设为首页收藏本站

 找回密码
 注册
搜索
热搜: 回贴
微赢网络技术论坛 门户 安全攻防 加密解密 查看内容

菜鸟maomaoma的算法练习破文四 ,算法,加密算法

2010-1-22 18:38| 发布者: admin| 查看: 69| 评论: 0|原作者: 段誉


菜鸟maomaoma的算法练习破文四 ,算法,加密算法
2008年06月23日 星期一 下午 12:22
【破文标题】菜鸟maomaoma的算法练习破文四

【破文作者】maomaoma

【作者邮箱】

【作者主页】无

【破解工具】OD、PEiD

【破解平台】winxp

【软件名称】Magic DVD Ripper 4.3

【软件大小】2075KB



【原版下载】http://86516.onlinedown.net/soft/24198.htm

【保护方式】无

【软件简介】Magic DVD Ripper 是一款DVD 电影抓取工具,支持 DVD to VCD,DVD to SVCD 转换,抓取后的DVD已经去除了区位码保护和MacroVision 保护,支持抓取或者转换完成后自动关机的功能,完整的支持市面上各种流行的DVD和VCD刻录机和盘片!

【破解声明】我是菜鸟,学写破文,还请大侠多多指教:)

------------------------------------------------------------------------

【破解过程】



1、PEiD查主程序无壳,Borland C 1999编译

2、OD载入,根据注册错误提示字符串“register code is not correct!\n\nplease copy and paste your user name and register code.”(该字符串出现次数多,我是分别试验过去,笨办法:),可用dede反编译,再下断)下断点

3、F9运行,输入用户名:maomaoma,注册码:1234567801234567891(注:注册码位数通过后面分析得知),OD断下

4、具体分析过程及代码注释如下:



004182E0 . 55 push ebp ; OD断在此处

004182E1 . 8BEC mov ebp, esp

004182E3 . 83C4 AC add esp, -54

004182E6 . 53 push ebx

004182E7 . 56 push esi

004182E8 . 57 push edi

004182E9 . 8945 B8 mov [ebp-48], eax

004182EC . B8 782A5000 mov eax, 00502A78

004182F1 . E8 AEE40B00 call 004D67A4

004182F6 . 66:C745 CC 08>mov word ptr [ebp-34], 8

004182FC . 66:C745 CC 08>mov word ptr [ebp-34], 8

00418302 . 66:C745 CC 20>mov word ptr [ebp-34], 20

00418308 . 33C0 xor eax, eax

0041830A . 33F6 xor esi, esi

0041830C . 8945 F4 mov [ebp-C], eax

0041830F . 8D55 F4 lea edx, [ebp-C]

00418312 . FF45 D8 inc dword ptr [ebp-28]

00418315 . 8B4D B8 mov ecx, [ebp-48]

00418318 . 8B81 F8020000 mov eax, [ecx 2F8]

0041831E . E8 8DFD0800 call 004A80B0 ; 取用户名

00418323 . 8D45 F4 lea eax, [ebp-C]

00418326 . 8B00 mov eax, [eax]

00418328 . 33D2 xor edx, edx

0041832A . 8955 FC mov [ebp-4], edx

0041832D . 8D55 FC lea edx, [ebp-4]

00418330 . FF45 D8 inc dword ptr [ebp-28]

00418333 . E8 DC2E0300 call 0044B214 ; 用户名入堆栈

00418338 . FF4D D8 dec dword ptr [ebp-28]

0041833B . 8D45 F4 lea eax, [ebp-C]

0041833E . BA 02000000 mov edx, 2

00418343 . E8 E0B20C00 call 004E3628

00418348 . 66:C745 CC 14>mov word ptr [ebp-34], 14

0041834E . 837D FC 00 cmp dword ptr [ebp-4], 0

00418352 . 74 05 je short 00418359

00418354 . 8B45 FC mov eax, [ebp-4]

00418357 . EB 05 jmp short 0041835E

00418359 > B8 ED285000 mov eax, 005028ED

0041835E > 8945 B4 mov [ebp-4C], eax

00418361 . 33FF xor edi, edi

00418363 . 8B45 B4 mov eax, [ebp-4C]

00418366 . 8BD8 mov ebx, eax

00418368 . EB 08 jmp short 00418372

0041836A > 33C0 xor eax, eax

0041836C . 8A03 mov al, [ebx]

0041836E . 03F0 add esi, eax ; esi等于用户名各字符ASCII值相加(我这里为348)

00418370 . 47 inc edi

00418371 . 43 inc ebx

00418372 > 8B55 B4 mov edx, [ebp-4C]

