记录一次非明文的crackme分析记录,和注册机的编写。
下载地址:http://pan.baidu.com/s/1ntNTCBv
软件界面如下:
软件是加壳了的,脱壳很简单就不写了。
直接od载入,下断点bp GetDlgItemTextA,f9运行,输入Name:eni,Serial:T1,点击check,直接贴注释:
在关键call,f7跟进:
s2 = T294-96
关键call,f7跟进:
用java写的注册机算法:
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
public class main {
//private static char[] table = new char[]{'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','S','Y','Z'};
private static String table = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
public static void main(String[] args) {
String name = null;
System.out.println("请输入NAME:长度不大于9,不小于3");
BufferedReader br=new BufferedReader(new InputStreamReader(System.in));
try {
while ((name=br.readLine())!=null) {
System.out.print(name);
if(name.length() < 3 || name.length() > 9) {
System.out.println("NAME长度错误");
}
else {
int name_length = name.length();
int[] nameint = new int[10];
int name_sum = 0;
for(int i = 0; i < name_length; ++i) {
nameint[i] = (int)(name.charAt(i));
name_sum += nameint[i];
System.out.println(" " + nameint[i]);
System.out.println("sum: " + name_sum);
}
int n = 0, zimu = 0;
String s1 = "", s2 = "", s3 = "";
int eax = 0, ebx = 0, ecx = 0, edx = 0, esi = 0, edi = 0;
for(int i = 0; i < name_length; ++i) {
n = i*4 -(i+1);
if(n < 0)
zimu = 0;
else
zimu = (int)(table.charAt(n));
System.out.println("zimu" + zimu);
edx = nameint[i] ^ zimu;
esi = (name_sum * i - name_sum) ^ 0xffffffff;
esi = edx + esi + 0x14d;
ecx = nameint[i] * name_length * (i + 3);
eax = esi + ecx;
edx = (eax % 0xa) + 0x30;
eax = (edx ^ 0xadac) * (i + 2);
edx = eax % 0xa + 0x30;
s1 = s1 + String.valueOf(edx - 48);
System.out.println("s1: " + s1);
//s1 = (((((nameint[i] ^ zimu + ((name_sum * i -name_sum) ^ 0xffffffff) + 0x14d + nameint[i] * name_length * (i + 3)) % 0xa + 0x30) ^ 0xadac) * (i + 2)) % 0xa) + 0x30;
//s1 = ((((nameint[i] ^ zimu + (name_sum * i - name_sum) ^ 0xffffffff + 0x14d + nameint[i] * name_length * (i + 3)) % 0xa + 0x30) ^ 0xadac) * (i + 2)) % 0xa + 0x30;
}
eax = name_length * name_sum;
edi = eax % 0x64 + 0x30;
s2 = "T" + s1 + "-" + String.valueOf(edi);
ebx = s2.length();
for(int i = 1; i < ebx; i++) {
edi = ((int)s2.charAt(i) ^ 0x20) % 0xa + 0x30;
s3 = s3 + String.valueOf(edi -48);
}
s3 = "T" + s3;
System.out.println("Serial: " + s3); //最终注册码
}
}
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}