安卓加密锁|加密狗破解入门的算法
翻开OllyDbg v1.10b,载入crackme,随意输入姓名和注册码(这里倡议用x和1234567,由于我的文章就是以这个注册码和姓名为例写的,当然用其他也能够)单击check弹出错误音讯\" You Have Enter A Wrong Serial, Please Try Again \",在反汇编后的代码上右击搜索->字符参考,找到You Have Enter A Wrong Serial, Please Try Again,双击来到这里(1)(这里用爆破的前几步办法是为了找到注册算法的位置.由于,注册算法通常是在比照注册码正确不正确的前面)
0040133A |. 3BC6 cmp eax,esi
0040133C |. 75 15 jnz short Key-Crac.00401353
0040133E |. 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401340 |. 68 62344000 push Key-Crac.00403462 ; |Title = \"Key/CrackMe #2 \"
00401345 |. 68 B8344000 push Key-Crac.004034B8 ; |Text = \" Good Job, I Wish You the Very Best\"
0040134A |. 6A 00 push 0 ; |hOwner = NULL
0040134C |. E8 9D000000 call <jmp.&USER32.MessageBoxA> ; \\MessageBoxA
00401351 |. EB 13 jmp short Key-Crac.00401366
00401353 |> 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401355 |. 68 62344000 push Key-Crac.00403462 ; |Title = \"Key/CrackMe #2 \"
0040135A |. 68 86344000 push Key-Crac.00403486 (1) ; |Text = \" You Have Enter A Wrong Serial, Please Try Again \"
0040135F |. 6A 00 push 0 ; |hOwner = NULL
00401361 |. E8 88000000 call <jmp.&USER32.MessageBoxA> ; \\MessageBoxA
00401366 |> EB 15 jmp short Key-Crac.0040137D
------------------------------------------------------------------------------------------------------
向上找,来到这里(2)(关键局部1)
004012F6 |> \\68 38304000 (2) push Key-Crac.00403038 ; /String = \"xd\"
004012FB |. E8 30010000 call <jmp.&KERNEL32.lstrlenA> ; \\lstrlenA<---获取字符长度
00401300 |. 33F6 xor esi,esi<---清零,esi是姓名运算后的存储存放器
00401302 |. 8BC8 mov ecx,eax<---把字符长度的值eax放到ecx里
00401304 |. B8 01000000 mov eax,1<---eax=1??什么意义,高人指点.
00401309 |> 8B15 38304000 /mov edx,dword ptr ds:[403038]<---获取姓名第一个字符串x的16进制值
0040130F |. 8A90 37304000 |mov dl,byte ptr ds:[eax+403037]
00401315 |. 81E2 FF000000 |and edx,0FF<---edx=33006577<---这个什么意义不晓得,对最后的注册码的运算仿佛没有影响
0040131B |. 8BDA |mov ebx,edx<---ebx=edx(x的16进制值)
0040131D |. 0FAFDA |imul ebx,edx<---ebx*edx(78*78)x的16进制值相乘
00401320 |. 03F3 |add esi,ebx<---esi+ebe,假如输入的是1个以上的字符,这个语句的作用是把前几个字符的注册码和第n个字符的注册码相加
00401322 |. 8BDA |mov ebx,edx<---3840=78(把ebx的值变成edx的值)
00401324 |. D1FB |sar ebx,1<---ebx除2(第一个字符的16进制值的一半)
00401326 |. 03F3 |add esi,ebx<---把姓名的第一个字符的16进制值的一半相加 也就是3c+3840=387c
00401328 |. 2BF2 |sub esi,edx<---再把相加后的值减去字符串16进制的值
0040132A |. 40 |inc eax<---eax+1
0040132B |. 49 |dec ecx<---ecx-1
0040132C |.^ 75 DB \\jnz short Key-Crac.00401309
0040132E |. 56 push esi
0040132F |. 68 38314000 push Key-Crac.00403138 ; ASCII \"1234567\"
00401334 |. E8 4A000000 call Key-Crac.00401383<---注册码运算-|
下面
-----------------------------------------------------------------------
注册码的运算(这个运算就比拟简单了)(关键局部2)
00401383 /$ 55 push ebp
00401384 |. 8BEC mov ebp,esp
00401386 |. FF75 08 push dword ptr ss:[ebp+8] ; /String
00401389 |. E8 A2000000 call <jmp.&KERNEL32.lstrlenA> ; \\lstrlenA
0040138E |. 53 push ebx
0040138F |. 33DB xor ebx,ebx
00401391 |. 8BC8 mov ecx,eax
00401393 |. 8B75 08 mov esi,dword ptr ss:[ebp+8]
00401396 |> 51 /push ecx<-------这个大循环加小循环是求1234567的16进制值
00401397 |. 33C0 |xor eax,eax
00401399 |. AC |lods byte ptr ds:[esi]
0040139A |. 83E8 30 |sub eax,30
0040139D |. 49 |dec ecx
0040139E |. 74 05 |je short Key-Crac.004013A5
004013A0 |> 6BC0 0A |/imul eax,eax,0A
004013A3 |.^ E2 FB |\\loopd short Key-Crac.004013A0
004013A5 |> 03D8 |add ebx,eax
