号码归属通 v2.0.1算法分析
算法研究004EECE4/$55 push ebp
004EECE5|.8BEC mov ebp, esp
004EECE7|.B9 0A000000 mov ecx, 0A
004EECEC|>6A 00 /push 0
004EECEE|.6A 00 |push 0
004EECF0|.49 |dec ecx
004EECF1|.^ 75 F9 \jnz short 004EECEC
004EECF3|.53 push ebx
004EECF4|.8BD8 mov ebx, eax
004EECF6|.33C0 xor eax, eax
004EECF8|.55 push ebp
004EECF9|.68 A5EE4E00 push 004EEEA5
004EECFE|.64:FF30 push dword ptr fs:
004EED01|.64:8920 mov dword ptr fs:, esp
004EED04|.C645 EB 00 mov byte ptr , 0
004EED08|.33C0 xor eax, eax
004EED0A|.55 push ebp
004EED0B|.68 69EE4E00 push 004EEE69
004EED10|.64:FF30 push dword ptr fs:
004EED13|.64:8920 mov dword ptr fs:, esp
004EED16|.B2 01 mov dl, 1
004EED18|.A1 74D24200 mov eax, dword ptr
004EED1D|.E8 52E6F3FF call 0042D374
004EED22|.8945 E4 mov dword ptr , eax
004EED25|.BA 02000080 mov edx, 80000002
004EED2A|.8B45 E4 mov eax, dword ptr
004EED2D|.E8 E2E6F3FF call 0042D414
004EED32|.B1 01 mov cl, 1
004EED34|.BA C0EE4E00 mov edx, 004EEEC0 ;ASCII "Software\TYJsoft\phonecode=1"
004EED39|.8B45 E4 mov eax, dword ptr
004EED3C|.E8 37E7F3FF call 0042D478
004EED41|.84C0 test al, al
004EED43|.0F84 0A010000 je 004EEE53
004EED49|.8D55 F4 lea edx, dword ptr
004EED4C|.8BC3 mov eax, ebx
004EED4E|.E8 E5050000 call 004EF338
004EED53|.8D55 F0 lea edx, dword ptr
004EED56|.8B45 F4 mov eax, dword ptr ;机器码(ASCII "A7887ECB3")
004EED59|.E8 567FFEFF call 004D6CB4/////////////////////////Base64(A7887ECB3)=QTc4ODdFQ0Iz
004EED5E|.8D55 E0 lea edx, dword ptr
004EED61|.8B45 F0 mov eax, dword ptr ;(ASCII "QTc4ODdFQ0Iz")
004EED64|.E8 4B7FFEFF call 004D6CB4////////////////////////Base64(QTc4ODdFQ0Iz)=UVRjNE9EZEZRMEl6
004EED69|.8B55 E0 mov edx, dword ptr ;(ASCII "UVRjNE9EZEZRMEl6")
004EED6C|.8D45 F0 lea eax, dword ptr
004EED6F|.E8 A867F1FF call 0040551C
004EED74|.8D55 DC lea edx, dword ptr
004EED77|.8B45 F0 mov eax, dword ptr
004EED7A|.E8 357FFEFF call 004D6CB4////////////////////////Base64(UVRjNE9EZEZRMEl6)=VVZSak5FOUVaRVpSTUVsNg==
004EED7F|.8B55 DC mov edx, dword ptr ; 取 (ASCII "VVZSak5FOUVaRVpSTUVsNg")
004EED82|.8D45 F0 lea eax, dword ptr
004EED85|.E8 9267F1FF call 0040551C
004EED8A|.8D55 C8 lea edx, dword ptr
004EED8D|.8B45 F0 mov eax, dword ptr
004EED90|.E8 DF7DFEFF call 004D6B74
004EED95|.8D45 C8 lea eax, dword ptr
004EED98|.8D55 D8 lea edx, dword ptr
004EED9B|.E8 4C7EFEFF call 004D6BEC ;MD5(VVZSak5FOUVaRVpSTUVsNg)
004EEDA0|.8B55 D8 mov edx, dword ptr ;(ASCII "30e39b53c57a6ca153969f3f47183752")
004EEDA3|.8D45 F0 lea eax, dword ptr
004EEDA6|.E8 7167F1FF call 0040551C
004EEDAB|.8D4D C0 lea ecx, dword ptr
004EEDAE|.BA 14000000 mov edx, 14
004EEDB3|.8B45 F0 mov eax, dword ptr
004EEDB6|.E8 7126F5FF call 0044142C
