【破文标题】ColorSchemer Studio 2.0算法分析
【破文作者】tianxj
【作者邮箱】tianxj_2007@126.com
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD,DeDe
【破解平台】Windows XP sp3
【软件名称】ColorSchemer Studio 2.0
【软件大小】2407KB
【软件语言】英文
【软件类别】国外软件/动画制作
【软件授权】共享版
【运行环境】Windows All
【更新时间】2009-3-10
【原版下载】http://www.onlinedown.net/soft/67358.htm
【保护方式】注册码
【软件简介】ColorSchemer Studio 是一个专业的配色程序,能以最简易、快速、直观的方式建立配色方案。是图像、网页等相关设计领域最便利的工具软件。主要功能如下:
-创建保存调色板
-定义各种调和色
-通过联网可以获得更多定制颜色
-创建基于图片调色板
-创建自定义实时展示的配色公式
-通过内建方案转换单色到完全色
-合成颜色并创建渐变混合
-通过变体调色板来查找近似或相关颜色
-即时预览配色方案在网页布局中的实际应用效果
-RGB 和 CMYK 颜色模式快速切换
-模拟色盲颜色显示
-方便的颜色方案输出打印
-强大的导入导出功能,兼容各类热门图形图像软件以及格式等等
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、对ColorSchemer Studio.exe查壳为Borland Delphi 6.0 - 7.0
**************************************************************
二、用搜索字符串就可以快速到达关键部位
0053506C . 55 push ebp 0053506D . 8BEC mov ebp, esp 0053506F . B9 05000000 mov ecx, 5 00535074 > 6A 00 push 0 00535076 . 6A 00 push 0 00535078 . 49 dec ecx 00535079 .^ 75 F9 jnz short 00535074 0053507B . 53 push ebx 0053507C . 8BD8 mov ebx, eax 0053507E . 33C0 xor eax, eax 00535080 . 55 push ebp 00535081 . 68 4F525300 push 0053524F 00535086 . 64:FF30 push dword ptr fs:[eax] 00535089 . 64:8920 mov dword ptr fs:[eax], esp 0053508C . 8D55 F4 lea edx, dword ptr [ebp-C] 0053508F . 8B83 0C030000 mov eax, dword ptr [ebx+30C] 00535095 . E8 960EF2FF call 00455F30 0053509A . 8B45 F4 mov eax, dword ptr [ebp-C] ; //试炼码 0053509D . 8D55 F8 lea edx, dword ptr [ebp-8] 005350A0 . E8 933DEDFF call 00408E38 005350A5 . A0 5C525300 mov al, byte ptr [53525C] 005350AA . 50 push eax 005350AB . 8D45 F0 lea eax, dword ptr [ebp-10] 005350AE . 50 push eax 005350AF . 33C9 xor ecx, ecx 005350B1 . BA 68525300 mov edx, 00535268 ; - 005350B6 . 8B45 F8 mov eax, dword ptr [ebp-8] 005350B9 . E8 A293EDFF call 0040E460 ; //去掉试炼码中的"-" 005350BE . 8B55 F0 mov edx, dword ptr [ebp-10] ; //试炼码 005350C1 . 8D45 F8 lea eax, dword ptr [ebp-8] 005350C4 . E8 EFF3ECFF call 004044B8 005350C9 . 8D55 EC lea edx, dword ptr [ebp-14] 005350CC . 8B83 FC020000 mov eax, dword ptr [ebx+2FC] 005350D2 . E8 590EF2FF call 00455F30 005350D7 . 8B45 EC mov eax, dword ptr [ebp-14] ; //定单号 005350DA . E8 01F6ECFF call 004046E0 005350DF . 83F8 08 cmp eax, 8 005350E2 . 0F85 FC000000 jnz 005351E4 ; //定单号长度不是8则跳 005350E8 . 8D55 E4 lea edx, dword ptr [ebp-1C] 005350EB . 8B83 FC020000 mov eax, dword ptr [ebx+2FC] 005350F1 . E8 3A0EF2FF call 00455F30 005350F6 . 8B55 E4 mov edx, dword ptr [ebp-1C] ; //定单号 005350F9 . 8D4D E8 lea ecx, dword ptr [ebp-18] 005350FC . 8BC3 mov eax, ebx 005350FE . E8 A9020000 call 005353AC ; //算法CALL 00535103 . 8B45 E8 mov eax, dword ptr [ebp-18] ; //注册码 00535106 . 