00418375 . 52 push edx

00418376 . E8 8DE10B00 call 004D6508

0041837B . 59 pop ecx

0041837C . 3BF8 cmp edi, eax

0041837E .^ 72 EA jb short 0041836A

00418380 . 81E6 FFFF0080 and esi, 8000FFFF

00418386 . 79 08 jns short 00418390

00418388 . 4E dec esi

00418389 . 81CE 0000FFFF or esi, FFFF0000

0041838F . 46 inc esi

00418390 > 56 push esi ; /Arg3

00418391 . 68 EE285000 push 005028EE ; | x

00418396 . 8D4D AC lea ecx, [ebp-54] ; |

00418399 . 51 push ecx ; |Arg1

0041839A . E8 B1090C00 call 004D8D50 ; \格式化esi(我这里348扩展为0348)记着A

0041839F . 66:C745 CC 2C>mov word ptr [ebp-34], 2C

004183A5 . 33C0 xor eax, eax

004183A7 . 83C4 0C add esp, 0C

004183AA . 8945 F0 mov [ebp-10], eax

004183AD . 8D55 F0 lea edx, [ebp-10]

004183B0 . FF45 D8 inc dword ptr [ebp-28]

004183B3 . 8B4D B8 mov ecx, [ebp-48]

004183B6 . 8B81 FC020000 mov eax, [ecx 2FC]

004183BC . E8 EFFC0800 call 004A80B0 ; 取假码

004183C1 . 8D45 F0 lea eax, [ebp-10]

004183C4 . 8B00 mov eax, [eax]

004183C6 . 33D2 xor edx, edx

004183C8 . 8955 EC mov [ebp-14], edx

004183CB . 8D55 EC lea edx, [ebp-14]

004183CE . FF45 D8 inc dword ptr [ebp-28]

004183D1 . E8 3E2E0300 call 0044B214 ; 假码入堆栈

004183D6 . 8D45 EC lea eax, [ebp-14]

004183D9 . 33C9 xor ecx, ecx

004183DB . 894D F8 mov [ebp-8], ecx

004183DE . 8D55 F8 lea edx, [ebp-8]

004183E1 . FF45 D8 inc dword ptr [ebp-28]

004183E4 . E8 8BB40C00 call 004E3874

004183E9 . FF4D D8 dec dword ptr [ebp-28]

004183EC . 8D45 EC lea eax, [ebp-14]

004183EF . BA 02000000 mov edx, 2

004183F4 . E8 2FB20C00 call 004E3628

004183F9 . FF4D D8 dec dword ptr [ebp-28]

004183FC . 8D45 F0 lea eax, [ebp-10]

004183FF . BA 02000000 mov edx, 2

00418404 . E8 1FB20C00 call 004E3628

00418409 . 66:C745 CC 14>mov word ptr [ebp-34], 14

0041840F . 837D F8 00 cmp dword ptr [ebp-8], 0

00418413 . 74 05 je short 0041841A

00418415 . 8B75 F8 mov esi, [ebp-8]

00418418 . EB 05 jmp short 0041841F

0041841A > BE F3285000 mov esi, 005028F3

0041841F > 33FF xor edi, edi

00418421 . 8BDE mov ebx, esi

00418423 . EB 12 jmp short 00418437

00418425 > 0FBE03 movsx eax, byte ptr [ebx]

00418428 . 83F8 6F cmp eax, 6F ; 跟o比较,防止0与o不分

0041842B . 74 05 je short 00418432

0041842D . 83F8 4F cmp eax, 4F ; 跟O比较,防止0与O不分

00418430 . 75 03 jnz short 00418435

00418432 > C603 30 mov byte ptr [ebx], 30

00418435 > 47 inc edi

00418436 . 43 inc ebx

00418437 > 56 push esi

00418438 . E8 CBE00B00 call 004D6508

0041843D . 59 pop ecx

0041843E . 3BF8 cmp edi, eax

00418440 .^ 72 E3 jb short 00418425

00418442 . 66:C745 CC 38>mov word ptr [ebp-34], 38

00418448 . 8D45 E8 lea eax, [ebp-18]

0041844B . 8BD6 mov edx, esi

0041844D . E8 C2B00C00 call 004E3514

00418452 . FF45 D8 inc dword ptr [ebp-28]

00418455 . 8B10 mov edx, [eax]

00418457 . 8B45 B8 mov eax, [ebp-48]

0041845A . 8B80 FC020000 mov eax, [eax 2FC]

00418460 . E8 7BFC0800 call 004A80E0

00418465 . FF4D D8 dec dword ptr [ebp-28]

00418468 . 8D45 E8 lea eax, [ebp-18]

0041846B . BA 02000000 mov edx, 2

00418470 . E8 B3B10C00 call 004E3628

00418475 . 8A4E 05 mov cl, [esi 5] ; 假码第六位赋给cl

00418478 . 3A4D AC cmp cl, [ebp-54] ; cl跟A第一位比较(我这里是跟0比较)

