设为首页收藏本站

 找回密码
 注册
搜索
热搜: 回贴
微赢网络技术论坛 门户 安全攻防 加密解密 查看内容

与RC加密算法的第一次亲密接触,RC,加密算法

2010-1-22 18:39| 发布者: admin| 查看: 108| 评论: 0|原作者: 天仙子


与RC加密算法的第一次亲密接触,RC,加密算法
2008年06月23日 星期一 下午 12:30
软件信息

========

软件名称:Internet Download Manager

软件版本:3.15

软件大小:833KB

应用平台:Windows 9x/Me/2k/XP

下载地址:http://www.internetdownloadmanager.com/idman315.exe 填入注册码部分的算法比较简单,考虑篇幅这里就不说了,只说它的重启和RC加密算法

1、

[HKEY_CURRENT_USER\Software\DownloadManager]

"idmvers"="3.16 Trial" <===体验版,意思是说不是正式版了

"Serial"="ABCDE-GHIJK-MNOPQ-STUVW" 2、软件一见到注册表里的Serial键值,立马就报是60天试用版,肯定有问题(估计只是在体验版里加的)

"Serial"="ABCDE-GHIJK-MNOPQ-STUVW"

3、但是,程序里依然有核心校验部分(而且用的是RC的加密算法)

0041249F . 68 A0674C00 PUSH IDMAN.004C67A0 ; |valueName = "Serial"

004124A4 . 897D FC MOV DWORD PTR SS:[EBP-4],EDI ; |

004124A7 . 52 PUSH EDX ; |hKey => 0

004124A8 . 897D EC MOV DWORD PTR SS:[EBP-14],EDI ; |

004124AB . C645 FC 01 MOV BYTE PTR SS:[EBP-4],1 ; |

004124AF . C685 5CFFFFFF >MOV BYTE PTR SS:[EBP-A4],0 ; |

004124B6 . C645 B0 00 MOV BYTE PTR SS:[EBP-50],0 ; |

004124BA . 895D E8 MOV DWORD PTR SS:[EBP-18],EBX ; |

004124BD . FFD6 CALL ESI ; \RegQueryvalueExA

004124BF . 85C0 TEST EAX,EAX

004124C1 . 75 1D JNZ SHORT IDMAN.004124E0

004124C3 . 8D85 5CFFFFFF LEA EAX,DWORD PTR SS:[EBP-A4] <===在这里可以看到注册码

004124C9 . 50 PUSH EAX ; /Arg1

004124CA . E8 21050000 CALL IDMAN.004129F0 <===跟进 ; \IDMAN.004129F0

004124CF . 83C4 04 ADD ESP,4

004124D2 . 84C0 TEST AL,AL <===要想成功,则AL必须为0

004124D4 . 75 0A JNZ SHORT IDMAN.004124E0

004124D6 . C745 EC 010000>MOV DWORD PTR SS:[EBP-14],1

004124DD . 8B7D EC MOV EDI,DWORD PTR SS:[EBP-14]

004124E0 > A1 9CB74D00 MOV EAX,DWORD PTR DS:[4DB79C] ---------------004124CA CALL IDMAN.004129F0 跟进----------------

004129F0 /$ 55 PUSH EBP

004129F1 |. 8BEC MOV EBP,ESP

004129F3 |. 6A FF PUSH -1

004129F5 |. 68 F8CD4900 PUSH IDMAN.0049CDF8 ; SE handler installation

004129FA |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]

00412A00 |. 50 PUSH EAX

00412A01 |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP

00412A08 |. 83EC 58 SUB ESP,58

00412A0B |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP 8]

00412A0E |. 53 PUSH EBX

00412A0F |. 56 PUSH ESI

00412A10 |. 57 PUSH EDI

00412A11 |. 8BFA MOV EDI,EDX

00412A13 |. 83C9 FF OR ECX,FFFFFFFF

00412A16 |. 33C0 XOR EAX,EAX

00412A18 |. 33DB XOR EBX,EBX

00412A1A |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]

