【破文标题】AVI MPEG WMV RM to MP3 Converter V1.8.2 算法分析
【破文作者】tianxj
【作者邮箱】tianxj_2007@126.com
【作者主页】WwW.ChiNaPYG.CoM
【破解工具】PEiD,OD, RSATool,Bigclc
【破解平台】D-Windows XP sp2
【软件名称】AVI MPEG WMV RM to MP3 Converter V1.8.2
【软件大小】2.39 M
【更新时间】2007-01-27
【软件类别】国外软件 / 音频转换
【软件语言】英文
【应用平台】Win9x/WinNT/Win2000/WinXP
【软件性质】共享(收费)软件
【原版下载】自己找一下
【保护方式】注册码
【软件简介】AVI MPEG WMV RM to MP3 Converter是一个强大的音频转换工具,可以将所有的视频和音频文件转换成MP3, WAV, WMA和OGG格式,支持AVI, MPEG, RM/RMVB, WMV/ASF, MOV的视频和音频格式。对于想从视频文件中抓取音频和想把RM格式转换成MP3/WAV格式的人来说,非常有用。还支持分割音频流,内建一个小的播放器,你可以在预听的时候设置开始和结束时间。用户界面非常友好易用
【破解声明】我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------
【破解内容】
--------------------------------------------------------------
**************************************************************
一、运行程序,进行注册,输入错误的注册信息进行检测,有提示信息
"Invalid user name or register code"
**************************************************************
二、用PEiD对AVI MPEG WMV RM to MP3 Converter.exe查壳,为 MoleBox V2.3X -> MoleStudio.com * Sign.By.fly [Overlay] *
**************************************************************
三、带壳调试,运行OD,打开AVI MPEG WMV RM to MP3 Converter.exe,用F12暂停后再查找字符串.
==============================================================
代码:
004245A0 64:A1 00000000 mov eax,dword ptr fs:[0] 004245A6 6A FF push -1 004245A8 68 113D4300 push AVI_MPEG.00433D11 004245AD 50 push eax 004245AE 64:8925 0000000>mov dword ptr fs:[0],esp 004245B5 81EC C8010000 sub esp,1C8 004245BB 33C0 xor eax,eax 004245BD 53 push ebx 004245BE 55 push ebp 004245BF 56 push esi 004245C0 57 push edi 004245C1 8BE9 mov ebp,ecx 004245C3 B9 10000000 mov ecx,10 004245C8 8D7C24 18 lea edi,dword ptr ss:[esp+18] 004245CC F3:AB rep stos dword ptr es:[edi] 004245CE B9 20000000 mov ecx,20 004245D3 8D7C24 58 lea edi,dword ptr ss:[esp+58] 004245D7 F3:AB rep stos dword ptr es:[edi] 004245D9 E8 92BB0000 call AVI_MPEG.00430170 ; jmp 到 004245DE 8B58 04 mov ebx,dword ptr ds:[eax+4] 004245E1 6A 01 push 1 004245E3 8BCD mov ecx,ebp 004245E5 E8 EABA0000 call AVI_MPEG.004300D4 ; jmp 到 004245EA 8D75 64 lea esi,dword ptr ss:[ebp+64] 004245ED 6A 0A push 0A 004245EF 8BCE mov ecx,esi 004245F1 E8 86BB0000 call AVI_MPEG.0043017C ; jmp 到 004245F6 6A 0D push 0D 004245F8 8BCE mov ecx,esi 004245FA E8 7DBB0000 call AVI_MPEG.0043017C ; jmp 到 004245FF 6A 09 push 9 00424601 8BCE mov ecx,esi 00424603 E8 74BB0000 call AVI_MPEG.0043017C ; jmp 到 00424608 6A 20 push 20 0042460A 8BCE mov ecx,esi 0042460C E8 6BBB0000 call AVI_MPEG.0043017C ; jmp 到 00424611 8B06 mov eax,dword ptr ds:[esi] ; //假码 00424613 8B4D 60 mov ecx,dword ptr ss:[ebp+60] ; //用户名 00424616 8D7D 60 lea edi,dword ptr ss:[ebp+60] 00424619 50 push eax 0042461A 51 push ecx 0042461B E8 