吾爱汇编

 找回密码
 立即注册

QQ登录

绑定QQ避免忘记帐号

查看: 9845|回复: 68

[原创逆向图文] 一款益智类拼图游戏的注册算法分析(附:成品注册机)

  [复制链接]
pj2020 发表于 2017-9-24 20:55 | 显示全部楼层 |阅读模式

【文章标题】:一款益智类拼图游戏的注册算法分析(附:成品注册机)
【文章作者】:pj2020
【软件名称】:B-Jigsaw (拼图) 7.7
【软件大小】:1.69 MB
【保护方式】:注册码
【下载地址】:见附件
【加壳方式】:无壳
【编写工具】:Borland C++
逆向工具】:PEIDOD
【操作平台】:盗版XP3
【作者声明】:只是感兴趣,没有其他目的
【软件简介】: 非常好玩的一流的拼图游戏,界面简单、容易上手。支持BMPJPG两种图片格式创建拼图,并能生成锯齿状拼图。可以自已调整难度和拼图大小。自带打印功能,可以自己定义背景音乐(MIDMP3)和音效。还可以通过它生成一个单个图片的拼图游戏送给朋友。是送MM的极品游戏。
QQ图片20170924191353.png
【思路方法】
一、查壳:无壳
QQ截图20170924193119.png

二、试用版本试用十天。
试注册:
User name:abcde
Registration code:123456789
错误提示:Invalid user name or registration code.


