010Editor Cracked分析详文
来源:互联网 发布:淘宝转运香港 编辑:程序博客网 时间:2024/05/21 10:39
010Editor的破解,做个记录
首先在OD中打开010Editor,然后搜索字符串"Invalid name",可以看到有字符串"Invalid name or password. Please enter your name and password exactly as given when you purchased 010 Editor (make sure no quotes are included)."
跟踪到汇编窗口中,向上查找头部开始处
015380E0 > \6A FF push -1
接下来一段是取用户名和密码,略过
在下来是验证过程:
// 开始校验0153846F . 51 push ecx01538470 . 8B0D CC4D8701 mov ecx, dword ptr [1874DCC]01538476 . E8 60A1E8FF call 013C25DB0153847B . 8B0D CC4D8701 mov ecx, dword ptr [1874DCC]01538481 . 68 23400000 push 402301538486 . 6A 07 push 701538488 . E8 7E11E9FF call 013C960B ;校验0153848D . 8B0D CC4D8701 mov ecx, dword ptr [1874DCC]01538493 . 68 23400000 push 402301538498 . 6A 07 push 70153849A . 8BD8 mov ebx, eax0153849C . E8 D807E9FF call 013C8C79 ;校验push ecx,结构0018D43C 98 A6 7D 08 01 00 00 00 60 FF 89 08 10 A6 7D 08 槮}...`?0018D44C 70 F4 83 08 00 D5 18 00 32 4B 6C 01 01 00 00 00 p魞.?.2Kl...{ QString u"01234-4567-89ab-cdef-3456" NUM 1 QString u"01" QString u"01234-4567-89ab-cdef-3456" QString u"deadash"}mov ecx,x00852BC8 00 18 26 6C 70 F4 83 08 88 A5 7D 08 50 72 81 08 .&lp魞垾}Pr?{ QString::shared_null QString u"deadash" QString u"01234-4567-89ab-cdef-3456" QString u""}=========================================================================================013C25DB:0161E0AE . 52 push edx0161E0AF . 8BCE mov ecx, esi0161E0B1 . E8 C4AADAFF call 013C8B7A// 转化字符串为 16进制值 保存到堆栈临时变量中esp -> 0018D3DC// 01234-4567-89ab-cdef-3456$+1C > 67452301$+20 > EFCDAB890018D3F8<$+1C> 01 23 45 67 89 AB CD EF 34 56 18 00 #Eg壂惋4V.≡pass[10] = { 01 23 45 67 89 AB CD EF 34 56};0161E0DE . 8A4424 1F mov al, byte ptr [esp+1F] ;670161E0E2 . 8A5C24 21 mov bl, byte ptr [esp+21] ;AB// al = pass[3], bl = pass[5];BYTE bRet = 0;switch(al){case 0x9C: L_EOEA: break;case 0xFC: break;case 0xAC: break;default: bRet = 0xE7 break;}------------------------------------------------------------------------------------------L_EOEA:([esp+1c] -> pass[0])0161E0EA . 8A5424 23 mov dl, byte ptr [esp+23] ; Case 9C of switch 0161E0E60161E0EE . 325424 1D xor dl, byte ptr [esp+1D]0161E0F2 . 8A4C24 22 mov cl, byte ptr [esp+22]0161E0F6 . 324C24 1C xor cl, byte ptr [esp+1C]0161E0FA . 66:0FB6C2 movzx ax, dl0161E0FE . 884C24 18 mov byte ptr [esp+18], cl// ax = p[7] ^ p[1] // t = p[6] ^ p[0] ; t-> [esp+18]0161E102 . B9 00010000 mov ecx, 1000161E107 . 66:0FAFC1 imul ax, cx// ax *= 0x100;0161E10B . 8AD3 mov dl, bl ; bl = pass[5]0161E10D . 325424 1E xor dl, byte ptr [esp+1E]0161E111 . 66:0FB6CA movzx cx, dl0161E115 . 8B5424 18 mov edx, dword ptr [esp+18]0161E119 . 66:03C1 add ax, cx// ax += pass[5] ^ pass[2];0161E11C . 52 push edx ;t0161E11D . 0FB7F8 movzx edi, ax ;规避值 -> edi0161E120 . E8 BA8BDAFF call 013C6CDFL_6CDF: 0161C870 > \8A4424 04 mov al, byte ptr [esp+4] 0161C874 . 34 18 xor al, 18 0161C876 . 04 3D add al, 3D 0161C878 . 34 A7 xor al, 0A7 0161C87A . C3 retn // return ((param ^ 0x18) + 0x3D) ^ 0xA7;//L_6CDF(t);0161E125 . 0FB6C0 movzx eax, al0161E128 . 57 push edi0161E129 . 