[转载]CrackMe By ErShu算法分析
<P>文章作者: busheler</P><P><A href="http://bbs.pediy.com/upload/2006/37/files/crack_me.rar" target=_blank><FONT face=宋体 color=darkblue>附件:crack_me.rar</FONT></A><FONT face=宋体><BR>---------------------------------------------------------<BR><BR>【破文标题】CrackMeByErShu算法分析<BR>【破文作者】Busheler<BR>【作者邮箱】busheler@sohu.com<BR>【作者主页】<BR>【破解工具】odbg110,win32dasm,PEiDv0.94<BR>【破解平台】Windows2000<BR>【软件名称】CrackMeByErShu<BR>【软件大小】20.0KB<BR>【原版下载】[url]http://www.chinapyg.cn/attachment.php?aid=51[/url]<BR>【保护方式】<BR>【软件简介】一个很简单的CRACKME,此为算法CRACKME,如果只找注册码没什么难度~~~~~~<BR>------------------------------------------------------------------------<BR>一、脱壳:<BR>PEiDv0.94查壳无发现,MicrosoftVisualC++6.0,无马甲。<BR><BR>二、找资源:<BR>win32dasm载入找到如下信息:<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:004015BB(C)<BR>|<BR>:004015DD8D542404leaedx,dwordptr[esp+04]<BR>:004015E150pusheax<BR>:004015E252pushedx<BR>:004015E38BCEmovecx,esi<BR>:004015E5E866000000call00401650<BR>:004015EA8B4664moveax,dwordptr[esi+64]<BR>:004015EDC744241000000000mov[esp+10],00000000<BR>:004015F550pusheax<BR>:004015F68B442408moveax,dwordptr[esp+08]<BR>:004015FA50pusheax<BR><BR>*ReferenceTo:MSVCRT._mbscmp,Ord:0159h<BR>|<BR>:004015FBFF15C8214000Calldwordptr[004021C8]<BR>:0040160183C408addesp,00000008<BR>:0040160485C0testeax,eax<BR>:004016066A00push00000000<BR>:004016086A00push00000000<BR>:0040160A750Ejne0040161A<BR><BR>*PossibleStringDataReffromDataObj->"Great!pf!pf!"<BR>|<BR>:0040160C6828304000push00403028<BR>:004016118BCEmovecx,esi<BR><BR>*ReferenceTo:MFC42.Ordinal:1080,Ord:1080h<BR>|<BR>:00401613E8FC040000Call00401B14<BR>:00401618EB15jmp0040162F<BR><BR>*Referencedbya(U)nconditionalor(C)onditionalJumpatAddress:<BR>|:0040160A(C)<BR>|<BR><BR>*PossibleStringDataReffromDataObj->"fail!"<BR>|<BR>:0040161A6820304000push00403020<BR>:0040161F8BCEmovecx,esi<BR><BR>*ReferenceTo:MFC42.Ordinal:1080,Ord:1080h<BR>|<BR>:00401621E8EE040000Call00401B14<BR>:004016266A00push00000000<BR>:004016288BCEmovecx,esi<BR><BR>*ReferenceTo:MFC42.Ordinal:18BE,Ord:18BEh<BR><BR><BR>三、踏上破解之路:<BR><BR>odbg110载入:<BR><BR>很容易找到要点:在401590处F2下断<BR><BR>用户名:busheler<BR>试验码:123456789<BR><BR>确定,即被断下<BR><BR>00401590.6AFFPUSH-1<BR>00401592.68381E4000PUSHCrack_Me.00401E38;SEhandlerinstallation<BR>00401597.64:A100000000MOVEAX,DWORDPTRFS:[0]<BR>0040159D.50PUSHEAX<BR>0040159E.64:8925000000>MOVDWORDPTRFS:[0],ESP<BR>004015A5.51PUSHECX<BR>004015A6.56PUSHESI<BR>004015A7.8BF1MOVESI,ECX<BR>004015A9.6A01PUSH1<BR>004015AB.E86A050000CALL<JMP.