三、下断点:MessageBoxA:
1.png


2.png


3.png



点击注册按钮断下后,F8单步走,
11.png

走到00411070这里弹出注册框,输入注册信息,点确定断下:
1.png

走到004110EC,此CALL为算法部分,F7进入:
2.png

进入算法部分(重点)
[Asm] 纯文本查看 复制代码
004116E8   $  55            push ebp
004116E9   .  8BEC          mov ebp,esp
004116EB   .  83C4 8C       add esp,-0x74
004116EE   .  B8 38634D00   mov eax,bjigsaw.004D6338
004116F3   .  53            push ebx
004116F4   .  56            push esi
004116F5   .  57            push edi
004116F6   .  894D BC       mov dword ptr ss:[ebp-0x44],ecx
004116F9   .  8955 F8       mov dword ptr ss:[ebp-0x8],edx      ;  用户名 "abcde"
004116FC   .  E8 F3450B00   call bjigsaw.004C5CF4
00411701   .  C745 B4 01000>mov dword ptr ss:[ebp-0x4C],0x1
00411708   .  8D55 F8       lea edx,dword ptr ss:[ebp-0x8]
0041170B   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
0041170E   .  E8 D9F60B00   call bjigsaw.004D0DEC
00411713   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
00411716   .  66:C745 A8 08>mov word ptr ss:[ebp-0x58],0x8
0041171C   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
0041171F   .  E8 04F90B00   call bjigsaw.004D1028
00411724   .  83F8 08       cmp eax,0x8                         ;  比较用户名长度是否大于8
00411727   .  7F 5E         jg short bjigsaw.00411787
00411729   .  66:C745 A8 14>mov word ptr ss:[ebp-0x58],0x14
0041172F   .  33D2          xor edx,edx
00411731   .  8955 EC       mov dword ptr ss:[ebp-0x14],edx
00411734   .  8D4D EC       lea ecx,dword ptr ss:[ebp-0x14]
00411737   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
0041173A   .  BA 08000000   mov edx,0x8
0041173F   .  B0 20         mov al,0x20
00411741   .  E8 02F90B00   call bjigsaw.004D1048
00411746   .  8D55 EC       lea edx,dword ptr ss:[ebp-0x14]
00411749   .  33C0          xor eax,eax
0041174B   .  8945 E8       mov dword ptr ss:[ebp-0x18],eax
0041174E   .  8D4D E8       lea ecx,dword ptr ss:[ebp-0x18]
00411751   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
00411754   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411757   .  E8 B4F70B00   call bjigsaw.004D0F10
0041175C   .  8D55 E8       lea edx,dword ptr ss:[ebp-0x18]
0041175F   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411762   .  E8 81F70B00   call bjigsaw.004D0EE8
00411767   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
0041176A   .  8D45 E8       lea eax,dword ptr ss:[ebp-0x18]
0041176D   .  BA 02000000   mov edx,0x2
00411772   .  E8 41F70B00   call bjigsaw.004D0EB8                ;  若用户名长度小于等于8,则补8个空格 "abcde        "
00411777   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
0041177A   .  8D45 EC       lea eax,dword ptr ss:[ebp-0x14]
0041177D   .  BA 02000000   mov edx,0x2
00411782   .  E8 31F70B00   call bjigsaw.004D0EB8
00411787   >  E8 44FF0B00   call <jmp.&KERNEL32.GetTickCount>   ; [GetTickCount
0041178C   .  8945 94       mov dword ptr ss:[ebp-0x6C],eax
0041178F   .  66:C745 A8 08>mov word ptr ss:[ebp-0x58],0x8
00411795   .  B8 01000000   mov eax,0x1
0041179A   >  40            inc eax
0041179B   .  83F8 64       cmp eax,0x64
0041179E   .^ 7C FA         jl short bjigsaw.0041179A
004117A0   .  E8 2BFF0B00   call <jmp.&KERNEL32.GetTickCount>   ; [GetTickCount
004117A5   .  8B55 94       mov edx,dword ptr ss:[ebp-0x6C]     ;  bjigsaw.00524BB0
004117A8   .  2BC2          sub eax,edx
004117AA   .  3D E8030000   cmp eax,0x3E8                       ;  eax=0001817F
004117AF   .  76 0D         jbe short bjigsaw.004117BE
004117B1   .  8B0D FCDF4D00 mov ecx,dword ptr ds:[0x4DDFFC]     ;  bjigsaw.004DE7AC
004117B7   .  8B01          mov eax,dword ptr ds:[ecx]
004117B9   .  E8 06200700   call bjigsaw.004837C4
004117BE   >  66:C745 A8 08>mov word ptr ss:[ebp-0x58],0x8
004117C4   .  66:C745 A8 20>mov word ptr ss:[ebp-0x58],0x20
004117CA   .  33C0          xor eax,eax
004117CC   .  BB 01000000   mov ebx,0x1
004117D1   .  8945 F4       mov dword ptr ss:[ebp-0xC],eax
004117D4   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
004117D7   .  83FB 08       cmp ebx,0x8
004117DA   .  66:C745 A8 08>mov word ptr ss:[ebp-0x58],0x8
004117E0   .  0F8F 4A020000 jg bjigsaw.00411A30
004117E6   >  8B3D 50584D00 mov edi,dword ptr ds:[0x4D5850]     ;  19位固定字串:awgsJiBtAANrPNYOntA
004117EC   .  57            push edi
004117ED   .  E8 36420B00   call bjigsaw.004C5A28
004117F2   .  59            pop ecx                             ;  
004117F3   .  50            push eax
004117F4   .  8BC3          mov eax,ebx
004117F6   .  5A            pop edx                             ;  
004117F7   .  8BCA          mov ecx,edx                         ;  edx=00000013
004117F9   .  33D2          xor edx,edx
004117FB   .  F7F1          div ecx
004117FD   .  8A0417        mov al,byte ptr ds:[edi+edx]        ;  取前4位固定字串的双数位al=77 ('w')/=73 ('s')/=69 ('i')/=74 ('t')
00411800   .  50            push eax
00411801   .  8BF3          mov esi,ebx