8946 1C mov dword ptr [esi+1C], eax0161E12C . E8 3997DAFF call 013C786A// save eax -> [esi+0x1c]L_C880: 0161C880 > \8B4424 04 mov eax, dword ptr [esp+4] 0161C884 . 35 92780000 xor eax, 7892 0161C889 . 05 304D0000 add eax, 4D30 0161C88E . 35 21340000 xor eax, 3421 0161C893 . 0FB7C0 movzx eax, ax 0161C896 . 99 cdq 0161C897 . B9 0B000000 mov ecx, 0B 0161C89C . F7F9 idiv ecx 0161C89E . 85D2 test edx, edx 0161C8A0 . 74 02 je short 0161C8A4 0161C8A2 . 33C0 xor eax, eax 0161C8A4 > C3 retn //WORD k = (((param^0x7892+0x4D30)^0x3421)); // if(k % 0x0B !=0) return 0; // else return (k/0x0B);//L_C880(edi);0161E131 . 8B4E 1C mov ecx, dword ptr [esi+1C]0161E134 . 0FB7C0 movzx eax, ax0161E137 . 83C4 08 add esp, 80161E13A . 8946 20 mov dword ptr [esi+20], eax// 保存 -> [esi+0x20];// 取ecx<- [esi+0x1C];0161E13D . 85C9 test ecx, ecx0161E13F . 0F84 3B010000 je 0161E2800161E145 . 85C0 test eax, eax0161E147 . 0F84 33010000 je 0161E2800161E14D . 3D E8030000 cmp eax, 3E80161E152 . 0F87 28010000 ja 0161E280// if(ecx == 0 || eax ==0 || eax >0x3E8) return 0xE7;0161E158 . 83F9 02 cmp ecx, 20161E15B . 1BFF sbb edi, edi0161E15D . 23F9 and edi, ecx// (ecx<2.cf=1) (ecx>=2.cf=0) edi=0-cf. edi&=ecx// edi = ecx \ edi = 0 。对下面的调用有影响0161E23B . 8B41 0C mov eax, dword ptr [ecx+C] ; name="deadash"0161E23E . 8B56 20 mov edx, dword ptr [esi+20] ; 上面保存的值 /0x0B,可能是点击次数0161E243 . 807C24 1F FC cmp byte ptr [esp+1F], 0FC// 比较 pass[3] == 0xFC============================================================================================0161E248 . 52 push edx0161E249 . 0F95C1 setne cl0161E24C . 57 push edi0161E24D . 51 push ecx0161E24E . 50 push eax0161E24F . E8 9846DAFF call 013C28EC// 用户名处理堆栈$-10 > 0880EAC0 ASCII "deadash" ;eax // name$-C > 00000001 ;cl = (pass[3]==0xFC)?0:1. // param1$-8 > 00000000 ;edi // 可能是版本 // param2$-4 > 00000001 ;edx // 手工赋值为 1 // param30161C510 > /8A08 mov cl, byte ptr [eax]0161C512 . |40 inc eax0161C513 . |84C9 test cl, cl0161C515 .^\75 F9 jnz short 0161C5100161C51B . 894424 10 mov dword ptr [esp+10], eax// strlen(name) -> 临时变量 [esp+10]0161C525 . 8B4424 24 mov eax, dword ptr [esp+24]// eax <- param30161C52B . 8BF8 mov edi, eax0161C52D . C1E7 04 shl edi, 40161C530 . 2BF8 sub edi, eax ; param3 << 4 - param3(param3 *15)0161C532 . 8B4424 28 mov eax, dword ptr [esp+28] ;param20161C536 . 8BF0 mov esi, eax0161C538 . C1E6 04 shl esi, 40161C53B . 895C24 14 mov dword ptr [esp+14], ebx ; ebx 固定00161C53F . 895C24 10 mov dword ptr [esp+10], ebx 0161C543 . 03F0 add esi, eax ;param2 << 4 + param2 (param2 *17) LOOP:0161C545 > /8B4424 20 mov eax, dword ptr [esp+20] ;name,"deadash"0161C549 . |0FB60C03 movzx ecx, byte ptr [ebx+eax] ;eax ->&pName, ebx-> i(0)0161C54D . 51 push ecx ; /c0161C54E . FF15 60908701 call dword ptr [<&MSVCR90.toupper>] ; \toupper// c = name[i].toupper;0161C557 . 837C24 24 00 cmp dword ptr [esp+24], 0 ;param10161C55C . 74 5B je short 0161C5B9if(param1 != 0)---> L_C55Eelse---> L_C5B9L_C55E:0161C55E . 8B0C85 F0B586>mov ecx, dword ptr [eax*4+186B5F0] 0161C565 . 