004EEDBB|.8B45 C0 mov eax, dword ptr ;从第13位起取20位(ASCII "6ca153969f3f47183752")
004EEDBE|.8D4D C4 lea ecx, dword ptr
004EEDC1|.BA 06000000 mov edx, 6
004EEDC6|.E8 2926F5FF call 004413F4
004EEDCB|.FF75 C4 push dword ptr ;(ASCII "6ca153")
004EEDCE|.8D4D BC lea ecx, dword ptr
004EEDD1|.BA 06000000 mov edx, 6
004EEDD6|.8B45 F0 mov eax, dword ptr
004EEDD9|.E8 4E26F5FF call 0044142C
004EEDDE|.FF75 BC push dword ptr ;(ASCII "183752")
004EEDE1|.8D4D B8 lea ecx, dword ptr
004EEDE4|.BA 07000000 mov edx, 7
004EEDE9|.8B45 F0 mov eax, dword ptr
004EEDEC|.E8 0326F5FF call 004413F4
004EEDF1|.FF75 B8 push dword ptr ;(ASCII "30e39b5")
004EEDF4|.8D45 EC lea eax, dword ptr
004EEDF7|.BA 03000000 mov edx, 3
004EEDFC|.E8 176AF1FF call 00405818
004EEE01|.8D45 F8 lea eax, dword ptr
004EEE04|.BA E4EE4E00 mov edx, 004EEEE4 ;ASCII "H8&G#6MJt6%asD"
004EEE09|.E8 0E67F1FF call 0040551C
004EEE0E|.8D4D B4 lea ecx, dword ptr
004EEE11|.8B55 F8 mov edx, dword ptr
004EEE14|.8B45 EC mov eax, dword ptr ;(ASCII "6ca15318375230e39b5")
004EEE17|.E8 908BFEFF call 004D79AC////////////////////////DES(6ca15318375230e39b5,密钥H8&G#6MJt6%asD)
004EEE1C|.8B55 B4 mov edx, dword ptr ;(ASCII "CBEDA87AF78DC0BA8EFD8C1E61D1FEDDEC187A3C39E98D2F")
004EEE1F|.8D45 EC lea eax, dword ptr
004EEE22|.E8 F566F1FF call 0040551C
004EEE27|.8D4D FC lea ecx, dword ptr
004EEE2A|.BA FCEE4E00 mov edx, 004EEEFC ;ASCII "code"
004EEE2F|.8B45 E4 mov eax, dword ptr
004EEE32|.E8 DDE9F3FF call 0042D814
004EEE37|.8D55 B0 lea edx, dword ptr
004EEE3A|.8B45 FC mov eax, dword ptr ;(ASCII "7B6600CC315264ECDFF4F9B288DCF154")
004EEE3D|.E8 EEB4F1FF call 0040A330
004EEE42|.8B55 B0 mov edx, dword ptr ;(ASCII "7B6600CC315264ECDFF4F9B288DCF154")
004EEE45|.8B45 EC mov eax, dword ptr ;(ASCII "CBEDA87AF78DC0BA8EFD8C1E61D1FEDDEC187A3C39E98D2F")
004EEE48|.E8 5F6AF1FF call 004058AC ;相等则注册成功
004EEE4D|.75 04 jnz short 004EEE53
004EEE4F|.C645 EB 01 mov byte ptr , 1
004EEE53|>33C0 xor eax, eax
004EEE55|.5A pop edx
004EEE56|.59 pop ecx
004EEE57|.59 pop ecx
004EEE58|.64:8910 mov dword ptr fs:, edx
004EEE5B|.68 70EE4E00 push 004EEE70
004EEE60|>8B45 E4 mov eax, dword ptr
004EEE63|.E8 1C56F1FF call 00404484
004EEE68\.C3 retn
算法总结
1.Base64(Base64(机器码))=A
2.Base64(A)=B,去掉最后两位非字母
3.MD5(B)=C,从第13位起取20位,记为D,从第1位起取7位,记为E
4.取D的前6位,后6位,加上E,连在一起记为F
5.DES(F,固定字符串H8&G#6MJt6%asD)
6.DES(123456789,固定字符串H8&G#6MJt6%asD)=7B6600CC315264ECDFF4F9B288DCF154
两者的DES结果相等则注册成功。即注册码为6ca15318375230e39b5
注册码通过机器码算出,与用户名无关。
有用的注册信息
机器码:A7887ECB3
注册码:6ca15318375230e39b5
太高端,没办法喷了,讲的详细点吧,新手看了不明所以
这个加密也太强大了把
谢谢分享~~~~~~~~~~~~~~~~~~~
[快捷回复]-感谢楼主热心分享! [吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少! 多谢楼主奉献 谢谢分享 请问,现在还能用么?
页:
[1]
2