十分多谢: PaulYoung 兄的帮助! 开始:......略略,来到这里(注册计算分析的地方):
* Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004B92D1(C) | :004B9297 8D45F0 lea eax, dword ptr [ebp-10] :004B929A 50 push eax :004B929B 8D55EC lea edx, dword ptr [ebp-14] :004B929E 8B45FC mov eax, dword ptr [ebp-04] :004B92A1 8B80F8020000 mov eax, dword ptr [eax+000002F8] :004B92A7 E868FBF8FF call 00448E14 :004B92AC 8B45EC mov eax, dword ptr [ebp-14] :004B92AF B901000000 mov ecx, 00000001 :004B92B4 8B55F8 mov edx, dword ptr [ebp-08] :004B92B7 E8A8B6F4FF call 00404964 /// 读硬件序列号 :004B92BC 8B45F0 mov eax, dword ptr [ebp-10] :004B92BF E840B6F4FF call 00404904 :004B92C4 8A00 mov al, byte ptr [eax] :004B92C6 25FF000000 and eax, 000000FF :004B92CB 03F0 add esi, eax /// 序列号的ASC码值累加=sum! :004B92CD FF45F8 inc [ebp-08] :004B92D0 4B dec ebx :004B92D1 75C4 jne 004B9297
* Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004B928E(C) | :004B92D3 8D55E8 lea edx, dword ptr [ebp-18] :004B92D6 8B45FC mov eax, dword ptr [ebp-04] :004B92D9 8B80FC020000 mov eax, dword ptr [eax+000002FC] :004B92DF E830FBF8FF call 00448E14 :004B92E4 8B45E8 mov eax, dword ptr [ebp-18] :004B92E7 50 push eax
* Possible StringData Ref from Data Obj ->"LL" //// 第一个注册码 | :004B92E8 6898934B00 push 004B9398 /// 固定值"L" :004B92ED 8D55E0 lea edx, dword ptr [ebp-20] :004B92F0 8D04B6 lea eax, dword ptr [esi+4*esi] //// esi=累加和,sum+4*sum :004B92F3 E89CF8F4FF call 00408B94 :004B92F8 FF75E0 push [ebp-20]
* Possible StringData Ref from Data Obj ->"WW" //// 第二个注册码 | :004B92FB 68A4934B00 push 004B93A4 /// 固定值"W" :004B9300 8D55DC lea edx, dword ptr [ebp-24] :004B9303 8BC6 mov eax, esi //// esi=累加和,=eax=sum :004B9305 C1E003 shl eax, 03 //// esi=sum, sum << 3 -sum :004B9308 2BC6 sub eax, esi //// :004B930A E885F8F4FF call 00408B94 :004B930F FF75DC push [ebp-24]
* Possible StringData Ref from Data Obj ->"JJ" //// 第三个注册码 | :004B9312 68B0934B00 push 004B93B0 /// 固定值"J" :004B9317 8D55D8 lea edx, dword ptr [ebp-28] :004B931A 8BC6 mov eax, esi //// esi=累加和,=eax=sum :004B931C C1E002 shl eax, 02 //// sum <<2 :004B931F E870F8F4FF call 00408B94 :004B9324 FF75D8 push [ebp-28]
* Possible StringData Ref from Data Obj ->"tx30" //// 第四个注册码 | :004B9327 68BC934B00 push 004B93BC /// 固定值"tx30" :004B932C 8D55D4 lea edx, dword ptr [ebp-2C] :004B932F 6BC60B imul eax, esi, 0000000B //// esi=sum,eax=sum * 0x0b :004B9332 E85DF8F4FF call 00408B94 :004B9337 FF75D4 push [ebp-2C] :004B933A 8D45E4 lea eax, dword ptr [ebp-1C] :004B933D BA08000000 mov edx, 00000008 :004B9342 E885B4F4FF call 004047CC ///进行合并 :004B9347 8B55E4 mov edx, dword ptr [ebp-1C] :004B934A 58 pop eax :004B934B E800B5F4FF call 00404850 //// 真假比较 :004B9350 7504 jne 004B9356 :004B9352 B301 mov bl, 01 :004B9354 EB02 jmp 004B9358
算法总结: 1、先用硬件序列号生成累加和(sum) 2、用累加和分别计算出注册码的四部份! 公式是:
第一部份:sum+4*sum 第二部份:sum << 3 -sum 第三部份:sum <<2 第四部份:sum * 0x0b
3、中间有几个固定值穿插其中:分别是:“L”、"W"、"J" 和 "tx30" ============================================================== 附:TC 注册机:
main() { int i,sn1,sn2,sn3,sn4,sum=0; unsigned char sn[80];
clrscr(); printf("\n\n\n //// X梦网页特效精灵3.6keygen ////"); printf("\n==============================================="); printf("\n\ Made by -= HONGJIAN =- "); printf("\n................................................"); printf("\n\n** Please Your code: "); gets(sn); for (i=0;sn[i]!='\0';i++) sum+=sn[i];
sn1=sum*4+sum; sn2=(sum<<3)-sum; sn3=sum <<2; sn4=sum*0xB; printf("\n Your Serial Number: L%dW%dJ%dtx30%d\n\n",sn1,sn2,sn3,sn4); } |
|
查看所有0条评论>>