8D50 0D lea edx, dword ptr [eax+D] 0161C568 . 81E2 FF000000 and edx, 0FF 0161C56E . 03CD add ecx, ebp // ecx = p[c]+ ebp; -- ebp初始值为00161C570 . 330C95 F0B586>xor ecx, dword ptr [edx*4+186B5F0] // ecx ^= p[ BYTE(c+D)];0161C577 . 83C0 2F add eax, 2F0161C57A . 25 FF000000 and eax, 0FF0161C57F . 0FAF0C85 F0B5>imul ecx, dword ptr [eax*4+186B5F0] // ecx *= p[ BYTE(c+0x2F)];0161C587 . 8BD6 mov edx, esi 0161C589 . 81E2 FF000000 and edx, 0FF0161C58F . 030C95 F0B586>add ecx, dword ptr [edx*4+186B5F0] // ecx += p[ BYTE(esi)]; -- esi有初始值0161C596 . 8B5424 10 mov edx, dword ptr [esp+10] // 初始值为00161C59A . 8BC7 mov eax, edi0161C59C . 25 FF000000 and eax, 0FF0161C5A1 . 030C85 F0B586>add ecx, dword ptr [eax*4+186B5F0] // ecx += p[ BYTE(edi)]; -- edi有初始值0161C5A8 . 81E2 FF000000 and edx, 0FF0161C5AE . 030C95 F0B586>add ecx, dword ptr [edx*4+186B5F0] // ecx += p[ BYTE(t1)]; --临时变量 [esp+10],初始00161C5B5 . 8BE9 mov ebp, ecx // ebp <- ecx ,保存值// k = (k + p[c]) ^ p[c+d] * p[c+2F] + p[esi]+ p[edi] + p[t1] ; L_c5b9:0161C5B9 > \8B1485 F0B586>mov edx, dword ptr [eax*4+186B5F0]0161C5C0 . 8D48 3F lea ecx, dword ptr [eax+3F]0161C5C3 . 03D5 add edx, ebp0161C5C5 . 83C0 17 add eax, 170161C5C8 . 81E1 FF000000 and ecx, 0FF0161C5CE . 33148D F0B586>xor edx, dword ptr [ecx*4+186B5F0]0161C5D5 . 25 FF000000 and eax, 0FF0161C5DA . 0FAF1485 F0B5>imul edx, dword ptr [eax*4+186B5F0]0161C5E2 . 8BC6 mov eax, esi0161C5E4 . 25 FF000000 and eax, 0FF0161C5E9 . 031485 F0B586>add edx, dword ptr [eax*4+186B5F0]0161C5F0 . 8B4424 14 mov eax, dword ptr [esp+14] // 临时变量 t2 初始00161C5F4 . 8BCF mov ecx, edi0161C5F6 . 81E1 FF000000 and ecx, 0FF0161C5FC . 03148D F0B586>add edx, dword ptr [ecx*4+186B5F0]0161C603 . 25 FF000000 and eax, 0FF0161C608 . 031485 F0B586>add edx, dword ptr [eax*4+186B5F0]0161C60F . 8BEA mov ebp, edx// k = (k + p[c]) ^ p[c+3f] *p[c+17] + p[esi] + p[edi] + p[t2] ;// 全部跳转 <循环判断>0161C611 > \834424 10 13 add dword ptr [esp+10], 13 ; t1 += 130161C616 . 834424 14 07 add dword ptr [esp+14], 7 ; t2 += 70161C61B . 43 inc ebx ;i++0161C61C . 83C6 09 add esi, 9 ; esi += 90161C61F . 83C7 0D add edi, 0D ; edi += 0x0d0161C622 . 3B5C24 18 cmp ebx, dword ptr [esp+18] ; i < len,goto loop0161C626 .^ 0F8C 19FFFFFF jl 0161C545// return ebp=============================================================================================================0161E257 . 384424 20 cmp byte ptr [esp+20], al// 比较最低位 是否和 pass[4]相等 不等返回 0xE70161E28A > \8BD0 mov edx, eax0161E28C . C1EA 08 shr edx, 8 0161E28F . 3ADA cmp bl, dl ; bl = pass[5]// 比较第二位 是否和 pass[5]相等 不等返回 0xE70161E2C0 > \8BC8 mov ecx, eax0161E2C2 . C1E9 10 shr ecx, 100161E2C5 . 384C24 22 cmp byte ptr [esp+22], cl0161E2C9 .^ 75 92 jnz short 0161E25D// 比较第三位, 是否和 pass[6]相等 不等返回 0xE70161E2CB . 8BD0 mov edx, eax0161E2CD . C1EA 18 shr edx, 180161E2D0 . 385424 23 cmp byte ptr [esp+23], dl// 比较第四位 是否和 pass[7]相等 不等返回 0xE7002CE2DA . 80F9 9C cmp cl, 9C ; Switch (cases 9C..FC)002CE2DD . 75 4E jnz short 002CE32D全部相等 且 pass[3] == 0x9C,0xFC,0xAC:返回 0x2d返回 0xDB.
接下来把上面代码转换成伪代码,更便于我们分析
