【破解作者】 小子贼野
【作者主页】 http://mayday.unpack.cn/
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 Power MP3 Cutter Joiner
【下载地址】 http://www.onlinedown.net/soft/45212.htm
【软件简介】 顾名思义就是 MP3 分割与组合软件, 它简单易用, 除了 MP3 以外, 还支持 WAV, WMA 及 OGG 格式音乐文件的分割与合成.
【加壳方式】 没壳,哈哈,幸运
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
0049B8C2 |. 55 PUSH EBP
0049B8C3 |. 68 B5BA4900 PUSH mp3cutte.0049BAB5
0049B8C8 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0049B8CB |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0049B8CE |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0049B8D1 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
0049B8D7 |. E8 285BFAFF CALL mp3cutte.00441404
0049B8DC |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0049B8DF |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4]
0049B8E2 |. E8 B9D2F6FF CALL mp3cutte.00408BA0
0049B8E7 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10]
0049B8EA |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0049B8ED |. E8 E2D2F6FF CALL mp3cutte.00408BD4
0049B8F2 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10]
0049B8F5 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0049B8F8 |. E8 B38DF6FF CALL mp3cutte.004046B0
0049B8FD |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14]
0049B900 |. 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC]
0049B906 |. E8 F95AFAFF CALL mp3cutte.00441404
0049B90B |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
0049B90E |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
0049B911 |. E8 8AD2F6FF CALL mp3cutte.00408BA0
0049B916 |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
0049B919 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0049B91C |. E8 B3D2F6FF CALL mp3cutte.00408BD4
0049B921 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18]
0049B924 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0049B927 |. E8 848DF6FF CALL mp3cutte.004046B0
0049B92C |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0049B930 |. 0F84 44010000 JE mp3cutte.0049BA7A ; 比较用户名有没有填
0049B936 |. 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
0049B93A |. 0F84 3A010000 JE mp3cutte.0049BA7A ; 比较注册码有没有填
0049B940 |. B3 01 MOV BL,1
0049B942 |. BF 32000000 MOV EDI,32
0049B947 |. BE 34084B00 MOV ESI,mp3cutte.004B0834 ; jagd38-jowbn3k
0049B94C |> 8B45 FC /MOV EAX,DWORD PTR SS:[EBP-4]
0049B94F |. 8B16 |MOV EDX,DWORD PTR DS:[ESI]
0049B951 |. E8 BE90F6FF |CALL mp3cutte.00404A14
0049B956 |. 75 04 |JNZ SHORT mp3cutte.0049B95C ; 这里是比较是不是预设的用户名,不是就挂喽
0049B958 |. 33DB |XOR EBX,EBX
0049B95A |. EB 06 |JMP SHORT mp3cutte.0049B962 ; 跳过循环
0049B95C |> 83C6 04 |ADD ESI,4
0049B95F |. 4F |DEC EDI
0049B960 |.^ 75 EA \JNZ SHORT mp3cutte.0049B94C
0049B962 |> 84DB TEST BL,BL
0049B964 |. 74 1A JE SHORT mp3cutte.0049B980 ; 上面的用户名如果不对的话,这里就不跳,也就是说我们如果想注册必须让他Go
0049B966 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0049B968 |. 66:8B0D C4BA4>MOV CX,WORD PTR DS:[49BAC4] ; |
0049B96F |. B2 02 MOV DL,2 ; |
0049B971 |. B8 D0BA4900 MOV EAX,mp3cutte.0049BAD0 ; |invalid register code! please retry!
0049B976 |. E8 75F1F9FF CALL mp3cutte.0043AAF0 ; \mp3cutte.0043AAF0
0049B97B |. E9 FA000000 JMP mp3cutte.0049BA7A
0049B980 |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0049B983 |. E8 488FF6FF CALL mp3cutte.004048D0
0049B988 |. 85C0 TEST EAX,EAX
0049B98A |. 7E 38 JLE SHORT mp3cutte.0049B9C4 ; 测试假码
0049B98C |. BA 01000000 MOV EDX,1 ; EDX=1
0049B991 |> 8B4D F8 /MOV ECX,DWORD PTR SS:[EBP-8]
0049B994 |. 0FB64C11 FF |MOVZX ECX,BYTE PTR DS:[ECX+EDX-1]
0049B999 |. 83F9 30 |CMP ECX,30
0049B99C |. 7C 08 |JL SHORT mp3cutte.0049B9A6
0049B99E |. 8B5D F8 |MOV EBX,DWORD PTR SS:[EBP-8]
0049B9A1 |. 83F9 39 |CMP ECX,39
0049B9A4 |. 7E 1A |JLE SHORT mp3cutte.0049B9C0 ; 假码必须是数字,不然就挂
0049B9A6 |> 6A 00 |PUSH 0 ; /Arg1 = 00000000
0049B9A8 |. 66:8B0D C4BA4>|MOV CX,WORD PTR DS:[49BAC4] ; |
0049B9AF |. B2 02 |MOV DL,2 ; |
0049B9B1 |. B8 D0BA4900 |MOV EAX,mp3cutte.0049BAD0 ; |Invalid register code! Please retry!
