ESP,BYTE +04
015F:00407308 TEST EAX,EAX
015F:0040730A JNZ 0040730E ---------------------->这里要跳才行
015F:0040730C POP ESI
015F:0040730D RET
015F:0040730E MOV EAX,[ESP+0C]
015F:00407312 PUSH EAX
015F:00407313 PUSH ESI
015F:00407314 PUSH DWORD 004BE450
015F:00407319 CALL 00442F10 ---------------------->关键CALL,追入!
015F:0040731E ADD ESP,BYTE +0C
015F:00407321 NEG EAX
015F:00407323 SBB EAX,EAX
015F:00407325 POP ESI
015F:00407326 NEG EAX
015F:00407328 MOV [004BE040],EAX
015F:0040732D RET
追入后,到下面:
015F:00442F10 MOV ECX,[ESP+08]
015F:00442F14 SUB ESP,84
015F:00442F1A LEA EAX,[ESP+00]
015F:00442F1E PUSH EBX
015F:00442F1F PUSH ESI
015F:00442F20 PUSH EDI
015F:00442F21 PUSH EAX
015F:00442F22 PUSH ECX
015F:00442F23 CALL 00443600
015F:00442F28 LEA EDI,[ESP+14]
015F:00442F2C OR ECX,BYTE -01
015F:00442F2F XOR EAX,EAX
015F:00442F31 ADD ESP,BYTE +08
015F:00442F34 REPNE SCASB
015F:00442F36 NOT ECX
015F:00442F38 DEC ECX
015F:00442F39 MOV EAX,2AAAAAAB
015F:00442F3E MOV ESI,ECX
015F:00442F40 IMUL ESI
015F:00442F42 MOV EAX,EDX
015F:00442F44 SHR EAX,1F
015F:00442F47 LEA EDI,[EDX+EAX+01]
015F:00442F4B XOR EDX,EDX
015F:00442F4D TEST ESI,ESI
015F:00442F4F JNG 00442F62
015F:00442F51 XOR EAX,EAX
015F:00442F53 MOV CL,[ESP+EAX+0C]------
015F:00442F57 ADD EAX,EDI
|
015F:00442F59 MOV [ESP+EDX+38],CL
|---------------->对名字进行处理
015F:00442F5D INC EDX
|
取单数位!!!
015F:00442F5E CMP EAX,ESI
|
015F:00442F60 JL 00442F53 ------------
015F:00442F62 MOV EAX,[ESP+9C]
015F:00442F69 MOV ECX,[ESP+94]
015F:00442F70 MOV BYTE [ESP+EDX+38],00
015F:00442F75 LEA EDX,[ESP+64]
015F:00442F79 PUSH BYTE +29
015F:00442F7B PUSH EDX
015F:00442F7C PUSH EAX
015F:00442F7D PUSH ECX
015F:00442F7E CALL 00442FE0 ----------------------------->对注册码进行处理。(不明白)
015F:00442F83 ADD ESP,BYTE +10
015F:00442F86 LEA ESI,[ESP+64] ------------------------->处理后的注册码
d esi 可见!
015F:00442F8A LEA EAX,[ESP+38] ------------------------->处理后的名字
d eax 可见!
015F:00442F8E MOV DL,[EAX] ------
015F:00442F90 MOV BL,[ESI] |
015F:00442F92 MOV CL,DL
|
015F:00442F94 CMP DL,BL
|
015F:00442F96 JNZ 00442FC7 |
015F:00442F98 TEST CL,CL
|
015F:00442F9A JZ 00442FB2 |
015F:00442F9C MOV DL,[EAX+01] |
015F:00442F9F MOV BL,[ESI+01] |
把处理后的注册码和名字
015F:00442FA2 MOV CL,DL
|----------------------> 进行比较
015F:00442FA4 CMP DL,BL
|
一致就成功了!!!
015F:00442FA6 JNZ 00442FC7 |
015F:00442FA8 ADD EAX,BYTE +02 |
015F:00442FAB ADD ESI,BYTE +02 |
015F:00442FAE TEST CL,CL
|
015F:00442FB0 JNZ 00442F8E |
015F:00442FB2 XOR EAX,EAX
|
015F:00442FB4 XOR ECX,ECX
|
015F:00442FB6 TEST EAX,EAX |
015F:00442FB8 SETZ CL
|
015F:00442FBB MOV EAX,ECX -------
015F:00442FBD POP EDI
015F:00442FBE POP ESI
015F:00442FBF POP EBX
015F:00442FC0 ADD ESP,84
015F:00442FC6 RET
015F:00442FC7 SBB EAX,EAX
015F:00442FC9 POP EDI
015F:00442FCA SBB EAX,BYTE -01
015F:00442FCD XOR ECX,ECX
015F:00442FCF TEST EAX,EAX
015F:00442FD1 SETZ CL
015F:00442FD4 POP ESI
015F:00442FD5 MOV EAX,ECX
015F:00442FD7 POP EBX
015F:00442FD8 ADD ESP,84
015F:00442FDE RET
基本上明白了它的工作原理,但因为本人的能力有限,不能理解它对注册码的加密算法,
所以只好退之求其次了,它对名字的处理可谓简单之极!所以让处理后的名字和处理后的注册码
相等是可以做到的!
在上面 d esi 可以看到处理后的注册码,我的是A(空格)DA,所以只要名字的单数位是它们
就可以了!我填的是AB(空格)CDEA!
再点“OK”,提示注册成功!
最后:
哪位高手可以告诉我它的注册码的加密算法???(请写的越详细越好)
- 标 题:《 ACDSEE 2.3 》的另类注册码破解 高手请看最后的问题(谢了)!!! (5千字)
- 作 者:RATARICE[BCG]
- 时 间:2001-5-26 16:38:33
- 链 接:http://bbs.pediy.com