取 用户名 string name;取 密码char pass[10];BYTE type = pass[3]; // 注册码类型BYTE ret; // 返回结果 返回 0x2D 即注册成功switch(type){case 0x9C:// 只关注这个 break;case 0xFC:case 0xAC:default: ret = 0xE7; break;}==========================================================// 使用了 0,1,2,3,5,6,7// 返回校验 使用了 4,5,6,7ax = pass[7] ^ pass[1];t = pass[6] ^ pass[0];ax *= 0x100;ax += pass[5] ^ pass[2];hash_1(byte param){return ((param ^0x18) + 0x3D) ^ 0xA7;}x = hash_1(t);hash_2(word param){word k = (((param^0x7892+0x4D30)^0x3421));if(k % 0x0b !=0) return 0;else return (k / 0x0b);}y = hash_2(ax);if(x ==0 || y==0 || y > 0x3e8) return 0xE7;dword check_name(string name, // "deadash" bool type, // (type==0xFC)?false:true int version, // x<2?x:0 int number // y,可能是人数);value = check_name("deadash",true,0,1);value[0-3]; ==pass[4],pass[5],pass[6],pass[7]相等返回 0x2D;================================================================dword check_name(string name, // "deadash" bool type, // (type==0xFC)?false:true int version, // x<2?x:0 int number // y,可能是人数){ esi = number * 15; edi = version * 17; dword ret = 0; for(int i = 0; i < strlen(name); i++){ char k = toupper(name[i]); // 转化为大写 if(type){ ret = (ret + p[k]) ^ p[k+d] * p[k+2F] + p[esi]+ p[edi] + p[t1] ; }else{ ret = (ret + p[k]) ^ p[k+3f] *p[k+17] + p[esi] + p[edi] + p[t2] ; } t1 += 13; t2 += 7; esi += 9; edi += 0x0D; }}===================================================================加密数据 (p)0051B5F0 B8 44 CB 39 67 4F 75 23 11 72 01 5F DA 24 BB 3E 窪?gOu#r_??0051B600 C6 07 17 35 4B 77 F9 63 88 72 82 17 21 48 E7 0F ?5Kw鵦坮?!H?0051B610 0F 67 5F 5B E8 5A 31 48 69 77 5B 78 47 15 7A 2B g_[鑊1Hiw[xGz+0051B620 92 12 D1 38 32 1B A1 42 44 22 33 35 60 7B 43 77 ??2D"35`{Cw0051B630 10 3B AB 1E 00 00 81 53 AE 12 02 1D A8 77 03 6F ;?..丼?╳o0051B640 92 30 C0 43 8E 0A 3C 2D BF 0C 95 62 FA 6F F0 30 ?繡?<-?昩鷒?0051B650 E0 10 F7 34 FB 17 F4 28 95 2F 0D 35 5A 1D 36 5A ?????.5Z6Z0051B660 0B 06 CC 15 CC 13 FD 0A CF 3B 60 28 6B 06 71 33 ????`(kq30051B670 E4 14 CD 30 67 3A 5D 17 13 6A D6 6D F9 09 34 2D ??g:]j謒?4-0051B680 82 7B 1E 58 99 6B 52 76 88 51 8D 5C 71 79 85 2C 倇X檏Rv圦峔qy?0051B690 C0 1F F5 15 11 0D CC 68 5C 5E F5 49 64 43 5E 27 ??.蘦\^鮅dC^'0051B6A0 BC 0D 1E 2D E3 7C EE 4C 40 58 55 32 08 2E 2E 11 ?-銃頛@XU2..0051B6B0 5A 06 78 69 06 14 92 72 E7 78 45 31 B7 21 56 17 Zxi抮鐇E1?V0051B6C0 BF 1D 77 40 D6 38 C2 3F 8A 12 31 4A 6E 03 AD 2D ?w@???1Jn?0051B6D0 D6 69 A0 41 92 01 40 25 67 46 DD 00 4F 1F FC 6A 謎燗?@%gF?O黬0051B6E0 CE 40 10 57 DF 66 FE 62 3E 4B DB 41 1F 23 82 35 蜙W遞>K跘#?0051B6F0 9A 07 F6 55 44 06 A7 1C D2 43 16 1B C9 28 72 3F ?鯱D?褻?r?0051B700 70 10 14 5F AB 74 14 3E 6E 25 4B 44 D9 50 70 53 p_玹>n%KD貾pS0051B710 4B 09 42 0F E6 20 D8 2F 5E 2E 8B 77 02 6D 17 71 K.B??^.媤mq0051B720 69 7A EA 7F 28 46 B5 5B 71 6C BA 19 99 3A 76 39 iz?(F礫ql??v90051B730 CD 54 8D 17 88 6E 24 01 7E 53 13 33 17 2D 8E 2B 蚑?坣$~S3-?0051B740 BE 10 3D 2A 82 05 D1 59 DB 63 A1 37 9A 48 D6 30 ?=*?裏踓?欻?0051B750 46 5C 21 6A 76 7A 1C 0E E7 60 C7 1F 65 0C B8 79 F\!jvz鏯?e.竬0051B760 B4 59 F4 27 26 73 9A 79 82 17 BA 50 5C 6D 11 2A 碮?