菜鸟破解录自之 Dialup Constructor
软件名称: Dialup Constructor
软件版本: 3.70
软件大小: 1914KB
软件授权: 共享软件
使用平台: Win95/98/NT
发布公司: http://www.grv.com.au/
软件简介: 这个工具软件,你可以在一个窗口下完成如DUN、TCP/IP、Modem等的设置;并且可以对你所用的IE或网景浏览器进行起始页设置;设置MSOutlookExpress和MSMailandNews。可以说和网络有关的所有设置都可以用这个软件来完成。它也支持代理服务器,它内置拨号器,你直接可以用它来拨号上网。
作 者:xiA Qin
级 别:很菜....很菜.....
解密日前:2000年9月11日
解密工具:Trw2000 1.22
说 明:
本文是在我的软件破解记录上整理出来的。如若有纰漏,请各位大侠多指教!
首先运行程序,输入注册信息。
Code Entry No:315788015 //软件自动生成的
Code Entry Key:833632 //软件自动生成的
Licence No:1234567890
Licenced To:Chinese xia
Organisation:[CCG]
................................
015F:0040B24D MOV EAX,[0044A61C]
015F:0040B252 PUSH DWORD 0044A50C
015F:0040B257 PUSH BYTE +09
015F:0040B259 PUSH EAX
015F:0040B25A CALL `DCV3!_pp_getvarnum@12`
015F:0040B25F MOV ECX,[0044A61C]
015F:0040B265 PUSH DWORD 0044A440
015F:0040B26A PUSH BYTE +0A
015F:0040B26C PUSH ECX
015F:0040B26D CALL `DCV3!_pp_getvarnum@12`
015F:0040B272 MOV EDX,[0044A440]
//? EDX Code key 16进制
015F:0040B278 MOV EAX,[0044A50C]
//? EAX Code No 16进制
015F:0040B27D MOV ECX,[0044A768]
//? ECX 输入的注册码 16进制
015F:0040B283 PUSH DWORD 000F4EBE
015F:0040B288 PUSH EDX
015F:0040B289 PUSH EAX
015F:0040B28A PUSH ECX
015F:0040B28B CALL `DCV3!_pp_tcode@16` //按F8进入。
015F:0040B290 DEC EAX
015F:0040B291 JZ 0040B2B2
015F:0040B293 PUSH BYTE +00
015F:0040B295 PUSH DWORD 004437B0
015F:0040B29A PUSH DWORD 00443780
015F:0040B29F PUSH ESI
015F:0040B2A0 CALL `USER32!MessageBoxA` //注册失败对话框。
015F:0040B2A6 XOR EAX,EAX
015F:0040B2A8 POP ESI
015F:0040B2A9 MOV [0044A7A0],EAX
015F:0040B2AE ADD ESP,BYTE +68
015F:0040B2B1 RET
。。。。。。。。。。。。。。。。。。。
按F8进入0040B28B CALL `DCV3!_pp_tcode@16`
015F:0041E965 PUSH EBP
015F:0041E966 MOV EDX,[ESP+10]
015F:0041E96A MOV EBP,ESP
015F:0041E96C PUSH ESI
015F:0041E96D PUSH EDI
015F:0041E96E ADD DWORD [EBP+14],BYTE +34
015F:0041E972 CMP EDX,BYTE +01
015F:0041E975 JNL 0041E97C
015F:0041E977 MOV EDX,01
015F:0041E97C MOV EDI,[EBP+0C]
//将Code No移入寄存器EDI
015F:0041E97F MOV ECX,EDI
//移入ECX
015F:0041E981 MOV EAX,EDI
//移入EAX
015F:0041E983 AND ECX,1F00
//ECX=ECX AND 1F00
015F:0041E989 AND EAX,0007E000
//EAX=EAX AND 7E000
015F:0041E98E SHR ECX,08
//ECX逻辑右移08
015F:0041E991 IMUL ECX,ECX,F3
//ECX=ECX*F3
015F:0041E997 SHR EAX,0D
//EAX逻辑右移0D
015F:0041E99A ADD EAX,07BC
//EAX=EAX+7BC
015F:0041E99F IMUL EAX,EAX,BYTE +44 //EAX=EAX*44
015F:0041E9A2 ADD ECX,EAX