00412A1C |. F7D1 NOT ECX

00412A1E |. 49 DEC ECX

00412A1F |. 8965 F0 MOV DWORD PTR SS:[EBP-10],ESP

00412A22 |. 83F9 32 CMP ECX,32

00412A25 |. 895D FC MOV DWORD PTR SS:[EBP-4],EBX

00412A28 |. 0F87 B0010000 JA IDMAN.00412BDE

00412A2E |. B9 0D000000 MOV ECX,0D

00412A33 |. 8D7D 9C LEA EDI,DWORD PTR SS:[EBP-64]

00412A36 |. F3:AB REP STOS DWORD PTR ES:[EDI]

00412A38 |. 8BFA MOV EDI,EDX

00412A3A |. 83C9 FF OR ECX,FFFFFFFF

00412A3D |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]

00412A3F |. F7D1 NOT ECX

00412A41 |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64]

00412A44 |. 2BF9 SUB EDI,ECX

00412A46 |. 8BD6 MOV EDX,ESI

00412A48 |. 8BC1 MOV EAX,ECX

00412A4A |. 8BF7 MOV ESI,EDI

00412A4C |. 8BFA MOV EDI,EDX

00412A4E |. C1E9 02 SHR ECX,2

00412A51 |. F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]

00412A53 |. 8BC8 MOV ECX,EAX

00412A55 |. 83E1 03 AND ECX,3

00412A58 |. F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]

00412A5A |. 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]

00412A5D |. E8 AE9B0200 CALL IDMAN.0043C610

00412A62 |. BF 64734C00 MOV EDI,IDMAN.004C7364 ; ASCII "506938841"

00412A67 |. 83C9 FF OR ECX,FFFFFFFF

00412A6A |. 33C0 XOR EAX,EAX

00412A6C |. C645 FC 01 MOV BYTE PTR SS:[EBP-4],1

00412A70 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]

00412A72 |. 8B7D 08 MOV EDI,DWORD PTR SS:[EBP 8]

00412A75 |. F7D1 NOT ECX

00412A77 |. 49 DEC ECX

00412A78 |. 51 PUSH ECX

00412A79 |. 83C9 FF OR ECX,FFFFFFFF

00412A7C |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]

00412A7E |. F7D1 NOT ECX

00412A80 |. 49 DEC ECX

00412A81 |. 68 64734C00 PUSH IDMAN.004C7364 ; ASCII "506938841"(估计就是密钥)

00412A86 |. 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]

00412A89 |. 51 PUSH ECX

00412A8A |. 50 PUSH EAX <===EAX="ABCDE-GHIJK-MNOPQ-STUVW"(假注册码)

00412A8B |. 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]

00412A8E |. E8 0D9F0200 CALL IDMAN.0043C9A0 <===一个很关键的CALL,对数据加密的CALL(用的RC2的加密方式)

00412A93 |. B2 C6 MOV DL,0C6

00412A95 |. B9 11000000 MOV ECX,11

00412A9A |. 8D7D D8 LEA EDI,DWORD PTR SS:[EBP-28]

00412A9D |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64] <===ESI为加密后的数据

00412AA0 |. 33C0 XOR EAX,EAX

00412AA2 |. C645 D8 2B MOV BYTE PTR SS:[EBP-28],2B

00412AA6 |. C645 D9 52 MOV BYTE PTR SS:[EBP-27],52

00412AAA |. C645 DA D1 MOV BYTE PTR SS:[EBP-26],0D1

00412AAE |. C645 DB 9E MOV BYTE PTR SS:[EBP-25],9E

00412AB2 |. C645 DC 8A MOV BYTE PTR SS:[EBP-24],8A

00412AB6 |. C645 DD 82 MOV BYTE PTR SS:[EBP-23],82

00412ABA |. C645 DE DE MOV BYTE PTR SS:[EBP-22],0DE

00412ABE |. C645 DF EB MOV BYTE PTR SS:[EBP-21],0EB

00412AC2 |. C645 E0 EE MOV BYTE PTR SS:[EBP-20],0EE

00412AC6 |. C645 E1 62 MOV BYTE PTR SS:[EBP-1F],62

00412ACA |. C645 E2 A4 MOV BYTE PTR SS:[EBP-1E],0A4

00412ACE |. 8855 E3 MOV BYTE PTR SS:[EBP-1D],DL

00412AD1 |. C645 E4 84 MOV BYTE PTR SS:[EBP-1C],84

00412AD5 |. C645 E5 99 MOV BYTE PTR SS:[EBP-1B],99

00412AD9 |. C645 E6 8F MOV BYTE PTR SS:[EBP-1A],8F

00412ADD |. C645 E7 1F MOV BYTE PTR SS:[EBP-19],1F

00412AE1 |. 885D E8 MOV BYTE PTR SS:[EBP-18],BL

00412AE4 |. F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]

