標 題:
【原創】Absolute
Video Splitter Joiner註冊算法分析
作 者:
lnn1123
時 間:
2006-08-19,12:09:58
鏈 接:
http://bbs.pediy.com/showthread.php?t=30713
Absolute Video Splitter Joiner註冊算法分析
by lnn1123
最進頹廢,找軟柿子玩玩.
用了RSA,base64
;//驗證
CODE:00506F84 sub_506F84 proc
near ; DATA XREF: CODE:00506EE0o
CODE:00506F84
CODE:00506F84 var_8 = dword
ptr
-8
CODE:00506F84 var_4 = dword
ptr
-4
CODE:00506F84
CODE:00506F84 push
ebp
CODE:00506F85 mov
ebp
, esp
CODE:00506F87 push
0
CODE:00506F89 push
0
CODE:00506F8B push
ebx
CODE:00506F8C mov
ebx
, eax
CODE:00506F8E xor
eax
, eax
CODE:00506F90 push
ebp
CODE:00506F91 push
offset
loc_507031
CODE:00506F96 push
dword
ptr
fs
:[eax
]
CODE:00506F99 mov
fs
:[eax
], esp
CODE:00506F9C lea
edx
, [ebp
+var_4]
CODE:00506F9F mov
eax
, [ebx
+314h]
CODE:00506FA5 call
@TControl@GetText$qqrv ; TControl::GetText(void)
CODE:00506FAA lea
edx
, [ebp
+var_8]
CODE:00506FAD mov
eax
, [ebx
+318h]
CODE:00506FB3 call
@TControl@GetText$qqrv ; TControl::GetText(void)
CODE:00506FB8 mov
eax
, ds
:off_51647C
CODE:00506FBD mov
eax
, [eax
]
CODE:00506FBF mov
ecx
, [ebp
+var_8]
CODE:00506FC2 mov
edx
, [ebp
+var_4]
CODE:00506FC5 call
serial_Check
CODE:00506FCA test
al
, al
CODE:00506FCC jz
short loc_506FFE
CODE:00506FCE mov
eax
, ds
:off_51647C
CODE:00506FD3 mov
eax
, [eax
]
CODE:00506FD5 mov
edx
, [ebp
+var_4]
CODE:00506FD8 call
sub_511F38
CODE:00506FDD push
40h
CODE:00506FDF mov
ecx
, offset
dword_507040
CODE:00506FE4 mov
edx
, offset
unk_507054
CODE:00506FE9 mov
eax
, ds
:off_5166DC
CODE:00506FEE mov
eax
, [eax
]
CODE:00506FF0 call
@Forms@TApplication@MessageBox$qqrpxct1i ; Forms::TApplication::MessageBox(char *,char *,int)
CODE:00506FF5 mov
eax
, ebx
CODE:00506FF7 call
@Forms@TCustomForm@Close$qqrv ; Forms::TCustomForm::Close(void)
CODE:00506FFC jmp
short loc_507016
CODE:00506FFE ; ----------------------------------------------------------------------------
CODE:00506FFE
CODE:00506FFE loc_506FFE: ; CODE XREF: sub_506F84+48j
CODE:00506FFE push
40h
CODE:00507000 mov
ecx
, offset
dword_507088
CODE:00507005 mov
edx
, offset
unk_507090
CODE:0050700A mov
eax
, ds
:off_5166DC
CODE:0050700F mov
eax
, [eax
]
CODE:00507011 call
@Forms@TApplication@MessageBox$qqrpxct1i ; Forms::TApplication::MessageBox(char *,char *,int)
CODE:00507016
CODE:00507016 loc_507016: ; CODE XREF: sub_506F84+78j
CODE:00507016 xor
eax
, eax
CODE:00507018 pop
edx
CODE:00507019 pop
ecx
CODE:0050701A pop
ecx
CODE:0050701B mov
fs
:[eax
], edx
CODE:0050701E push
offset
loc_507038
CODE:00507023