00411803   .  56            push esi
00411804   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411807   .  50            push eax
00411808   .  E8 23F50B00   call bjigsaw.004D0D30
0041180D   .  83C4 08       add esp,0x8
00411810   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411813   .  E8 A4F90B00   call bjigsaw.004D11BC
00411818   .  8B55 F8       mov edx,dword ptr ss:[ebp-0x8]      ;  新用户名(ASCII "abcde        ")
0041181B   .  03F2          add esi,edx
0041181D   .  4E            dec esi
0041181E   .  58            pop eax                             ;  
0041181F   .  8A16          mov dl,byte ptr ds:[esi]            ;  取前4位新用户名的单数位dl=61 ('a')/=63 ('c')/=65 ('e')/=20 (' ')
00411821   .  32C2          xor al,dl                           ;  二者进行异或
00411823   .  0FBEC0        movsx eax,al
00411826   .  66:C745 A8 08>mov word ptr ss:[ebp-0x58],0x8
0041182C   .  85C0          test eax,eax
0041182E   . /7D 02         jge short bjigsaw.00411832           ;  异或结果是否大于等于0
00411830   . |F7D8          neg eax                              ;  如果eax小于0,异或结果求补
00411832   >  66:C745 A8 38>mov word ptr ss:[ebp-0x58],0x38
00411838   .  33D2          xor edx,edx
0041183A   .  8955 E4       mov dword ptr ss:[ebp-0x1C],edx
0041183D   .  8D55 E4       lea edx,dword ptr ss:[ebp-0x1C]
00411840   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
00411843   .  E8 38950A00   call bjigsaw.004BAD80
00411848   .  66:C745 A8 2C>mov word ptr ss:[ebp-0x58],0x2C
0041184E   .  8D45 E4       lea eax,dword ptr ss:[ebp-0x1C]
00411851   .  E8 D2F70B00   call bjigsaw.004D1028
00411856   .  48            dec eax
00411857   .  7E 22         jle short bjigsaw.0041187B
00411859   .  6A 02         push 0x2
0041185B   .  8D4D E4       lea ecx,dword ptr ss:[ebp-0x1C]
0041185E   .  51            push ecx
0041185F   .  E8 CCF40B00   call bjigsaw.004D0D30
00411864   .  83C4 08       add esp,0x8
00411867   .  8D45 E4       lea eax,dword ptr ss:[ebp-0x1C]
0041186A   .  E8 4DF90B00   call bjigsaw.004D11BC               ;  
0041186F   .  8B55 E4       mov edx,dword ptr ss:[ebp-0x1C]     ;  取上面异或结果转十进制的前两位
00411872   .  42            inc edx
00411873   .  0FBE0A        movsx ecx,byte ptr ds:[edx]         ;  依次取第二位:
00411876   .  83F9 30       cmp ecx,0x30                        ;  判断第二位是否为0
00411879   .  75 56         jnz short bjigsaw.004118D1
0041187B   >  66:C745 A8 44>mov word ptr ss:[ebp-0x58],0x44
00411881   .  8D45 E0       lea eax,dword ptr ss:[ebp-0x20]
00411884   .  B2 31         mov dl,0x31                         ;  dl=0x31
00411886   .  E8 9DF50B00   call bjigsaw.004D0E28               ;  如果第二位为0,则用1代替0
0041188B   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
0041188E   .  33C0          xor eax,eax
00411890   .  8945 DC       mov dword ptr ss:[ebp-0x24],eax
00411893   .  8D45 F4       lea eax,dword ptr ss:[ebp-0xC]
00411896   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
00411899   .  8D55 E0       lea edx,dword ptr ss:[ebp-0x20]
0041189C   .  8D4D DC       lea ecx,dword ptr ss:[ebp-0x24]
0041189F   .  E8 6CF60B00   call bjigsaw.004D0F10
004118A4   .  8D55 DC       lea edx,dword ptr ss:[ebp-0x24]
004118A7   .  8D45 F4       lea eax,dword ptr ss:[ebp-0xC]
004118AA   .  E8 39F60B00   call bjigsaw.004D0EE8
004118AF   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
004118B2   .  8D45 DC       lea eax,dword ptr ss:[ebp-0x24]
004118B5   .  BA 02000000   mov edx,0x2
004118BA   .  E8 F9F50B00   call bjigsaw.004D0EB8
004118BF   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
004118C2   .  8D45 E0       lea eax,dword ptr ss:[ebp-0x20]
004118C5   .  BA 02000000   mov edx,0x2
004118CA   .  E8 E9F50B00   call bjigsaw.004D0EB8
004118CF   .  EB 6E         jmp short bjigsaw.0041193F
004118D1   >  66:C745 A8 50>mov word ptr ss:[ebp-0x58],0x50
004118D7   .  6A 02         push 0x2
004118D9   .  8D4D E4       lea ecx,dword ptr ss:[ebp-0x1C]
004118DC   .  51            push ecx
004118DD   .  E8 4EF40B00   call bjigsaw.004D0D30
004118E2   .  83C4 08       add esp,0x8
004118E5   .  8D45 E4       lea eax,dword ptr ss:[ebp-0x1C]
004118E8   .  E8 CFF80B00   call bjigsaw.004D11BC
004118ED   .  8B55 E4       mov edx,dword ptr ss:[ebp-0x1C]     ; 
004118F0   .  8D45 D8       lea eax,dword ptr ss:[ebp-0x28]
004118F3   .  42            inc edx
004118F4   .  8A12          mov dl,byte ptr ds:[edx]            ;  
004118F6   .  E8 2DF50B00   call bjigsaw.004D0E28
004118FB   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
004118FE   .  33C0          xor eax,eax
00411900   .  8945 D4       mov dword ptr ss:[ebp-0x2C],eax
00411903   .  8D45 F4       lea eax,dword ptr ss:[ebp-0xC]
00411906   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
00411909   .  8D55 D8       lea edx,dword ptr ss:[ebp-0x28]
0041190C   .  8D4D D4       lea ecx,dword ptr ss:[ebp-0x2C]
