|
 | 作者: yongmin [yongmin]
 论坛用户 |
登录 |
| 作者:小子贼野 转贴自:一蓑烟雨 【破解作者】 小子贼野 【作者主页】 http://mayday.unpack.cn/ 【使用工具】 OD 【破解平台】 Win9x/NT/2000/XP 【软件名称】 Power MP3 Cutter Joiner 【下载地址】 http://www.onlinedown.net/soft/45212.htm 【软件简介】 顾名思义就是 MP3 分割与组合软件, 它简单易用, 除了 MP3 以外, 还支持 WAV, WMA 及 OGG 格式音乐文件的分割与合成. 【加壳方式】 没壳,哈哈,幸运 【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:) -------------------------------------------------------------------------------- 0049B8C2 |. 55 PUSH EBP 0049B8C3 |. 68 B5BA4900 PUSH mp3cutte.0049BAB5 0049B8C8 |. 64:FF30 PUSH DWORD PTR FS:[EAX] 0049B8CB |. 64:8920 MOV DWORD PTR FS:[EAX],ESP 0049B8CE |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C] 0049B8D1 |. 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8] 0049B8D7 |. E8 285BFAFF CALL mp3cutte.00441404 0049B8DC |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] 0049B8DF |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4] 0049B8E2 |. E8 B9D2F6FF CALL mp3cutte.00408BA0 0049B8E7 |. 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-10] 0049B8EA |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0049B8ED |. E8 E2D2F6FF CALL mp3cutte.00408BD4 0049B8F2 |. 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-10] 0049B8F5 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] 0049B8F8 |. E8 B38DF6FF CALL mp3cutte.004046B0 0049B8FD |. 8D55 EC LEA EDX,DWORD PTR SS:[EBP-14] 0049B900 |. 8B83 FC020000 MOV EAX,DWORD PTR DS:[EBX+2FC] 0049B906 |. E8 F95AFAFF CALL mp3cutte.00441404 0049B90B |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] 0049B90E |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8] 0049B911 |. E8 8AD2F6FF CALL mp3cutte.00408BA0 0049B916 |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18] 0049B919 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 0049B91C |. E8 B3D2F6FF CALL mp3cutte.00408BD4 0049B921 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] 0049B924 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] 0049B927 |. E8 848DF6FF CALL mp3cutte.004046B0 0049B92C |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0 0049B930 |. 0F84 44010000 JE mp3cutte.0049BA7A ; 比较用户名有没有填 0049B936 |. 837D F8 00 CMP DWORD PTR SS:[EBP-8],0 0049B93A |. 0F84 3A010000 JE mp3cutte.0049BA7A ; 比较注册码有没有填 0049B940 |. B3 01 MOV BL,1 0049B942 |. BF 32000000 MOV EDI,32 0049B947 |. BE 34084B00 MOV ESI,mp3cutte.004B0834 ; jagd38-jowbn3k 0049B94C |> 8B45 FC /MOV EAX,DWORD PTR SS:[EBP-4] 0049B94F |. 8B16 |MOV EDX,DWORD PTR DS:[ESI] 0049B951 |. E8 BE90F6FF |CALL mp3cutte.00404A14 0049B956 |. 75 04 |JNZ SHORT mp3cutte.0049B95C ; 这里是比较是不是预设的用户名,不是就挂喽 0049B958 |. 33DB |XOR EBX,EBX 0049B95A |. EB 06 |JMP SHORT mp3cutte.0049B962 ; 跳过循环 0049B95C |> 83C6 04 |ADD ESI,4 0049B95F |. 4F |DEC EDI 0049B960 |.^ 75 EA \JNZ SHORT mp3cutte.0049B94C 0049B962 |> 84DB TEST BL,BL 0049B964 |. 74 1A JE SHORT mp3cutte.0049B980 ; 上面的用户名如果不对的话,这里就不跳,也就是说我们如果想注册必须让他Go 0049B966 |. 