科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网网络频道查找汉字笔画 V1.1 算法分析(2)

查找汉字笔画 V1.1 算法分析(2)

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

查找汉字笔画 V1.1 算法分析

作者:QQread 2007年12月17日

关键字: 加密软件 加密技术 加密 文件加密 文件夹加密 加密工具

  • 评论
  • 分享微博
  • 分享邮件

在本页阅读全文(共2页)

呵呵,程序在启动时还有校验。爆破顺手也就看看。


* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402238(C)
|
:0040221F 33C0                    xor eax, eax
:00402221 8D7C2420                lea edi, dword ptr [esp+20]
:00402225 8A441420                mov al, byte ptr [esp+edx+20]
:00402229 83C9FF                  or ecx, FFFFFFFF
:0040222C 03F0                    add esi, eax
:0040222E 33C0                    xor eax, eax
:00402230 42                      inc edx
:00402231 F2                      repnz
:00402232 AE                      scasb
:00402233 F7D1                    not ecx
:00402235 49                      dec ecx
:00402236 3BD1                    cmp edx, ecx
:00402238 72E5                    jb 0040221F

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040221D(C)
|
:0040223A 8D4C2454                lea ecx, dword ptr [esp+54]
:0040223E 51                      push ecx

* Reference To: MSVCRT.atol, Ord:023Eh
                                 |
:0040223F FF1578424000            Call dword ptr [00404278]
:00402245 83C404                  add esp, 00000004
:00402248 3BF0                    cmp esi, eax
                                 ====>呵呵,再比较一次!

:0040224A 753A                    jne 00402286
:0040224C 8D7C2420                lea edi, dword ptr [esp+20]
:00402250 83C9FF                  or ecx, FFFFFFFF
:00402253 33C0                    xor eax, eax
:00402255 F2                      repnz
:00402256 AE                      scasb
:00402257 F7D1                    not ecx
:00402259 49                      dec ecx
:0040225A 83F901                  cmp ecx, 00000001
                                 ====>呵呵,再比较一次!

:0040225D 7627                    jbe 00402286
:0040225F 8D7C2454                lea edi, dword ptr [esp+54]
:00402263 83C9FF                  or ecx, FFFFFFFF
:00402266 F2                      repnz
:00402267 AE                      scasb
:00402268 F7D1                    not ecx
:0040226A 49                      dec ecx
:0040226B 83F901                  cmp ecx, 00000001
                                 ====>呵呵,再比较一次!

:0040226E 7616                    jbe 00402286
:00402270 8B54240C                mov edx, dword ptr [esp+0C]
:00402274 B301                    mov bl, 01
                                 ====>置1则OK!

:00402276 52                      push edx

* Reference To: ADVAPI32.RegCloseKey, Ord:015Bh
                                 |
:00402277 FF150C404000            Call dword ptr [0040400C]
:0040227D 5F                      pop edi
:0040227E 8AC3                    mov al, bl
:00402280 5E                      pop esi
:00402281 5B                      pop ebx
:00402282 83C47C                  add esp, 0000007C
:00402285 C3                      ret


* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040224A(C), :0040225D(C), :0040226E(C)
|
:00402286 8B54240C                mov edx, dword ptr [esp+0C]
:0040228A 32DB                    xor bl, bl
                                 ====>清0则OVER!呵呵,  爆破点 ④

:0040228C 52                      push edx

* Reference To: ADVAPI32.RegCloseKey, Ord:015Bh
                                 |
:0040228D FF150C404000            Call dword ptr [0040400C]
:00402293 5F                      pop edi
:00402294 8AC3                    mov al, bl
:00402296 5E                      pop esi
:00402297 5B                      pop ebx
:00402298 83C47C                  add esp, 0000007C
:0040229B C3                      ret


—————————————————————————————————
【算 法  总 结】:


1、用户名和注册码长度要至少1位。

2、用户名字符HEX值累加的之和应等于注册码数字的HEX值


简单求逆:

fly=66 + 6C + 79=14B
14B(H)=331(D)

呵呵,所以我的注册码就是331

—————————————————————————————————
【完 美  爆 破】:


1、004026A8 7577                    jne 00402721
    改为: 9090                    NOP掉

2、004026AD 7672                    jbe 00402721
    改为: 9090                    NOP掉

3、004026B2 766D                    jbe 00402721
    改为: 9090                    NOP掉

4、0040228A 32DB                    xor bl, bl 
    改为: B301                    mov bl, 01

—————————————————————————————————
【KeyMake之{64th}内存注册机】:


中断地址:4026A6
中断次数:1
第一字节:3B
指令长度:2


寄存器方式:ECX             
十进制

—————————————————————————————————
【注册信息保存】:


REGEDIT4

[HKEY_LOCAL_MACHINE\Software\HZBH]
"UserName"="fly"
"PassWord"="331"

—————————————————————————————————
【整        理】:


用户名:FLY
注册码:331

—————————————————————————————————

    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章