CODE:00507023 loc_507023: ; CODE XREF: sub_506F84+B2j
CODE:00507023 lea
eax
, [ebp
+var_8]
CODE:00507026 mov
edx
, 2
CODE:0050702B call
@System@@LStrArrayClr$qqrv ; System::__linkproc__ LStrArrayClr(void)
CODE:00507030 retn
CODE:00507031 ; ----------------------------------------------------------------------------
CODE:00507031
CODE:00507031 loc_507031: ; DATA XREF: sub_506F84+Do
CODE:00507031 jmp
@System@@HandleFinally$qqrv ; System::__linkproc__ HandleFinally(void)
CODE:00507036 ; ----------------------------------------------------------------------------
CODE:00507036 jmp
short loc_507023
CODE:00507038 ; ----------------------------------------------------------------------------
CODE:00507038
CODE:00507038 loc_507038: ; DATA XREF: sub_506F84+9Ao
CODE:00507038 pop
ebx
CODE:00507039 pop
ecx
CODE:0050703A pop
ecx
CODE:0050703B pop
ebp
CODE:0050703C retn
CODE:0050703C sub_506F84 endp
; sp = -4
;///////核心代碼
CODE:00511BB8 serial_Check proc
near ; CODE XREF: sub_506F84+41p
CODE:00511BB8 ; sub_511D48+100p
CODE:00511BB8
CODE:00511BB8 var_1C = dword
ptr
-1Ch
CODE:00511BB8 var_14 = dword
ptr
-14h
CODE:00511BB8 var_C = dword
ptr
-0Ch
CODE:00511BB8 var_8 = dword
ptr
-8
CODE:00511BB8 var_4 = dword
ptr
-4
CODE:00511BB8
CODE:00511BB8 push
ebp
CODE:00511BB9 mov
ebp
, esp
CODE:00511BBB add
esp
, 0FFFFFFE4h
CODE:00511BBE push
ebx
CODE:00511BBF xor
ebx
, ebx
CODE:00511BC1 mov
[ebp
+var_C], ebx
CODE:00511BC4 mov
[ebp
+var_8], ecx
CODE:00511BC7 mov
[ebp
+var_4], edx
CODE:00511BCA mov
eax
, [ebp
+var_4]
CODE:00511BCD call
@System@@LStrAddRef$qqrv ; System::__linkproc__ LStrAddRef(void)
CODE:00511BD2 mov
eax
, [ebp
+var_8]
CODE:00511BD5 call
@System@@LStrAddRef$qqrv ; System::__linkproc__ LStrAddRef(void)
CODE:00511BDA lea
eax
, [ebp
+var_14]
CODE:00511BDD mov
edx
, off_503FCC
CODE:00511BE3 call
sub_40535C
CODE:00511BE8 lea
eax
, [ebp
+var_1C]
CODE:00511BEB mov
edx
, off_503FCC
CODE:00511BF1 call
sub_40535C
CODE:00511BF6 xor
eax
, eax
CODE:00511BF8 push
ebp
CODE:00511BF9 push
offset
loc_511C7A
CODE:00511BFE push
dword
ptr
fs
:[eax
]
CODE:00511C01 mov
fs
:[eax
], esp
CODE:00511C04 xor
ebx
, ebx
CODE:00511C06 lea
edx
, [ebp
+var_14]
CODE:00511C09 mov
eax
, ds
:off_516304 ; E=0x10001
CODE:00511C0E call
RSA_init
CODE:00511C13 lea
edx
, [ebp
+var_1C]
CODE:00511C16 mov
eax
, ds
:off_516308 ; N=24CB2A2F44E2626D8CC02B027
CODE:00511C1B call
RSA_init
CODE:00511C20 lea
eax
, [ebp
+var_4]
CODE:00511C23 push
eax
CODE:00511C24 lea
ecx
, [ebp
+var_1C]
CODE:00511C27 lea
edx
, [ebp
+var_14]