<===ESI为我们注册码加密后的结果,EDI就是上面的内定列表:(两者要相等)

********************************************

0074DDD4 2B 52 D1 9E 8A 82 DE EB R褳妭揠

0074DDDC EE 62 A4 C6 84 99 8F 1F 頱て剻?

********************************************

00412AE6 |. 0F84 E7000000 JE IDMAN.00412BD3

00412AEC |. B0 BE MOV AL,0BE

00412AEE |. 8855 E1 MOV BYTE PTR SS:[EBP-1F],DL

00412AF1 |. B9 19000000 MOV ECX,19

00412AF6 |. 8D7D D0 LEA EDI,DWORD PTR SS:[EBP-30]

00412AF9 |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64]

00412AFC |. 33D2 XOR EDX,EDX

00412AFE |. C645 D0 92 MOV BYTE PTR SS:[EBP-30],92

00412B02 |. C645 D1 F5 MOV BYTE PTR SS:[EBP-2F],0F5

00412B06 |. C645 D2 25 MOV BYTE PTR SS:[EBP-2E],25

00412B0A |. C645 D3 CD MOV BYTE PTR SS:[EBP-2D],0CD

00412B0E |. C645 D4 78 MOV BYTE PTR SS:[EBP-2C],78

00412B12 |. 8845 D5 MOV BYTE PTR SS:[EBP-2B],AL

00412B15 |. C645 D6 4A MOV BYTE PTR SS:[EBP-2A],4A

00412B19 |. C645 D7 04 MOV BYTE PTR SS:[EBP-29],4

00412B1D |. C645 D8 6A MOV BYTE PTR SS:[EBP-28],6A

00412B21 |. C645 D9 FF MOV BYTE PTR SS:[EBP-27],0FF

00412B25 |. C645 DA A3 MOV BYTE PTR SS:[EBP-26],0A3

00412B29 |. C645 DB 2C MOV BYTE PTR SS:[EBP-25],2C

00412B2D |. C645 DC 9C MOV BYTE PTR SS:[EBP-24],9C

00412B31 |. C645 DD 96 MOV BYTE PTR SS:[EBP-23],96

00412B35 |. C645 DE 28 MOV BYTE PTR SS:[EBP-22],28

00412B39 |. C645 DF B0 MOV BYTE PTR SS:[EBP-21],0B0

00412B3D |. C645 E0 26 MOV BYTE PTR SS:[EBP-20],26

00412B41 |. C645 E2 A6 MOV BYTE PTR SS:[EBP-1E],0A6

00412B45 |. C645 E3 D5 MOV BYTE PTR SS:[EBP-1D],0D5

00412B49 |. C645 E4 D8 MOV BYTE PTR SS:[EBP-1C],0D8

00412B4D |. C645 E5 E3 MOV BYTE PTR SS:[EBP-1B],0E3

00412B51 |. C645 E6 EF MOV BYTE PTR SS:[EBP-1A],0EF

00412B55 |. C645 E7 07 MOV BYTE PTR SS:[EBP-19],7

00412B59 |. 885D E8 MOV BYTE PTR SS:[EBP-18],BL

00412B5C |. F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]

<===ESI为我们注册码加密后的结果,EDI就是上面的内定列表:(两者要相等)