8B55 F8 mov edx, dword ptr [ebp-8] ; //试炼码 00535109 . E8 1EF7ECFF call 0040482C ; //比较CALL 0053510E . 0F85 D0000000 jnz 005351E4 ; //关键跳转 00535114 . B2 01 mov dl, 1 00535116 . A1 80C54300 mov eax, dword ptr [43C580] 0053511B . E8 6075F0FF call 0043C680 00535120 . 8945 FC mov dword ptr [ebp-4], eax 00535123 . 33C0 xor eax, eax 00535125 . 55 push ebp 00535126 . 68 DD515300 push 005351DD 0053512B . 64:FF30 push dword ptr fs:[eax] 0053512E . 64:8920 mov dword ptr fs:[eax], esp 00535131 . 33C9 xor ecx, ecx 00535133 . BA 74525300 mov edx, 00535274 ; \software\microsoft\icss2 00535138 . 8B45 FC mov eax, dword ptr [ebp-4] 0053513B . E8 4476F0FF call 0043C784 00535140 . 8D55 E0 lea edx, dword ptr [ebp-20] 00535143 . 8B83 FC020000 mov eax, dword ptr [ebx+2FC] 00535149 . E8 E20DF2FF call 00455F30 0053514E . 8B4D E0 mov ecx, dword ptr [ebp-20] 00535151 . BA 98525300 mov edx, 00535298 ; o 00535156 . 8B45 FC mov eax, dword ptr [ebp-4] 00535159 . E8 C277F0FF call 0043C920 0053515E . 8B4D F8 mov ecx, dword ptr [ebp-8] 00535161 . BA A4525300 mov edx, 005352A4 ; k 00535166 . 8B45 FC mov eax, dword ptr [ebp-4] 00535169 . E8 B277F0FF call 0043C920 0053516E . 6A 40 push 40 00535170 . B9 A8525300 mov ecx, 005352A8 ; registration complete 00535175 . BA C0525300 mov edx, 005352C0 ; thank you for registering colorschemer studio! your software is now fully functional. 0053517A . A1 90C35300 mov eax, dword ptr [53C390] 0053517F . 8B00 mov eax, dword ptr [eax] 00535181 . E8 0625F4FF call 0047768C 00535186 . 8D55 D8 lea edx, dword ptr [ebp-28] 00535189 . 8B83 FC020000 mov eax, dword ptr [ebx+2FC] 0053518F . E8 9C0DF2FF call 00455F30 00535194 . 8B4D D8 mov ecx, dword ptr [ebp-28] 00535197 . 8D45 DC lea eax, dword ptr [ebp-24] 0053519A . BA 20535300 mov edx, 00535320 ; order number: 0053519F . E8 88F5ECFF call 0040472C 005351A4 . 8B55 DC mov edx, dword ptr [ebp-24] 005351A7 . A1 94C05300 mov eax, dword ptr [53C094] 005351AC . 8B00 mov eax, dword ptr [eax] 005351AE . 8B80 04030000 mov eax, dword ptr [eax+304] 005351B4 . E8 A70DF2FF call 00455F60 005351B9 . C683 10030000>mov byte ptr [ebx+310], 1 005351C0 . 8BC3 mov eax, ebx 005351C2 . E8 A1EAF3FF call 00473C68 005351C7 . 33C0 xor eax, eax 005351C9 . 5A pop edx 005351CA . 59 pop ecx 005351CB . 59 pop ecx 005351CC . 64:8910 mov dword ptr fs:[eax], edx 005351CF . 68 FC515300 push 005351FC 005351D4 > 8D45 FC lea eax, dword ptr [ebp-4] 005351D7 . E8 1C99EDFF call 0040EAF8 005351DC . C3 retn 005351DD .^ E9 BEEAECFF jmp 00403CA0 005351E2 .^ EB F0 jmp short 005351D4 005351E4 > 6A 10 push 10 005351E6 . B9 30535300 mov ecx, 00535330 ; invalid license key 005351EB . BA 44535300 mov edx, 00535344 ; the license key you have provided is invalid. please recheck your order number and registration key. 005351F0 . A1 90C35300 mov eax, dword ptr [53C390] 005351F5 . 