前几天我发了帖子云可解深思3狗后,网友通过多种渠道表示想学习具体的方法。我今天还不会做正面回答,是基于以下原因:
1.紫竹版主还在用狗狗换光盘;另有一些人在解密换钱,对这一点我虽反对但表示理解,这也是我迟早会在合适时机公开的理由。
2.其实,我的内容也不出手册和紫竹之外。建议看手册3,6,9三章,要复制狗加看第8章,其实,要能复制的话,破解更简单,重写读狗程序即可!
3.crack讲究悟性,希望有人通过学习手册思考后,能对深思3狗有彻底的了解。
详细教程已写好,在恰当时候或版主无异议时定将公开,敬请关注本论坛。
当然,我发帖子不是为了教训大家,还是有好些春光会透露给大家的,真的就差拿个实例捅破最后一层纸了!我敢说我的方法是最好的!
1:找到读狗的程序,静态反编译要比动态跟踪视野开阔,容易找到关键点。
2:破解是针对应用程序的,关键点总在它,而不在狗!
3:不管是静态动态,若发现花指令,说明你在狗笼与狗共舞,出笼吧!这就是花指令的巨大作用!故此花指令清除器毫无作用,除非你能象小牧童那样清除狗驱动的无用指令,这文章也不必看,抱歉浪费您的宝贵时间。
4:告知无狗通常是应用程序的事,狗不知自己是狗!各位看官请看:
* Referenced by a CALL at Addresses:
|:1C1B2025 , :1C1B2064
|
:1C1B20C0 8B442404 mov eax, dword ptr [esp+04]
:1C1B20C4 81EC00040000 sub esp, 00000400
:1C1B20CA 6685C0 test ax, ax
:1C1B20CD 7509 jne 1C1B20D8
:1C1B20CF 32C0 xor al, al
:1C1B20D1 81C400040000 add esp, 00000400
:1C1B20D7 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C1B20CD(C)
|
:1C1B20D8 663D1000 cmp ax, 0010
:1C1B20DC 735F jnb 1C1B213D
:1C1B20DE A808 test al, 08
:1C1B20E0 7414 je 1C1B20F6
* Possible StringData Ref from Data Obj ->"写校验失败, 存储单元不能再有效地保存数据!"
|
:1C1B20E2 68BCF51D1C push 1C1DF5BC
:1C1B20E7 8D442404 lea eax, dword ptr [esp+04]
* Possible StringData Ref from Data Obj ->"操作虽然成功, 但有警告信息
%s"
|
:1C1B20EB 689CF51D1C push 1C1DF59C
:1C1B20F0 50 push eax
:1C1B20F1 E9D0000000 jmp 1C1B21C6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C1B20E0(C)
|
:1C1B20F6 A804 test al, 04
:1C1B20F8 740F je 1C1B2109
* Possible StringData Ref from Data Obj ->"发生了双写, 第二个写操作无效!"
|
:1C1B20FA 687CF51D1C push 1C1DF57C
* Possible StringData Ref from Data Obj ->"操作虽然成功, 但有警告信息
%s"
|
:1C1B20FF 689CF51D1C push 1C1DF59C
:1C1B2104 E9B8000000 jmp 1C1B21C1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C1B20F8(C)
|
:1C1B2109 A802 test al, 02
:1C1B210B 7414 je 1C1B2121
* Possible StringData Ref from Data Obj ->"访问数据区越界!"
|
:1C1B210D 686CF51D1C push 1C1DF56C
:1C1B2112 8D542404 lea edx, dword ptr [esp+04]
* Possible StringData Ref from Data Obj ->"操作虽然成功, 但有警告信息
%s"
|
:1C1B2116 689CF51D1C push 1C1DF59C
:1C1B211B 52 push edx
:1C1B211C E9A5000000 jmp 1C1B21C6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C1B210B(C)
|
:1C1B2121 A801 test al, 01
:1C1B2123 0F84A5000000 je 1C1B21CE
* Possible StringData Ref from Data Obj ->"程序运行越界!"
|
:1C1B2129 685CF51D1C push 1C1DF55C
:1C1B212E 8D442404 lea eax, dword ptr [esp+04]
* Possible StringData Ref from Data Obj ->"操作虽然成功, 但有警告信息
%s"
|
:1C1B2132 689CF51D1C push 1C1DF59C
:1C1B2137 50 push eax
:1C1B2138 E989000000 jmp 1C1B21C6
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C1B20DC(C)
|
:1C1B213D 25FFFF0000 and eax, 0000FFFF
:1C1B2142 8D4880 lea ecx, dword ptr [eax-80]
:1C1B2145 83F90B cmp ecx, 0000000B
:1C1B2148 0F8780000000 ja 1C1B21CE
:1C1B214E FF248DEC211B1C jmp dword ptr [4*ecx+1C1B21EC]
:1C1B2155 50 push eax
* Possible StringData Ref from Data Obj ->"错误代码[%d]
没有找到加密锁, "
->"请检查硬件连接!"
|
:1C1B2156 682CF51D1C push 1C1DF52C
:1C1B215B EB64 jmp 1C1B21C1
:1C1B215D 50 push eax
:1C1B215E 8D542404 lea edx, dword ptr [esp+04]
* Possible StringData Ref from Data Obj ->"错误代码[%d]
口令校验超时!"
