• 软件测试技术
  • 软件测试博客
  • 软件测试视频
  • 开源软件测试技术
  • 软件测试论坛
  • 软件测试沙龙
  • 软件测试资料下载
  • 软件测试杂志
  • 软件测试人才招聘
    暂时没有公告

字号: | 推荐给好友 上一篇 | 下一篇

CheckFilesV1.8破解

发布: 2007-5-25 12:19 | 作者: 佚名 | 来源: 互连网 | 查看: 22次 | 进入软件测试论坛讨论

领测软件测试网
【软件类别】:国外软件 / 共享版 / 文件管理
【开 发 商】
http://www.lightlink.com/ym/chkfiles.htm"
【破解过程】:用Fi2.45检查,VC 5.0编写,无壳。于是用W32Dasm反汇编后查找错误信息,找到关键点如下:

【破解过程】:
:00408483 E8017B0100              call 0041FF89
:00408488 8BC8                    mov ecx, eax
:0040848A E8217C0100              call 004200B0
/* 取用户名位数 */
:0040848F 85C0                    test eax, eax
:00408491 7518                    jne 004084AB
:00408493 50                      push eax

* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
                                 |
:00408494 6848ED4200              push 0042ED48

* Possible StringData Ref from Data Obj ->"You need to enter a user name."
                                 |
:00408499 6828ED4200              push 0042ED28
:0040849E 8BCE                    mov ecx, esi
:004084A0 E87DA20100              call 00422722
:004084A5 5F                      pop edi
:004084A6 5E                      pop esi
:004084A7 83C420                  add esp, 00000020
:004084AA C3                      ret


* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408491(C)
|
:004084AB 83F814                  cmp eax, 00000014
/* 用户名是否在20位以内? */
:004084AE 7E19                    jle 004084C9
:004084B0 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
                                 |
:004084B2 6848ED4200              push 0042ED48

* Possible StringData Ref from Data Obj ->"The user name must be 20 characters "
                                       ->"or less."
                                 |
:004084B7 68F8EC4200              push 0042ECF8
:004084BC 8BCE                    mov ecx, esi
:004084BE E85FA20100              call 00422722
:004084C3 5F                      pop edi
:004084C4 5E                      pop esi
:004084C5 83C420                  add esp, 00000020
:004084C8 C3                      ret


* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004084AE(C)
|
:004084C9 8D44240C                lea eax, dword ptr [esp+0C]
:004084CD 6A17                    push 00000017
:004084CF 50                      push eax

* Possible Reference to Dialog: DialogID_0087, CONTROL_ID:040F, ""
                                 |
:004084D0 680F040000              push 0000040F
:004084D5 8BCE                    mov ecx, esi
:004084D7 E8AD7A0100              call 0041FF89
:004084DC 8BC8                    mov ecx, eax
:004084DE E8CD7B0100              call 004200B0
/* 取试炼码位数 */
:004084E3 85C0                    test eax, eax
:004084E5 7518                    jne 004084FF
:004084E7 50                      push eax

* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
                                 |
:004084E8 6848ED4200              push 0042ED48

* Possible StringData Ref from Data Obj ->"You need to enter a registration "
                                       ->"number."
                                 |
:004084ED 68CCEC4200              push 0042ECCC
:004084F2 8BCE                    mov ecx, esi
:004084F4 E829A20100              call 00422722
:004084F9 5F                      pop edi
:004084FA 5E                      pop esi
:004084FB 83C420                  add esp, 00000020
:004084FE C3                      ret


* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004084E5(C)
|
:004084FF 8D4C2408                lea ecx, dword ptr [esp+08]
:00408503 8D54240C                lea edx, dword ptr [esp+0C]
/* 取试炼码地址 */
:00408507 51                      push ecx

* Possible StringData Ref from Data Obj ->"%lu"
                                 |
:00408508 6854E24200              push 0042E254
:0040850D 52                      push edx
:0040850E E8AD100000              call 004095C0
/* 判断试炼码是否全是数字,若是则转为16进制,不是则给出错误信息 */
:00408513 83C40C                  add esp, 0000000C
:00408516 83F801                  cmp eax, 00000001
:00408519 7419                    je 00408534
:0040851B 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
                                 |
:0040851D 6848ED4200              push 0042ED48