&MFC42.#6334><BR>004015B0.8B4E60MOVECX,DWORDPTRDS:[ESI+60];用户名入ECX<BR>004015B3.8D4660LEAEAX,DWORDPTRDS:[ESI+60]<BR>004015B6.8B51F8MOVEDX,DWORDPTRDS:[ECX-8];用户名长度入EDX<BR>004015B9.85D2TESTEDX,EDX<BR>004015BB.7520JNZSHORTCrack_Me.004015DD;用户名不为0跳<BR>004015BD.6A00PUSH0<BR>004015BF.6A00PUSH0<BR>004015C1.6838304000PUSHCrack_Me.00403038;ASCII"UserNameisempty!"<BR>004015C6.8BCEMOVECX,ESI<BR>004015C8.E847050000CALL<JMP.&MFC42.#4224><BR>004015CD.5EPOPESI<BR>004015CE.8B4C2404MOVECX,DWORDPTRSS:[ESP+4]<BR>004015D2.64:890D000000>MOVDWORDPTRFS:[0],ECX<BR>004015D9.83C410ADDESP,10<BR>004015DC.C3RET<BR>004015DD>8D542404LEAEDX,DWORDPTRSS:[ESP+4]<BR>004015E1.50PUSHEAX;/Arg2<BR>004015E2.52PUSHEDX;|Arg1<BR>004015E3.8BCEMOVECX,ESI;|<BR>004015E5.E866000000CALLCrack_Me.00401650;\去计算注册码!!!<BR>004015EA.8B4664MOVEAX,DWORDPTRDS:[ESI+64];试练码入EAX<BR>004015ED.C74424100000>MOVDWORDPTRSS:[ESP+10],0<BR>004015F5.50PUSHEAX;/s2<BR>004015F6.8B442408MOVEAX,DWORDPTRSS:[ESP+8];|真注册码入EAX<BR>004015FA.50PUSHEAX;|s1<BR>004015FB.FF15C8214000CALLDWORDPTRDS:[<&MSVCRT._mbscmp>];\注册码对比!在这里下断点可直接看到注册码了,可是现在<BR><BR>的软件有几个有这等好事啊?<BR>00401601.83C408ADDESP,8<BR>00401604.85C0TESTEAX,EAX<BR>00401606.6A00PUSH0<BR>00401608.6A00PUSH0<BR>0040160A.750EJNZSHORTCrack_Me.0040161A;不等跳!<BR>0040160C.6828304000PUSHCrack_Me.00403028;ASCII"Great!pf!pf!"<BR>00401611.8BCEMOVECX,ESI<BR>00401613.E8FC040000CALL<JMP.&MFC42.#4224><BR>00401618.EB15JMPSHORTCrack_Me.0040162F<BR>0040161A>6820304000PUSHCrack_Me.00403020;ASCII"fail!"<BR>0040161F.8BCEMOVECX,ESI<BR>00401621.E8EE040000CALL<JMP.&MFC42.#4224><BR>00401626.6A00PUSH0<BR>00401628.8BCEMOVECX,ESI<BR>0040162A.E8EB040000CALL<JMP.&MFC42.#6334><BR>0040162F>8D4C2404LEAECX,DWORDPTRSS:[ESP+4]<BR>00401633.C7442410FFFF>MOVDWORDPTRSS:[ESP+10],-1<BR>0040163B.E8C0030000CALL<JMP.&MFC42.#800><BR>00401640.8B4C2408MOVECX,DWORDPTRSS:[ESP+8]<BR>00401644.5EPOPESI<BR>00401645.64:890D000000>MOVDWORDPTRFS:[0],ECX<BR>0040164C.83C410ADDESP,10<BR>0040164F.C3RET<BR><BR>--------------<BR><BR>跟随CALLCrack_Me.00401650进取看看注册码是如何炼成的......哇这么厉害,好长一段代码啊!