15D6FDFF call AVI_MPEG.00401C35 ; //关键CALL 00424620 83C4 08 add esp,8 00424623 85C0 test eax,eax 00424625 75 2B jnz short AVI_MPEG.00424652 ; //关键跳转 00424627 6A 40 push 40 00424629 68 90044400 push AVI_MPEG.00440490 ; ASCII "Sorry" 0042462E 68 64044400 push AVI_MPEG.00440464 ; ASCII "Invalid user name or register code" 00424633 8BCD mov ecx,ebp 00424635 E8 3CBB0000 call AVI_MPEG.00430176 ; jmp 到 0042463A 68 E9030000 push 3E9 0042463F 8BCD mov ecx,ebp 00424641 E8 3EB90000 call AVI_MPEG.0042FF84 ; jmp 到 00424646 8BC8 mov ecx,eax 00424648 E8 A1B80000 call AVI_MPEG.0042FEEE ; jmp 到 0042464D E9 3D010000 jmp AVI_MPEG.0042478F 00424652 57 push edi 00424653 8D8B CC000000 lea ecx,dword ptr ds:[ebx+CC] 00424659 C783 C4000000 0>mov dword ptr ds:[ebx+C4],1 00424663 E8 44B50000 call AVI_MPEG.0042FBAC ; jmp 到 00424668 56 push esi 00424669 8D8B C8000000 lea ecx,dword ptr ds:[ebx+C8] 0042466F E8 38B50000 call AVI_MPEG.0042FBAC ; jmp 到 00424674 8B07 mov eax,dword ptr ds:[edi] 00424676 50 push eax 00424677 8D8424 DC000000 lea eax,dword ptr ss:[esp+DC] 0042467E 68 44064400 push AVI_MPEG.00440644 ; ASCII "Register successful! License to:%s. " 00424683 50 push eax 00424684 FF15 E0464400 call dword ptr ds:[4446E0] ; msvcrt.sprintf 0042468A 83C4 0C add esp,0C 0042468D 8D8C24 D8000000 lea ecx,dword ptr ss:[esp+D8] 00424694 6A 40 push 40 00424696 68 30044400 push AVI_MPEG.00440430 ; ASCII "Thank you" 0042469B 51 push ecx 0042469C 8BCD mov ecx,ebp 0042469E E8 D3BA0000 call AVI_MPEG.00430176 ; jmp 到 004246A3 8B3F mov edi,dword ptr ds:[edi] 004246A5 8D4C24 18 lea ecx,dword ptr ss:[esp+18] 004246A9 2BCF sub ecx,edi 004246AB 8A07 mov al,byte ptr ds:[edi] 004246AD 880439 mov byte ptr ds:[ecx+edi],al 004246B0 47 inc edi 004246B1 84C0 test al,al 004246B3 ^ 75 F6 jnz short AVI_MPEG.004246AB 004246B5 8B36 mov esi,dword ptr ds:[esi] 004246B7 8D4C24 58 lea ecx,dword ptr ss:[esp+58] 004246BB 2BCE sub ecx,esi 004246BD 8A06 mov al,byte ptr ds:[esi] 004246BF 880431 mov byte ptr ds:[ecx+esi],al 004246C2 46 inc esi 004246C3 84C0 test al,al 004246C5 ^ 75 F6 jnz short AVI_MPEG.004246BD 004246C7 8D4C24 10 lea ecx,dword ptr ss:[esp+10] 004246CB E8 10B40000 call AVI_MPEG.0042FAE0 ; jmp 到 004246D0 8D5424 14 lea edx,dword ptr ss:[esp+14] 004246D4 C78424 E0010000>mov dword ptr ss:[esp+1E0],0 004246DF 52 push edx 004246E0 E8 03DCFDFF call AVI_MPEG.004022E8 004246E5 83C4 04 add esp,4 004246E8 50 push eax 004246E9 8D4C24 14 lea ecx,dword ptr ss:[esp+14] 004246ED C68424 E4010000>mov byte ptr ss:[esp+1E4],1 004246F5 E8 B2B40000 call AVI_MPEG.0042FBAC ; jmp 到 004246FA 8D4C24 14 lea ecx,dword ptr ss:[esp+14] 004246FE C68424 E0010000>mov byte ptr ss:[esp+1E0],0 