//ECX=ECX+EAX
015F:0041E9A4 MOV EAX,EDI
//将EDI移入寄存器EAX
015F:0041E9A6 AND EAX,00780000
//EAX=EAX AND 780000
015F:0041E9AB SHR EAX,13
//EAX逻辑右移19
015F:0041E9AE IMUL EAX,EAX,0108 //EAX=EAX*108
015F:0041E9B4 LEA ESI,[ECX+EAX] //ESI=ECX+EAX
015F:0041E9B7 MOV ECX,EDI
//将EDI移入寄存器ECX
015F:0041E9B9 AND ECX,7F800000
//ECX=ECX*7F800000
015F:0041E9BF AND EDI,FF
//EDI=EDI AND FF
015F:0041E9C5 SHR ECX,0F
//ECX逻辑右移16
015F:0041E9C8 MOV EAX,[EBP+14]
//[EBP+14]移入寄存器EAX
015F:0041E9CB IMUL EAX,EAX,BYTE +07 //EAX=EAX*07
015F:0041E9CE ADD ECX,EDI
//ECX=ECX+EDI
015F:0041E9D0 IMUL ECX,ECX,BYTE +03 //ECX=ECX*03
015F:0041E9D3 ADD ECX,EAX
//ECX=ECX+EAX
015F:0041E9D5 MOV EAX,01
//01移入寄存器EAX
015F:0041E9DA LEA ECX,[ECX+EDX*2] //ECX=ECX+EDX*2
015F:0041E9DD MOV EDX,ESI
//将esi移入edx
015F:0041E9DF IMUL EDX,EDX,BYTE +1F //EDX=EDX*1F
015F:0041E9E2 ADD EDX,ECX
//EDX=EDX ADD ECX
015F:0041E9E4 LEA ECX,[ESI*2+00] //ECX=ESI*2
015F:0041E9EB MOV ESI,EDX
//EDX移入ESI
015F:0041E9ED AND ESI,7FFFFFFF
015F:0041E9F3 CMP ESI,[EBP+08] //真假注册码比较。?
[EBP+08]是输入的注册吗。
015F:0041E9F6 JZ 0041EA02
? ESI是正确的注册码。
015F:0041E9F8 ADD EDX,ECX
015F:0041E9FA INC EAX
015F:0041E9FB CMP EAX,BYTE +32 //有50个注册码?!?@#
015F:0041E9FE JNG 0041E9EB
015F:0041EA00 XOR EAX,EAX
015F:0041EA02 POP EDI
015F:0041EA03 POP ESI
015F:0041EA04 POP EBP
015F:0041EA05 RET 10
.....................................
根据以上分析,我们就可以推出程序注册计算公式,如下:
假设:Code No=A1、Code key=B1
{[(A1 AND 1F00) SHR 08]*F3+{[(A1 AND 7E000) SHR D]+7BC}*44}+{[(A1 AND 780000)
SHR 13]*108}=B
[((A1 AND 7F800000) SHR 16)+(A1 AND FF)]*3+[F4EF2*07]+B1*2=C
B*1F+C=D
将D转换成10进制,就是正确的注册码。
举例说明:
Code No=315788015
Code key=833632
{[(315788015 AND 1F00) SHR 08]*F3+{[(315788015 AND 7E000) SHR D]+7BC}*44}+{[(315788015
AND 780000) SHR 13]*108}
={(A00 SHR 08)*F3+[(28000 SHR D)+7BC]*44}+[(500000 SHR 13)*108]
=A*f3+(14+7BC)*44+(A*108)
=97E+7D0*44+A50
=97E+21340+A50
=2270E
[((315788015 AND 7F800000) SHR 16)+(315788015 AND FF)]*3+[F4EF2*07]+833632*2
=[(12800000 SHR 16)+EF]*3+6B9A6B+1970C0
=(2500+EF)*3+850B2B
=25EF*3+850B2B
=42BAB2
2270E*1F+42BAB2=C7C5DD
C7C5DD转换成10进制是13092317
整理一下:(注册码与注册名和注册组织无关!!)
Code Entry No:315788015 //软件自动生成的
Code Entry Key:833632 //软件自动生成的
Licence No:13092317
Licenced To:xiA Qin
Organisation:[CCG]
- 标 题:菜鸟破解录自之 Dialup Constructor 及算法分析 (6千字)
- 作 者:xiA Qin
- 时 间:2000-9-11 11:34:55
- 链 接:http://bbs.pediy.com