<BR><BR>00401650/$6AFFPUSH-1<BR>00401652|.686F1E4000PUSHCrack_Me.00401E6F;SEhandlerinstallation<BR>00401657|.64:A100000000MOVEAX,DWORDPTRFS:[0]<BR>0040165D|.50PUSHEAX<BR>0040165E|.64:8925000000>MOVDWORDPTRFS:[0],ESP<BR>00401665|.83EC34SUBESP,34<BR>00401668|.33C0XOREAX,EAX<BR>0040166A|.53PUSHEBX<BR>0040166B|.89442421MOVDWORDPTRSS:[ESP+21],EAX<BR>0040166F|.55PUSHEBP<BR>00401670|.89442429MOVDWORDPTRSS:[ESP+29],EAX<BR>00401674|.56PUSHESI<BR>00401675|.89442431MOVDWORDPTRSS:[ESP+31],EAX<BR>00401679|.33DBXOREBX,EBX<BR>0040167B|.89442435MOVDWORDPTRSS:[ESP+35],EAX<BR>0040167F|.57PUSHEDI<BR>00401680|.8D4C2418LEAECX,DWORDPTRSS:[ESP+18]<BR>00401684|.895C2420MOVDWORDPTRSS:[ESP+20],EBX<BR>00401688|.885C242CMOVBYTEPTRSS:[ESP+2C],BL<BR>0040168C|.8944243DMOVDWORDPTRSS:[ESP+3D],EAX<BR>00401690|.E855040000CALL<JMP.&MFC42.#540><BR>00401695|.6A0APUSH0A;/pFileSystemNameSize=0000000A<BR>00401697|.53PUSHEBX;|pFileSystemNameBuffer<BR>00401698|.53PUSHEBX;|pFileSystemFlags<BR>00401699|.8D4C241CLEAECX,DWORDPTRSS:[ESP+1C];|<BR>0040169D|.53PUSHEBX;|pMaxFilenameLength<BR>0040169E|.51PUSHECX;|pVolumeSerialNumber<BR>0040169F|.6A0CPUSH0C;|MaxVolumeNameSize=C(12.)<BR>004016A1|.BE01000000MOVESI,1;|<BR>004016A6|.53PUSHEBX;|VolumeNameBuffer<BR>004016A7|.6850304000PUSHCrack_Me.00403050;|RootPathName="C:\"<BR>004016AC|.8974246CMOVDWORDPTRSS:[ESP+6C],ESI;|<BR>004016B0|.895C2434MOVDWORDPTRSS:[ESP+34],EBX;|<BR>004016B4|.33EDXOREBP,EBP;|<BR>004016B6|.895C2430MOVDWORDPTRSS:[ESP+30],EBX;|<BR>004016BA|.FF1500204000CALLDWORDPTRDS:[<&KERNEL32.GetVolumeI>;\GetVolumeInformationA<BR>004016C0|.8B442410MOVEAX,DWORDPTRSS:[ESP+10];磁盘信息:即C盘序列号A40D9506入EAX<BR>004016C4|.8B542458MOVEDX,DWORDPTRSS:[ESP+58]<BR>004016C8|.3526038319XOREAX,19830326;C盘序列号与19830326做异或运算,结果入EAX,也就是第四<BR><BR>段基础数据<BR>004016CD|.83C9FFORECX,FFFFFFFF<BR>004016D0|.8B12MOVEDX,DWORDPTRDS:[EDX];用户名入EDX<BR>004016D2|.89442410MOVDWORDPTRSS:[ESP+10],EAX<BR>004016D6|.8BFAMOVEDI,EDX<BR>004016D8|.33C0XOREAX,EAX<BR>004016DA|.F2:AEREPNESCASBYTEPTRES:[EDI]<BR>004016DC|.F7D1NOTECX<BR>004016DE|.49DECECX<BR>004016DF|.8954241CMOVDWORDPTRSS:[ESP+1C],EDX<BR>004016E3|.8BF9MOVEDI,ECX<BR>004016E5|.0F84BC010000JECrack_Me.004018A7<BR>004016EB|.3BFECMPEDI,ESI<BR>004016ED|.89742458MOVDWORDPTRSS:[ESP+58],ESI<BR>004016F1|.0F8CAF000000JLCrack_Me.004017A6<BR>004016F7|.DD0530254000FLDQWORDPTRDS:[402530];ST(0)=0<BR>004016FD|.EB04JMPSHORTCrack_Me.00401703<BR>004016FF|>8B54241C/MOVEDX,DWORDPTRSS:[ESP+1C];第一段基础数据开始:用户名入EDX<BR>00401703|>8A5C32FFMOVBL,BYTEPTRDS:[EDX+ESI