八字解析_1.21 (8千字) 算法分析
-
Yy[CCG] => 算法分析 => 国货:某某某析
注册形式:机器码/注册码 限制:频繁跳出注册窗口要价一百大元
难度点评:初级(杂乱无章到处乱CALL)
=======================================================================================
旁白:略
=======================================================================================
:004E6494 8D45E8 lea eax, dword ptr [ebp-18]
:004E6497 50 push eax
:004E6498 6A00 push 00000000
:004E649A 68E7000000 push 000000E7 <= 计算常量
:004E649F 6A00 push 00000000
:004E64A1 68AC000000 push 000000AC <= 计算常量
:004E64A6 8D45E0 lea eax, dword ptr [ebp-20]
:004E64A9 E816FFFFFF call 004E63C4
:004E64AE 8B45E0 mov eax, dword ptr [ebp-20]
:004E64B1 E8FA30F2FF call 004095B0 <= 机器码变换==算法1
:004E64B6 E825F6F1FF call 00405AE0 <= 机器码变换==算法1
:004E64BB E8FCF5F1FF call 00405ABC <= 机器码变换==算法1
:004E64C0 52 push edx
:004E64C1 50 push eax
:004E64C2 8D45E4 lea eax, dword ptr [ebp-1C]
:004E64C5 E85E30F2FF call 00409528 <= 算法2
:004E64CA 8B45E4 mov eax, dword ptr [ebp-1C]
:004E64CD B902000000 mov ecx, 00000002
:004E64D2 8BD3 mov edx, ebx
:004E64D4 E8B7E9F1FF call 00404E90 <= 算法2
:004E64D9 8B45E8 mov eax, dword ptr [ebp-18]
:004E64DC E87B30F2FF call 0040955C
:004E64E1 83F83E cmp eax, 0000003E <= 密码字串长度
:004E64E4 7F6D jg 004E6553 <= 大于就跳走
:004E64E6 8D45DC lea eax, dword ptr [ebp-24]
:004E64E9 50 push eax
:004E64EA 8D45D8 lea eax, dword ptr [ebp-28]
:004E64ED 50 push eax
:004E64EE 6A00 push 00000000
:004E64F0 68E7000000 push 000000E7 <= 计算常量
:004E64F5 6A00 push 00000000
:004E64F7 68AC000000 push 000000AC <= 计算常量
:004E64FC 8D45D0 lea eax, dword ptr [ebp-30]
:004E64FF E8C0FEFFFF call 004E63C4
:004E6504 8B45D0 mov eax, dword ptr [ebp-30]
:004E6507 E8A430F2FF call 004095B0
:004E650C E8CFF5F1FF call 00405AE0
:004E6511 E8A6F5F1FF call 00405ABC
:004E6516 52 push edx
:004E6517 50 push eax
:004E6518 8D45D4 lea eax, dword ptr [ebp-2C]
:004E651B E80830F2FF call 00409528
:004E6520 8B45D4 mov eax, dword ptr [ebp-2C]
:004E6523 B902000000 mov ecx, 00000002
:004E6528 8BD3 mov edx, ebx
:004E652A E861E9F1FF call 00404E90
:004E652F 8B45D8 mov eax, dword ptr [ebp-28]
:004E6532 E82530F2FF call 0040955C <= 算法3
:004E6537 8BD0 mov edx, eax
:004E6539 B901000000 mov ecx, 00000001
:004E653E 8B45F8 mov eax, dword ptr [ebp-08]
:004E6541 E84AE9F1FF call 00404E90 <= 算法3
:004E6546 8B55DC mov edx, dword ptr [ebp-24]
:004E6549 8D45F4 lea eax, dword ptr [ebp-0C]
:004E654C E8EFE6F1FF call 00404C40 <= 算法3
:004E6551 EB7E jmp 004E65D1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004E64E4(C)
|
:004E6553 8D45CC lea eax, dword ptr [ebp-34]
:004E6556 50 push eax
:004E6557 8D45C4 lea eax, dword ptr [ebp-3C]
:004E655A 50 push eax
:004E655B 6A00 push 00000000
:004E655D 68E7000000 push 000000E7
:004E6562 6A00 push 00000000
:004E6564 68AC000000 push 000000AC
:004E6569 8D45BC lea eax, dword ptr [ebp-44]
:004E656C E853FEFFFF call 004E63C4
:004E6571 8B45BC mov eax, dword ptr [ebp-44]
:004E6574 E83730F2FF call 004095B0 <= 机器码变换==算法1
:004E6579 E862F5F1FF call 00405AE0 <= 机器码变换==算法1
:004E657E E839F5F1FF call 00405ABC <= 机器码变换==算法1
:004E6583 52 push edx
:004E6584 50 push eax
:004E6585 8D45C0 lea eax, dword ptr [ebp-40]
:004E6588 E89B2FF2FF call 00409528 <= 算法2
:004E658D 8B45C0 mov eax, dword ptr [ebp-40]
:004E6590 B902000000 mov ecx, 00000002
:004E6595 8BD3 mov edx, ebx