CODE:00511C2A mov
eax
, [ebp
+var_4]
CODE:00511C2D call
@RSAEncrypt$qqr10AnsiStringr6TFGIntt2r10AnsiString ; RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)
CODE:00511C32 lea
edx
, [ebp
+var_C]
CODE:00511C35 mov
eax
, [ebp
+var_4]
CODE:00511C38 call
@ConvertBase256to64$qqrx10AnsiStringr10AnsiString ; ConvertBase256to64 (AnsiString,AnsiString &)
CODE:00511C3D mov
eax
, [ebp
+var_8]
CODE:00511C40 mov
edx
, [ebp
+var_C]
CODE:00511C43 call
@System@@LStrCmp$qqrv ; System::__linkproc__ LStrCmp(void)
CODE:00511C48 jnz
short loc_511C4C
CODE:00511C4A mov
bl
, 1
CODE:00511C4C
CODE:00511C4C loc_511C4C: ; CODE XREF: serial_Check+90j
CODE:00511C4C xor
eax
, eax
CODE:00511C4E pop
edx
CODE:00511C4F pop
ecx
CODE:00511C50 pop
ecx
CODE:00511C51 mov
fs
:[eax
], edx
CODE:00511C54 push
offset
loc_511C81
CODE:00511C59
CODE:00511C59 loc_511C59: ; CODE XREF: serial_Check+C7j
CODE:00511C59 lea
eax
, [ebp
+var_1C]
CODE:00511C5C mov
edx
, off_503FCC
CODE:00511C62 mov
ecx
, 2
CODE:00511C67 call
sub_405460
CODE:00511C6C lea
eax
, [ebp
+var_C]
CODE:00511C6F mov
edx
, 3
CODE:00511C74 call
@System@@LStrArrayClr$qqrv ; System::__linkproc__ LStrArrayClr(void)
CODE:00511C79 retn
CODE:00511C7A ; ----------------------------------------------------------------------------
CODE:00511C7A
CODE:00511C7A loc_511C7A: ; DATA XREF: serial_Check+41o
CODE:00511C7A jmp
@System@@HandleFinally$qqrv ; System::__linkproc__ HandleFinally(void)
CODE:00511C7F ; ----------------------------------------------------------------------------
CODE:00511C7F jmp
short loc_511C59
CODE:00511C81 ; ----------------------------------------------------------------------------
CODE:00511C81
CODE:00511C81 loc_511C81: ; DATA XREF: serial_Check+9Co
CODE:00511C81 mov
eax
, ebx
CODE:00511C83 pop
ebx
CODE:00511C84 mov
esp
, ebp
CODE:00511C86 pop
ebp
CODE:00511C87 retn
CODE:00511C87 serial_Check endp
;///RSA_Encrypto
CODE:00506A48 ; __fastcall RSAEncrypt(AnsiString, TFGInt &, TFGInt &, AnsiString &)
CODE:00506A48 @RSAEncrypt$qqr10AnsiStringr6TFGIntt2r10AnsiString proc
near
CODE:00506A48 ; CODE XREF: serial_Check+75p
CODE:00506A48 ; sub_511C88+6Ap
CODE:00506A48
CODE:00506A48 var_30 = dword
ptr
-30h
CODE:00506A48 var_2C = dword
ptr
-2Ch
CODE:00506A48 var_28 = dword
ptr
-28h
CODE:00506A48 var_24 = dword
ptr
-24h
CODE:00506A48 var_20 = dword
ptr
-20h
CODE:00506A48 var_18 = dword
ptr
-18h
CODE:00506A48 var_10 = dword
ptr
-10h
CODE:00506A48 var_8 = dword
ptr
-8
CODE:00506A48 var_4 = dword
ptr
-4
CODE:00506A48 arg_0 = dword