-1];用户名ASCII码入DL<BR>00401707|.DB442458|FILDDWORDPTRSS:[ESP+58];用户名位数入ST(0)<BR>0040170B|.0FBEC3|MOVSXEAX,BL;EAX=BL<BR>0040170E|.DD5C2424|FSTPQWORDPTRSS:[ESP+24];用户名位数入ST(7)<BR>00401712|.89442458|MOVDWORDPTRSS:[ESP+58],EAX;用户名ASCII入SS:[ESP+58]<BR>00401716|.DB442458|FILDDWORDPTRSS:[ESP+58];用户名入ST(0)10进制<BR>0040171A|.0FBECB|MOVSXECX,BL;ECX=BL<BR>0040171D|.D9FA|FSQRT;ST(0)开平方<BR>0040171F|.0FAFCE|IMULECX,ESI;用户名位数与其对应注册码ASCII码相乘<BR>00401722|.DC4C2424|FMULQWORDPTRSS:[ESP+24];用户名位数与其对应注册码ASCII码(10进制)平方根相乘<BR>00401726|.DC0528254000|FADDQWORDPTRDS:[402528];乘积+1<BR>0040172C|.0FAFCE|IMULECX,ESI;40171F乘积与用户名位数相乘<BR>0040172F|.894C2458|MOVDWORDPTRSS:[ESP+58],ECX<BR>00401733|.DB442458|FILDDWORDPTRSS:[ESP+58];用户名入ST(0)10进制<BR>00401737|.DEC9|FMULPST(1),ST;ST(0)*ST(1)结果入ST(0)<BR>00401739|.D8C1|FADDST,ST(1);ST(0)+ST(1)结果入ST(7)<BR>0040173B|.E836040000|CALL<JMP.&MSVCRT._ftol><BR>00401740|.99|CDQ<BR>00401741|.DDD8|FSTPST<BR>00401743|.B9A0860100|MOVECX,186A0<BR>00401748|.F7F9|IDIVECX;求前面求出数除以100000的余数,第一段基础数据<BR>0040174A|.89542414|MOVDWORDPTRSS:[ESP+14],EDX<BR>0040174E|.0FBED3|MOVSXEDX,BL;第二段基础数据开始:<BR>00401751|.89542458|MOVDWORDPTRSS:[ESP+58],EDX<BR>00401755|.DB442458|FILDDWORDPTRSS:[ESP+58]<BR>00401759|.DD0520254000|FLDQWORDPTRDS:[402520]<BR>0040175F|.E80C040000|CALL<JMP.&MSVCRT._CIpow>;用户名ASCII码平方<BR>00401764|.DC4C2424|FMULQWORDPTRSS:[ESP+24];再乘以位数<BR>00401768|.E809040000|CALL<JMP.&MSVCRT._ftol><BR>0040176D|.DB442414|FILDDWORDPTRSS:[ESP+14]<BR>00401771|.8BCE|MOVECX,ESI<BR>00401773|.0FAFCD|IMULECX,EBP;上次算出本段算出值乘以用户名位数<BR>00401776|.D9C0|FLDST<BR>00401778|.D9FA|FSQRT;求开方<BR>0040177A|.03C1|ADDEAX,ECX<BR>0040177C|.B9A0860100|MOVECX,186A0<BR>00401781|.99|CDQ<BR>00401782|.F7F9|IDIVECX;求前面求出数除以100000的余数,第二段基础数据<BR>00401784|.8BEA|MOVEBP,EDX<BR>00401786|.E8EB030000|CALL<JMP.&MSVCRT._ftol>;第三段基础数据开始:<BR>0040178B|.03C5|ADDEAX,EBP<BR>0040178D|.B9A0860100|MOVECX,186A0<BR>00401792|.99|CDQ<BR>00401793|.F7F9|IDIVECX;求前面求出数除以100000的余数,第三段基础数据<BR>00401795|.46|INCESI<BR>00401796|.3BF7|CMPESI,EDI<BR>00401798|.89742458|MOVDWORDPTRSS:[ESP+58],ESI<BR>0040179C|.8BDA|MOVEBX,EDX<BR>0040179E|.