6A 00 PUSH 0 ; /Arg1 = 00000000 0049B968 |. 66:8B0D C4BA4>MOV CX,WORD PTR DS:[49BAC4] ; | 0049B96F |. B2 02 MOV DL,2 ; | 0049B971 |. B8 D0BA4900 MOV EAX,mp3cutte.0049BAD0 ; |invalid register code! please retry! 0049B976 |. E8 75F1F9FF CALL mp3cutte.0043AAF0 ; \mp3cutte.0043AAF0 0049B97B |. E9 FA000000 JMP mp3cutte.0049BA7A 0049B980 |> 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 0049B983 |. E8 488FF6FF CALL mp3cutte.004048D0 0049B988 |. 85C0 TEST EAX,EAX 0049B98A |. 7E 38 JLE SHORT mp3cutte.0049B9C4 ; 测试假码 0049B98C |. BA 01000000 MOV EDX,1 ; EDX=1 0049B991 |> 8B4D F8 /MOV ECX,DWORD PTR SS:[EBP-8] 0049B994 |. 0FB64C11 FF |MOVZX ECX,BYTE PTR DS:[ECX+EDX-1] 0049B999 |. 83F9 30 |CMP ECX,30 0049B99C |. 7C 08 |JL SHORT mp3cutte.0049B9A6 0049B99E |. 8B5D F8 |MOV EBX,DWORD PTR SS:[EBP-8] 0049B9A1 |. 83F9 39 |CMP ECX,39 0049B9A4 |. 7E 1A |JLE SHORT mp3cutte.0049B9C0 ; 假码必须是数字,不然就挂 0049B9A6 |> 6A 00 |PUSH 0 ; /Arg1 = 00000000 0049B9A8 |. 66:8B0D C4BA4>|MOV CX,WORD PTR DS:[49BAC4] ; | 0049B9AF |. B2 02 |MOV DL,2 ; | 0049B9B1 |. B8 D0BA4900 |MOV EAX,mp3cutte.0049BAD0 ; |Invalid register code! Please retry! 0049B9B6 |. E8 35F1F9FF |CALL mp3cutte.0043AAF0 ; \mp3cutte.0043AAF0 0049B9BB |. E9 BA000000 |JMP mp3cutte.0049BA7A 0049B9C0 |> 42 |INC EDX ; 计数器加一 0049B9C1 |. 48 |DEC EAX ; 位数减一 0049B9C2 |.^ 75 CD \JNZ SHORT mp3cutte.0049B991 ; 以上循环是比较注册码是不是数字,不是就Game Over了 0049B9C4 |> 33F6 XOR ESI,ESI 0049B9C6 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0049B9C9 |. E8 028FF6FF CALL mp3cutte.004048D0 0049B9CE |. 85C0 TEST EAX,EAX 0049B9D0 |. 7E 13 JLE SHORT mp3cutte.0049B9E5 0049B9D2 |. BF 01000000 MOV EDI,1 ; EDI=1 0049B9D7 |> 8B55 FC /MOV EDX,DWORD PTR SS:[EBP-4] 0049B9DA |. 0FB6543A FF |MOVZX EDX,BYTE PTR DS:[EDX+EDI-1] 0049B9DF |. 03F2 |ADD ESI,EDX 0049B9E1 |. 47 |INC EDI ; 计数器加一 0049B9E2 |. 48 |DEC EAX ; 位数减一 0049B9E3 |.^ 75 F2 \JNZ SHORT mp3cutte.0049B9D7 ; 以上循环是逐一取用户名Ascii 0049B9E5 |> 69C6 55E70B00 IMUL EAX,ESI,0BE755 ; 结果与0BE755相乘 0049B9EB |. 05 970F0C00 ADD EAX,0C0F97 ; 再加上0C0F97 0049B9F0 |. D1F8 SAR EAX,1 ; 右移一位,相当于除以2 0049B9F2 |. 79 03 JNS SHORT mp3cutte.0049B9F7 0049B9F4 |. 83D0 00 ADC EAX,0 0049B9F7 |> 05 E3FFA204 ADD EAX,4A2FFE3 ; 再加上4A2FFE3 0049B9FC |. 8BF0 MOV ESI,EAX ; 结果给ESI 0049B9FE |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; EAX=我们输入的假码 0049BA01 |. E8 CAD2F6FF CALL mp3cutte.00408CD0 0049BA06 |. 3BF0 CMP ESI,EAX ; 比较,可做内存注册机 0049BA08 |. 75 5B JNZ SHORT mp3cutte.0049BA65 ; 不想等就挂了,可爆破 0049BA0A |. 6A 00 PUSH 0 ; /Arg1 = 00000000 0049BA0C |. 66:8B0D C4BA4>MOV CX,WORD PTR DS:[49BAC4] ; | 0049BA13 |. B2 02 MOV DL,2 ; | 0049BA15 |. B8 00BB4900 MOV EAX,mp3cutte.0049BB00 ; |Congratulation! You have successfully registered! 0049BA1A |. E8 D1F0F9FF CALL mp3cutte.0043AAF0 ; \mp3cutte.0043AAF0 0049BA1F |. A1 6C0C4B00 MOV EAX,DWORD PTR DS:[4B0C6C] 0049BA24 |. C600 01 MOV BYTE PTR DS:[EAX],1 0049BA27 |. 