&s歽?篜\m*0051B770 1B 6E 86 63 3C 0E 92 3F 90 34 02 55 89 60 B5 55 n哻<??U塦礥0051B780 D1 1F 39 2C C2 35 80 2F 7A 2B FD 64 9A 75 E8 4C ?9,?€/z+齞歶鐻0051B790 F0 04 85 51 A8 01 95 79 AD 2C 5B 3F 60 01 E6 38 ?匭?晊?[?`?0051B7A0 D8 41 76 63 42 2A 35 33 19 2C A2 51 51 58 5C 08 谹vcB*53,QX\0051B7B0 AB 17 29 03 C7 0A 77 2B B3 77 AC 30 07 19 EC 2B ?)?w+硍??0051B7C0 D0 02 52 03 D3 33 A9 0F F3 5D 25 61 BF 06 AD 22 ?R??骫%a??0051B7D0 71 69 B8 58 E5 0D CA 5F 56 64 0D 70 DB 73 A9 56 qi竂?蔩Vd.p踫¬0051B7E0 FD 59 B7 5A E2 0B 0E 33 DD 0D 3C 5B 60 3C 5D 49 齓穁?3?<[`<]I0051B7F0 A6 59 BD 53 91 6D 5E 4C 8D 31 D9 49 79 50 3D 10 絊憁^L?買yP=0051B800 E3 42 CE 61 1D 12 D5 7E ED 60 E1 14 F2 4E 2D 21 鉈蝍諂韅?騈-!0051B810 F0 33 01 27 96 5A 43 62 8B 5E A7 1F BE 2F 09 6F ?'朲Cb媈??.o0051B820 49 0D 00 4A 70 1C AE 57 77 24 4E 00 72 7E 1E 56 I..Jp甒w$N.r~V0051B830 33 00 8C 46 02 24 CC 5D C6 7A 50 78 C7 24 AF 58 3.孎$蘛苲Px?疿0051B840 34 2D F6 0D 08 47 8A 35 11 1E FB 3C 1C 45 71 2B 4-?G??Eq+0051B850 95 52 A7 77 21 07 89 56 F3 75 EF 0F F1 24 0F 12 昍!塚髐??0051B860 E7 0A 99 01 52 44 9C 33 8E 5B A1 27 6D 27 A7 0B ??RD?嶽?m'?0051B870 7B 1B DC 60 82 7F 4B 4F 07 70 DB 67 D9 57 4A 4F {躟?KOp踘賅JO0051B880 E8 52 12 62 FC 2C 53 20 06 03 39 6A 23 04 80 18 鑂b?S 9j#€0051B890 8A 77 F3 19 F0 16 23 46 37 09 AE 56 5C 67 C2 43 妛??#F7.甐\g翪0051B8A0 FD 45 CA 65 F2 4F 60 0D CB 22 FD 0B 3B 64 FE 3A 鼸蔱騉`.??;d?0051B8B0 A6 7F F6 3B 79 35 62 44 F8 31 40 18 97 4F 17 32 ??y5bD?@桹20051B8C0 2A 09 6A 4C 61 02 B5 5F 74 01 65 01 F1 4A 63 33 *.jLa礯te馢c30051B8D0 F4 18 2D 71 69 71 99 6E FE 7A AB 5D E8 2E 2B 7C ?-qiq檔玗?+|0051B8E0 B4 75 DB 6E B6 6F 83 5F D6 6D 2A 3C C2 05 2D 29 磚踤秓僟謒*<?-)0051B8F0 DB 44 22 05 4F 5F 9A 14 40 65 48 5D EA 15 1D 33 跠"O_?@eH]?30051B900 20 69 45 4F 9F 69 3A 48 05 0F 45 3B 6C 7C 20 3B iEO焛:HE;l| ;0051B910 FE 70 9D 74 F6 61 74 41 F1 31 B0 62 7B 57 50 27 漷鯽tA?癰{WP'0051B920 33 15 13 29 08 38 8C 58 56 34 EF 1A EC 00 3C 0F 3)8孹V4??<0051B930 42 47 A7 7D 6C 7A 79 4B 87 32 BB 5E B8 58 65 78 BGlzyK?籢竂ex0051B940 F2 4F ED 00 1E 69 69 62 5F 25 A2 24 7E 1F C1 62 騉?iib_%?~羈0051B950 CD 7D 8A 2F FE 17 3B 64 B8 18 83 77 FE 60 3B 25 蛚??;d?僿;%0051B960 A3 63 BB 34 4F 21 03 5B F4 71 15 5F 9F 6E 31 1A ?O![魆_焠10051B970 04 27 CF 7A 38 68 89 28 77 46 61 18 EB 69 F5 1B '蟴8h?wFa雐?0051B980 C9 5E A8 0B 46 6B CA 6A 2A 42 43 1E 0E 5F 4D 51 蒦?Fk蔶*BC_MQ0051B990 8C 01 3E 41 E9 26 76 30 FA 1D ED 01 5A 6F F4 49 ?>A?v0??Zo鬒0051B9A0 2B 64 1B 46 F2 07 70 7D 57 26 65 13 C5 0B 16 6B +dF?p}W&e?k0051B9B0 49 48 E0 65 1C 6E 52 1F B6 51 02 5A 69 3F D7 2B IH鄀nR禥Zi??0051B9C0 CD 7A BF 2D 80 3E E6 51 0F 67 F2 5C 03 0A CD 21 蛕?€>鍽g騖.?0051B9D0 61 02 FF 5C 1E 06 AE 33 5F 34 B6 3B 75 4A 81 5D a\?_4?uJ乚0051B9E0 F4 5D 7B 25 5B 2C 5C 0A 27 55 A4 16 45 39 F2 16 鬩{%[,\.'U?E9?最后,根据伪代码的分析,写出一个注册机,注册机关键代码如下所示:
typedef unsigned char u_char;typedef unsigned int u_int;typedef unsigned short u_short;u_int generate(const char *name,// 用户名u_char type,// 类型 固定 0x9Cu_char version,// 版本 -- version < 2?version:0, version必须大于7u_char number// 用户数 (1-200 个人 200以上 site license) );/************************************************************************//* 注册码结构 *//************************************************************************/// pass[3] = 0x9C;// 版本 0x9C// pass[4] = gen & 0xFF; // 低位// pass[5] = gen >> 0x08 & 0xFF; // pass[6] = gen >> 0x10 & 0xFF;// pass[7] = gen >> 0x18 & 0xFF;/************************************************************************//* 校验许可人数 *//************************************************************************///number = _check_number( (pass[7] ^x1) * 0x100 + (pass[5] ^x2) );u_short check_number(u_short number); // number >0 && < 1000;// pass[1] = (HIBYTE(chk) ^ pass[7]);// pass[2] = (LOBYTE(chk) ^ pass[5]);/************************************************************************//* 校验版本 *//************************************************************************/u_char check_version(u_char version);// 必须大于等于 7// pass[0] = chk ^ pass[6];
/************************************************************************//* 关键数据 *//************************************************************************/unsigned char data[1024] = {0xB8, 0x44, 0xCB, 0x39, 0x67, 0x4F, 0x75, 0x23, 0x11, 0x72, 0x01, 0x5F, 0xDA, 0x24, 0xBB, 0x3E, 0xC6, 0x07, 0x17, 0x35, 0x4B, 0x77, 0xF9, 0x63, 0x88, 0x72, 0x82, 0x17, 0x21, 0x48, 0xE7, 0x0F, 0x0F, 0x67, 0x5F, 0x5B, 0xE8, 0x5A, 0x31, 0x48, 0x69, 0x77, 0x5B, 0x78, 0x47, 0x15, 0x7A, 0x2B, 0x92, 0x12, 0xD1, 0x38, 0x32, 0x1B, 0xA1, 0x42, 0x44, 0x22, 0x33, 0x35, 0x60, 0x7B, 0x43, 0x77, 0x10, 0x3B, 0xAB, 0x1E, 0x00, 0x00, 0x81, 0x53, 0xAE, 0x12, 0x02, 0x1D, 0xA8, 0x77, 0x03, 0x6F, 0x92, 0x30, 0xC0, 0x43, 0x8E, 0x0A, 0x3C, 0x2D, 0xBF, 0x0C, 0x95, 0x62, 0xFA, 0x6F, 0xF0, 0x30, 0xE0, 0x10, 0xF7, 0x34, 0xFB, 0x17, 0xF4, 0x28, 0x95, 0x2F, 0x0D, 0x35, 0x5A, 0x1D, 0x36, 0x5A, 0x0B, 0x06, 0xCC, 0x15, 0xCC, 0x13, 0xFD, 0x0A, 0xCF, 0x3B, 0x60, 0x28, 0x6B, 0x06, 0x71, 0x33, 0xE4, 0x14, 0xCD, 0x30, 0x67, 0x3A, 0x5D, 0x17, 0x13, 0x6A, 0xD6, 0x6D, 0xF9, 0x09, 0x34, 0x2D, 0x82, 0x7B, 0x1E, 0x58, 0x99, 0x6B, 0x52, 0x76, 0x88, 0x51, 0x8D, 0x5C, 0x71, 0x79, 0x85, 0x2C, 0xC0, 0x1F, 0xF5, 0x15, 0x11, 0x0D, 0xCC, 0x68, 0x5C, 0x5E, 0xF5, 0x49, 0x64, 0x43, 0x5E, 0x27, 0xBC, 0x0D, 0x1E, 0x2D, 0xE3, 0x7C, 0xEE, 0x4C, 0x40, 0x58, 0x55, 0x32, 0x08, 0x2E, 0x2E, 0x11, 0x5A, 0x06, 0x78, 0x69, 0x06, 0x14, 0x92, 0x72, 0xE7, 0x78, 0x45, 0x31, 0xB7, 0x21, 0x56, 0x17, 0xBF, 0x1D, 0x77, 0x40, 0xD6, 0x38, 0xC2, 0x3F, 0x8A, 0x12, 0x31, 0x4A, 0x6E, 0x03, 0xAD, 0x2D, 0xD6, 0x69, 0xA0, 0x41, 0x92, 0x01, 0x40, 0x25, 0x67, 0x46, 0xDD, 0x00, 0x4F, 0x1F, 0xFC, 0x6A, 0xCE, 0x40, 0x10, 0x57, 0xDF, 0x66, 0xFE, 0x62, 0x3E, 0x4B, 0xDB, 0x41, 0x1F, 0x23, 0x82, 0x35, 0x9A, 0x07, 0xF6, 0x55, 0x44, 0x06, 0xA7, 0x1C, 0xD2, 0x43, 0x16, 0x1B, 0xC9, 0x28, 0x72, 0x3F, 0x70, 0x10, 0x14, 0x5F, 0xAB, 0x74, 0x14, 0x3E, 0x6E, 0x25, 0x4B, 0x44, 0xD9, 0x50, 0x70, 0x53, 0x4B, 0x09, 0x42, 0x0F, 0xE6, 0x20, 0xD8, 0x2F, 0x5E, 0x2E, 0x8B, 0x77, 0x02, 0x6D, 0x17, 0x71, 0x69, 0x7A, 0xEA, 0x7F, 0x28, 0x46, 0xB5, 0x5B, 0x71, 0x6C, 0xBA, 0x19, 0x99, 