0049B9B6 |. E8 35F1F9FF |CALL mp3cutte.0043AAF0 ; \mp3cutte.0043AAF0
0049B9BB |. E9 BA000000 |JMP mp3cutte.0049BA7A
0049B9C0 |> 42 |INC EDX ; 计数器加一
0049B9C1 |. 48 |DEC EAX ; 位数减一
0049B9C2 |.^ 75 CD \JNZ SHORT mp3cutte.0049B991 ; 以上循环是比较注册码是不是数字,不是就Game Over了
0049B9C4 |> 33F6 XOR ESI,ESI
0049B9C6 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0049B9C9 |. E8 028FF6FF CALL mp3cutte.004048D0
0049B9CE |. 85C0 TEST EAX,EAX
0049B9D0 |. 7E 13 JLE SHORT mp3cutte.0049B9E5
0049B9D2 |. BF 01000000 MOV EDI,1 ; EDI=1
0049B9D7 |> 8B55 FC /MOV EDX,DWORD PTR SS:[EBP-4]
0049B9DA |. 0FB6543A FF |MOVZX EDX,BYTE PTR DS:[EDX+EDI-1]
0049B9DF |. 03F2 |ADD ESI,EDX
0049B9E1 |. 47 |INC EDI ; 计数器加一
0049B9E2 |. 48 |DEC EAX ; 位数减一
0049B9E3 |.^ 75 F2 \JNZ SHORT mp3cutte.0049B9D7 ; 以上循环是逐一取用户名Ascii
0049B9E5 |> 69C6 55E70B00 IMUL EAX,ESI,0BE755 ; 结果与0BE755相乘
0049B9EB |. 05 970F0C00 ADD EAX,0C0F97 ; 再加上0C0F97
0049B9F0 |. D1F8 SAR EAX,1 ; 右移一位,相当于除以2
0049B9F2 |. 79 03 JNS SHORT mp3cutte.0049B9F7
0049B9F4 |. 83D0 00 ADC EAX,0
0049B9F7 |> 05 E3FFA204 ADD EAX,4A2FFE3 ; 再加上4A2FFE3
0049B9FC |. 8BF0 MOV ESI,EAX ; 结果给ESI
0049B9FE |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; EAX=我们输入的假码
0049BA01 |. E8 CAD2F6FF CALL mp3cutte.00408CD0
0049BA06 |. 3BF0 CMP ESI,EAX ; 比较,可做内存注册机
0049BA08 |. 75 5B JNZ SHORT mp3cutte.0049BA65 ; 不想等就挂了,可爆破
0049BA0A |. 6A 00 PUSH 0 ; /Arg1 = 00000000
0049BA0C |. 66:8B0D C4BA4>MOV CX,WORD PTR DS:[49BAC4] ; |
0049BA13 |. B2 02 MOV DL,2 ; |
0049BA15 |. B8 00BB4900 MOV EAX,mp3cutte.0049BB00 ; |Congratulation! You have successfully registered!