8B00 mov eax, dword ptr [eax] 005351F7 . E8 9024F4FF call 0047768C 005351FC . 33C0 xor eax, eax 005351FE . 5A pop edx 005351FF . 59 pop ecx 00535200 . 59 pop ecx 00535201 . 64:8910 mov dword ptr fs:[eax], edx 00535204 . 68 56525300 push 00535256 00535209 > 8D45 D8 lea eax, dword ptr [ebp-28] 0053520C . E8 0FF2ECFF call 00404420 00535211 . 8D45 DC lea eax, dword ptr [ebp-24] 00535214 . E8 07F2ECFF call 00404420 00535219 . 8D45 E0 lea eax, dword ptr [ebp-20] 0053521C . BA 02000000 mov edx, 2 00535221 . E8 1EF2ECFF call 00404444 00535226 . 8D45 E8 lea eax, dword ptr [ebp-18] 00535229 . E8 F2F1ECFF call 00404420 0053522E . 8D45 EC lea eax, dword ptr [ebp-14] 00535231 . E8 EAF1ECFF call 00404420 00535236 . 8D45 F0 lea eax, dword ptr [ebp-10] 00535239 . E8 E2F1ECFF call 00404420 0053523E . 8D45 F4 lea eax, dword ptr [ebp-C] 00535241 . E8 DAF1ECFF call 00404420 00535246 . 8D45 F8 lea eax, dword ptr [ebp-8] 00535249 . E8 D2F1ECFF call 00404420 0053524E . C3 retn 0053524F .^ E9 4CEAECFF jmp 00403CA0 00535254 .^ EB B3 jmp short 00535209 00535256 . 5B pop ebx 00535257 . 8BE5 mov esp, ebp 00535259 . 5D pop ebp 0053525A . C3 retn
跟进算法CALL
005353AC /$ 55 push ebp 005353AD |. 8BEC mov ebp, esp 005353AF |. 6A 00 push 0 005353B1 |. 6A 00 push 0 005353B3 |. 6A 00 push 0 005353B5 |. 6A 00 push 0 005353B7 |. 6A 00 push 0 005353B9 |. 6A 00 push 0 005353BB |. 6A 00 push 0 005353BD |. 6A 00 push 0 005353BF |. 53 push ebx 005353C0 |. 56 push esi 005353C1 |. 8BD9 mov ebx, ecx 005353C3 |. 8BF2 mov esi, edx 005353C5 |. 33C0 xor eax, eax 005353C7 |. 55 push ebp 005353C8 |. 68 7E545300 push 0053547E 005353CD |. 64:FF30 push dword ptr fs:[eax] 005353D0 |. 64:8920 mov dword ptr fs:[eax], esp 005353D3 |. 8D55 F8 lea edx, dword ptr [ebp-8] 005353D6 |. B8 94545300 mov eax, 00535494 ; css2 005353DB |. E8 E4A1F5FF call 0048F5C4 ; //将"CSS2"作标准MD5运算,取小写 005353E0 |. 8D45 F0 lea eax, dword ptr [ebp-10] 005353E3 |. 50 push eax 005353E4 |. B9 08000000 mov ecx, 8 005353E9 |. 33D2 xor edx, edx 005353EB |. 8BC6 mov eax, esi 005353ED |. E8 4EF5ECFF call 00404940 005353F2 |. 8B45 F0 mov eax, dword ptr [ebp-10] ; //定单号 005353F5 |. 8D55 F4 lea edx, dword ptr [ebp-C] 005353F8 |. E8 EB37EDFF call 00408BE8 005353FD |. 8B45 F4 mov eax, dword ptr [ebp-C] 00535400 |. 8D55 FC lea edx, dword ptr [ebp-4] 00535403 |. E8 BCA1F5FF call 0048F5C4 ; //将订单号作标准MD5运算,取小写 00535408 |. 8D45 E8 lea eax, dword ptr [ebp-18] 0053540B |. 8B4D F8 mov ecx, dword ptr [ebp-8] ; //"CSS2"MD5值小写 0053540E |. 8B55 FC mov edx, dword ptr [ebp-4] ; //订单号MD5值小写 00535411 |. E8 16F3ECFF call 0040472C ; //将两个字符串相连 00535416 |. 