0041847B . 75 26 jnz short 004184A3 ; 不等则跳

0041847D . 8A46 04 mov al, [esi 4] ; 假码第五位赋给al

00418480 . 3A45 AD cmp al, [ebp-53] ; al跟A第二位比较(我这里是跟3比较)

00418483 . 75 1E jnz short 004184A3 ; 不等则跳

00418485 . 8A56 12 mov dl, [esi 12] ; 假码第十九位赋给dl

00418488 . 3A55 AE cmp dl, [ebp-52] ; dl跟A第三位比较(我这里是跟4比较)

0041848B . 75 16 jnz short 004184A3 ; 不等则跳

0041848D . 8A0E mov cl, [esi] ; 假码第一位赋给cl

0041848F . 3A4D AF cmp cl, [ebp-51] ; cl跟A第四位比较(我这里是跟8比较)

00418492 . 75 0F jnz short 004184A3 ; 不等则跳

00418494 . 8B45 B8 mov eax, [ebp-48]

00418497 . C780 4C020000>mov dword ptr [eax 24C], 1

004184A1 . EB 3E jmp short 004184E1

004184A3 > 66:C745 CC 44>mov word ptr [ebp-34], 44

004184A9 . BA F4285000 mov edx, 005028F4 ; register code is not correct!\n\nplease copy and paste your user name and register code.

004184AE . 8D45 E4 lea eax, [ebp-1C]

004184B1 . E8 5EB00C00 call 004E3514

004184B6 . FF45 D8 inc dword ptr [ebp-28]

004184B9 . 8B00 mov eax, [eax]

004184BB . E8 34A10800 call 004A25F4

004184C0 . FF4D D8 dec dword ptr [ebp-28]

004184C3 . 8D45 E4 lea eax, [ebp-1C]

004184C6 . BA 02000000 mov edx, 2

004184CB . E8 58B10C00 call 004E3628

004184D0 . 8B4D B8 mov ecx, [ebp-48]

004184D3 . 8B81 FC020000 mov eax, [ecx 2FC]

004184D9 . 8B10 mov edx, [eax]

004184DB . FF92 C0000000 call [edx C0]

004184E1 > FF4D D8 dec dword ptr [ebp-28]

004184E4 . 8D45 F8 lea eax, [ebp-8]

004184E7 . BA 02000000 mov edx, 2

004184EC . E8 37B10C00 call 004E3628

004184F1 . FF4D D8 dec dword ptr [ebp-28]

004184F4 . 8D45 FC lea eax, [ebp-4]

004184F7 . BA 02000000 mov edx, 2

004184FC . E8 27B10C00 call 004E3628

00418501 . 66:C745 CC 08>mov word ptr [ebp-34], 8

00418507 . 66:C745 CC 00>mov word ptr [ebp-34], 0

0041850D . EB 49 jmp short 00418558

0041850F . 66:C745 CC 50>mov word ptr [ebp-34], 50

00418515 . BA 4B295000 mov edx, 0050294B ; register code is not correct!\n\nplease copy and paste your user name and register code.

0041851A . 8D45 E0 lea eax, [ebp-20]

0041851D . E8 F2AF0C00 call 004E3514

00418522 . FF45 D8 inc dword ptr [ebp-28]

00418525 . 8B00 mov eax, [eax]

00418527 . E8 C8A00800 call 004A25F4

0041852C . FF4D D8 dec dword ptr [ebp-28]

0041852F . 8D45 E0 lea eax, [ebp-20]

00418532 . BA 02000000 mov edx, 2

00418537 . E8 ECB00C00 call 004E3628

0041853C . 8B4D B8 mov ecx, [ebp-48]

0041853F . 8B81 FC020000 mov eax, [ecx 2FC]

00418545 . 8B10 mov edx, [eax]

00418547 . FF92 C0000000 call [edx C0]

0041854D . 66:C745 CC 10>mov word ptr [ebp-34], 10

00418553 . E8 16800C00 call 004E056E

00418558 > 8B4D BC mov ecx, [ebp-44]

0041855B . 64:890D 00000>mov fs:[0], ecx

00418562 . 5F pop edi

00418563 . 5E pop esi

00418564 . 5B pop ebx

00418565 . 8BE5 mov esp, ebp

00418567 . 5D pop ebp

00418568 . C3 retn





------------------------------------------------------------------------

【破解总结】



1、注册码跟用户名有关

2、取用户名各字符ASCII值相加,结果格式化( x),记着A

3、注册码第一、第五、第六、第十九位分别与A的第四、第二、第一、第三位比较,相等则注册成功,其余各位任意

4、注册信息保存于MagicDVDRipper.ini


收藏 分享 邀请

最新评论

相关分类

QQ|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )

GMT+8, 2024-9-30 03:25 , Processed in 0.138828 second(s), 12 queries , Gzip On, MemCache On.

Powered by Discuz! X3.5

© 2001-2023 Discuz! Team.

返回顶部