0049BA1A |. E8 D1F0F9FF CALL mp3cutte.0043AAF0 ; \mp3cutte.0043AAF0
0049BA1F |. A1 6C0C4B00 MOV EAX,DWORD PTR DS:[4B0C6C]
0049BA24 |. C600 01 MOV BYTE PTR DS:[EAX],1
0049BA27 |. 6A 01 PUSH 1
0049BA29 |. A1 200B4B00 MOV EAX,DWORD PTR DS:[4B0B20]
0049BA2E |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0049BA30 |. B9 3CBB4900 MOV ECX,mp3cutte.0049BB3C ; mp3cutter
0049BA35 |. BA 50BB4900 MOV EDX,mp3cutte.0049BB50 ; basic
0049BA3A |. 8B18 MOV EBX,DWORD PTR DS:[EAX]
0049BA3C |. FF53 14 CALL DWORD PTR DS:[EBX+14]
0049BA3F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0049BA42 |. 50 PUSH EAX
0049BA43 |. A1 200B4B00 MOV EAX,DWORD PTR DS:[4B0B20]
0049BA48 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
0049BA4A |. B9 60BB4900 MOV ECX,mp3cutte.0049BB60 ; mp3cutter1
0049BA4F |. BA 50BB4900 MOV EDX,mp3cutte.0049BB50 ; basic
0049BA54 |. 8B18 MOV EBX,DWORD PTR DS:[EAX]
0049BA56 |. FF53 04 CALL DWORD PTR DS:[EBX+4]
0049BA59 |. A1 F81D4B00 MOV EAX,DWORD PTR DS:[4B1DF8]
0049BA5E |. E8 C521FCFF CALL mp3cutte.0045DC28
0049BA63 |. EB 15 JMP SHORT mp3cutte.0049BA7A
0049BA65 |> 6A 00 PUSH 0 ; /Arg1 = 00000000
0049BA67 |. 66:8B0D C4BA4>MOV CX,WORD PTR DS:[49BAC4] ; |
0049BA6E |. B2 02 MOV DL,2 ; |
0049BA70 |. B8 D0BA4900 MOV EAX,mp3cutte.0049BAD0 ; |Invalid register code! Please retry!
0049BA75 |. E8 76F0F9FF CALL mp3cutte.0043AAF0 ; \mp3cutte.0043AAF0
0049BA7A |> 33C0 XOR EAX,EAX
0049BA7C |. 5A POP EDX
0049BA7D |. 59 POP ECX
0049BA7E |. 59 POP ECX
0049BA7F |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0049BA82 |. 68 BCBA4900 PUSH mp3cutte.0049BABC
0049BA87 |> 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
0049BA8A |. E8 898BF6FF CALL mp3cutte.00404618
0049BA8F |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
0049BA92 |. E8 818BF6FF CALL mp3cutte.00404618
0049BA97 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0049BA9A |. E8 798BF6FF CALL mp3cutte.00404618
0049BA9F |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
0049BAA2 |. E8 718BF6FF CALL mp3cutte.00404618
0049BAA7 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0049BAAA |. BA 02000000 MOV EDX,2
0049BAAF |. E8 888BF6FF CALL mp3cutte.0040463C
0049BAB4 \. C3 RETN
0049BAB5 .^ E9 E284F6FF JMP mp3cutte.00403F9C
0049BABA .^ EB CB JMP SHORT mp3cutte.0049BA87
0049BABC . 5F POP EDI
0049BABD . 5E POP ESI
0049BABE . 5B POP EBX
0049BABF . 8BE5 MOV ESP,EBP
0049BAC1 . 5D POP EBP
0049BAC2 . C3 RETN
--------------------------------------------------------------------------------
【算法总结】 逐一取用户名的Ascii,乘以BE755,加上C0F97,然后整除以2,再加上4A2FFE3就是注册码了
这个软件必须是作者预设的用户名,不是是不行的,所以我们要把0049B956改为Jmp,算法不变,呵呵
JAGD38-jowBN3K KOB82j-ncVBN8k VXV96J-WU76yw BNCE8H-Pmx87by CXZ93z-nbBP93Y BOXLR6-8hvg8C HGSOhox-bnr29h
YWT6682-hoa46I 这是这个软件所预设的用户名,还有很多,我就不列出来了,如果大家要注册,就用这几个就可以了
--------------------------------------------------------------------------------
【Delphi算法注册机源码】
procedure TForm1.Button1Click(Sender: TObject);
var
a:string;
b,i:integer;
begin
a:=edit1.text;
b:=0;
for i:=1 to length(a) do
b:=b+ord(a[i]);
b:=b*$BE755;
b:=b+$C0F97;
b:=b div 2;
b:=b+$4A2FFE3;
edit2.text:=inttostr(b);
end;
end.
我比较懒,写成这样就算了,大家如果想做的比较完美的话,可以把定义一个49个元素的数组,假定数组
名为str(预设的用户名有49个),然后取0到49内的随机数,假定为sjs,然后赋值,然后让edit1的内容
等于str(sjs),这样就可以随机取那49个用户名了,然后再进行计算,就可以得到用户名了,因为比较麻
烦我就不写了,嘿嘿,给大家这个思路就可以了