0041190F   .  E8 FCF50B00   call bjigsaw.004D0F10
00411914   .  8D55 D4       lea edx,dword ptr ss:[ebp-0x2C]
00411917   .  8D45 F4       lea eax,dword ptr ss:[ebp-0xC]
0041191A   .  E8 C9F50B00   call bjigsaw.004D0EE8
0041191F   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
00411922   .  8D45 D4       lea eax,dword ptr ss:[ebp-0x2C]
00411925   .  BA 02000000   mov edx,0x2
0041192A   .  E8 89F50B00   call bjigsaw.004D0EB8
0041192F   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
00411932   .  8D45 D8       lea eax,dword ptr ss:[ebp-0x28]
00411935   .  BA 02000000   mov edx,0x2
0041193A   .  E8 79F50B00   call bjigsaw.004D0EB8
0041193F   >  8D45 E4       lea eax,dword ptr ss:[ebp-0x1C]
00411942   .  E8 E1F60B00   call bjigsaw.004D1028
00411947   .  85C0          test eax,eax
00411949   .  7F 56         jg short bjigsaw.004119A1
0041194B   .  66:C745 A8 5C>mov word ptr ss:[ebp-0x58],0x5C
00411951   .  8D45 D0       lea eax,dword ptr ss:[ebp-0x30]
00411954   .  B2 31         mov dl,0x31
00411956   .  E8 CDF40B00   call bjigsaw.004D0E28
0041195B   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
0041195E   .  33C0          xor eax,eax
00411960   .  8945 CC       mov dword ptr ss:[ebp-0x34],eax
00411963   .  8D45 F4       lea eax,dword ptr ss:[ebp-0xC]
00411966   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
00411969   .  8D55 D0       lea edx,dword ptr ss:[ebp-0x30]
0041196C   .  8D4D CC       lea ecx,dword ptr ss:[ebp-0x34]
0041196F   .  E8 9CF50B00   call bjigsaw.004D0F10
00411974   .  8D55 CC       lea edx,dword ptr ss:[ebp-0x34]
00411977   .  8D45 F4       lea eax,dword ptr ss:[ebp-0xC]
0041197A   .  E8 69F50B00   call bjigsaw.004D0EE8
0041197F   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
00411982   .  8D45 CC       lea eax,dword ptr ss:[ebp-0x34]
00411985   .  BA 02000000   mov edx,0x2
0041198A   .  E8 29F50B00   call bjigsaw.004D0EB8
0041198F   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
00411992   .  8D45 D0       lea eax,dword ptr ss:[ebp-0x30]
00411995   .  BA 02000000   mov edx,0x2
0041199A   .  E8 19F50B00   call bjigsaw.004D0EB8
0041199F   .  EB 6D         jmp short bjigsaw.00411A0E
004119A1   >  66:C745 A8 68>mov word ptr ss:[ebp-0x58],0x68
004119A7   .  6A 01         push 0x1
004119A9   .  8D4D E4       lea ecx,dword ptr ss:[ebp-0x1C]
004119AC   .  51            push ecx
004119AD   .  E8 7EF30B00   call bjigsaw.004D0D30
004119B2   .  83C4 08       add esp,0x8
004119B5   .  8D45 E4       lea eax,dword ptr ss:[ebp-0x1C]
004119B8   .  E8 FFF70B00   call bjigsaw.004D11BC
004119BD   .  8B55 E4       mov edx,dword ptr ss:[ebp-0x1C]     ;  
004119C0   .  8D45 C8       lea eax,dword ptr ss:[ebp-0x38]
004119C3   .  8A12          mov dl,byte ptr ds:[edx]            ;   依次取第一位:
004119C5   .  E8 5EF40B00   call bjigsaw.004D0E28
004119CA   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
004119CD   .  33C0          xor eax,eax
004119CF   .  8945 C4       mov dword ptr ss:[ebp-0x3C],eax
004119D2   .  8D45 F4       lea eax,dword ptr ss:[ebp-0xC]
004119D5   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
004119D8   .  8D55 C8       lea edx,dword ptr ss:[ebp-0x38]
004119DB   .  8D4D C4       lea ecx,dword ptr ss:[ebp-0x3C]
004119DE   .  E8 2DF50B00   call bjigsaw.004D0F10
004119E3   .  8D55 C4       lea edx,dword ptr ss:[ebp-0x3C]
004119E6   .  8D45 F4       lea eax,dword ptr ss:[ebp-0xC]
004119E9   .  E8 FAF40B00   call bjigsaw.004D0EE8
004119EE   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
004119F1   .  8D45 C4       lea eax,dword ptr ss:[ebp-0x3C]
004119F4   .  BA 02000000   mov edx,0x2
004119F9   .  E8 BAF40B00   call bjigsaw.004D0EB8               ;  反向相连接:ASCII "22612148"
004119FE   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
00411A01   .  8D45 C8       lea eax,dword ptr ss:[ebp-0x38]
00411A04   .  BA 02000000   mov edx,0x2
00411A09   .  E8 AAF40B00   call bjigsaw.004D0EB8
00411A0E   >  83C3 02       add ebx,0x2
00411A11   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
00411A14   .  8D45 E4       lea eax,dword ptr ss:[ebp-0x1C]
00411A17   .  BA 02000000   mov edx,0x2
00411A1C   .  E8 97F40B00   call bjigsaw.004D0EB8
00411A21   .  66:C745 A8 08>mov word ptr ss:[ebp-0x58],0x8
00411A27   .  83FB 08       cmp ebx,0x8
00411A2A   .^ 0F8E B6FDFFFF jle bjigsaw.004117E6
00411A30   >  E8 9BFC0B00   call <jmp.&KERNEL32.GetTickCount>   ; [GetTickCount
00411A35   .  8B4D 94       mov ecx,dword ptr ss:[ebp-0x6C]     ;  bjigsaw.00524BB0
00411A38   .  2BC1          sub eax,ecx
00411A3A   .  3D E8030000   cmp eax,0x3E8
00411A3F   .  76 0C         jbe short bjigsaw.00411A4D
00411A41   .  A1 FCDF4D00   mov eax,dword ptr ds:[0x4DDFFC]
00411A46   .  8B00          mov eax,dword ptr ds:[eax]
00411A48   .  E8 771D0700   call bjigsaw.004837C4
00411A4D   >  66:C745 A8 74>mov word ptr ss:[ebp-0x58],0x74
