一款建立家谱的软件注册算法分析(附成品注册机)
【文章标题】:一款建立家谱的软件注册算法分析(附成品注册机)【文章作者】:pj2020
【软件名称】:FamilyTree v9.0
【软件大小】:2.37MB
【保护方式】:注册码
【下载地址】:见附件
【加壳方式】:UPX 0.89.6 - 1.02 /1.05 - 1.24 (Delphi) stub -> Markus & Laszlo
【编写工具】:Borland Delphi 6.0 -7.0
【逆向工具】:PEID、OD
【操作平台】:盗版XP3
【作者声明】:只是感兴趣,没有其他目的
【软件简介】: 俄毛子写的用于建立家谱的软件。你可以建立详细的家族谱系,可以增加照片和自传,本软件界面简洁美观。
【思路方法】:一、查壳:UPX 0.89.6 - 1.02 /1.05 - 1.24 (Delphi) stub -> Markus & Laszlo脱壳后:Borland Delphi 6.0 - 7.0
二、试注册:Login:abcde@123.comPassword:123456789试注册错误提示:The login or the password is incorrect 三、前面过程省略,直接进入算法部分:0054E40A 55 push ebp0054E40B 68 D5E85400 pushFamilyTr.0054E8D50054E410 64:FF30 push dword ptrfs:0054E413 64:8920 mov dword ptrfs:,esp0054E416 8D55 D0 lea edx,dword ptrss:0054E419 8B87 F0020000 mov eax,dword ptr ds:0054E41F E8 A4D3EFFF call FamilyTr.0044B7C80054E424 8B45 D0 mov eax,dword ptrss: ; 邮件名0054E427 8D55 D4 lea edx,dword ptrss:0054E42A E865B3EBFF call FamilyTr.004097940054E42F 837D D400 cmp dword ptr ss:,0x0 ; 邮件名不能为空0054E433 75 2E jnz shortFamilyTr.0054E4630054E435 8B15 BC995800 mov edx,dword ptrds: ;FamilyTr.0058FBAC0054E43B 8B12 mov edx,dword ptrds:0054E43D A1 A4995800 mov eax,dword ptr ds: ; 帖X0054E442 8B00 mov eax,dword ptrds:0054E444 8B80 F4020000 mov eax,dword ptr ds:0054E44A E8 A9D3EFFF call FamilyTr.0044B7F80054E44F A1 A4995800 mov eax,dword ptr ds: ; 帖X0054E454 8B00 mov eax,dword ptrds:0054E456 8B10 mov edx,dword ptrds:0054E458 FF92 E8000000 call dword ptrds:0054E45E E9 1D040000 jmpFamilyTr.0054E8800054E463 8D55 C8 lea edx,dword ptr ss:0054E466 8B87 F4020000 mov eax,dword ptr ds:0054E46C E8 EB69F3FF call FamilyTr.00484E5C0054E471 8B45 C8 mov eax,dword ptr ss: ; 假码0054E474 8D55 CC lea edx,dword ptrss:0054E477 E8 18B3EBFF callFamilyTr.004097940054E47C 837D CC00 cmp dword ptrss:,0x0 ; 注册码不能为空0054E480 75 2E jnz shortFamilyTr.0054E4B00054E482 8B15 BC995800 mov edx,dword ptrds: ;FamilyTr.0058FBAC0054E488 8B12 mov edx,dword ptrds:0054E48A A1 A4995800 mov eax,dword ptr ds: ; 帖X0054E48F 8B00 mov eax,dword ptr ds:0054E491 8B80 F4020000 mov eax,dword ptr ds:0054E497 E8 5CD3EFFF callFamilyTr.0044B7F80054E49C A1 A4995800 mov eax,dword ptr ds: ; 帖X0054E4A1 8B00 mov eax,dword ptr ds:0054E4A3 8B10 mov edx,dword ptr ds:0054E4A5 FF92E8000000 call dword ptr ds:0054E4AB E9 D0030000 jmpFamilyTr.0054E8800054E4B0 8D55 C4 lea edx,dword ptr ss:0054E4B3 8B87 F0020000 mov eax,dword ptr ds:0054E4B9 E8 0AD3EFFF callFamilyTr.0044B7C80054E4BE 8B55 C4 mov edx,dword ptr ss: ; 读取邮箱名 "abcde@123.com"0054E4C1 B8ECE85400 mov eax,FamilyTr.0054E8EC 0054E4C6 E85D6EEBFF call FamilyTr.00405328 ; 检测邮箱名是否带“@”符号0054E4CB 8945 EC mov dword ptrss:,eax ; 符号“@”在邮件名中的位置,eax=0x60054E4CE 837D EC 00 cmp dword ptrss:,0x0 ; 若邮箱名中无“@”符号,则提示输入正确的邮箱名0054E4D2 75 2E jnz shortFamilyTr.0054E5020054E4D4 8B15 549A5800 mov edx,dword ptr ds: ; 胞X0054E4DA 8B12 mov edx,dword ptrds:0054E4DC A1 A4995800 mov eax,dword ptr ds: ; 帖X0054E4E1 8B00 mov eax,dword ptrds:0054E4E3 8B80 F4020000 mov eax,dword ptr ds:0054E4E9 E8 0AD3EFFF callFamilyTr.0044B7F80054E4EE A1 A4995800 mov eax,dword ptr ds: ; 帖X0054E4F3 8B00 mov eax,dword ptr ds:0054E4F5 8B10 mov edx,dword ptr ds:0054E4F7 FF92E8000000 call dword ptr ds:0054E4FD E9 7E030000 jmpFamilyTr.0054E8800054E502 C745 E4 7A0D000>mov dword ptr ss:,0xD7A ; 第一次赋初始值0xD7A0054E509 8B75 EC mov esi,dword ptrss: 0054E50C 85F6 test esi,esi0054E50E 7E 24 jle shortFamilyTr.0054E5340054E510 BB 01000000 mov ebx,0x1 ; ebx=0x10054E515 8D55 C0 lea edx,dword ptr ss:0054E518 8B87 F0020000 mov eax,dword ptr ds:0054E51E E8 A5D2EFFF call FamilyTr.0044B7C80054E523 8B45 C0 mov eax,dword ptr ss: ; 邮箱名"abcde@123.com"0054E526 0FB64418 FF movzx eax,byte ptrds: ; 依次取邮箱名@及其前面字符ASC码0054E52B F7EB imul ebx ; ASC码与对应位置相乘0054E52D 0145 E4 add dword ptrss:,eax ; 累加,结果为14D10054E530 43 inc ebx0054E531 4E dec esi0054E532 ^ 75 E1 jnz shortFamilyTr.0054E5150054E534 8D55 F8 lea edx,dword ptr ss:0054E537 8B45 E4 mov eax,dword ptrss: ; 第一次累加结果给eax=0x14D1(十进制5329)0054E53A E871B5EBFF call FamilyTr.00409AB00054E53F 8D55BC lea edx,dword ptrss:0054E542 8B87 F0020000 mov eax,dword ptr ds:0054E548 E8 7BD2EFFF call FamilyTr.0044B7C80054E54D 8B45 BC mov eax,dword ptrss: ; 邮箱名"abcde@123.com"0054E550 E8 976AEBFF callFamilyTr.00404FEC0054E555 83F8 00 cmp eax,0x0 ; 邮箱名长度:eax=0xD0054E558 7C 27 jl short FamilyTr.0054E5810054E55A 8945E8 mov dword ptrss:,eax0054E55D 8D55 B8 lea edx,dword ptrss:0054E560 8B87 F0020000 mov eax,dword ptr ds:0054E566 E8 5DD2EFFF call FamilyTr.0044B7C80054E56B 8B45 B8 mov eax,dword ptrss: ; 邮箱名"abcde@123.com"0054E56E 8B55 E8 mov edx,dword ptrss: ; 邮箱名长度:eax=0xD0054E571 807C10 FF2E cmp byte ptrds:,0x2E ; 倒序检测邮箱名点(.)的位置0054E576 74 09 je shortFamilyTr.0054E5810054E578 FF4D E8 dec dword ptr ss: ; 邮箱名长度减10054E57B 837D E8 FF cmp dword ptrss:,-0x10054E57F^ 75DC jnz shortFamilyTr.0054E55D ; 没完?继续0054E581 837D E8 00 cmp dword ptrss:,0x0 ; 没有检测到点(.)