【破文作者】lnn1123
【所属组织】[BCG][DFCG]
【作者主页】http://blog.csdn.net/lnn1123
【文章题目】WebPageMaker 2.2.0 注册算法分析
【加密方式】MD5
【破解工具】ollydbg+IDA
=======================================================================================================
【软件简介】
肯定是用来做WEB 的拉
=======================================================================================================
【解密过程】
预处理注册名,注册码
CODE:00699D4C push ebp
CODE:00699D4D mov ebp, esp
CODE:00699D4F push 0
CODE:00699D51 push 0
CODE:00699D53 push ebx
CODE:00699D54 mov ebx, eax
CODE:00699D56 xor eax, eax
CODE:00699D58 push ebp
CODE:00699D59 push offset loc_699DD5
CODE:00699D5E push dword ptr fs:[eax]
CODE:00699D61 mov fs:[eax], esp
CODE:00699D64 lea edx, [ebp+var_4]
CODE:00699D67 mov eax, [ebx+320h]
CODE:00699D6D call sub_48AD70
CODE:00699D72 lea edx, [ebp+var_8]
CODE:00699D75 mov eax, [ebx+324h]
CODE:00699D7B call sub_48AD70
CODE:00699D80 cmp [ebp+var_4], 0 ; 注册名为空?
CODE:00699D80 ;
CODE:00699D80 ;
CODE:00699D84 jz short loc_699D8C
CODE:00699D86 cmp [ebp+var_8], 0 ; 注册码为空?
CODE:00699D86 ;
CODE:00699D8A jnz short loc_699D96
CODE:00699D8C
CODE:00699D8C loc_699D8C: ; CODE XREF: sub_699D4C+38j
CODE:00699D8C xor eax, eax
CODE:00699D8E mov [ebx+24Ch], eax
CODE:00699D94 jmp short loc_699DBA
CODE:00699D96 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
CODE:00699D96
CODE:00699D96 loc_699D96: ; CODE XREF: sub_699D4C+3Ej
CODE:00699D96 mov edx, [ebp+var_8] ; 指向注册码
CODE:00699D99 mov eax, [ebp+var_4] ; 指向注册名
CODE:00699D9C call sub_4A16A0 ; 把注册信息写进Config.dat文件
{
CODE:004A16A0 push ebp
CODE:004A16A1 mov ebp, esp
CODE:004A16A3 add esp, 0FFFFFFF8h
CODE:004A16A6 push ebx
CODE:004A16A7 push esi
CODE:004A16A8 xor ecx, ecx
CODE:004A16AA mov [ebp+var_8], ecx
CODE:004A16AD mov [ebp+var_4], edx
CODE:004A16B0 mov esi, eax
CODE:004A16B2 xor eax, eax
CODE:004A16B4 push ebp
CODE:004A16B5 push offset loc_4A172A
CODE:004A16BA push dword ptr fs:[eax]
CODE:004A16BD mov fs:[eax], esp
CODE:004A16C0 mov edx, ds:off_6C5CB8
CODE:004A16C6 mov edx, [edx]
CODE:004A16C8 lea eax, [ebp+var_8]
CODE:004A16CB mov ecx, offset dword_4A1740
CODE:004A16D0 call sub_404EE8
CODE:004A16D5 mov ecx, [ebp+var_8]
CODE:004A16D8 mov dl, 1
CODE:004A16DA mov eax, off_432830
CODE:004A16DF call sub_4328E0
CODE:004A16E4 mov ebx, eax
CODE:004A16E6 push esi
CODE:004A16E7 mov ecx, offset aUser_0 ; "User"
CODE:004A16EC mov edx, offset aRegistration_1 ; "Registration"
CODE:004A16F1 mov eax, ebx
CODE:004A16F3 mov esi, [eax]
CODE:004A16F5 call dword ptr [esi+4] ; 写入注册名
CODE:004A16F8 mov eax, [ebp+var_4]
CODE:004A16FB push eax
CODE:004A16FC mov ecx, offset aLicense_0 ; "License"
CODE:004A1701 mov edx, offset aRegistration_1 ; "Registration"
CODE:004A1706 mov eax, ebx
CODE:004A1708 mov esi, [eax]
CODE:004A170A call dword ptr [esi+4] ; 写入注册码
CODE:004A170D mov eax, ebx
CODE:004A170F call sub_403D50
CODE:004A1714 xor eax, eax
CODE:004A1716 pop edx
CODE:004A1717 pop ecx
CODE:004A1718 pop ecx
CODE:004A1719 mov fs:[eax], edx
CODE:004A171C push offset loc_4A1731
CODE:004A1721
CODE:004A1721 loc_4A1721: ; CODE XREF: CODE:004A172Fj
CODE:004A1721 lea eax, [ebp+var_8]
CODE:004A1724
【所属组织】[BCG][DFCG]
【作者主页】http://blog.csdn.net/lnn1123
【文章题目】WebPageMaker 2.2.0 注册算法分析
【加密方式】MD5
【破解工具】ollydbg+IDA
=======================================================================================================
【软件简介】
肯定是用来做WEB 的拉
=======================================================================================================
【解密过程】
预处理注册名,注册码
CODE:00699D4C push ebp
CODE:00699D4D mov ebp, esp
CODE:00699D4F push 0
CODE:00699D51 push 0
CODE:00699D53 push ebx
CODE:00699D54 mov ebx, eax
CODE:00699D56 xor eax, eax
CODE:00699D58 push ebp
CODE:00699D59 push offset loc_699DD5
CODE:00699D5E push dword ptr fs:[eax]
CODE:00699D61 mov fs:[eax], esp
CODE:00699D64 lea edx, [ebp+var_4]
CODE:00699D67 mov eax, [ebx+320h]
CODE:00699D6D call sub_48AD70
CODE:00699D72 lea edx, [ebp+var_8]
CODE:00699D75 mov eax, [ebx+324h]
CODE:00699D7B call sub_48AD70
CODE:00699D80 cmp [ebp+var_4], 0 ; 注册名为空?