0x3A, 0x76, 0x39, 0xCD, 0x54, 0x8D, 0x17, 0x88, 0x6E, 0x24, 0x01, 0x7E, 0x53, 0x13, 0x33, 0x17, 0x2D, 0x8E, 0x2B, 0xBE, 0x10, 0x3D, 0x2A, 0x82, 0x05, 0xD1, 0x59, 0xDB, 0x63, 0xA1, 0x37, 0x9A, 0x48, 0xD6, 0x30, 0x46, 0x5C, 0x21, 0x6A, 0x76, 0x7A, 0x1C, 0x0E, 0xE7, 0x60, 0xC7, 0x1F, 0x65, 0x0C, 0xB8, 0x79, 0xB4, 0x59, 0xF4, 0x27, 0x26, 0x73, 0x9A, 0x79, 0x82, 0x17, 0xBA, 0x50, 0x5C, 0x6D, 0x11, 0x2A, 0x1B, 0x6E, 0x86, 0x63, 0x3C, 0x0E, 0x92, 0x3F, 0x90, 0x34, 0x02, 0x55, 0x89, 0x60, 0xB5, 0x55, 0xD1, 0x1F, 0x39, 0x2C, 0xC2, 0x35, 0x80, 0x2F, 0x7A, 0x2B, 0xFD, 0x64, 0x9A, 0x75, 0xE8, 0x4C, 0xF0, 0x04, 0x85, 0x51, 0xA8, 0x01, 0x95, 0x79, 0xAD, 0x2C, 0x5B, 0x3F, 0x60, 0x01, 0xE6, 0x38, 0xD8, 0x41, 0x76, 0x63, 0x42, 0x2A, 0x35, 0x33, 0x19, 0x2C, 0xA2, 0x51, 0x51, 0x58, 0x5C, 0x08, 0xAB, 0x17, 0x29, 0x03, 0xC7, 0x0A, 0x77, 0x2B, 0xB3, 0x77, 0xAC, 0x30, 0x07, 0x19, 0xEC, 0x2B, 0xD0, 0x02, 0x52, 0x03, 0xD3, 0x33, 0xA9, 0x0F, 0xF3, 0x5D, 0x25, 0x61, 0xBF, 0x06, 0xAD, 0x22, 0x71, 0x69, 0xB8, 0x58, 0xE5, 0x0D, 0xCA, 0x5F, 0x56, 0x64, 0x0D, 0x70, 0xDB, 0x73, 0xA9, 0x56, 0xFD, 0x59, 0xB7, 0x5A, 0xE2, 0x0B, 0x0E, 0x33, 0xDD, 0x0D, 0x3C, 0x5B, 0x60, 0x3C, 0x5D, 0x49, 0xA6, 0x59, 0xBD, 0x53, 0x91, 0x6D, 0x5E, 0x4C, 0x8D, 0x31, 0xD9, 0x49, 0x79, 0x50, 0x3D, 0x10, 0xE3, 0x42, 0xCE, 0x61, 0x1D, 0x12, 0xD5, 0x7E, 0xED, 0x60, 0xE1, 0x14, 0xF2, 0x4E, 0x2D, 0x21, 0xF0, 0x33, 0x01, 0x27, 0x96, 0x5A, 0x43, 0x62, 0x8B, 0x5E, 0xA7, 0x1F, 0xBE, 0x2F, 0x09, 0x6F, 0x49, 0x0D, 0x00, 0x4A, 0x70, 0x1C, 0xAE, 0x57, 0x77, 0x24, 0x4E, 0x00, 0x72, 0x7E, 0x1E, 0x56, 0x33, 0x00, 0x8C, 0x46, 0x02, 0x24, 0xCC, 0x5D, 0xC6, 0x7A, 0x50, 0x78, 0xC7, 0x24, 0xAF, 0x58, 0x34, 0x2D, 0xF6, 0x0D, 0x08, 0x47, 0x8A, 0x35, 0x11, 0x1E, 0xFB, 0x3C, 0x1C, 0x45, 0x71, 0x2B, 0x95, 0x52, 0xA7, 0x77, 0x21, 0x07, 0x89, 0x56, 0xF3, 0x75, 0xEF, 0x0F, 0xF1, 0x24, 0x0F, 0x12, 0xE7, 0x0A, 0x99, 0x01, 0x52, 0x44, 0x9C, 0x33, 0x8E, 0x5B, 0xA1, 0x27, 0x6D, 0x27, 0xA7, 0x0B, 0x7B, 0x1B, 0xDC, 0x60, 0x82, 0x7F, 0x4B, 0x4F, 0x07, 0x70, 0xDB, 0x67, 0xD9, 0x57, 0x4A, 0x4F, 0xE8, 0x52, 0x12, 0x62, 0xFC, 0x2C, 0x53, 0x20, 0x06, 0x03, 0x39, 0x6A, 0x23, 0x04, 0x80, 0x18, 0x8A, 0x77, 0xF3, 0x19, 0xF0, 0x16, 0x23, 0x46, 0x37, 0x09, 0xAE, 0x56, 0x5C, 0x67, 0xC2, 0x43, 0xFD, 0x45, 0xCA, 0x65, 0xF2, 0x4F, 0x60, 0x0D, 0xCB, 0x22, 0xFD, 0x0B, 0x3B, 0x64, 0xFE, 0x3A, 0xA6, 0x7F, 0xF6, 0x3B, 0x79, 0x35, 0x62, 0x44, 0xF8, 0x31, 0x40, 0x18, 0x97, 0x4F, 0x17, 0x32, 0x2A, 0x09, 0x6A, 0x4C, 0x61, 0x02, 0xB5, 0x5F, 0x74, 0x01, 0x65, 0x01, 0xF1, 0x4A, 0x63, 0x33, 0xF4, 0x18, 0x2D, 0x71, 0x69, 0x71, 0x99, 0x6E, 0xFE, 0x7A, 0xAB, 0x5D, 0xE8, 0x2E, 0x2B, 0x7C, 0xB4, 0x75, 0xDB, 0x6E, 0xB6, 0x6F, 0x83, 0x5F, 0xD6, 0x6D, 0x2A, 0x3C, 0xC2, 0x05, 0x2D, 0x29, 0xDB, 0x44, 0x22, 0x05, 0x4F, 0x5F, 0x9A, 0x14, 0x40, 0x65, 0x48, 0x5D, 0xEA, 0x15, 0x1D, 0x33, 0x20, 0x69, 0x45, 0x4F, 0x9F, 0x69, 0x3A, 0x48, 0x05, 0x0F, 0x45, 0x3B, 0x6C, 0x7C, 0x20, 0x3B, 0xFE, 0x70, 0x9D, 0x74, 0xF6, 0x61, 0x74, 0x41, 0xF1, 0x31, 0xB0, 0x62, 0x7B, 0x57, 0x50, 0x27, 0x33, 