|
:1C1B2162 6810F51D1C push 1C1DF510
:1C1B2167 52 push edx
:1C1B2168 EB5C jmp 1C1B21C6
:1C1B216A 50 push eax
:1C1B216B 8D442404 lea eax, dword ptr [esp+04]
* Possible StringData Ref from Data Obj ->"错误代码[%d]
口令错误, 请检查口令输入是否正确"
->"!"
|
:1C1B216F 68E0F41D1C push 1C1DF4E0
:1C1B2174 50 push eax
:1C1B2175 EB4F jmp 1C1B21C6
:1C1B2177 50 push eax
* Possible StringData Ref from Data Obj ->"错误代码[%d]
应用级, 锁内程序运行超时!"
|
:1C1B2178 68B8F41D1C push 1C1DF4B8
:1C1B217D EB42 jmp 1C1B21C1
:1C1B217F 50 push eax
:1C1B2180 8D542404 lea edx, dword ptr [esp+04]
* Possible StringData Ref from Data Obj ->"错误代码[%d]
加密锁内部处理失败!"
|
:1C1B2184 6894F41D1C push 1C1DF494
:1C1B2189 52 push edx
:1C1B218A EB3A jmp 1C1B21C6
:1C1B218C 50 push eax
:1C1B218D 8D442404 lea eax, dword ptr [esp+04]
* Possible StringData Ref from Data Obj ->"错误代码[%d]
应用级, 锁内程序写操作超时!"
|
:1C1B2191 6868F41D1C push 1C1DF468
:1C1B2196 50 push eax
:1C1B2197 EB2D jmp 1C1B21C6
:1C1B2199 50 push eax
* Possible StringData Ref from Data Obj ->"错误代码[%d]
开发级, 校验设置结果失败!"
|
:1C1B219A 6840F41D1C push 1C1DF440
:1C1B219F EB20 jmp 1C1B21C1
:1C1B21A1 50 push eax
:1C1B21A2 8D542404 lea edx, dword ptr [esp+04]
* Possible StringData Ref from Data Obj ->"错误代码[%d]
开发级, 设置失败!"
|
:1C1B21A6 6820F41D1C push 1C1DF420
:1C1B21AB 52 push edx
:1C1B21AC EB18 jmp 1C1B21C6
:1C1B21AE 50 push eax
:1C1B21AF 8D442404 lea eax, dword ptr [esp+04]
* Possible StringData Ref from Data Obj ->"错误代码[%d]
需要先调用初始化函数!"
|
:1C1B21B3 68FCF31D1C push 1C1DF3FC
:1C1B21B8 50 push eax
:1C1B21B9 EB0B jmp 1C1B21C6
:1C1B21BB 50 push eax
* Possible StringData Ref from Data Obj ->"错误代码[%d]
WinNT系统中未进行设备安装!"
|
:1C1B21BC 68D0F31D1C push 1C1DF3D0
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:1C1B2104(U), :1C1B215B(U), :1C1B217D(U), :1C1B219F(U)
|
:1C1B21C1 8D4C2408 lea ecx, dword ptr [esp+08]
:1C1B21C5 51 push ecx
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:1C1B20F1(U), :1C1B211C(U), :1C1B2138(U), :1C1B2168(U), :1C1B2175(U)
|:1C1B218A(U), :1C1B2197(U), :1C1B21AC(U), :1C1B21B9(U)
|
* Reference To: MSVCRT.sprintf, Ord:02B2h
|
:1C1B21C6 E8B31C0000 Call 1C1B3E7E
:1C1B21CB 83C40C add esp, 0000000C
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:1C1B2123(C), :1C1B2148(C)
|
:1C1B21CE 6A00 push 00000000
:1C1B21D0 8D542404 lea edx, dword ptr [esp+04]
* Possible StringData Ref from Data Obj ->"操作软件锁错误"
|
:1C1B21D4 68C0F31D1C push 1C1DF3C0
:1C1B21D9 52 push edx
:1C1B21DA 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:1C1B21DC FF1584AA1F1C Call dword ptr [1C1FAA84]
:1C1B21E2 B001 mov al, 01
:1C1B21E4 81C400040000 add esp, 00000400
:1C1B21EA C3 ret
能读懂这段程序,离解它就不远了。
pts:
对crack的思索:
crack要求你了解程序流程并将其表达为高级语言,了解系统知识。若懂这些,深化一下,就能走上编程的正道了。况且,第4代的usb狗,据说内部可存入近万条c语言,可将程序的功能在狗内运行。当年的Unix V的源码也不过万条c语言。
看了这段程序,能说出sense3data这个数组结构在哪, 你就会了!
解sense3的关键,就在于找到sense3data结构和sense3(sense3data)函数!
紫竹说 呵呵,好。
如果你肯公布你的研究结果,我没有异议。正如你所说的,破解需要悟性,复制狗更是如此。我没有公布复制狗的过程,一是比较忙,没有时间写一个象样的教程,二是,复制狗,其中两个算法(变换和逆变换),是全凭自己去猜的,我和几个人讲过,可是人家不信,所以,我也就不愿意提这个事了。
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
热门文章 去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据
人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>