00424706 E8 C9B30000 call AVI_MPEG.0042FAD4 ; jmp 到 0042470B 8D4424 10 lea eax,dword ptr ss:[esp+10] 0042470F 68 24044400 push AVI_MPEG.00440424 ; ASCII "data.ini" 00424714 8D4C24 18 lea ecx,dword ptr ss:[esp+18] 00424718 50 push eax 00424719 51 push ecx 0042471A E8 39BA0000 call AVI_MPEG.00430158 ; jmp 到 0042471F 50 push eax 00424720 8D4C24 14 lea ecx,dword ptr ss:[esp+14] 00424724 C68424 E4010000>mov byte ptr ss:[esp+1E4],2 0042472C E8 7BB40000 call AVI_MPEG.0042FBAC ; jmp 到 00424731 8D4C24 14 lea ecx,dword ptr ss:[esp+14] 00424735 C68424 E0010000>mov byte ptr ss:[esp+1E0],0 0042473D E8 92B30000 call AVI_MPEG.0042FAD4 ; jmp 到 00424742 8B5424 10 mov edx,dword ptr ss:[esp+10] 00424746 8B35 1C3F4400 mov esi,dword ptr ds:[443F1C] ; kernel32.WritePrivateProfileStringA 0042474C 8D4424 18 lea eax,dword ptr ss:[esp+18] 00424750 52 push edx 00424751 50 push eax 00424752 68 18044400 push AVI_MPEG.00440418 ; ASCII "User name" 00424757 68 0C044400 push AVI_MPEG.0044040C ; ASCII "Register" 0042475C FFD6 call esi 0042475E 8B4C24 10 mov ecx,dword ptr ss:[esp+10] 00424762 8D5424 58 lea edx,dword ptr ss:[esp+58] 00424766 51 push ecx 00424767 52 push edx 00424768 68 F4034400 push AVI_MPEG.004403F4 ; ASCII "Registration code" 0042476D 68 0C044400 push AVI_MPEG.0044040C ; ASCII "Register" 00424772 FFD6 call esi 00424774 8D4C24 10 lea ecx,dword ptr ss:[esp+10] 00424778 C78424 E0010000>mov dword ptr ss:[esp+1E0],-1 00424783 E8 4CB30000 call AVI_MPEG.0042FAD4 ; jmp 到 00424788 8BCD mov ecx,ebp 0042478A E8 B3B70000 call AVI_MPEG.0042FF42 ; jmp 到 0042478F 8B8C24 D8010000 mov ecx,dword ptr ss:[esp+1D8] 00424796 5F pop edi 00424797 5E pop esi 00424798 5D pop ebp 00424799 5B pop ebx 0042479A 64:890D 0000000>mov dword ptr fs:[0],ecx 004247A1 81C4 D4010000 add esp,1D4 004247A7 C3 retn ============================================================== 00401C35 /E9 B6F50100 jmp AVI_MPEG.004211F0 ============================================================== 004211F0 6A FF push -1 004211F2 68 F9364300 push AVI_MPEG.004336F9 004211F7 64:A1 00000000 mov eax,dword ptr fs:[0] 004211FD 50 push eax 004211FE 64:8925 0000000>mov dword ptr fs:[0],esp 00421205 81EC 94000000 sub esp,94 0042120B 8B8424 A4000000 mov eax,dword ptr ss:[esp+A4] 00421212 53 push ebx 00421213 56 push esi 00421214 50 push eax 00421215 8D4C24 10 lea ecx,dword ptr ss:[esp+10] 00421219 C74424 60 E98BA>mov dword ptr ss:[esp+60],BBA18BE9 ; //| 00421221 C74424 64 A8410>mov dword ptr ss:[esp+64],BD0341A8 ; //| 00421229 C74424 68 46DDB>mov dword ptr ss:[esp+68],69BFDD46 ; //| 00421231 C74424 6C 868DE>mov dword ptr ss:[esp+6C],A6E08D86 ; //|这就是RSA中的n 00421239 C74424 70 83D06>mov dword