CODE:00699D80 ;
CODE:00699D80 ;
CODE:00699D84 jz short loc_699D8C
CODE:00699D86 cmp [ebp+var_8], 0 ; 注册码为空?
CODE:00699D86 ;
CODE:00699D8A jnz short loc_699D96
CODE:00699D8C
CODE:00699D8C loc_699D8C: ; CODE XREF: sub_699D4C+38j
CODE:00699D8C xor eax, eax
CODE:00699D8E mov [ebx+24Ch], eax
CODE:00699D94 jmp short loc_699DBA
CODE:00699D96 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
CODE:00699D96
CODE:00699D96 loc_699D96: ; CODE XREF: sub_699D4C+3Ej
CODE:00699D96 mov edx, [ebp+var_8] ; 指向注册码
CODE:00699D99 mov eax, [ebp+var_4] ; 指向注册名
CODE:00699D9C call sub_4A16A0 ; 把注册信息写进Config.dat文件
{
CODE:004A16A0 push ebp
CODE:004A16A1 mov ebp, esp
CODE:004A16A3 add esp, 0FFFFFFF8h
CODE:004A16A6 push ebx
CODE:004A16A7 push esi
CODE:004A16A8 xor ecx, ecx
CODE:004A16AA mov [ebp+var_8], ecx
CODE:004A16AD mov [ebp+var_4], edx
CODE:004A16B0 mov esi, eax
CODE:004A16B2 xor eax, eax
CODE:004A16B4 push ebp
CODE:004A16B5 push offset loc_4A172A
CODE:004A16BA push dword ptr fs:[eax]
CODE:004A16BD mov fs:[eax], esp
CODE:004A16C0 mov edx, ds:off_6C5CB8
CODE:004A16C6 mov edx, [edx]
CODE:004A16C8 lea eax, [ebp+var_8]
CODE:004A16CB mov ecx, offset dword_4A1740
CODE:004A16D0 call sub_404EE8
CODE:004A16D5 mov ecx, [ebp+var_8]
CODE:004A16D8 mov dl, 1
CODE:004A16DA mov eax, off_432830
CODE:004A16DF call sub_4328E0
CODE:004A16E4 mov ebx, eax
CODE:004A16E6 push esi
CODE:004A16E7 mov ecx, offset aUser_0 ; "User"
CODE:004A16EC mov edx, offset aRegistration_1 ; "Registration"
CODE:004A16F1 mov eax, ebx
CODE:004A16F3 mov esi, [eax]
CODE:004A16F5 call dword ptr [esi+4] ; 写入注册名
CODE:004A16F8 mov eax, [ebp+var_4]
CODE:004A16FB push eax
CODE:004A16FC mov ecx, offset aLicense_0 ; "License"
CODE:004A1701 mov edx, offset aRegistration_1 ; "Registration"
CODE:004A1706 mov eax, ebx
CODE:004A1708 mov esi, [eax]
CODE:004A170A call dword ptr [esi+4] ; 写入注册码
CODE:004A170D mov eax, ebx
CODE:004A170F call sub_403D50
CODE:004A1714 xor eax, eax
CODE:004A1716 pop edx
CODE:004A1717 pop ecx
CODE:004A1718 pop ecx
CODE:004A1719 mov fs:[eax], edx
CODE:004A171C push offset loc_4A1731
CODE:004A1721
CODE:004A1721 loc_4A1721: ; CODE XREF: CODE:004A172Fj
CODE:004A1721 lea eax, [ebp+var_8]
CODE:004A1724