* Possible StringData Ref from Data Obj ->"You need to enter a valid registration "
                                       ->"number."
                                 |
:00408522 689CEC4200              push 0042EC9C
:00408527 8BCE                    mov ecx, esi
:00408529 E8F4A10100              call 00422722
:0040852E 5F                      pop edi
:0040852F 5E                      pop esi
:00408530 83C420                  add esp, 00000020
:00408533 C3                      ret


* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408519(C)
|
:00408534 8B442408                mov eax, dword ptr [esp+08]
/* 16进制值送eax */
:00408538 85C0                    test eax, eax
:0040853A 7519                    jne 00408555
:0040853C 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
                                 |
:0040853E 6848ED4200              push 0042ED48

* Possible StringData Ref from Data Obj ->"You need to enter a valid registartion "
                                       ->"number."
                                 |
:00408543 686CEC4200              push 0042EC6C
:00408548 8BCE                    mov ecx, esi
:0040854A E8D3A10100              call 00422722
:0040854F 5F                      pop edi
:00408550 5E                      pop esi
:00408551 83C420                  add esp, 00000020
:00408554 C3                      ret


* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040853A(C)
|
:00408555 68282D4300              push 00432D28
/* 用户名地址入栈 */
:0040855A E8A18AFFFF              call 00401000
/* 算法call */
:0040855F 8B4C240C                mov ecx, dword ptr [esp+0C]
:00408563 83C404                  add esp, 00000004
:00408566 3BC8                    cmp ecx, eax
/* 关键比较 */
:00408568 7419                    je 00408583
/* 一定要跳 */
:0040856A 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
                                 |
:0040856C 6848ED4200              push 0042ED48

* Possible StringData Ref from Data Obj ->"Sorry, this registration number "
                                       ->"is not valid."
                                 |
:00408571 683CEC4200              push 0042EC3C
:00408576 8BCE                    mov ecx, esi
:00408578 E8A5A10100              call 00422722
:0040857D 5F                      pop edi
:0040857E 5E                      pop esi
:0040857F 83C420                  add esp, 00000020
:00408582 C3                      ret

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408568(C)
|
* Possible StringData Ref from Data Obj ->"ww"
                                 |
:00408583 68FCE34200              push 0042E3FC

* Possible StringData Ref from Data Obj ->"chkfiles.ser"
                                 |
:00408588 685CE24200              push 0042E25C
:0040858D E86E120000              call 00409800
:00408592 8BF8                    mov edi, eax
:00408594 83C408                  add esp, 00000008
:00408597 85FF                    test edi, edi
:00408599 7439                    je 004085D4
:0040859B 8B442408                mov eax, dword ptr [esp+08]
:0040859F 50                      push eax
:004085A0 68282D4300              push 00432D28

* Possible StringData Ref from Data Obj ->"%s%lu"
                                 
:004085A5 6834EC4200              push 0042EC34
:004085AA 57                      push edi
:004085AB E870120000              call 00409820
:004085B0 83C410                  add esp, 00000010
:004085B3 83F8FF                  cmp eax, FFFFFFFF
:004085B6 741C                    je 004085D4
:004085B8 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
                                 |
:004085BA 6848ED4200              push 0042ED48

* Possible StringData Ref from Data Obj ->"Thank you for registering."
                                 |
:004085BF 6818EC4200              push 0042EC18
:004085C4 8BCE                    mov ecx, esi
:004085C6 E857A10100              call 00422722
:004085CB C605202D430001          mov byte ptr [00432D20], 01
:004085D2 EB13                    jmp 004085E7

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00408599(C), :004085B6(C)
|
:004085D4 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"CheckFiles Registration"
                                 |
:004085D6 6848ED4200              push 0042ED48

* Possible StringData Ref from Data Obj ->"Error writing registration file."
                                 |
:004085DB 68F4EB4200              push 0042EBF4
:004085E0 8BCE                    mov ecx, esi
:004085E2 E83BA10100              call 00422722