:004E6597 E8F4E8F1FF call 00404E90
:004E659C 8B45C4 mov eax, dword ptr [ebp-3C]
:004E659F E8B82FF2FF call 0040955C
:004E65A4 83E83E sub eax, 0000003E <= 减去密码字串长度
:004E65A7 8D55C8 lea edx, dword ptr [ebp-38]
:004E65AA E8492FF2FF call 004094F8
:004E65AF 8B45C8 mov eax, dword ptr [ebp-38]
:004E65B2 E8A52FF2FF call 0040955C
:004E65B7 8BD0 mov edx, eax
:004E65B9 B901000000 mov ecx, 00000001
:004E65BE 8B45F8 mov eax, dword ptr [ebp-08]
:004E65C1 E8CAE8F1FF call 00404E90
:004E65C6 8B55CC mov edx, dword ptr [ebp-34]
:004E65C9 8D45F4 lea eax, dword ptr [ebp-0C]
:004E65CC E86FE6F1FF call 00404C40
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004E6551(U)
|
:004E65D1 43 inc ebx
:004E65D2 4E dec esi
:004E65D3 0F85BBFEFFFF jne 004E6494
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004E6489(C)
|
:004E65D9 8D55B8 lea edx, dword ptr [ebp-48]
:004E65DC 8B45FC mov eax, dword ptr [ebp-04]
:004E65DF 8B80F4020000 mov eax, dword ptr [eax+000002F4]
:004E65E5 E8462BF6FF call 00449130
:004E65EA 8B45B8 mov eax, dword ptr [ebp-48]
:004E65ED 8B55F4 mov edx, dword ptr [ebp-0C] <== 注册码(内存注册机)
:004E65F0 E887E7F1FF call 00404D7C
:004E65F5 7542 jne 004E6639 <== 跳走就失败
=======================================================================================
算法分析:
1:机器码 s[]="255920796" 取机器码长度作为循环数 循环转换字符串值为长整形值
for(i=1;i
else {kk*=0xA;kk+=s[i]-'0';}
kk/=0xAC; <= 0xf410a9c
kk*=0xE7; <= 0x147c8f3
2:循环计算并转换长整形值(0x147c8f3)为字符串值 s1[]="343707441"
for(i=strlen(s)-1;i>=0;i--)
{j=kk%0xA;s1[i]='0'+j;kk/=0xA;}
s1[strlen(s)]='\0';
3:循环取值查密码字串得到注册码
"loveyoupasymtlyju6r8y3w4xcwqam5mnbvcdxmokjhg7f821q8w9eiudhuiop" <--62 (0x3E)
b--34
h--43
d--37
p--08 <= 0x46-0x3E
u--07
m--12 <= 0x4A-0x3E
g--44
k--41
l--01 <= 以密码字串第一位 'l' 补位
注册码 <= bhdpumgkl
=======================================================================================
注册机:
#include
#include
void jm(char *p,int k)
{
char sm[]="&loveyoupasymtlyju6r8y3w4xcwqam5mnbvcdxmokjhg7f821q8w9eiudhuiop";
*p=sm[k];
}
main()
{
long i,j,k,l;
long kk=0;
char s[18],s1[18],s2[18],*p;
printf("input--机器码:\n");
gets(s);
for(i=1;i
else {kk*=0xA;kk+=s[i]-'0';}
kk/=0xAC;
kk*=0xE7;
for(i=strlen(s)-1;i>=0;i--)
{j=kk%0xA;s1[i]='0'+j;kk/=0xA;}
s1[strlen(s)]='\0';
for(l=0,i=1;i
j=s1[i-1]-'0';j*=10;k=j+(s1[i]-'0');
if(k<=0x3E) {jm(p,k);s2[l++]=*p;}
else {k-=0x3E;jm(p,k);s2[l++]=*p;}
if(i==strlen(s1)-1) {jm(p,1);s2[l++]=*p;}
}
s2[l]='\0';
printf("注册码:%s\n",s2);
}
=======================================================================================
--------------------
Yy
--------------------
China Cracking Group
--------------------
----------
2002.11.07
----------
=======================================================================================
相关视频
相关阅读 Windows错误代码大全 Windows错误代码查询激活windows有什么用Mac QQ和Windows QQ聊天记录怎么合并 Mac QQ和Windows QQ聊天记录Windows 10自动更新怎么关闭 如何关闭Windows 10自动更新windows 10 rs4快速预览版17017下载错误问题Win10秋季创意者更新16291更新了什么 win10 16291更新内容windows10秋季创意者更新时间 windows10秋季创意者更新内容kb3150513补丁更新了什么 Windows 10补丁kb3150513是什么
- 文章评论
-
热门文章
去除winrar注册框方法
最新文章
比特币病毒怎么破解 比去除winrar注册框方法
华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)通过Access破解MSSQL获得数据人气排行 华为无线路由器HG522-C破解教程(附超级密码JEB格式文件京东电子书下载和阅读限制破解教UltraISO注册码全集(最新)qq相册密码破解方法去除winrar注册框方法(适应任何版本)怎么用手机破解收费游戏华为无线猫HG522破解如何给软件脱壳基础教程
查看所有0条评论>>