004013A7 |. 59 |pop ecx
004013A8 |.^ E2 EC \\loopd short Key-Crac.00401396
004013AA |. 8BC3 mov eax,ebx<---1234567的16进制值12D687
004013AC |. 5B pop ebx<----ebx存储的就是1234567的16进制值
004013AD |. C9 leave
004013AE \\. C2 0400 retn 4
-----------------------------------------------------------------------------
00401339 |. 5E pop esi
0040133A |. 3BC6 cmp eax,esi<---比照1234567的16进制值和字符串运算后的值
0040133C |. 75 15 jnz short Key-Crac.00401353<---爆破办法:把jnz改为jz即可
0040133E |. 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401340 |. 68 62344000 push Key-Crac.00403462 ; |Title = \"Key/CrackMe #2 \"
00401345 |. 68 B8344000 push Key-Crac.004034B8 ; |Text = \" Good Job, I Wish You the Very Best\"
0040134A |. 6A 00 push 0 ; |hOwner = NULL
0040134C |. E8 9D000000 call <jmp.&USER32.MessageBoxA> ; \\MessageBoxA
00401351 |. EB 13 jmp short Key-Crac.00401366
00401353 |> 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401355 |. 68 62344000 push Key-Crac.00403462 ; |Title = \"Key/CrackMe #2 \"
0040135A |. 68 86344000 push Key-Crac.00403486 ; |Text = \" You Have Enter A Wrong Serial, Please Try Again \"
0040135F |. 6A 00 push 0 ; |hOwner = NULL
00401361 |. E8 88000000 call <jmp.&USER32.MessageBoxA> ; \\MessageBoxA
00401366 |> EB 15 jmp short Key-Crac.0040137D
广州智渊信息科技有限公司(原广州亚斯电子有限公司)是国内专业的信息数据安全产品提供商。从2004年开始,我们专注于信息安全与软件防盗版专业服务,旨在为客户提供安全、规范、灵活的解决方案,主要销售产品有,SafeNet加密狗,超级狗,Etoken电子身份认证等,提升信息系统和数字版权的安全性,为客户带来可持续的增值。
广州智渊将秉承“真诚信赖,共同成长”的企业精神,坚持“科技创新,人才为本”的发展理念,成为用户可持续信赖的信息安全合作伙伴。
http://www.jiamisuo.com.cn/index.php?m=content&c=index&a=show&catid=116&id=921
友情链接:
http://www.fxg188.com/
http://www.w7d.cn/index.php
http://www.leng-ku.net/
http://www.lirenshige.net/
http://www.lirenshige.org/
http://www.ds-retop.cn/
http:/www.wangyingshi.com
http://pen-sha.cn
http://qlibank.com
http://cfqili.com
http://go-li.com
http://szsmeno.com
http://fxg188.com
http://zhenhe56.cn
http://qbmb.com.cn
http://94b.com.cn
http://gaoyuanplastic.com
http://user.qzone.qq.com/3056993726/main
http://user.qzone.qq.com/2779516995/main
http://user.qzone.qq.com/1795898038/main
http://user.qzone.qq.com/3074612585/main
http://user.qzone.qq.com/3087172419/main
http://user.qzone.qq.com/2779516995/main
http://user.qzone.qq.com/1816712778/main
http://user.qzone.qq.com/3076538022/main
http://user.qzone.qq.com/3077569119/main
http://user.qzone.qq.com/2843461660/main
http://user.qzone.qq.com/2045408668/main
http://user.qzone.qq.com/2607288384/main
http://user.qzone.qq.com/2256630272/main
http://www.w7d.cn/newsshow.php?cid=33&id=337http://www.w7d.cn/news.php?cid=33
http://www.w7d.cn/news.php?cid=34
http://www.leng-ku.net/
http://www.leng-ku.net/lengkuanli/
http://www.leng-ku.net/lengkushebei/
http://www.leng-ku.net/lengkuzaojia/
http://www.leng-ku.net/lianxiwomen/
http://www.leng-ku.net/xinwendongtai/
http://www.leng-ku.net/xinwendongtai/lengkudongtai/
http://www.leng-ku.net/xinwendongtai/lengkuxinwen/
http://user.qzone.qq.com/2747118520/main
http://user.qzone.qq.com/2083281386/main
http://user.qzone.qq.com/2789375401/main
http://user.qzone.qq.com/1323427445/main
http://user.qzone.qq.com/2628710852/main
http://user.qzone.qq.com/1458245435/main
http://user.qzone.qq.com/2411364547/main
http://user.qzone.qq.com/2956232938/main
http://user.qzone.qq.com/1346009731/main
http://www.daiyun80o.com