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004085D2(U)
|
:004085E7 57                      push edi
:004085E8 E873080000              call 00408E60
:004085ED 83C404                  add esp, 00000004
:004085F0 8BCE                    mov ecx, esi
:004085F2 E8394B0100              call 0041D130
:004085F7 5F                      pop edi
:004085F8 5E                      pop esi
:004085F9 83C420                  add esp, 00000020
:004085FC C3                      ret
___________________________________________________________
算法call:
:00401000 53                      push ebx
:00401001 55                      push ebp
:00401002 8B6C240C                mov ebp, dword ptr [esp+0C]
:00401006 56                      push esi
:00401007 57                      push edi
:00401008 8BFD                    mov edi, ebp
:0040100A 83C9FF                  or ecx, FFFFFFFF
:0040100D 33C0                    xor eax, eax
:0040100F F2                      repnz
:00401010 AE                      scasb
:00401011 F7D1                    not ecx
:00401013 49                      dec ecx
/* 这里取得用户名长度 */
:00401014 8BC1                    mov eax, ecx
:00401016 8BD8                    mov ebx, eax
:00401018 7452                    je 0040106C
:0040101A 83F814                  cmp eax, 00000014
:0040101D 7F4D                    jg 0040106C
:0040101F 7D1D                    jge 0040103E
:00401021 B914000000              mov ecx, 00000014
:00401026 8D3C28                  lea edi, dword ptr [eax+ebp]
:00401029 2BC8                    sub ecx, eax
:0040102B B820202020              mov eax, 20202020
:00401030 8BD1                    mov edx, ecx
:00401032 C1E902                  shr ecx, 02
:00401035 F3                      repz
:00401036 AB                      stosd
/* 上面这段指令用0x20将未满20位的用户名补足20位 */
:00401037 8BCA                    mov ecx, edx
:00401039 83E103                  and ecx, 00000003
:0040103C F3                      repz
:0040103D AA                      stosb

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040101F(C)
|
:0040103E BE322DFB21              mov esi, 21FB2D32
:00401043 B929197C6B              mov ecx, 6B7C1929
/* 以上是两个计算关键值 */
:00401048 33D2                    xor edx, edx
/* edx清零 */

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040105F(C)
|
:0040104A 33C0                    xor eax, eax
/* eax清零 */
:0040104C 8A042A                  mov al, byte ptr [edx+ebp]
/* 依次取用户名的每一位 */
:0040104F 0FAFC1                  imul eax, ecx
/* eax=eax*ecx */
:00401052 03F0                    add esi, eax
/* esi=eax+esi */
:00401054 42                      inc edx
/* edx++ */
:00401055 83FA14                  cmp edx, 00000014
/* 20位是否都算完? */
:00401058 8D8C092106471E          lea ecx, dword ptr [ecx+ecx+1E470621]
/* ecx=ecx*2+1E470621 */
:0040105F 7CE9                    jl 0040104A
/* 未满20位则返回继续运算 */
:00401061 C6042B00                mov byte ptr [ebx+ebp], 00
:00401065 8BC6                    mov eax, esi
/* 运算结果作为返回值送出 */
:00401067 5F                      pop edi
:00401068 5E                      pop esi
:00401069 5D                      pop ebp
:0040106A 5B                      pop ebx
:0040106B C3                      ret

【整    理】:
用户名:cyclotron
注册码:101258879

【注册信息存放】:
主目录下chkfiles.ser

【Turbo C 注册机】:
#include "stdio.h"
#include "string.h"
void main()
{char regname[21];
unsigned long regcode=0x21FB2D32,ecx=0x6B7C1929;
int i,length;
printf("\t*******************************************************************\n\n");
printf("\t\tKeyGen for CheckFiles V1.5\n\t\t\tProduced by cyclotron\n\n");
printf("\t*******************************************************************\n\n");
do  
   {printf("\n\tPlease input your Regname(less than or equal to 20):");
    length=strlen(gets(regname));
   }
while(!length
length>20);
for(i=length;i<20;i++)
regname[i]=0x20;
for(i=0;i<20;i++)
{regcode+=regname[i]*ecx;
ecx=ecx*2+0x1E470621;
}
printf("\n\tYour Regcode is:\t%lu\n",regcode);
printf("\n\tThank you for your use!\n");
getchar();

延伸阅读

文章来源于领测软件测试网 https://www.ltesting.net/


关于领测软件测试网 | 领测软件测试网合作伙伴 | 广告服务 | 投稿指南 | 联系我们 | 网站地图 | 友情链接
版权所有(C) 2003-2010 TestAge(领测软件测试网)|领测国际科技(北京)有限公司|软件测试工程师培训网 All Rights Reserved
北京市海淀区中关村南大街9号北京理工科技大厦1402室 京ICP备10010545号-5
技术支持和业务联系:info@testage.com.cn 电话:010-51297073

软件测试 | 领测国际ISTQBISTQB官网TMMiTMMi认证国际软件测试工程师认证领测软件测试网