0x15, 0x13, 0x29, 0x08, 0x38, 0x8C, 0x58, 0x56, 0x34, 0xEF, 0x1A, 0xEC, 0x00, 0x3C, 0x0F, 0x42, 0x47, 0xA7, 0x7D, 0x6C, 0x7A, 0x79, 0x4B, 0x87, 0x32, 0xBB, 0x5E, 0xB8, 0x58, 0x65, 0x78, 0xF2, 0x4F, 0xED, 0x00, 0x1E, 0x69, 0x69, 0x62, 0x5F, 0x25, 0xA2, 0x24, 0x7E, 0x1F, 0xC1, 0x62, 0xCD, 0x7D, 0x8A, 0x2F, 0xFE, 0x17, 0x3B, 0x64, 0xB8, 0x18, 0x83, 0x77, 0xFE, 0x60, 0x3B, 0x25, 0xA3, 0x63, 0xBB, 0x34, 0x4F, 0x21, 0x03, 0x5B, 0xF4, 0x71, 0x15, 0x5F, 0x9F, 0x6E, 0x31, 0x1A, 0x04, 0x27, 0xCF, 0x7A, 0x38, 0x68, 0x89, 0x28, 0x77, 0x46, 0x61, 0x18, 0xEB, 0x69, 0xF5, 0x1B, 0xC9, 0x5E, 0xA8, 0x0B, 0x46, 0x6B, 0xCA, 0x6A, 0x2A, 0x42, 0x43, 0x1E, 0x0E, 0x5F, 0x4D, 0x51, 0x8C, 0x01, 0x3E, 0x41, 0xE9, 0x26, 0x76, 0x30, 0xFA, 0x1D, 0xED, 0x01, 0x5A, 0x6F, 0xF4, 0x49, 0x2B, 0x64, 0x1B, 0x46, 0xF2, 0x07, 0x70, 0x7D, 0x57, 0x26, 0x65, 0x13, 0xC5, 0x0B, 0x16, 0x6B, 0x49, 0x48, 0xE0, 0x65, 0x1C, 0x6E, 0x52, 0x1F, 0xB6, 0x51, 0x02, 0x5A, 0x69, 0x3F, 0xD7, 0x2B, 0xCD, 0x7A, 0xBF, 0x2D, 0x80, 0x3E, 0xE6, 0x51, 0x0F, 0x67, 0xF2, 0x5C, 0x03, 0x0A, 0xCD, 0x21, 0x61, 0x02, 0xFF, 0x5C, 0x1E, 0x06, 0xAE, 0x33, 0x5F, 0x34, 0xB6, 0x3B, 0x75, 0x4A, 0x81, 0x5D, 0xF4, 0x5D, 0x7B, 0x25, 0x5B, 0x2C, 0x5C, 0x0A, 0x27, 0x55, 0xA4, 0x16, 0x45, 0x39, 0xF2, 0x16};/************************************************************************//* 生成注册码 *//************************************************************************/u_int generate(const char *name,u_char type,u_char version,u_char number){version = version<2?version:0;u_char edi = number * 15;u_char esi = version *17;u_char t1 = 0,t2 = 0;DWORD *p = (DWORD *)data;unsigned int ret = 0;int len = strlen(name);for(int i = 0; i < len; i++){u_char k = toupper(name[i]);if(type != 0xFC ){ret = ( (ret + p[k]) ^ p[BYTE(k+ 0x0D)] ) * p[BYTE(k+ 0x2F)] + p[esi] + p[edi] + p[t1] ;}else {ret = ( (ret + p[k]) ^ p[BYTE(k+ 0x3F)] ) * p[BYTE(k+ 0x17)] + p[esi] + p[edi] + p[t2] ;}t1 += 0x13; t2 += 0x07;esi += 9; edi += 0x0D;}return ret;}// old functionu_char _check_number(u_short param){u_short k = (((param^0x7892+0x4D30)^0x3421));if( k % 0x0b != 0) return 0;// 不能整除else return (k / 0x0b);}u_short check_number(u_short number){return (((0xB * number// 0xB 的整数倍) ^ 0x3421) - 0x4D30 ) ^ 0x7892;}// old_functionu_char _check_version(u_char param){return ((param ^ 0x18)+ 0x3D) ^ 0xA7;}u_char check_version(u_char param){return (((param ^ 0xA7) - 0x3D) ^ 0x18);}
1 0
- 010Editor Cracked分析详文
- Game Editor 1.3.8 cracked by Flashback
- Cracked
- 010editor脚本语法深入分析
- 010editor脚本语法深入分析
- 静态分析,绕过010Editor注册验证
- Map Editor 制作分析
- 010Editor
- 010 Editor ver. 2.1
- 010 Editor v2.1
- 010 editor 注册码
- 关于010editor
- 010 Editor 注册码
- 010editor pyc template
- 激活010Editor
- 010 Editor 使用笔记
- 010 Editor 破解版
- Editor
- varnish squid 高性能的开源HTTP加速器
- Java字符串创建和长度
- 对象构造与初始化
- 自然语言处理中的 Attention Model
- Java字符串比较
- 010Editor Cracked分析详文
- navicat mysql自增主键的设置
- [李景山php]每天laravel[005]-入口文件 bootstrap / app.php
- Java字符串字符
- magento的一些不足
- Java字符串搜索
- 六 访问权限控制
- 10.排序及相关操作
- Java字符串转换