ptr ss:[esp+70],0B69D083 ; //| 00421241 C74424 74 3017A>mov dword ptr ss:[esp+74],D0AD1730 ; //| 00421249 C74424 78 7F58A>mov dword ptr ss:[esp+78],E8AF587F ; //| 00421251 C74424 7C 1CF26>mov dword ptr ss:[esp+7C],AC68F21C ; //| 00421259 E8 C4EB0000 call AVI_MPEG.0042FE22 ; jmp 到 0042125E 8B8C24 B0000000 mov ecx,dword ptr ss:[esp+B0] ; //假码 00421265 C78424 A4000000>mov dword ptr ss:[esp+A4],0 00421270 51 push ecx 00421271 8D4C24 0C lea ecx,dword ptr ss:[esp+C] 00421275 E8 A8EB0000 call AVI_MPEG.0042FE22 ; jmp 到 0042127A 8B5424 0C mov edx,dword ptr ss:[esp+C] ; //用户名 0042127E 8B35 C0464400 mov esi,dword ptr ds:[4446C0] ; msvcrt._mbscmp 00421284 68 68214400 push AVI_MPEG.00442168 00421289 52 push edx 0042128A C68424 AC000000>mov byte ptr ss:[esp+AC],1 00421292 FFD6 call esi 00421294 83C4 08 add esp,8 00421297 85C0 test eax,eax 00421299 0F84 0F020000 je AVI_MPEG.004214AE ; //用户名为空则跳 0042129F 8B4424 08 mov eax,dword ptr ss:[esp+8] ; //假码 004212A3 68 68214400 push AVI_MPEG.00442168 004212A8 50 push eax 004212A9 FFD6 call esi 004212AB 83C4 08 add esp,8 004212AE 85C0 test eax,eax 004212B0 0F84 F8010000 je AVI_MPEG.004214AE ; //注册码为空则跳 004212B6 57 push edi 004212B7 6A 00 push 0 004212B9 8D4C24 44 lea ecx,dword ptr ss:[esp+44] 004212BD E8 2408FEFF call AVI_MPEG.00401AE6 004212C2 6A 00 push 0 004212C4 8D4C24 4C lea ecx,dword ptr ss:[esp+4C] 004212C8 C68424 AC000000>mov byte ptr ss:[esp+AC],2 004212D0 E8 1108FEFF call AVI_MPEG.00401AE6 004212D5 B3 03 mov bl,3 004212D7 68 01000100 push 10001 ; //RSA中的e=10001 004212DC 8D4C24 5C lea ecx,dword ptr ss:[esp+5C] 004212E0 889C24 AC000000 mov byte ptr ss:[esp+AC],bl 004212E7 E8 FA07FEFF call AVI_MPEG.00401AE6 004212EC 8D4C24 58 lea ecx,dword ptr ss:[esp+58] 004212F0 C68424 A8000000>mov byte ptr ss:[esp+A8],4 004212F8 51 push ecx 004212F9 8D4C24 4C lea ecx,dword ptr ss:[esp+4C] 004212FD E8 B90FFEFF call AVI_MPEG.004022BB 00421302 8D4C24 58 lea ecx,dword ptr ss:[esp+58] 00421306 889C24 A8000000 mov byte ptr ss:[esp+A8],bl 0042130D E8 AA0EFEFF call AVI_MPEG.004021BC 00421312 8D5424 60 lea edx,dword ptr ss:[esp+60] 00421316 6A 08 push 8 00421318 52 push edx 00421319 8D4C24 48 lea ecx,dword ptr ss:[esp+48] 0042131D E8 5409FEFF call AVI_MPEG.00401C76 00421322 B9 08000000 mov ecx,8 00421327 33C0 xor eax,eax 00421329 8D7C24 18 lea edi,dword ptr ss:[esp+18] 0042132D 8D5424 2C lea edx,dword ptr ss:[esp+2C] 00421331 F3:AB rep stos dword ptr es:[edi] 00421333 8D4424 34 lea eax,dword ptr ss:[esp+34] 00421337 8D4C24 30 lea ecx,dword ptr ss:[esp+30] 0042133B 50 push eax 0042133C 51 push ecx 0042133D 8D4424 30 lea eax,dword ptr ss:[esp+30] 00421341 52 push edx 00421342 8D4C24 30 lea ecx,dword