^0F8E5BFFFFFF\JLECrack_Me.004016FF;循环次数小于等于用户名位数继续循环<BR>004017A4|.DDD8FSTPST<BR>004017A6|>33C0XOREAX,EAX;置循环头0<BR>004017A8|>8BD0/MOVEDX,EAX;循环5次:0--4<BR>004017AA|.8B4C2414|MOVECX,DWORDPTRSS:[ESP+14]<BR>004017AE|.0FAFD0|IMULEDX,EAX<BR>004017B1|.0FAFD0|IMULEDX,EAX<BR>004017B4|.8D540A1F|LEAEDX,DWORDPTRDS:[EDX+ECX+1F];EAX^3+第一段数据+31<BR>004017B8|.81E27F000080|ANDEDX,8000007F<BR>004017BE|.7905|JNSSHORTCrack_Me.004017C5<BR>004017C0|.4A|DECEDX<BR>004017C1|.83CA80|OREDX,FFFFFF80<BR>004017C4|.42|INCEDX<BR>004017C5|>8854042C|MOVBYTEPTRSS:[ESP+EAX+2C],DL;DL入SS:[ESP+EAX+2C],后面用来计算1-5位注册码用。<BR>004017C9|.40|INCEAX;EAX+1<BR>004017CA|.83F805|CMPEAX,5<BR>004017CD|.^7CD9\JLSHORTCrack_Me.004017A8<BR>004017CF|.B805000000MOVEAX,5;置循环头<BR>004017D4|>8BC8/MOVECX,EAX;循环5次:5--9<BR>004017D6|.0FAFC8|IMULECX,EAX<BR>004017D9|.0FAFC8|IMULECX,EAX<BR>004017DC|.8D54291F|LEAEDX,DWORDPTRDS:[ECX+EBP+1F];EAX^3+第二段基础数据数据+31<BR>004017E0|.81E27F000080|ANDEDX,8000007F<BR>004017E6|.7905|JNSSHORTCrack_Me.004017ED<BR>004017E8|.4A|DECEDX<BR>004017E9|.83CA80|OREDX,FFFFFF80<BR>004017EC|.42|INCEDX<BR>004017ED|>8854042C|MOVBYTEPTRSS:[ESP+EAX+2C],DL;DL入SS:[ESP+EAX+2C],后面用来计算6-10位注册码用<BR>004017F1|.40|INCEAX;EAX+1<BR>004017F2|.83F80A|CMPEAX,0A<BR>004017F5|.^7CDD\JLSHORTCrack_Me.004017D4<BR>004017F7|.B80A000000MOVEAX,0A;置循环头<BR>004017FC|>8BC8/MOVECX,EAX;循环5次:10--14<BR>004017FE|.0FAFC8|IMULECX,EAX<BR>00401801|.0FAFC8|IMULECX,EAX<BR>00401804|.8D54191F|LEAEDX,DWORDPTRDS:[ECX+EBX+1F];EAX^3+第三段基础数据数据+31<BR>00401808|.81E27F000080|ANDEDX,8000007F<BR>0040180E|.7905|JNSSHORTCrack_Me.00401815<BR>00401810|.4A|DECEDX<BR>00401811|.83CA80|OREDX,FFFFFF80<BR>00401814|.42|INCEDX<BR>00401815|>8854042C|MOVBYTEPTRSS:[ESP+EAX+2C],DL;DL入SS:[ESP+EAX+2C],后面用来计算11-15位注册码用<BR>00401819|.40|INCEAX;EAX+1<BR>0040181A|.83F80F|CMPEAX,0F<BR>0040181D|.^7CDD\JLSHORTCrack_Me.004017FC<BR>0040181F|.B80F000000MOVEAX,0F;置循环头<BR>00401824|>8BC8/MOVECX,EAX;循环5次:15--19<BR>00401826|.8B542410|MOVEDX,DWORDPTRSS:[ESP+10]<BR>0040182A|.0FAFC8|IMULECX,EAX<BR>0040182D|.0FAFC8|IMULECX,EAX<BR>00401830|.8D4C111F|LEAECX,DWORDPTRDS:[ECX+EDX+1F];EAX^3+第四段基础数据+31<BR>00401834|.81E17F000080|ANDECX,8000007F<BR>0040183A|.7905|JNSSHORTCrack_Me.00401841<BR>0040183C|.49|DECECX<BR>0040183D|.83C980|ORECX,FFFFFF80<BR>00401840|.41|INCECX<BR>00401841|>884C042C|MOVBYTEPTRSS:[ESP+EAX+2C],CL;DL入SS:[ESP+EAX+2C],后面用来计算15-20位注册码用<BR>00401845|.40|INCEAX;EAX+1<BR>00401846|.83F814|CMPEAX,14<BR>00401849|.