返回列表 发帖
lp乌鸦 该用户已被删除
楼主 跳转到 » 倒序看帖
打印
tT
lp乌鸦发表于 2004-4-12 08:25 | 只看该作者

[推荐]RC加密算法

软件信息 ======== 软件名称:Internet Download Manager 软件版本:3.15 下载地址http://www.internetdownloadmanager.com/idman315.exe 填入注册码部分的算法比较简单,考虑篇幅这里就不说了,只说它的重启和RC加密算法 1、 [HKEY_CURRENT_USER\Software\DownloadManager] "idmvers"="3.16 Trial" <===体验版,意思是说不是正式版了 "Serial"="ABCDE-GHIJK-MNOPQ-STUVW" 2、软件一见到注册表里的Serial键值,立马就报是60天试用版,肯定有问题(估计只是在体验版里加的) "Serial"="ABCDE-GHIJK-MNOPQ-STUVW" 3、但是,程序里依然有核心校验部分(而且用的是RC的加密算法) 0041249F . 68 A0674C00 PUSH IDMAN.004C67A0 ; |valueName = "Serial" 004124A4 . 897D FC MOV DWORD PTR SS:[EBP-4],EDI ; | 004124A7 . 52 PUSH EDX ; |hKey => 0 004124A8 . 897D EC MOV DWORD PTR SS:[EBP-14],EDI ; | 004124AB . C645 FC 01 MOV BYTE PTR SS:[EBP-4],1 ; | 004124AF . C685 5CFFFFFF >MOV BYTE PTR SS:[EBP-A4],0 ; | 004124B6 . C645 B0 00 MOV BYTE PTR SS:[EBP-50],0 ; | 004124BA . 895D E8 MOV DWORD PTR SS:[EBP-18],EBX ; | 004124BD . FFD6 CALL ESI ; \RegQueryvalueExA 004124BF . 85C0 TEST EAX,EAX 004124C1 . 75 1D JNZ SHORT IDMAN.004124E0 004124C3 . 8D85 5CFFFFFF LEA EAX,DWORD PTR SS:[EBP-A4] <===在这里可以看到注册码 004124C9 . 50 PUSH EAX ; /Arg1 004124CA . E8 21050000 CALL IDMAN.004129F0 <===跟进 ; \IDMAN.004129F0 004124CF . 83C4 04 ADD ESP,4 004124D2 . 84C0 TEST AL,AL <===要想成功,则AL必须为0 004124D4 . 75 0A JNZ SHORT IDMAN.004124E0 004124D6 . C745 EC 010000>MOV DWORD PTR SS:[EBP-14],1 004124DD . 8B7D EC MOV EDI,DWORD PTR SS:[EBP-14] 004124E0 > A1 9CB74D00 MOV EAX,DWORD PTR DS:[4DB79C] ---------------004124CA CALL IDMAN.004129F0 跟进---------------- 004129F0 /$ 55 PUSH EBP 004129F1 |. 8BEC MOV EBP,ESP 004129F3 |. 6A FF PUSH -1 004129F5 |. 68 F8CD4900 PUSH IDMAN.0049CDF8 ; SE handler installation 004129FA |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 00412A00 |. 50 PUSH EAX 00412A01 |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP 00412A08 |. 83EC 58 SUB ESP,58 00412A0B |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] 00412A0E |. 53 PUSH EBX 00412A0F |. 56 PUSH ESI 00412A10 |. 57 PUSH EDI 00412A11 |. 8BFA MOV EDI,EDX 00412A13 |. 83C9 FF OR ECX,FFFFFFFF 00412A16 |. 33C0 XOR EAX,EAX 00412A18 |. 33DB XOR EBX,EBX 00412A1A |. F2:AE REPNE SCAS BYTE PTR ES:[EDI] 00412A1C |. F7D1 NOT ECX 00412A1E |. 49 DEC ECX 00412A1F |. 8965 F0 MOV DWORD PTR SS:[EBP-10],ESP 00412A22 |. 83F9 32 CMP ECX,32 00412A25 |. 895D FC MOV DWORD PTR SS:[EBP-4],EBX 00412A28 |. 0F87 B0010000 JA IDMAN.00412BDE 00412A2E |. B9 0D000000 MOV ECX,0D 00412A33 |. 