6A 01 PUSH 1 0049BA29 |. A1 200B4B00 MOV EAX,DWORD PTR DS:[4B0B20] 0049BA2E |. 8B00 MOV EAX,DWORD PTR DS:[EAX] 0049BA30 |. B9 3CBB4900 MOV ECX,mp3cutte.0049BB3C ; mp3cutter 0049BA35 |. BA 50BB4900 MOV EDX,mp3cutte.0049BB50 ; basic 0049BA3A |. 8B18 MOV EBX,DWORD PTR DS:[EAX] 0049BA3C |. FF53 14 CALL DWORD PTR DS:[EBX+14] 0049BA3F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0049BA42 |. 50 PUSH EAX 0049BA43 |. A1 200B4B00 MOV EAX,DWORD PTR DS:[4B0B20] 0049BA48 |. 8B00 MOV EAX,DWORD PTR DS:[EAX] 0049BA4A |. B9 60BB4900 MOV ECX,mp3cutte.0049BB60 ; mp3cutter1 0049BA4F |. BA 50BB4900 MOV EDX,mp3cutte.0049BB50 ; basic 0049BA54 |. 8B18 MOV EBX,DWORD PTR DS:[EAX] 0049BA56 |. FF53 04 CALL DWORD PTR DS:[EBX+4] 0049BA59 |. A1 F81D4B00 MOV EAX,DWORD PTR DS:[4B1DF8] 0049BA5E |. E8 C521FCFF CALL mp3cutte.0045DC28 0049BA63 |. EB 15 JMP SHORT mp3cutte.0049BA7A 0049BA65 |> 6A 00 PUSH 0 ; /Arg1 = 00000000 0049BA67 |. 66:8B0D C4BA4>MOV CX,WORD PTR DS:[49BAC4] ; | 0049BA6E |. B2 02 MOV DL,2 ; | 0049BA70 |. B8 D0BA4900 MOV EAX,mp3cutte.0049BAD0 ; |Invalid register code! Please retry! 0049BA75 |. E8 76F0F9FF CALL mp3cutte.0043AAF0 ; \mp3cutte.0043AAF0 0049BA7A |> 33C0 XOR EAX,EAX 0049BA7C |. 5A POP EDX 0049BA7D |. 59 POP ECX 0049BA7E |. 59 POP ECX 0049BA7F |. 64:8910 MOV DWORD PTR FS:[EAX],EDX 0049BA82 |. 68 BCBA4900 PUSH mp3cutte.0049BABC 0049BA87 |> 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18] 0049BA8A |. E8 898BF6FF CALL mp3cutte.00404618 0049BA8F |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14] 0049BA92 |. E8 818BF6FF CALL mp3cutte.00404618 0049BA97 |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10] 0049BA9A |. E8 798BF6FF CALL mp3cutte.00404618 0049BA9F |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C] 0049BAA2 |. E8 718BF6FF CALL mp3cutte.00404618 0049BAA7 |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] 0049BAAA |. BA 02000000 MOV EDX,2 0049BAAF |. E8 888BF6FF CALL mp3cutte.0040463C 0049BAB4 \. C3 RETN 0049BAB5 .^ E9 E284F6FF JMP mp3cutte.00403F9C 0049BABA .^ EB CB JMP SHORT mp3cutte.0049BA87 0049BABC . 5F POP EDI 0049BABD . 5E POP ESI 0049BABE . 5B POP EBX 0049BABF . 8BE5 MOV ESP,EBP 0049BAC1 . 5D POP EBP 0049BAC2 . C3 RETN -------------------------------------------------------------------------------- 【算法总结】 逐一取用户名的Ascii,乘以BE755,加上C0F97,然后整除以2,再加上4A2FFE3就是注册码了 这个软件必须是作者预设的用户名,不是是不行的,所以我们要把0049B956改为Jmp,算法不变,呵呵 JAGD38-jowBN3K KOB82j-ncVBN8k VXV96J-WU76yw BNCE8H-Pmx87by CXZ93z-nbBP93Y BOXLR6-8hvg8C HGSOhox-bnr29h YWT6682-hoa46I 这是这个软件所预设的用户名,还有很多,我就不列出来了,如果大家要注册,就用这几个就可以了 -------------------------------------------------------------------------------- 算法注册机的思路:定义一个49个元素的数组,假定数组名为str(预设的用户名有49个),然后取0到49内的随机数,假定为sjs,然后赋 值,然后让edit1的内容等于str(sjs),这样就可以随机取那49个用户名了,然后再进行计算,就可以得到用户名了,因为比较麻烦我就不写 了,嘿嘿,给大家这个思路就可以了 |
| 地主 发表时间: 07-08-17 11:08 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: [转帖]PowerMP3CutterJoiner算法分析