00411A53   .  8B45 F4       mov eax,dword ptr ss:[ebp-0xC]      ;  
00411A56   .  E8 55930A00   call bjigsaw.004BADB0
00411A5B   .  66:C745 A8 08>mov word ptr ss:[ebp-0x58],0x8
00411A61   .  8BF0          mov esi,eax
00411A63   .  EB 0D         jmp short bjigsaw.00411A72
00411A65   .  33F6          xor esi,esi
00411A67   .  66:C745 A8 7C>mov word ptr ss:[ebp-0x58],0x7C
00411A6D   .  E8 F8C50B00   call bjigsaw.004CE06A
00411A72   >  66:C745 A8 08>mov word ptr ss:[ebp-0x58],0x8
00411A78   .  BB 01000000   mov ebx,0x1
00411A7D   .  EB 2E         jmp short bjigsaw.00411AAD
00411A7F   >  8BFB          mov edi,ebx
00411A81   .  57            push edi
00411A82   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411A85   .  50            push eax
00411A86   .  E8 A5F20B00   call bjigsaw.004D0D30
00411A8B   .  83C4 08       add esp,0x8
00411A8E   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411A91   .  E8 26F70B00   call bjigsaw.004D11BC
00411A96   .  8B55 F8       mov edx,dword ptr ss:[ebp-0x8]           ;  新用户名 "abcde        "
00411A99   .  8D041B        lea eax,dword ptr ds:[ebx+ebx]           ;  eax=ebx*2
00411A9C   .  03FA          add edi,edx
00411A9E   .  8D53 FF       lea edx,dword ptr ds:[ebx-0x1]           ;  edx=ebx-1
00411AA1   .  F7EA          imul edx                                 ;  eax=eax*edx
00411AA3   .  4F            dec edi
00411AA4   .  0FBE0F        movsx ecx,byte ptr ds:[edi]              ;  ecx=依次取新用户名 "abcde        "ASC码
00411AA7   .  0FAFC8        imul ecx,eax                             ;  ecx=ecx*eax
00411AAA   .  03F1          add esi,ecx                              ;  esi=esi+ecx
00411AAC   .  43            inc ebx
00411AAD   >  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411AB0   .  E8 73F50B00   call bjigsaw.004D1028
00411AB5   .  3BD8          cmp ebx,eax                         ;  eax=0000000D
00411AB7   .^ 7E C6         jle short bjigsaw.00411A7F
00411AB9   .  E8 12FC0B00   call <jmp.&KERNEL32.GetTickCount>   ; [GetTickCount
00411ABE   .  8B55 94       mov edx,dword ptr ss:[ebp-0x6C]     ;  bjigsaw.00524BB0
00411AC1   .  2BC2          sub eax,edx
00411AC3   .  3D E8030000   cmp eax,0x3E8
00411AC8   .  76 0D         jbe short bjigsaw.00411AD7
00411ACA   .  8B0D FCDF4D00 mov ecx,dword ptr ds:[0x4DDFFC]     ;  bjigsaw.004DE7AC
00411AD0   .  8B01          mov eax,dword ptr ds:[ecx]
00411AD2   .  E8 ED1C0700   call bjigsaw.004837C4
00411AD7   >  66:C745 A8 08>mov word ptr ss:[ebp-0x58],0x8
00411ADD   .  BB 01000000   mov ebx,0x1
00411AE2   .  E9 93000000   jmp bjigsaw.00411B7A
00411AE7   > /8BFB          mov edi,ebx                         ;  
00411AE9   . |57            push edi
00411AEA   . |8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411AED   . |50            push eax
00411AEE   . |E8 3DF20B00   call bjigsaw.004D0D30
00411AF3   . |83C4 08       add esp,0x8
00411AF6   . |8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411AF9   . |E8 BEF60B00   call bjigsaw.004D11BC
00411AFE   . |8B55 F8       mov edx,dword ptr ss:[ebp-0x8]      ;  新用户名 "abcde        "
00411B01   . |03FA          add edi,edx
00411B03   . |4F            dec edi
00411B04   .  0FBE0F        movsx ecx,byte ptr ds:[edi]         ;  ecx=依次取新用户名 "abcde        "ASC码
00411B07   .  8BC1          mov eax,ecx                         ;  eax=ecx
00411B09   .  895D 90       mov dword ptr ss:[ebp-0x70],ebx     ;  ebx=00000001/2...6...D
00411B0C   .  C1E0 03       shl eax,0x3                         ;  eax左移3位
00411B0F   .  8B55 90       mov edx,dword ptr ss:[ebp-0x70]
00411B12   .  2BC1          sub eax,ecx                         ;  eax=eax-ecx
00411B14   .  8D4D F8       lea ecx,dword ptr ss:[ebp-0x8]
00411B17   .  52            push edx
00411B18   .  51            push ecx
00411B19   .  03F0          add esi,eax                         ;  esi=esi+eax
00411B1B   .  E8 10F20B00   call bjigsaw.004D0D30
00411B20   .  83C4 08       add esp,0x8
00411B23   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411B26   .  E8 91F60B00   call bjigsaw.004D11BC
00411B2B   .  8B55 90       mov edx,dword ptr ss:[ebp-0x70]
00411B2E   .  8B4D F8       mov ecx,dword ptr ss:[ebp-0x8]
00411B31   .  03D1          add edx,ecx
00411B33   .  4A            dec edx
00411B34   .  0FBE02        movsx eax,byte ptr ds:[edx]         ;  eax=依次取新用户名 "abcde        "ASC码
00411B37   .  8BD0          mov edx,eax                         ;  edx=eax
00411B39   .  895D 8C       mov dword ptr ss:[ebp-0x74],ebx
00411B3C   .  C1E2 04       shl edx,0x4                         ;  edx左移4位
00411B3F   .  8B4D 8C       mov ecx,dword ptr ss:[ebp-0x74]
00411B42   .  2BD0          sub edx,eax                         ;  edx=edx-eax
00411B44   .  51            push ecx
00411B45   .  8D1490        lea edx,dword ptr ds:[eax+edx*4]    ;  edx=eax+edx*4