8D7D 9C LEA EDI,DWORD PTR SS:[EBP-64] 00412A36 |. F3:AB REP STOS DWORD PTR ES:[EDI] 00412A38 |. 8BFA MOV EDI,EDX 00412A3A |. 83C9 FF OR ECX,FFFFFFFF 00412A3D |. F2:AE REPNE SCAS BYTE PTR ES:[EDI] 00412A3F |. F7D1 NOT ECX 00412A41 |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64] 00412A44 |. 2BF9 SUB EDI,ECX 00412A46 |. 8BD6 MOV EDX,ESI 00412A48 |. 8BC1 MOV EAX,ECX 00412A4A |. 8BF7 MOV ESI,EDI 00412A4C |. 8BFA MOV EDI,EDX 00412A4E |. C1E9 02 SHR ECX,2 00412A51 |. F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] 00412A53 |. 8BC8 MOV ECX,EAX 00412A55 |. 83E1 03 AND ECX,3 00412A58 |. F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] 00412A5A |. 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14] 00412A5D |. E8 AE9B0200 CALL IDMAN.0043C610 00412A62 |. BF 64734C00 MOV EDI,IDMAN.004C7364 ; ASCII "506938841" 00412A67 |. 83C9 FF OR ECX,FFFFFFFF 00412A6A |. 33C0 XOR EAX,EAX 00412A6C |. C645 FC 01 MOV BYTE PTR SS:[EBP-4],1 00412A70 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI] 00412A72 |. 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8] 00412A75 |. F7D1 NOT ECX 00412A77 |. 49 DEC ECX 00412A78 |. 51 PUSH ECX 00412A79 |. 83C9 FF OR ECX,FFFFFFFF 00412A7C |. F2:AE REPNE SCAS BYTE PTR ES:[EDI] 00412A7E |. F7D1 NOT ECX 00412A80 |. 49 DEC ECX 00412A81 |. 68 64734C00 PUSH IDMAN.004C7364 ; ASCII "506938841"(估计就是密钥) 00412A86 |. 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64] 00412A89 |. 51 PUSH ECX 00412A8A |. 50 PUSH EAX <===EAX="ABCDE-GHIJK-MNOPQ-STUVW"(假注册码) 00412A8B |. 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14] 00412A8E |. E8 0D9F0200 CALL IDMAN.0043C9A0 <===一个很关键的CALL,对数据加密的CALL(用的RC2的加密方式) 00412A93 |. B2 C6 MOV DL,0C6 00412A95 |. B9 11000000 MOV ECX,11 00412A9A |. 8D7D D8 LEA EDI,DWORD PTR SS:[EBP-28] 00412A9D |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64] <===ESI为加密后的数据 00412AA0 |. 33C0 XOR EAX,EAX 00412AA2 |. C645 D8 2B MOV BYTE PTR SS:[EBP-28],2B 00412AA6 |. C645 D9 52 MOV BYTE PTR SS:[EBP-27],52 00412AAA |. C645 DA D1 MOV BYTE PTR SS:[EBP-26],0D1 00412AAE |. C645 DB 9E MOV BYTE PTR SS:[EBP-25],9E 00412AB2 |. C645 DC 8A MOV BYTE PTR SS:[EBP-24],8A 00412AB6 |. C645 DD 82 MOV BYTE PTR SS:[EBP-23],82 00412ABA |. C645 DE DE MOV BYTE PTR SS:[EBP-22],0DE 00412ABE |. C645 DF EB MOV BYTE PTR SS:[EBP-21],0EB 00412AC2 |. C645 E0 EE MOV BYTE PTR SS:[EBP-20],0EE 00412AC6 |. C645 E1 62 MOV BYTE PTR SS:[EBP-1F],62 00412ACA |. C645 E2 A4 MOV BYTE PTR SS:[EBP-1E],0A4 00412ACE |. 