ptr
8
CODE:00506A48
CODE:00506A48 push
ebp
CODE:00506A49 mov
ebp
, esp
CODE:00506A4B add
esp
, 0FFFFFFD0h
CODE:00506A4E push
ebx
CODE:00506A4F push
esi
CODE:00506A50 push
edi
CODE:00506A51 xor
ebx
, ebx
CODE:00506A53 mov
[ebp
+var_30], ebx
CODE:00506A56 mov
[ebp
+var_24], ebx
CODE:00506A59 mov
[ebp
+var_28], ebx
CODE:00506A5C mov
[ebp
+var_2C], ebx
CODE:00506A5F mov
edi
, ecx
CODE:00506A61 mov
[ebp
+var_8], edx
CODE:00506A64 mov
[ebp
+var_4], eax
CODE:00506A67 mov
eax
, [ebp
+var_4]
CODE:00506A6A call
@System@@LStrAddRef$qqrv ; System::__linkproc__ LStrAddRef(void)
CODE:00506A6F lea
eax
, [ebp
+var_10]
CODE:00506A72 mov
edx
, off_503FCC
CODE:00506A78 call
sub_40535C
CODE:00506A7D lea
eax
, [ebp
+var_18]
CODE:00506A80 mov
edx
, off_503FCC
CODE:00506A86 call
sub_40535C
CODE:00506A8B lea
eax
, [ebp
+var_20]
CODE:00506A8E mov
edx
, off_503FCC
CODE:00506A94 call
sub_40535C
CODE:00506A99 xor
eax
, eax
CODE:00506A9B push
ebp
CODE:00506A9C push
offset
loc_506C8F
CODE:00506AA1 push
dword
ptr
fs
:[eax
]
CODE:00506AA4 mov
fs
:[eax
], esp
CODE:00506AA7 lea
edx
, [ebp
+var_20]
CODE:00506AAA mov
eax
, offset
_str_0_17.Text
CODE:00506AAF call
sub_5055F0
CODE:00506AB4 lea
edx
, [ebp
+var_24]
CODE:00506AB7 mov
eax
, edi
CODE:00506AB9 call
sub_50550C
CODE:00506ABE mov
eax
, [ebp
+var_24]
CODE:00506AC1 call
@System@_16823 ; System::_16823
CODE:00506AC6 mov
ebx
, eax
CODE:00506AC8 lea
edx
, [ebp
+var_24]
CODE:00506ACB mov
eax
, [ebp
+var_4]
CODE:00506ACE call
unknown_libname_660 ; FGint Signatures
CODE:00506AD3 lea
eax
, [ebp
+var_24]
CODE:00506AD6 mov
ecx
, [ebp
+var_24]
CODE:00506AD9 mov
edx
, offset
_str_111.Text ; 111是二進制,十進制是7,這裏就是在註冊名前加一個常數7計算RSA
CODE:00506ADE call
@System@@LStrCat3$qqrv ; System::__linkproc__ LStrCat3(void)
CODE:00506AE3 mov
esi
, ebx
CODE:00506AE5 dec
esi
CODE:00506AE6 jmp
short loc_506AF8
CODE:00506AE8 ; ----------------------------------------------------------------------------
CODE:00506AE8
CODE:00506AE8 loc_506AE8: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+BDj
CODE:00506AE8 lea
eax
, [ebp
+var_24]
CODE:00506AEB mov
ecx
, [ebp
+var_24]
CODE:00506AEE mov
edx
, offset
_str_0_17.Text
CODE:00506AF3 call
@System@@LStrCat3$qqrv ; System::__linkproc__ LStrCat3(void)
CODE:00506AF8
CODE:00506AF8 loc_506AF8: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+9Ej
CODE:00506AF8 mov
eax
, [ebp
+var_24]
CODE:00506AFB call
@System@_16823 ; System::_16823
CODE:00506B00 cdq
CODE:00506B01 idiv
esi
CODE:00506B03 test
edx
, edx