就提示输入正确的邮件名0054E585 75 2E jnz shortFamilyTr.0054E5B50054E587 8B15 549A5800 mov edx,dword ptr ds: ; 胞X0054E58D 8B12 mov edx,dword ptrds:0054E58F A1 A4995800 mov eax,dword ptr ds: ; 帖X0054E594 8B00 mov eax,dword ptrds:0054E596 8B80 F4020000 mov eax,dword ptr ds:0054E59C E857D2EFFF call FamilyTr.0044B7F80054E5A1 A1 A4995800 moveax,dword ptr ds: ; 帖X0054E5A6 8B00 mov eax,dword ptr ds:0054E5A8 8B10 mov edx,dword ptr ds:0054E5AA FF92 E8000000 call dword ptrds:0054E5B0 E9 CB020000 jmpFamilyTr.0054E8800054E5B5 C745 E0 B41C000>mov dword ptrss:,0x1CB4 ; 第二次赋初始值0x1CB40054E5BC 8B5D EC mov ebx,dword ptrss: ; 邮箱名符号@的位置0054E5BF 8B75 E8 mov esi,dword ptrss: ; 邮箱名点(.)的位置0054E5C2 83EE 02 sub esi,0x2 ; 点(.)的位置-0x2=0xA-2=80054E5C5 2BF3 sub esi,ebx ; 上面的差-@的位置=8-6=20054E5C7 7C 20 jl short FamilyTr.0054E5E90054E5C9 46 inc esi 0054E5CA 8D55 B4 lea edx,dword ptrss:0054E5CD 8B87 F0020000 mov eax,dword ptr ds:0054E5D3 E8 F0D1EFFF call FamilyTr.0044B7C80054E5D8 8B45 B4 mov eax,dword ptrss: ; 邮箱名"abcde@123.com"0054E5DB 0FB64418 FF movzx eax,byte ptrds: ; 依次取@及其后面二位ASC码0054E5E0 F7EB imul ebx ; ASC码与对应位置相乘0054E5E2 0145 E0 add dword ptrss:,eax ; 累加,结果为211B0054E5E5 43 inc ebx 0054E5E6 4E dec esi 0054E5E7 ^ 75 E1 jnz shortFamilyTr.0054E5CA0054E5E9 8D55 F4 lea edx,dword ptr ss:0054E5EC 8B45 E0 mov eax,dword ptrss: ; 第二次累加结果给eax=0x211B(十进制8475)0054E5EF E8 BCB4EBFF callFamilyTr.00409AB00054E5F4 C745 DC E910000>movdword ptr ss:,0x10E9 ; 第三次赋初始值0x10E90054E5FB 8B5D E8 mov ebx,dword ptrss: ; 点(.)的位置0054E5FE 83EB 02 sub ebx,0x2 ; 点(.)的位置-0x2=0xA-2=80054E601 8D55 B0 lea edx,dword ptrss:0054E604 8B87 F0020000 mov eax,dword ptr ds:0054E60A E8B9D1EFFF call FamilyTr.0044B7C80054E60F 8B45B0 mov eax,dword ptrss: ; 邮箱名"abcde@123.com"0054E612 E8 D569EBFF callFamilyTr.00404FEC0054E617 8BF0 mov esi,eax ; 邮箱名长度:eax=0xD0054E619 2BF3 sub esi,ebx ; esi-ebx=D-8=50054E61B 7C 20 jl short FamilyTr.0054E63D0054E61D 46 inc esi ; esi=0x5+1=60054E61E 8D55 AC lea edx,dword ptr ss:0054E621 8B87 F0020000 mov eax,dword ptr ds:0054E627 E8 9CD1EFFF callFamilyTr.0044B7C80054E62C 8B45 AC mov eax,dword ptr ss: ; 邮箱名"abcde@123.com"0054E62F 0FB64418FF movzx eax,byte ptrds: ; 依次取邮件名后六位ASC码0054E634 F7EB imul ebx ; ASC码与对应位置相乘0054E636 0145 DC add dword ptrss:,eax ; 累加,结果为250E0054E639 43 inc ebx 0054E63A 4E dec esi 0054E63B ^ 75 E1 jnz shortFamilyTr.0054E61E0054E63D 8D55 F0 lea edx,dword ptr ss:0054E640 8B45 DC mov eax,dword ptrss: ; 第三次累加结果给eax=0x250E(十进制9486)0054E643 E8 68B4EBFF callFamilyTr.00409AB00054E648 8D55 FC lea edx,dword ptrss:0054E64B 8B87 F4020000 mov eax,dword ptr ds:0054E651 E8 0668F3FF call FamilyTr.00484E5C0054E656 8B55 FC mov edx,dword ptrss: ; 假码:(ASCII"123456789")0054E659 B8 F8E85400 mov eax,FamilyTr.0054E8F8 ; 连接符号:“-”0054E65E E8 C56CEBFF call FamilyTr.004053280054E663 8BD8 mov ebx,eax 0054E665 85DB test ebx,ebx0054E667 