ptr ss:[esp+30] 00421346 50 push eax 00421347 8D5424 30 lea edx,dword ptr ss:[esp+30] 0042134B 51 push ecx 0042134C 8D4424 30 lea eax,dword ptr ss:[esp+30] 00421350 52 push edx 00421351 8B5424 24 mov edx,dword ptr ss:[esp+24] ; //假码 00421355 8D4C24 30 lea ecx,dword ptr ss:[esp+30] 00421359 50 push eax 0042135A 51 push ecx 0042135B 68 88034400 push AVI_MPEG.00440388 ; ASCII "%08lX-%08lX-%08lX-%08lX-%08lX-%08lX-%08lX-%08lX" 00421360 52 push edx ; //注册码格式 00421361 FF15 E8464400 call dword ptr ds:[4446E8] ; msvcrt.sscanf 00421367 8B4424 4C mov eax,dword ptr ss:[esp+4C] ; //eax=sn4 0042136B 8B4C24 50 mov ecx,dword ptr ss:[esp+50] ; //ecx=sn5 0042136F 8B7C24 48 mov edi,dword ptr ss:[esp+48] ; //edi=sn3 00421373 8B5424 44 mov edx,dword ptr ss:[esp+44] ; //edx=sn2 00421377 03C8 add ecx,eax ; //ecx=sn5+sn4 00421379 8B4424 5C mov eax,dword ptr ss:[esp+5C] ; //eax=sn8 0042137D 03CF add ecx,edi ; //ecx=ecx+sn3 0042137F 8B7C24 58 mov edi,dword ptr ss:[esp+58] ; //edi=sn7 00421383 03CA add ecx,edx ; //ecx=ecx+sn2 00421385 8B5424 40 mov edx,dword ptr ss:[esp+40] ; //edx=sn1 00421389 33C1 xor eax,ecx ; //eax=eax xor ecx 0042138B 83C4 28 add esp,28 0042138E 894424 34 mov dword ptr ss:[esp+34],eax ; //sn8'=eax 00421392 8B4424 2C mov eax,dword ptr ss:[esp+2C] ; //eax=sn6 00421396 03C2 add eax,edx ; //eax=sn6+sn1 00421398 6A 00 push 0 0042139A 33F8 xor edi,eax ; //edi=sn7 xor eax 0042139C 8D4C24 3C lea ecx,dword ptr ss:[esp+3C] 004213A0 897C24 34 mov dword ptr ss:[esp+34],edi ; //sn7'=edi 004213A4 E8 3D07FEFF call AVI_MPEG.00401AE6 004213A9 8D4C24 18 lea ecx,dword ptr ss:[esp+18] 004213AD 6A 08 push 8 004213AF 51 push ecx 004213B0 8D4C24 40 lea ecx,dword ptr ss:[esp+40] 004213B4 C68424 B0000000>mov byte ptr ss:[esp+B0],5 004213BC E8 B508FEFF call AVI_MPEG.00401C76 004213C1 8D5424 38 lea edx,dword ptr ss:[esp+38] 004213C5 8D4424 50 lea eax,dword ptr ss:[esp+50] 004213C9 52 push edx 004213CA 50 push eax 004213CB 8D4C24 48 lea ecx,dword ptr ss:[esp+48] 004213CF E8 3F0CFEFF call AVI_MPEG.00402013 ; //RSA运算 004213D4 B9 08000000 mov ecx,8 004213D9 33C0 xor eax,eax 004213DB 8D7C24 18 lea edi,dword ptr ss:[esp+18] 004213DF 6A 08 push 8 004213E1 F3:AB rep stos dword ptr es:[edi] 004213E3 8D4C24 1C lea ecx,dword ptr ss:[esp+1C] 004213E7 C68424 AC000000>mov byte ptr ss:[esp+AC],6 004213EF 51 push ecx 004213F0 8D4C24 58 lea ecx,dword ptr ss:[esp+58] 004213F4 E8 6D0EFEFF call AVI_MPEG.00402266 ; //输出RSA运算结果 004213F9 B9 08000000 mov ecx,8 004213FE 33C0 xor eax,eax 00421400 8DBC24 80000000 lea edi,dword ptr ss:[esp+80] 00421407 F3:AB rep stos dword ptr es:[edi] 00421409 5F pop edi 0042140A 8A5404 17 mov dl,byte ptr ss:[esp+eax+17] 0042140E 