00411B48   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411B4B   .  50            push eax
00411B4C   .  03F2          add esi,edx                         ;  esi=esi+edx
00411B4E   .  E8 DDF10B00   call bjigsaw.004D0D30
00411B53   .  83C4 08       add esp,0x8
00411B56   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411B59   .  E8 5EF60B00   call bjigsaw.004D11BC
00411B5E   .  8B55 8C       mov edx,dword ptr ss:[ebp-0x74]
00411B61   .  8B4D F8       mov ecx,dword ptr ss:[ebp-0x8]
00411B64   .  03D1          add edx,ecx
00411B66   .  4A            dec edx
00411B67   .  0FBE02        movsx eax,byte ptr ds:[edx]         ;  eax=依次取新用户名 "abcde        "ASC码
00411B6A   .  8D1440        lea edx,dword ptr ds:[eax+eax*2]    ;  edx=eax+eax*2
00411B6D   .  C1E2 05       shl edx,0x5                         ;  edx左移5位
00411B70   .  2BD0          sub edx,eax                         ;  edx=edx-eax
00411B72   .  C1E2 04       shl edx,0x4                         ;  edx左移4位
00411B75   .  03D0          add edx,eax                         ;  edx=edx+eax
00411B77   .  03F2          add esi,edx                         ;  esi=esi+edx
00411B79   .  43            inc ebx
00411B7A   >  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411B7D   .  E8 A6F40B00   call bjigsaw.004D1028
00411B82   .  3BD8          cmp ebx,eax                         ;  eax=0000000D
00411B84   .^ 0F8E 5DFFFFFF jle bjigsaw.00411AE7
00411B8A   .  E8 41FB0B00   call <jmp.&KERNEL32.GetTickCount>   ; [GetTickCount
00411B8F   .  8B55 94       mov edx,dword ptr ss:[ebp-0x6C]     ;  bjigsaw.00524BB0
00411B92   .  2BC2          sub eax,edx
00411B94   .  3D E8030000   cmp eax,0x3E8
00411B99   .  76 0D         jbe short bjigsaw.00411BA8
00411B9B   .  8B0D FCDF4D00 mov ecx,dword ptr ds:[0x4DDFFC]     ;  bjigsaw.004DE7AC
00411BA1   .  8B01          mov eax,dword ptr ds:[ecx]
00411BA3   .  E8 1C1C0700   call bjigsaw.004837C4
00411BA8   >  66:C745 A8 80>mov word ptr ss:[ebp-0x58],0x80
00411BAE   .  BA 4A5A4D00   mov edx,bjigsaw.004D5A4A            ;  固定字串:"BJ"
00411BB3   .  8D45 F0       lea eax,dword ptr ss:[ebp-0x10]
00411BB6   .  E8 F9F10B00   call bjigsaw.004D0DB4
00411BBB   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
00411BBE   .  33D2          xor edx,edx
00411BC0   .  66:C745 A8 08>mov word ptr ss:[ebp-0x58],0x8
00411BC6   .  66:C745 A8 8C>mov word ptr ss:[ebp-0x58],0x8C
00411BCC   .  8955 C0       mov dword ptr ss:[ebp-0x40],edx
00411BCF   .  8D55 C0       lea edx,dword ptr ss:[ebp-0x40]
00411BD2   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
00411BD5   .  8BC6          mov eax,esi                         ;  eax=016C0983(23857539)
00411BD7   .  E8 A4910A00   call bjigsaw.004BAD80
00411BDC   .  8D55 C0       lea edx,dword ptr ss:[ebp-0x40]
00411BDF   .  8D45 F0       lea eax,dword ptr ss:[ebp-0x10]
00411BE2   .  E8 15F30B00   call bjigsaw.004D0EFC
00411BE7   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
00411BEA   .  8D45 C0       lea eax,dword ptr ss:[ebp-0x40]
00411BED   .  BA 02000000   mov edx,0x2
00411BF2   .  E8 C1F20B00   call bjigsaw.004D0EB8
00411BF7   .  66:C745 A8 98>mov word ptr ss:[ebp-0x58],0x98
00411BFD   .  8D55 F0       lea edx,dword ptr ss:[ebp-0x10]
00411C00   .  8B45 BC       mov eax,dword ptr ss:[ebp-0x44]
00411C03   .  E8 E0F20B00   call bjigsaw.004D0EE8
00411C08   .  8B45 BC       mov eax,dword ptr ss:[ebp-0x44]
00411C0B   .  BA 02000000   mov edx,0x2
00411C10   .  66:C745 A8 A4>mov word ptr ss:[ebp-0x58],0xA4
00411C16   .  50            push eax
00411C17   .  8D45 F0       lea eax,dword ptr ss:[ebp-0x10]
00411C1A   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
00411C1D   .  E8 96F20B00   call bjigsaw.004D0EB8
00411C22   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]         ;  edx现真码
00411C25   .  8D45 F4       lea eax,dword ptr ss:[ebp-0xC]
00411C28   .  BA 02000000   mov edx,0x2                         ;  edx=00B0D1D0, (ASCII "BJ23857539")
00411C2D   .  E8 86F20B00   call bjigsaw.004D0EB8
00411C32   .  FF4D B4       dec dword ptr ss:[ebp-0x4C]
00411C35   .  8D45 F8       lea eax,dword ptr ss:[ebp-0x8]
00411C38   .  BA 02000000   mov edx,0x2
00411C3D   .  E8 76F20B00   call bjigsaw.004D0EB8
00411C42   .  58            pop eax                             ;  00B010E8
00411C43   .  66:C745 A8 98>mov word ptr ss:[ebp-0x58],0x98
00411C49   .  FF45 B4       inc dword ptr ss:[ebp-0x4C]
00411C4C   .  8B55 98       mov edx,dword ptr ss:[ebp-0x68]
00411C4F   .  64:8915 00000>mov dword ptr fs:[0],edx
00411C56   .  5F            pop edi                             ;  00B010E8
00411C57   .  5E            pop esi                             ;  00B010E8
00411C58   .  5B            pop ebx                             ;  00B010E8
00411C59   .  8BE5          mov esp,ebp
00411C5B   .  5D            pop ebp                             ;  00B010E8
00411C5C   .  C3            retn