75 04 jnz shortFamilyTr.0054E66D0054E669 33F6 xor esi,esi0054E66B EB 32 jmp shortFamilyTr.0054E69F0054E66D 8D45 A8 lea eax,dword ptr ss:0054E670 50 push eax0054E671 8BCB mov ecx,ebx0054E673 49 dec ecx0054E674 BA 01000000 mov edx,0x10054E679 8B45 FC mov eax,dword ptrss:0054E67C E8 C36BEBFF call FamilyTr.004052440054E681 8B45 A8 mov eax,dword ptr ss:0054E684 E8 8BB4EBFF callFamilyTr.00409B140054E689 8BF0 mov esi,eax0054E68B 8D45 FC lea eax,dword ptrss:0054E68E 50 push eax0054E68F 8D5301 lea edx,dword ptr ds:0054E692 B9 FF000000 mov ecx,0xFF0054E697 8B45 FC mov eax,dword ptrss:0054E69A E8 A56BEBFF call FamilyTr.004052440054E69F 8B55FC mov edx,dword ptrss: ; 假码:(ASCII"123456789")0054E6A2 B8 F8E85400 mov eax,FamilyTr.0054E8F8 ; 连接符号:“-”0054E6A7 E8 7C6CEBFF call FamilyTr.004053280054E6AC 8BD8 mov ebx,eax0054E6AE 85DB test ebx,ebx0054E6B0 75 09 jnz shortFamilyTr.0054E6BB0054E6B2 33C0 xor eax,eax0054E6B4 8945 D8 mov dword ptr ss:,eax0054E6B7 33C0 xor eax,eax0054E6B9 EB 3B jmp shortFamilyTr.0054E6F60054E6BB 8D45 A4 lea eax,dword ptr ss:0054E6BE 50 push eax0054E6BF 8BCB mov ecx,ebx0054E6C1 49 dec ecx0054E6C2 BA01000000 mov edx,0x10054E6C7 8B45FC mov eax,dword ptr ss:0054E6CA E8 756BEBFF callFamilyTr.004052440054E6CF 8B45 A4 mov eax,dword ptr ss:0054E6D2 E8 3DB4EBFF callFamilyTr.00409B140054E6D7 8945 D8 mov dword ptrss:,eax0054E6DA 8D45 FC lea eax,dword ptrss:0054E6DD 50 push eax0054E6DE 8D53 01 lea edx,dword ptrds:0054E6E1 B9 FF000000 mov ecx,0xFF0054E6E6 8B45 FC mov eax,dword ptrss:0054E6E9 E8 566BEBFF callFamilyTr.004052440054E6EE 8B45 FC mov eax,dword ptrss:0054E6F1 E81EB4EBFF call FamilyTr.00409B140054E6F6 3B75E4 cmp esi,dword ptr ss: ; 与第一次累加结果0x14D1(十进制5329)比较,不等就OVER0054E6F9 0F85 53010000 jnz FamilyTr.0054E852 ; //跳向失败0054E6FF 8B55 D8 mov edx,dword ptrss:0054E702 3B55 E0 cmp edx,dword ptrss: ; 与第二次累加结果0x211B比较,不等就OVER0054E705 0F8547010000 jnz FamilyTr.0054E852 ; //跳向失败0054E70B 3B45 DC cmp eax,dword ptrss: ; 与第三次累加结果0x250E比较,不等就OVER0054E70E 0F853E010000 jnz FamilyTr.0054E852 ; //跳向失败0054E714 B2 01 mov dl,0x1 ; 若以上三次累加结果都相等,则下面的代码就开始把结果写入注册表并提示注册成功 【算法总结】:(以邮件名abcde@123.com为例)**** Hidden Message ***** 注册成功后会把信息写入注册表:HKEY_CURRENT_USER\Software\FamilyTree\FamilyTree,注册版的值为1。把值改为0,则为未注册版。 【体会】:本程序为非明码比较,算法部分比较清晰,没有过多的干扰代码,适合吾等新手练习。本程序是俄毛子的东西,原生不支持中文,需要中文版的可以网上搜索汉化版。本文旨在研究注册算法,至于是否实用易用好用则不在本文研究之列。
附上:FamilyTreev9.0 及 算法注册机
算法很好玩,可以看到各种不同的思路 正好学习比较完整的流程 好东东,收藏了。 很详细的哦,学习啦~ Shark恒 发表于 2017-6-1 23:04
算法很好玩,可以看到各种不同的思路
大牛怎么样,学会算法了没有? 想吾爱汇编论坛,求给新人教程 过来支持一下,谢谢分享, 如果用易语言写一个这样的软件出来,是不是也会有人用呢?我在犹豫中 学习学习,谢谢分享!!!!