********************************************

0074DDCC 92 F5 25 CD 78 BE 4A 04 掯%蛒綣

0074DDD4 6A FF A3 2C 9C 96 28 B0 j 湒(

0074DDDC 26 C6 A6 D5 D8 E3 EF 07 &痞肇泔

********************************************

00412B5E |. 74 73 JE SHORT IDMAN.00412BD3

00412B60 |. B1 58 MOV CL,58

00412B62 |. 8845 DB MOV BYTE PTR SS:[EBP-25],AL

00412B65 |. 884D DE MOV BYTE PTR SS:[EBP-22],CL

00412B68 |. B2 9D MOV DL,9D

00412B6A |. 8845 E0 MOV BYTE PTR SS:[EBP-20],AL

00412B6D |. 884D E5 MOV BYTE PTR SS:[EBP-1B],CL

00412B70 |. B9 19000000 MOV ECX,19

00412B75 |. 8D7D D0 LEA EDI,DWORD PTR SS:[EBP-30]

00412B78 |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64]

00412B7B |. 33C0 XOR EAX,EAX

00412B7D |. C645 D0 7B MOV BYTE PTR SS:[EBP-30],7B

00412B81 |. C645 D1 B3 MOV BYTE PTR SS:[EBP-2F],0B3

00412B85 |. C645 D2 42 MOV BYTE PTR SS:[EBP-2E],42

00412B89 |. C645 D3 79 MOV BYTE PTR SS:[EBP-2D],79

00412B8D |. C645 D4 65 MOV BYTE PTR SS:[EBP-2C],65

00412B91 |. C645 D5 CE MOV BYTE PTR SS:[EBP-2B],0CE

00412B95 |. C645 D6 2D MOV BYTE PTR SS:[EBP-2A],2D

00412B99 |. C645 D7 B8 MOV BYTE PTR SS:[EBP-29],0B8

00412B9D |. C645 D8 5E MOV BYTE PTR SS:[EBP-28],5E

00412BA1 |. C645 D9 13 MOV BYTE PTR SS:[EBP-27],13

00412BA5 |. C645 DA DF MOV BYTE PTR SS:[EBP-26],0DF

00412BA9 |. C645 DC F0 MOV BYTE PTR SS:[EBP-24],0F0

00412BAD |. C645 DD 61 MOV BYTE PTR SS:[EBP-23],61

00412BB1 |. 8855 DF MOV BYTE PTR SS:[EBP-21],DL

00412BB4 |. C645 E1 66 MOV BYTE PTR SS:[EBP-1F],66

00412BB8 |. C645 E2 52 MOV BYTE PTR SS:[EBP-1E],52

00412BBC |. C645 E3 75 MOV BYTE PTR SS:[EBP-1D],75

00412BC0 |. C645 E4 C9 MOV BYTE PTR SS:[EBP-1C],0C9

00412BC4 |. C645 E6 B6 MOV BYTE PTR SS:[EBP-1A],0B6

00412BC8 |. C645 E7 C8 MOV BYTE PTR SS:[EBP-19],0C8

00412BCC |. 885D E8 MOV BYTE PTR SS:[EBP-18],BL

00412BCF |. F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]

<===ESI为我们注册码加密后的结果,EDI就是上面的内定列表:(两者要相等),这里是第3次机会

********************************************

0074DDCC 7B B3 42 79 65 CE 2D B8 {矪ye

0074DDD4 5E 13 DF BE F0 61 58 9D ^ 呔餫X

0074DDDC BE 66 52 75 C9 58 B6 C8 緁Ru蒟度

********************************************

00412BD1 | 74 1E JNZ SHORT IDMAN.00412BF1

00412BD3 |> 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14]

00412BD6 |. 885D FC MOV BYTE PTR SS:[EBP-4],BL

00412BD9 |. E8 629A0200 CALL IDMAN.0043C640

00412BDE |> 32C0 XOR AL,AL

00412BE0 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]

00412BE3 |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX

00412BEA |. 5F POP EDI

00412BEB |. 5E POP ESI

00412BEC |. 5B POP EBX

00412BED |. 8BE5 MOV ESP,EBP

00412BEF |. 5D POP EBP

00412BF0 |. C3 RETN


收藏 分享 邀请

最新评论

相关分类

QQ|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )

GMT+8, 2024-9-30 03:35 , Processed in 0.132299 second(s), 12 queries , Gzip On, MemCache On.

Powered by Discuz! X3.5

© 2001-2023 Discuz! Team.

返回顶部