8855 E3 MOV BYTE PTR SS:[EBP-1D],DL 00412AD1 |. C645 E4 84 MOV BYTE PTR SS:[EBP-1C],84 00412AD5 |. C645 E5 99 MOV BYTE PTR SS:[EBP-1B],99 00412AD9 |. C645 E6 8F MOV BYTE PTR SS:[EBP-1A],8F 00412ADD |. C645 E7 1F MOV BYTE PTR SS:[EBP-19],1F 00412AE1 |. 885D E8 MOV BYTE PTR SS:[EBP-18],BL 00412AE4 |. F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] <===ESI为我们注册码加密后的结果,EDI就是上面的内定列表:(两者要相等) ******************************************** 0074DDD4 2B 52 D1 9E 8A 82 DE EB +R褳妭揠 0074DDDC EE 62 A4 C6 84 99 8F 1F 頱て剻? ******************************************** 00412AE6 |. 0F84 E7000000 JE IDMAN.00412BD3 00412AEC |. B0 BE MOV AL,0BE 00412AEE |. 8855 E1 MOV BYTE PTR SS:[EBP-1F],DL 00412AF1 |. B9 19000000 MOV ECX,19 00412AF6 |. 8D7D D0 LEA EDI,DWORD PTR SS:[EBP-30] 00412AF9 |. 8D75 9C LEA ESI,DWORD PTR SS:[EBP-64] 00412AFC |. 33D2 XOR EDX,EDX 00412AFE |. C645 D0 92 MOV BYTE PTR SS:[EBP-30],92 00412B02 |. C645 D1 F5 MOV BYTE PTR SS:[EBP-2F],0F5 00412B06 |. C645 D2 25 MOV BYTE PTR SS:[EBP-2E],25 00412B0A |. C645 D3 CD MOV BYTE PTR SS:[EBP-2D],0CD 00412B0E |. C645 D4 78 MOV BYTE PTR SS:[EBP-2C],78 00412B12 |. 8845 D5 MOV BYTE PTR SS:[EBP-2B],AL 00412B15 |. C645 D6 4A MOV BYTE PTR SS:[EBP-2A],4A 00412B19 |. C645 D7 04 MOV BYTE PTR SS:[EBP-29],4 00412B1D |. C645 D8 6A MOV BYTE PTR SS:[EBP-28],6A 00412B21 |. C645 D9 FF MOV BYTE PTR SS:[EBP-27],0FF 00412B25 |. C645 DA A3 MOV BYTE PTR SS:[EBP-26],0A3 00412B29 |. C645 DB 2C MOV BYTE PTR SS:[EBP-25],2C 00412B2D |. C645 DC 9C MOV BYTE PTR SS:[EBP-24],9C 00412B31 |. C645 DD 96 MOV BYTE PTR SS:[EBP-23],96 00412B35 |. C645 DE 28 MOV BYTE PTR SS:[EBP-22],28 00412B39 |. C645 DF B0 MOV BYTE PTR SS:[EBP-21],0B0 00412B3D |. C645 E0 26 MOV BYTE PTR SS:[EBP-20],26 00412B41 |. C645 E2 A6 MOV BYTE PTR SS:[EBP-1E],0A6 00412B45 |. C645 E3 D5 MOV BYTE PTR SS:[EBP-1D],0D5 00412B49 |. C645 E4 D8 MOV BYTE PTR SS:[EBP-1C],0D8 00412B4D |. C645 E5 E3 MOV BYTE PTR SS:[EBP-1B],0E3 00412B51 |. C645 E6 EF MOV BYTE PTR SS:[EBP-1A],0EF 00412B55 |. C645 E7 07 MOV BYTE PTR SS:[EBP-19],7 00412B59 |. 885D E8 MOV BYTE PTR SS:[EBP-18],BL 00412B5C |. F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] <===ESI为我们注册码加密后的结果,EDI就是上面的内定列表:(两者要相等) ******************************************** 0074DDCC 92 F5 25 CD 78 BE 4A 04 掯%蛒綣 0074DDD4 6A FF A3 2C 9C 96 28 B0 j
收藏 分享

返回列表 回复 发帖