【算法总结】以用户名abcde为例
一、比较用户名长度是否大于8,否则补8个空格组成新用户名;
二、19位固定字串:awgsJiBtAANrPNYOntA
取4位字串双数位ASC码:al=77 ('w')/=73 ('s')/=69 ('i')/=74 ('t')
取4位用户名的单数位ASC码:dl=61 ('a')/=63 ('c')/=65 ('e')/=20 (' ')
异或:al xor dl=77 61=16/73 63=10/69 65=0C/74 20=54
异或结果转十进制的前两位:(ASCII "22")/(ASCII "16")/(ASCII "12")/(ASCII "84")/
(如果异或结果小于0则要进行求补)
每两位反向后连接:ASCII "22612148"
三、用户名ASC码*(2/4/6/8/A/C/E/10/12/14/16/18/1A)*(0/1/2/3/4/5/6/7/8/9/A/B/C)
累加1:esi=015908B4+0=015908B4/+188=01590A3C....../0159D408
累加2:esi=esi+(用户名ASC码左移3位-用户名ASC码)=0159D408+2A7=0159D6AF......016B42E3+E0=016B43C3
累加3:esi+用户名ASC码+(用户名ASC码左移4位-用户名ASC码)*4=0159D6AF+171D=0159EDCC......016B43C3+7A0=016B4B6
累加4:esi=esi+[(用户名ASC码*3)左移5位-用户名ASC码]左移4位+用户名ASC码:=0159EDCC+24051=015C2E1D..../016B4B63+BE20=016C0983
结果016C0983转为十进制23857539,与固定字串“BJ”连成注册码。SN=字串BJ + esi= BJ23857539

