已追踪到算法部分,就是看得不太理解,希望各位大神帮忙看看这个算法
用户名:464201637机器码:1214756169
注册码:9DE02360A7E1226E98FE1B799EF81B7990F51D7A
到期日期:2014-04-30
注册等级:03
明码:4642016370320140430 (明码实际就是由用户名,注册等级,以及到期日期组成的)
上面是信息,等会再说明,下面先把通过注册码跟机器码算出明码的算法代码贴出来,我只是看懂了一部分,望大神们解释一下具体的算法
0049DD11 85C0 test eax,eax
0049DD13 0F84 5C020000 je 测试.0049DF75
0049DD19 8D45 98 lea eax,dword ptr ss:
0049DD1C 8D4D DC lea ecx,dword ptr ss:
0049DD1F 50 push eax
0049DD20 51 push ecx
0049DD21 C785 50FFFFFF B>mov dword ptr ss:,测试.0040C>; &H
0049DD2B C785 48FFFFFF 0>mov dword ptr ss:,0x8
0049DD35 895D A0 mov dword ptr ss:,ebx
0049DD38 895D 98 mov dword ptr ss:,ebx
0049DD3B FF15 C8114000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>; msvbvm60.__vbaI4Var
0049DD41 8B55 14 mov edx,dword ptr ss:
0049DD44 50 push eax;从第几位开始,这里第一次是从第3个开始
0049DD45 8B02 mov eax,dword ptr ds:
0049DD47 50 push eax
0049DD48 FF15 BC104000 call dword ptr ds:[<&MSVBVM60.#631>] ; msvbvm60.rtcMidCharBstr;从第几位开始截取2个字符。得出eax=E0(第一次截取)
0049DD4E 8D4D 88 lea ecx,dword ptr ss:
0049DD51 8D95 78FFFFFF lea edx,dword ptr ss:
0049DD57 51 push ecx
0049DD58 52 push edx
0049DD59 8945 90 mov dword ptr ss:,eax
0049DD5C C745 88 0800000>mov dword ptr ss:,0x8
0049DD63 FF15 AC104000 call dword ptr ds:[<&MSVBVM60.#520>] ; msvbvm60.rtcTrimVar
0049DD69 8D85 48FFFFFF lea eax,dword ptr ss:
0049DD6F 8D8D 78FFFFFF lea ecx,dword ptr ss:
0049DD75 50 push eax
0049DD76 8D95 68FFFFFF lea edx,dword ptr ss:
0049DD7C 51 push ecx
0049DD7D 52 push edx
0049DD7E FFD6 call esi ; msvbvm60.__vbaVarAdd 跟&H连接组合字符串&HE0
0049DD80 50 push eax
0049DD81 8D45 AC lea eax,dword ptr ss:
0049DD84 50 push eax
0049DD85 FF15 60114000 call dword ptr ds:[<&MSVBVM60.__vbaStrVa>; msvbvm60.__vbaStrVarVal 把字符转ascii码 从字符串特点位置上获取其值
0049DD8B 50 push eax;&HE0
0049DD8C FF15 2C124000 call dword ptr ds:[<&MSVBVM60.#581>] ; msvbvm60.rtcR8ValFromBstr //把字符串转换成浮点数
0049DD92 FF15 E0114000 call dword ptr ds:[<&MSVBVM60.__vbaFpI2>>; msvbvm60.__vbaFpI2
0049DD98 8D4D AC lea ecx,dword ptr ss:
0049DD9B 8945 B0 mov dword ptr ss:,eax
0049DD9E FF15 28124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>; msvbvm60.__vbaFreeStr
0049DDA4 8D8D 68FFFFFF lea ecx,dword ptr ss:
0049DDAA 8D95 78FFFFFF lea edx,dword ptr ss:
0049DDB0 51 push ecx
0049DDB1 8D45 88 lea eax,dword ptr ss:
0049DDB4 52 push edx
0049DDB5 8D4D 98 lea ecx,dword ptr ss:
0049DDB8 50 push eax
0049DDB9 51 push ecx
0049DDBA 6A 04 push 0x4
0049DDBC FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>; msvbvm60.__vbaFreeVarList
0049DDC2 83C4 14 add esp,0x14
0049DDC5 66:3B7D B4 cmp di,word ptr ss:
0049DDC9 7D 0C jge 测试.0049DDD7
0049DDCB 66:83C7 01 add di,0x1
0049DDCF 0F80 62020000 jo 测试.0049E037
0049DDD5 EB 05 jmp 测试.0049DDDC
0049DDD7 BF 01000000 mov edi,0x1
0049DDDC 8B4D 10 mov ecx,dword ptr ss:
0049DDDF 8D55 98 lea edx,dword ptr ss:
0049DDE2 0FBFC7 movsx eax,di
0049DDE5 52 push edx
0049DDE6 8B11 mov edx,dword ptr ds:;ecx的值是机器码后8位
0049DDE8 50 push eax;
0049DDE9 52 push edx;机器码后8位
0049DDEA C745 A0 0100000>mov dword ptr ss:,0x1
0049DDF1 895D 98 mov dword ptr ss:,ebx
0049DDF4 FF15 BC104000 call dword ptr ds:[<&MSVBVM60.#631>] ; msvbvm60.rtcMidCharBstr;从第一个开始截取,每次截取1个字符
0049DDFA 8BD0 mov edx,eax;
0049DDFC 8D4D AC lea ecx,dword ptr ss:
0049DDFF FF15 00124000 call dword ptr ds:[<&MSVBVM60.__vbaStrMo>; msvbvm60.__vbaStrMove
0049DE05 50 push eax
0049DE06 FF15 40104000 call dword ptr ds:[<&MSVBVM60.#516>] ; msvbvm60.rtcAnsiValueBstr;把字符转为数据,在eax反馈结果
0049DE0C 8B4D B0 mov ecx,dword ptr ss:
0049DE0F 8D95 48FFFFFF lea edx,dword ptr ss:
0049DE15 33C1 xor eax,ecx
0049DE17 8D4D C4 lea ecx,dword ptr ss:;
0049DE1A 66:8985 50FFFFF>mov word ptr ss:,ax;
0049DE21 899D 48FFFFFF mov dword ptr ss:,ebx
0049DE27 FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaVarMo>; msvbvm60.__vbaVarMove
0049DE2D 8D4D AC lea ecx,dword ptr ss:
0049DE30 FF15 28124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>; msvbvm60.__vbaFreeStr;把字符串参数的内存回收 //释放字符串变量
0049DE36 8D4D 98 lea ecx,dword ptr ss:;
0049DE39 FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>; msvbvm60.__vbaFreeVar //释放对象变量
0049DE3F 66:8B45 BC mov ax,word ptr ss:;
0049DE43 8D4D C4 lea ecx,dword ptr ss:;
0049DE46 8D95 58FFFFFF lea edx,dword ptr ss:
0049DE4C 51 push ecx
0049DE4D 52 push edx
0049DE4E 66:8985 60FFFFF>mov word ptr ss:,ax
0049DE55 C785 58FFFFFF 0>mov dword ptr ss:,0x8002
0049DE5F FF15 6C104000 call dword ptr ds:[<&MSVBVM60.__vbaVarTs>; msvbvm60.__vbaVarTstLe
0049DE65 66:85C0 test ax,ax
0049DE68 74 5A je 测试.0049DEC4
0049DE6A 66:8B45 BC mov ax,word ptr ss:
0049DE6E 8D8D 58FFFFFF lea ecx,dword ptr ss:
0049DE74 66:8985 50FFFFF>mov word ptr ss:,ax
0049DE7B 8D55 C4 lea edx,dword ptr ss:
0049DE7E 51 push ecx
0049DE7F 8D45 98 lea eax,dword ptr ss:
0049DE82 52 push edx
0049DE83 50 push eax
0049DE84 C785 60FFFFFF F>mov dword ptr ss:,0xFF
0049DE8E 899D 58FFFFFF mov dword ptr ss:,ebx
0049DE94 899D 48FFFFFF mov dword ptr ss:,ebx
0049DE9A FFD6 call esi;vbaVarAdd ->两个变量值相加
0049DE9C 8D8D 48FFFFFF lea ecx,dword ptr ss:
0049DEA2 50 push eax
0049DEA3 8D55 88 lea edx,dword ptr ss:
0049DEA6 51 push ecx
0049DEA7 52 push edx
0049DEA8 FF15 04104000 call dword ptr ds:[<&MSVBVM60.__vbaVarSu>; msvbvm60.__vbaVarSub 变量相减,在eax中返回
0049DEAE 8BD0 mov edx,eax
0049DEB0 8D4D C4 lea ecx,dword ptr ss:
0049DEB3 FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaVarMo>; msvbvm60.__vbaVarMove
0049DEB9 8D4D 98 lea ecx,dword ptr ss:
0049DEBC FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>; msvbvm60.__vbaFreeVar
0049DEC2 EB 31 jmp 测试.0049DEF5
0049DEC4 66:8B45 BC mov ax,word ptr ss:
0049DEC8 8D4D C4 lea ecx,dword ptr ss:
0049DECB 66:8985 60FFFFF>mov word ptr ss:,ax
0049DED2 8D95 58FFFFFF lea edx,dword ptr ss:
0049DED8 51 push ecx
0049DED9 8D45 98 lea eax,dword ptr ss:
0049DEDC 52 push edx
0049DEDD 50 push eax
0049DEDE 899D 58FFFFFF mov dword ptr ss:,ebx
0049DEE4 FF15 04104000 call dword ptr ds:[<&MSVBVM60.__vbaVarSu>; msvbvm60.__vbaVarSub
0049DEEA 8BD0 mov edx,eax
0049DEEC 8D4D C4 lea ecx,dword ptr ss:
0049DEEF FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaVarMo>; msvbvm60.__vbaVarMove 变体变量赋值(一般用于数值变量) 把变量1赋值给变量2
0049DEF5 8B4D B8 mov ecx,dword ptr ss:;把上一个算出来的值赋给ecx;第一次是为空,第二次是明码的是第一个
0049DEF8 8D55 C4 lea edx,dword ptr ss:
0049DEFB 52 push edx
0049DEFC 898D 60FFFFFF mov dword ptr ss:,ecx
0049DF02 C785 58FFFFFF 0>mov dword ptr ss:,0x8
0049DF0C FF15 C8114000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>; msvbvm60.__vbaI4Var 截取字符串
0049DF12 50 push eax
0049DF13 8D45 98 lea eax,dword ptr ss:
0049DF16 50 push eax
0049DF17 FF15 54114000 call dword ptr ds:[<&MSVBVM60.#608>] ; msvbvm60.rtcVarBstrFromAnsi
0049DF23 8D55 98 lea edx,dword ptr ss:
0049DF26 51 push ecx
0049DF27 8D45 88 lea eax,dword ptr ss:
0049DF2A 52 push edx
0049DF2B 50 push eax
0049DF2C FFD6 call esi;vbaVarAdd ->两个变量值相加 把上次结算出来的值跟本次的值连接起来,比如第二次计算出来是4,本次计算出来是6,那么就是eax=46
0049DF2E 50 push eax
0049DF2F FF15 28104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVa>; msvbvm60.__vbaStrVarMove
0049DF35 8BD0 mov edx,eax
0049DF37 8D4D B8 lea ecx,dword ptr ss:
0049DF3A FF15 00124000 call dword ptr ds:[<&MSVBVM60.__vbaStrMo>; msvbvm60.__vbaStrMove
0049DF40 8D4D 88 lea ecx,dword ptr ss:
0049DF43 8D55 98 lea edx,dword ptr ss:
0049DF46 51 push ecx
0049DF47 52 push edx
0049DF48 53 push ebx
0049DF49 FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>; msvbvm60.__vbaFreeVarList
0049DF4F 8B45 B0 mov eax,dword ptr ss:
0049DF52 83C4 0C add esp,0xC
0049DF55 8D8D F8FEFFFF lea ecx,dword ptr ss:
0049DF5B 8945 BC mov dword ptr ss:,eax
0049DF5E 8D95 08FFFFFF lea edx,dword ptr ss:
0049DF64 51 push ecx
0049DF65 8D45 DC lea eax,dword ptr ss:
0049DF68 52 push edx
0049DF69 50 push eax
0049DF6A FF15 1C124000 call dword ptr ds:[<&MSVBVM60.__vbaVarFo>; msvbvm60.__vbaVarForNext 循环
0049DF70^ E9 9CFDFFFF jmp 测试.0049DD11上面就是算法代码,这段算法是从注册码(9DE02360A7E1226E98FE1B799EF81B7990F51D7A)的第三个开始的,也就是E02360A7E1226E98FE1B799EF81B7990F51D7A 这里开始计算,机器码(1214756169)他是取后8位,也就是14756169进行计算的
目前我能理解的是(注:也不知道对不对):
每次读取注册码(E02360A7E1226E98FE1B799EF81B7990F51D7A)的2位,跟&H组合行16进制, 机器码(14756169)的是每次读取一位,然后不知道通过什么计算得出明码的每一位,机器码是循环读取的,也就是说机器码逐个取完了,就从新开始逐个取,然后跟机器码得出的数字计算
上面就是我缩了解的,具体的他是怎么计算出明码的,没看出来,哪位大神指点一下啊
@九幽 @Shark恒
大神们来看看下吧
表示不明白,路过
好像好厉害的样子!路过!
扫地僧 发表于 2014-10-25 22:45
这么长啊,求大神回答
帮忙看下啊,里面我已经把我跟踪的一些信息都注释里面了
好长的0.0 恒大出来吧
晕死,偌大一个论坛没有懂的?
算法是大牛来弄的
@雨季 @Shark恒
大神们,帮忙看看吧
汗!,竟然木有人
页:
[1]
2