8B45 E8 mov eax, dword ptr [ebp-18] ; //相连字符串 00535419 |. 8D55 EC lea edx, dword ptr [ebp-14] 0053541C |. E8 A3A1F5FF call 0048F5C4 ; //取相连字符串的MD5值,小写 00535421 |. 8B45 EC mov eax, dword ptr [ebp-14] ; //相连字符串的MD5值小写 00535424 |. 8BD3 mov edx, ebx 00535426 |. E8 BD37EDFF call 00408BE8 ; //转大写 0053542B |. 8D55 E4 lea edx, dword ptr [ebp-1C] 0053542E |. 8B03 mov eax, dword ptr [ebx] ; //相连字符串的MD5值大写 00535430 |. E8 F73BF0FF call 0043902C ; //倒转 00535435 |. 8B55 E4 mov edx, dword ptr [ebp-1C] ; //相连字符串的MD5值大写倒转字符串 00535438 |. 8BC3 mov eax, ebx 0053543A |. E8 35F0ECFF call 00404474 0053543F |. 8D45 E0 lea eax, dword ptr [ebp-20] 00535442 |. 50 push eax 00535443 |. 8B03 mov eax, dword ptr [ebx] ; //相连字符串的MD5值大写倒转字符串 00535445 |. B9 10000000 mov ecx, 10 0053544A |. BA 01000000 mov edx, 1 0053544F |. E8 ECF4ECFF call 00404940 ; //取倒转字符串1-16位 00535454 |. 8B4D E0 mov ecx, dword ptr [ebp-20] ; //倒转字符串1-16位 00535457 |. 8BC3 mov eax, ebx 00535459 |. BA 94545300 mov edx, 00535494 ; css2 0053545E |. E8 C9F2ECFF call 0040472C ; //将"CSS2"与倒转字符串1-16位相连即得到注册码 00535463 |. 33C0 xor eax, eax 00535465 |. 5A pop edx 00535466 |. 59 pop ecx 00535467 |. 59 pop ecx 00535468 |. 64:8910 mov dword ptr fs:[eax], edx 0053546B |. 68 85545300 push 00535485 00535470 |> 8D45 E0 lea eax, dword ptr [ebp-20] 00535473 |. BA 08000000 mov edx, 8 00535478 |. E8 C7EFECFF call 00404444 0053547D \. C3 retn 0053547E .^ E9 1DE8ECFF jmp 00403CA0 00535483 .^ EB EB jmp short 00535470 00535485 . 5E pop esi 00535486 . 5B pop ebx 00535487 . 8BE5 mov esp, ebp 00535489 . 5D pop ebp 0053548A . C3 retn
【破解总结】
--------------------------------------------------------------
【算法总结】
以订单号"12345678"为例
1.订单号"12345678"必须为8位
2.分别求固定字符串"CSS2"的MD5值"92767d20ae2d6d175fdfcfc11d656a42"和订单号"12345678"的MD5值"25d55ad283aa400af464c76d713c07ad"
3.将上面两个字符串相连得到"25d55ad283aa400af464c76d713c07ad92767d20ae2d6d175fdfcfc11d656a42"
4.求相连字符串"25d55ad283aa400af464c76d713c07ad92767d20ae2d6d175fdfcfc11d656a42"的MD5值得"5a295f1ddfb79d0021a5936aae9d4c1a"
5.将"5a295f1ddfb79d0021a5936aae9d4c1a"转大写为"5A295F1DDFB79D0021A5936AAE9D4C1A",倒转后为"A1C4D9EAA6395A1200D97BFDD1F592A5"
6.取"A1C4D9EAA6395A1200D97BFDD1F592A5"的1-16位"A1C4D9EAA6395A12"与"CSS2"相连,得到注册码"CSS2A1C4D9EAA6395A12"
--------------------------------------------------------------
【算法注册机】
〖VB代码〗
Private Sub Command1_Click()
If Len(Text1.Text) <> 8 Then
Text2.Text = "输入有误,请重新输入!"
Else
Text2.Text = "CSS2" & Mid(StrReverse(UCase(MD5(LCase(MD5(Text1.Text)) & LCase(MD5("CSS2"))))), 1, 16)
End If
End Sub
--------------------------------------------------------------
【注册信息】
保存在[HKEY_CURRENT_USER\Software\Microsoft\ICSS2]
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!