几组注册码为:
User name:abcde
Registration code:BJ23857539
User name:pj2020      
Registration code:BJ18687394

注册信息保存在注册表:
HKEY_CURRENT_USER\Software\ADCSoft\BJigsaw\UserName
HKEY_CURRENT_USER\Software\ADCSoft\BJigsaw\RegCode

【体会】:
一、本程序算法部分比较清晰,没有过多的干扰代码,适合吾等新手练习。
二、本程序为益智类型的拼图游戏,适于学生,其原版为英文,附件提供汉化补丁,同时提供注册机和原程序。使用时把汉化补丁解压并覆盖到安装文件夹内。

1.png

3.png

33.png

汉化后:
0.png

1.png

游客,如果您要查看本帖隐藏内容请回复

评分

参与人数 31威望 +1 HB +61 THX +17 收起 理由
禽大师 + 1
希言自然 + 1
longge188 + 1 [吾爱汇编论坛52HB.COM]-感谢楼主热心分享,小小评分不成敬意!
小声点我布隆 + 1 [吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩!
虚心学习 + 1
一路走来不容易 + 2
消逝的过去 + 1
纯英文 + 1
丰明泽 + 1
冷亦飞 + 1
飞刀梦想 + 1
l278785481 + 1
temp + 1
zxjzzh + 2 [吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少!
fengyuan0128 + 1
kway + 1
我是好人 + 1 [吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守!
h112233h456 + 1
bnjzzheng + 1 [吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩!
lies + 1
yurui + 1 + 1 [快捷评语]--吃水不忘打井人,给个评分懂感恩!
lxcjycjy + 1 + 1 [快捷评语] - 吃水不忘打井人,给个评分懂感恩!
wzgangwzgang + 1 + 1 [快捷评语] - 分享精神,是最值得尊敬的!
soho + 1 [快捷评语] - 吃水不忘打井人,给个评分懂感恩!
freedom + 1 + 1 [快捷评语] - 分享精神,是最值得尊敬的!
lijianglai + 4 + 1 可以吧注册机源码上传就更好了
ch_1943 + 1 + 1 [快捷评语] - 2017,让我们17学破解!
每天学一点 + 1 + 1 [快捷评语] - 分享精神,是最值得尊敬的!
逍遥枷锁 + 3 + 1 [快捷评语] - 2017,让我们17学破解!
syzh802618 + 2 + 1 [快捷评语] - 分享精神,是最值得尊敬的!
Shark恒 + 1 + 30 + 1 分析的很详细,精华走一个!

查看全部评分

吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
Shark恒 发表于 2017-9-24 21:01 | 显示全部楼层
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
syzh802618 发表于 2017-9-25 13:28 | 显示全部楼层

感谢楼主分享
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
湛西哥 发表于 2017-9-25 18:57 | 显示全部楼层
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
hx794187800 发表于 2017-9-26 15:54 | 显示全部楼层

新手飘过,感谢分享
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
lijianglai 发表于 2017-9-26 17:45 | 显示全部楼层
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
每天学一点 发表于 2017-9-28 07:06 | 显示全部楼层

学习了,谢谢分享。。
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
123-木头人 发表于 2017-10-1 09:21 来自手机端 | 显示全部楼层

感谢分享,这是一个学算法的好教程
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
cxj98 发表于 2017-10-4 14:17 | 显示全部楼层

挖槽,牛得不要不要了。
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
xin2819800 发表于 2017-10-6 11:47 | 显示全部楼层

新手飘过,来学习学习,技术!!!支持楼主!·
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

警告:本站严惩灌水回复,尊重自己从尊重他人开始!

1层
2层
3层
4层
5层
6层
7层
8层
9层
10层

免责声明

吾爱汇编(www.52hb.com)所讨论的技术及相关工具仅限用于研究学习,皆在提高软件产品的安全性,严禁用于不良动机。任何个人、团体、组织不得将其用于非法目的,否则,一切后果自行承担。吾爱汇编不承担任何因为技术滥用所产生的连带责任。吾爱汇编内容源于网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除。如有侵权请邮件或微信与我们联系处理。

站长邮箱:SharkHeng@sina.com
站长QQ:1140549900


QQ|RSS|手机版|小黑屋|帮助|吾爱汇编 ( 京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图

Powered by Discuz!

吾爱汇编 www.52hb.com

快速回复 返回顶部 返回列表