CODE:00506B05 jnz
short loc_506AE8
CODE:00506B07 mov
eax
, [ebp
+var_24]
CODE:00506B0A call
@System@_16823 ; System::_16823
CODE:00506B0F mov
edx
, ebx
CODE:00506B11 dec
edx
CODE:00506B12 mov
ecx
, edx
CODE:00506B14 cdq
CODE:00506B15 idiv
ecx
CODE:00506B17 mov
esi
, eax
CODE:00506B19 lea
eax
, [ebp
+var_28]
CODE:00506B1C call
@System@@LStrClr$qqrr17System@AnsiString ; System::__linkproc__ LStrClr (System::AnsiString &)
CODE:00506B21 test
esi
, esi
CODE:00506B23 jle
loc_506C33
CODE:00506B29
CODE:00506B29 loc_506B29: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+1D1 j
CODE:00506B29 lea
eax
, [ebp
+var_2C]
CODE:00506B2C push
eax
CODE:00506B2D mov
ecx
, ebx
CODE:00506B2F dec
ecx
CODE:00506B30 mov
edx
, 1
CODE:00506B35 mov
eax
, [ebp
+var_24]
CODE:00506B38 call
@System@@LStrCopy$qqrv ; System::__linkproc__ LStrCopy(void)
CODE:00506B3D jmp
short loc_506B51
CODE:00506B3F ; ----------------------------------------------------------------------------
CODE:00506B3F
CODE:00506B3F loc_506B3F: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+137 j
CODE:00506B3F lea
eax
, [ebp
+var_2C]
CODE:00506B42 mov
ecx
, 1
CODE:00506B47 mov
edx
, 1
CODE:00506B4C call
sub_404E0C
CODE:00506B51
CODE:00506B51 loc_506B51: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+F5j
CODE:00506B51 lea
eax
, [ebp
+var_30]
CODE:00506B54 push
eax
CODE:00506B55 mov
ecx
, 1
CODE:00506B5A mov
edx
, 1
CODE:00506B5F mov
eax
, [ebp
+var_2C]
CODE:00506B62 call
@System@@LStrCopy$qqrv ; System::__linkproc__ LStrCopy(void)
CODE:00506B67 mov
eax
, [ebp
+var_30]
CODE:00506B6A mov
edx
, offset
_str_0_17.Text
CODE:00506B6F call
@System@@LStrCmp$qqrv ; System::__linkproc__ LStrCmp(void)
CODE:00506B74 jnz
short loc_506B81
CODE:00506B76 mov
eax
, [ebp
+var_2C]
CODE:00506B79 call
@System@_16823 ; System::_16823
CODE:00506B7E dec
eax
CODE:00506B7F jg
short loc_506B3F
CODE:00506B81
CODE:00506B81 loc_506B81: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+12C j
CODE:00506B81 lea
edx
, [ebp
+var_10]
CODE:00506B84 mov
eax
, [ebp
+var_2C]
CODE:00506B87 call
sub_5055F0
CODE:00506B8C mov
ecx
, ebx
CODE:00506B8E dec
ecx
CODE:00506B8F lea
eax
, [ebp
+var_24]
CODE:00506B92 mov
edx
, 1
CODE:00506B97 call
sub_404E0C
CODE:00506B9C mov
eax
, [ebp
+var_2C]
CODE:00506B9F mov
edx
, offset
_str_0_17.Text
CODE:00506BA4 call
@System@@LStrCmp$qqrv ; System::__linkproc__ LStrCmp(void)
CODE:00506BA9 jnz
short loc_506BB8
CODE:00506BAB lea
edx
, [ebp
+var_18]
CODE:00506BAE lea
eax
, [ebp
+var_20]
CODE:00506BB1 call