8A4C04 16 mov cl,byte ptr ss:[esp+eax+16] 00421412 885404 7C mov byte ptr ss:[esp+eax+7C],dl 00421416 8B5404 14 mov edx,dword ptr ss:[esp+eax+14] 0042141A 884C04 7D mov byte ptr ss:[esp+eax+7D],cl 0042141E 8A4C04 14 mov cl,byte ptr ss:[esp+eax+14] 00421422 C1EA 08 shr edx,8 00421425 885404 7E mov byte ptr ss:[esp+eax+7E],dl 00421429 884C04 7F mov byte ptr ss:[esp+eax+7F],cl 0042142D 83C0 04 add eax,4 00421430 83F8 20 cmp eax,20 00421433 ^ 7C D5 jl short AVI_MPEG.0042140A ; //循环,对RSA运算结果倒转 00421435 8D5424 7C lea edx,dword ptr ss:[esp+7C] ; //倒转结果 00421439 8D4C24 10 lea ecx,dword ptr ss:[esp+10] 0042143D 52 push edx 0042143E E8 DFE90000 call AVI_MPEG.0042FE22 ; jmp 到 00421443 8B4424 10 mov eax,dword ptr ss:[esp+10] 00421447 8B4C24 0C mov ecx,dword ptr ss:[esp+C] 0042144B 50 push eax 0042144C 51 push ecx 0042144D FFD6 call esi ; //用户名与倒转结果比较 0042144F 83C4 08 add esp,8 00421452 8D4C24 10 lea ecx,dword ptr ss:[esp+10] 00421456 85C0 test eax,eax 00421458 C68424 A4000000>mov byte ptr ss:[esp+A4],6 00421460 0F84 86000000 je AVI_MPEG.004214EC ; //关键跳转 00421466 E8 69E60000 call AVI_MPEG.0042FAD4 ; jmp 到 0042146B 8D4C24 4C lea ecx,dword ptr ss:[esp+4C] 0042146F C68424 A4000000>mov byte ptr ss:[esp+A4],5 00421477 E8 400DFEFF call AVI_MPEG.004021BC 0042147C 8D4C24 34 lea ecx,dword ptr ss:[esp+34] 00421480 889C24 A4000000 mov byte ptr ss:[esp+A4],bl 00421487 E8 300DFEFF call AVI_MPEG.004021BC 0042148C 8D4C24 44 lea ecx,dword ptr ss:[esp+44] 00421490 C68424 A4000000>mov byte ptr ss:[esp+A4],8 00421498 E8 1F0DFEFF call AVI_MPEG.004021BC 0042149D 8D4C24 3C lea ecx,dword ptr ss:[esp+3C] 004214A1 C68424 A4000000>mov byte ptr ss:[esp+A4],1 004214A9 E8 0E0DFEFF call AVI_MPEG.004021BC 004214AE 8D4C24 08 lea ecx,dword ptr ss:[esp+8] 004214B2 C68424 A4000000>mov byte ptr ss:[esp+A4],0 004214BA E8 15E60000 call AVI_MPEG.0042FAD4 ; jmp 到 004214BF 8D4C24 0C lea ecx,dword ptr ss:[esp+C] 004214C3 C78424 A4000000>mov dword ptr ss:[esp+A4],-1 004214CE E8 01E60000 call AVI_MPEG.0042FAD4 ; jmp 到 004214D3 5E pop esi 004214D4 33C0 xor eax,eax 004214D6 5B pop ebx 004214D7 8B8C24 94000000 mov ecx,dword ptr ss:[esp+94] 004214DE 64:890D 0000000>mov dword ptr fs:[0],ecx 004214E5 81C4 A0000000 add esp,0A0 004214EB C3 retn 004214EC E8 E3E50000 call AVI_MPEG.0042FAD4 ; jmp 到 004214F1 8D4C24 4C lea ecx,dword ptr ss:[esp+4C] 004214F5 C68424 A4000000>mov byte ptr ss:[esp+A4],5 004214FD E8 BA0CFEFF call AVI_MPEG.004021BC 00421502 8D4C24 34 lea ecx,dword ptr ss:[esp+34] 00421506 889C24 A4000000 mov byte ptr ss:[esp+A4],bl 0042150D E8 AA0CFEFF call AVI_MPEG.004021BC 00421512 8D4C24 44 lea ecx,dword ptr ss:[esp+44] 00421516 C68424 A4000000>mov byte