sub_504F24
CODE:00506BB6 jmp
short loc_506BC9
CODE:00506BB8 ; ----------------------------------------------------------------------------
CODE:00506BB8
CODE:00506BB8 loc_506BB8: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+161 j
CODE:00506BB8 lea
eax
, [ebp
+var_18]
CODE:00506BBB push
eax
CODE:00506BBC mov
ecx
, edi
CODE:00506BBE mov
edx
, [ebp
+var_8]
CODE:00506BC1 lea
eax
, [ebp
+var_10]
CODE:00506BC4 call
sub_506398
CODE:00506BC9
CODE:00506BC9 loc_506BC9: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+16E j
CODE:00506BC9 lea
eax
, [ebp
+var_10]
CODE:00506BCC call
@FGIntDestroy$qqrr6TFGInt ; FGIntDestroy(TFGInt &)
CODE:00506BD1 lea
eax
, [ebp
+var_2C]
CODE:00506BD4 call
@System@@LStrClr$qqrr17System@AnsiString ; System::__linkproc__ LStrClr (System::AnsiString &)
CODE:00506BD9 lea
edx
, [ebp
+var_2C]
CODE:00506BDC lea
eax
, [ebp
+var_18]
CODE:00506BDF call
sub_50550C
CODE:00506BE4 jmp
short loc_506BF6
CODE:00506BE6 ; ----------------------------------------------------------------------------
CODE:00506BE6
CODE:00506BE6 loc_506BE6: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+1BB j
CODE:00506BE6 lea
eax
, [ebp
+var_2C]
CODE:00506BE9 mov
ecx
, [ebp
+var_2C]
CODE:00506BEC mov
edx
, offset
_str_0_17.Text
CODE:00506BF1 call
@System@@LStrCat3$qqrv ; System::__linkproc__ LStrCat3(void)
CODE:00506BF6
CODE:00506BF6 loc_506BF6: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+19C j
CODE:00506BF6 mov
eax
, [ebp
+var_2C]
CODE:00506BF9 call
@System@_16823 ; System::_16823
CODE:00506BFE cdq
CODE:00506BFF idiv
ebx
CODE:00506C01 test
edx
, edx
CODE:00506C03 jnz
short loc_506BE6
CODE:00506C05 lea
eax
, [ebp
+var_28]
CODE:00506C08 mov
edx
, [ebp
+var_2C]
CODE:00506C0B call
@System@@LStrCat$qqrv ; System::__linkproc__ LStrCat(void)
CODE:00506C10 lea
eax
, [ebp
+var_18]
CODE:00506C13 call
@FGIntDestroy$qqrr6TFGInt ; FGIntDestroy(TFGInt &)
CODE:00506C18 dec
esi
CODE:00506C19 jnz
loc_506B29
CODE:00506C1F jmp
short loc_506C33
CODE:00506C21 ; ----------------------------------------------------------------------------
CODE:00506C21
CODE:00506C21 loc_506C21: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+1FC j
CODE:00506C21 lea
eax
, [ebp
+var_28]
CODE:00506C24 mov
ecx
, 1
CODE:00506C29 mov
edx
, 1
CODE:00506C2E call
sub_404E0C
CODE:00506C33
CODE:00506C33 loc_506C33: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+DBj
CODE:00506C33 ; RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+1D7j
CODE:00506C33 mov
eax