ptr ss:[esp+A4],9 0042151E E8 990CFEFF call AVI_MPEG.004021BC 00421523 8D4C24 3C lea ecx,dword ptr ss:[esp+3C] 00421527 C68424 A4000000>mov byte ptr ss:[esp+A4],1 0042152F E8 880CFEFF call AVI_MPEG.004021BC 00421534 8D4C24 08 lea ecx,dword ptr ss:[esp+8] 00421538 C68424 A4000000>mov byte ptr ss:[esp+A4],0 00421540 E8 8FE50000 call AVI_MPEG.0042FAD4 ; jmp 到 00421545 8D4C24 0C lea ecx,dword ptr ss:[esp+C] 00421549 C78424 A4000000>mov dword ptr ss:[esp+A4],-1 00421554 E8 7BE50000 call AVI_MPEG.0042FAD4 ; jmp 到 00421559 8B8C24 9C000000 mov ecx,dword ptr ss:[esp+9C] 00421560 5E pop esi 00421561 B8 01000000 mov eax,1 00421566 5B pop ebx 00421567 64:890D 0000000>mov dword ptr fs:[0],ecx 0042156E 81C4 A0000000 add esp,0A0 00421574 C3 retn
【破解总结】
--------------------------------------------------------------
【算法总结】
主要采用RSA算法
注册码形式如下:
11111111-22222222-33333333-44444444-55555555-66666663-77777777-88888888
sn1 sn2 sn3 sn4 sn5 sn6 sn7 sn8
运算过程中注册码作下面的变形
sn8' = (sn5 + sn4 + sn3 + sn2) xor sn8
sn7' = (sn1 + sn6) xor sn7
变形后的注册码
sn'=sn1-sn2-sn3-sn4-sn5-sn6-sn7'-sn8'
=======================================================
用RSATool计算RSA参数
n=p*q:
n:AC68F21CE8AF587FD0AD17300B69D083A6E08D8669BFDD46BD0341A8BBA18BE9
p:CDAAA985DD8FDC9397544BC5A4629CEF
q:D69AB2EA765881E2D17A8598A29D94A7
e:10001
d:46B6C49716D8D4739823665F4E4F18363ADB6C46A2AEC054B234CFD9B9FC741
=======================================================
举例说明:
用户名:tianxj,ASCII码为7469616E786A
则:X=786A00007469616E <------ m
Y=46B6C49716D8D4739823665F4E4F18363ADB6C46A2AEC054B234CFD9B9FC741 <------ d
Z=AC68F21CE8AF587FD0AD17300B69D083A6E08D8669BFDD46BD0341A8BBA18BE9 <------ n
用Bigclc“X^Y%Z”计算出C (基数选16)
C=1D212B983F5B1ED8F47BB13445AA974DD11DA613F6F1E77B8DD229B59C7C69E9
格式化"%08lX-%08lX-%08lX-%08lX-%08lX-%08lX-%08lX-%08lX"形式为
1D212B98-3F5B1ED8-F47BB134-45AA974D-D11DA613-F6F1E77B-8DD229B5-9C7C69E9
倒转9C7C69E9-8DD229B5-F6F1E77B-D11DA613-45AA974D-F47BB134-3F5B1ED8-1D212B98
计算:s7=(s6+s1) xor s7' =190F81B1D xor 3F5B1ED8 = 1AFA305C5
s8=(s5+s4+s3+s2) xor s8' =29B8C4E90 xor 1D212B98 = 286AD6508
注册码: 9C7C69E9-8DD229B5-F6F1E77B-D11DA613-45AA974D-F47BB134-AFA305C5-86AD6508
--------------------------------------------------------------
【注册信息】
用户名:tianxj
注册码:9C7C69E9-8DD229B5-F6F1E77B-D11DA613-45AA974D-F47BB134-AFA305C5-86AD6508
保存在安装目录下的data.ini文件里
--------------------------------------------------------------
感谢飘云老大、猫老大、Nisy老大以及很多前辈们的学习教程以及徐超等所有帮助过我的论坛兄弟姐妹们!谢谢
--------------------------------------------------------------
【版权声明】破文是学习的手记,兴趣是成功的源泉;本破文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
_/_/_/ _/ _/ _/_/_/
_/ _/ _/ _/ _/
_/_/_/ _/_/ _/_/_/_/
_/ _/ _/ _/
_/ _/ _/_/_/ _/ tianxj