, [ebp
+var_28]
CODE:00506C36 cmp
byte
ptr
[eax
], 30h
CODE:00506C39 jnz
short loc_506C46
CODE:00506C3B mov
eax
, [ebp
+var_28]
CODE:00506C3E call
@System@_16823 ; System::_16823
CODE:00506C43 dec
eax
CODE:00506C44 jg
short loc_506C21
CODE:00506C46
CODE:00506C46 loc_506C46: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+1F1 j
CODE:00506C46 mov
edx
, [ebp
+arg_0]
CODE:00506C49 mov
eax
, [ebp
+var_28]
CODE:00506C4C call
@ConvertBase2to256$qqr10AnsiStringr10AnsiString ; ConvertBase2to256 (AnsiString,AnsiString &)
CODE:00506C51 lea
eax
, [ebp
+var_20]
CODE:00506C54 call
@FGIntDestroy$qqrr6TFGInt ; FGIntDestroy(TFGInt &)
CODE:00506C59 xor
eax
, eax
CODE:00506C5B pop
edx
CODE:00506C5C pop
ecx
CODE:00506C5D pop
ecx
CODE:00506C5E mov
fs
:[eax
], edx
CODE:00506C61 push
offset
loc_506C96
CODE:00506C66
CODE:00506C66 loc_506C66: ; CODE XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+24C j
CODE:00506C66 lea
eax
, [ebp
+var_30]
CODE:00506C69 mov
edx
, 4
CODE:00506C6E call
@System@@LStrArrayClr$qqrv ; System::__linkproc__ LStrArrayClr(void)
CODE:00506C73 lea
eax
, [ebp
+var_20]
CODE:00506C76 mov
edx
, off_503FCC
CODE:00506C7C mov
ecx
, 3
CODE:00506C81 call
sub_405460
CODE:00506C86 lea
eax
, [ebp
+var_4]
CODE:00506C89 call
@System@@LStrClr$qqrr17System@AnsiString ; System::__linkproc__ LStrClr (System::AnsiString &)
CODE:00506C8E retn
CODE:00506C8F ; ----------------------------------------------------------------------------
CODE:00506C8F
CODE:00506C8F loc_506C8F: ; DATA XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+54o
CODE:00506C8F jmp
@System@@HandleFinally$qqrv ; System::__linkproc__ HandleFinally(void)
CODE:00506C94 ; ----------------------------------------------------------------------------
CODE:00506C94 jmp
short loc_506C66
CODE:00506C96 ; ----------------------------------------------------------------------------
CODE:00506C96
CODE:00506C96 loc_506C96: ; DATA XREF: RSAEncrypt(AnsiString,TFGInt &,TFGInt &,AnsiString &)+219 o
CODE:00506C96 pop
edi
CODE:00506C97 pop
esi
CODE:00506C98 pop
ebx
CODE:00506C99 mov
esp
, ebp
CODE:00506C9B pop
ebp
CODE:00506C9C retn
4
CODE:00506C9C @RSAEncrypt$qqr10AnsiStringr6TFGIntt2r10AnsiString endp
用的是FGint庫,不過我不熟悉這個庫,剛開始帶入E,N計算RSA,結果就是不對,後來跟蹤發現在註冊名前加了一個常數7後計算的
,還有後面這個什麼@ConvertBase256to64$qqrx10AnsiStringr10AnsiString函數,也應該是庫裏的,用這個
函數加密後的數據和
base64不一樣,裏面的表也變了,變成這樣了"aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ0123456789+="
,
不會d
elphi,不是直接調用就可以keygen了,沒辦法還得用asm寫.文章沒什麼新東西,主要是熟悉了一個FGint這個庫.
keygen asm
invoke
_BigPowMod,big_serial,big_e,big_n,big_serial
invoke
_BigOut,big_serial,16,addr
szserial
invoke
strtohex,addr
szserial,offset
string2
invoke
bbb,offset
string2,offset
outBuffer
invoke
BaseEncode,offset
outBuffer,offset
serial
下面是我寫的這個@ConvertBase256to64$qqrx10AnsiStringr10AnsiString函數的彙編代碼,代碼可能比較垃
圾,發現如果函數裏
局部變量比較大時編譯就有問題,所以就用的是全局變量
bbb proc
source1:dword
, destination:dword
pushad
invoke
lstrlen
,source1
mov
esi
,source1
lea
edi
,Bufferbits
lea
ebx
,btbuffer
mov
ecx
,eax
@loop:
mov
bitslen,0
xor
eax
,eax
lodsb
push
ecx
@@:
mov
ecx
,2
xor
edx
,edx
div
ecx
push
eax
mov
eax
,edx
.if
eax
==1
mov
eax
,031h
.else
mov
eax
,030h
.endif
stosb
inc
bitslen
pop
eax
test
eax
,eax
jnz
@B
mov
ecx
,8
mov
eax
,offset
bitslen
movzx
eax
,byte
ptr
[eax
]
sub
ecx
,eax
.if
ecx
@@:
mov
eax
,30h
stosb
dec
ecx
jnz
@B
.endif
mov
eax
,edi
dec
eax
xor
edx
,edx
aa:
mov
cl
,byte
ptr
[eax
]
mov
[ebx
],cl
dec
eax
inc
ebx
inc
edx
cmp
edx
,8
jnz
aa
pop
ecx
dec
ecx
jnz
@loop
invoke
lstrcpy
,destination,addr
btbuffer
invoke
RtlZeroMemory
,offset
Bufferbits,1024
popad
ret
bbb endp
;//string to hex
strtohex proc
inbf:DWORD
, outbf:DWORD
pushad
lea
edi
,RSAbuffer
invoke
lstrlen
,inbf
mov
ecx
,eax
mov
ebx
,2
xor
edx
,edx
div
ebx
.if
edx
mov
eax
,030h
stosb
mov
esi
,inbf
@loc:
lodsb
stosb
dec
ecx
jnz
@loc
lea
esi
,RSAbuffer
invoke
lstrlen
,offset
RSAbuffer
mov
ecx
,eax
.else
mov
esi
,inbf
.endif
mov
edi
,outbf
@@:
lodsb
.if
eax
>= 061h
sub
eax
,057h
.elseif
eax
>= 041h
sub
eax
,037h
.elseif
eax
>=030h
sub
eax
,030h
.endif
shl
eax
,4
push
eax
lodsb
dec
ecx
mov
edx
,eax
.if
edx
>= 061h
sub
edx
,057h
.elseif
edx
>= 041h
sub
edx
,037h
.elseif
edx
>=030h
sub
edx
,030h
.endif
pop
eax
add
eax
,edx
and
eax
,0ffh
stosb
dec
ecx
jnz
@B
popad
ret
strtohex endp
;//base256 final
BaseEncode proc
proc
uses
ebx
edi
esi
source:DWORD
, destination:DWORD
;pushad
mov
esi
,source
mov
sig,1
@@:
invoke
lstrlen
, source
push
eax
mov
ecx
,6
xor
edx
,edx
div
ecx
.if
edx
pop
eax
.if
sig==1
add
esi
,eax
mov
byte
ptr
[esi
],030h
.else
add
esi
,1
mov
byte
ptr
[esi
],030h
.endif
.endif
mov
sig,0
test
edx
,edx
jnz
@B
invoke
lstrlen
,source
push
eax
mov
ecx
,6
xor
edx
,edx
div
ecx
mov
edx
,eax
pop
eax
mov
ecx
,eax
mov
esi
,source
lea
edi
,tt
@hhh:
lodsb
sub
eax
,030h
stosb
dec
ecx
jnz
@hhh
lea
esi
,tt
mov
edi
,destination
mov
ecx
,edx
xor
edx
,edx
@@:
lodsb
shl
eax
,5
add
edx
,eax
lodsb
shl
eax
,4
add
edx
,eax
lodsb
shl
eax
,3
add
edx
,eax
lodsb
shl
eax
,2
add
edx
,eax
lodsb
shl
eax
,1
add
edx
,eax
lodsb
shl
eax
,0
add
edx
,eax
movzx
eax
,byte
ptr
[base64_alphabet+edx
]
xor
edx
,edx
stosb
dec
ecx
jnz
@B
;popad
ret
BaseEncode endp
Absolute Video Splitter Joiner註冊算法分析
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.