^7CD9\JLSHORTCrack_Me.00401824<BR>0040184B|.33D2XOREDX,EDX<BR>0040184D|.33C9XORECX,ECX;计算注册码开始,循环头置0<BR>0040184F|>8A44142C/MOVAL,BYTEPTRSS:[ESP+EDX+2C];<BR>00401853|.3C30|CMPAL,30<BR>00401855|.7C04|JLSHORTCrack_Me.0040185B;小于跳<BR>00401857|.3C39|CMPAL,39<BR>00401859|.7E29|JLESHORTCrack_Me.00401884;小于等于跳<BR>0040185B|>3C41|CMPAL,41<BR>0040185D|.7C04|JLSHORTCrack_Me.00401863;小于跳<BR>0040185F|.3C5A|CMPAL,5A<BR>00401861|.7E21|JLESHORTCrack_Me.00401884;小于等于跳<BR>00401863|>3C61|CMPAL,61<BR>00401865|.7C04|JLSHORTCrack_Me.0040186B;小于跳<BR>00401867|.3C7A|CMPAL,7A<BR>00401869|.7E19|JLESHORTCrack_Me.00401884;小于等于跳<BR>0040186B|>0FBEC0|MOVSXEAX,AL<BR>0040186E|.8D44081F|LEAEAX,DWORDPTRDS:[EAX+ECX+1F]<BR>00401872|.257F000080|ANDEAX,8000007F<BR>00401877|.7905|JNSSHORTCrack_Me.0040187E<BR>00401879|.48|DECEAX<BR>0040187A|.83C880|OREAX,FFFFFF80<BR>0040187D|.40|INCEAX<BR>0040187E|>8844142C|MOVBYTEPTRSS:[ESP+EDX+2C],AL<BR>00401882|.^EBCB|JMPSHORTCrack_Me.0040184F<BR>00401884|>83C107|ADDECX,7;ECX循环加7<BR>00401887|.42|INCEDX<BR>00401888|.81F98C000000|CMPECX,8C;ECX和140比较小于继续循环,大于等于跳出循环,也就是循<BR><BR>环20次俄!<BR>0040188E|.^7CBF\JLSHORTCrack_Me.0040184F<BR>00401890|.8D4C242CLEAECX,DWORDPTRSS:[ESP+2C];计算注册码结束,来这里,注册码入ECX<BR>00401894|.8D542418LEAEDX,DWORDPTRSS:[ESP+18]<BR>00401898|.51PUSHECX<BR>00401899|.684C304000PUSHCrack_Me.0040304C;ASCII"%s"<BR>0040189E|.52PUSHEDX<BR>0040189F|.E882020000CALL<JMP.&MFC42.#2818><BR>004018A4|.83C40CADDESP,0C<BR>004018A7|>8B742454MOVESI,DWORDPTRSS:[ESP+54]<BR>004018AB|.8D442418LEAEAX,DWORDPTRSS:[ESP+18]<BR>004018AF|.50PUSHEAX<BR>004018B0|.8BCEMOVECX,ESI<BR>004018B2|.E869020000CALL<JMP.&MFC42.#535><BR>004018B7|.C74424200100>MOVDWORDPTRSS:[ESP+20],1<BR>004018BF|.8D4C2418LEAECX,DWORDPTRSS:[ESP+18]<BR>004018C3|.C644244C00MOVBYTEPTRSS:[ESP+4C],0<BR>004018C8|.E833010000CALL<JMP.&MFC42.#800><BR>004018CD|.8B4C2444MOVECX,DWORDPTRSS:[ESP+44]<BR>004018D1|.8BC6MOVEAX,ESI<BR>004018D3|.5FPOPEDI<BR>004018D4|.5EPOPESI<BR>004018D5|.5DPOPEBP<BR>004018D6|.5BPOPEBX<BR>004018D7|.64:890D000000>MOVDWORDPTRFS:[0],ECX<BR>004018DE|.83C440ADDESP,40<BR>004018E1\.C20800RET8<BR><BR><BR><BR><BR>四、算法分析总结<BR><BR>注册码的计算分为三个阶段:<BR><BR>1、计算四段基础数据,前三段是用用户名计算出,第四组是用C盘序列号计算出。<BR><BR>2、分别用前面四组基础数据分别计算出5组数据码,总为20组数据码,用以计算注册码。<BR><BR>3、用20组数据码计算出20位注册码。<BR><BR>五、注册算法<BR><BR>用户名:busheler<BR>注册码:G0kXIDhnGvowqm0vN2AR<BR><BR>好繁哪!!做个注册机可能比写算法简单多了。<BR><BR>贴上易语言注册机过程码(我正在学习易语言中。。。。),因代码没有优化,显得有点乱,但不影响理解。<BR>可以对照上面的注册分析看。<BR>===================================================<BR>.版本2<BR><BR>.程序集窗口程序集1<BR><BR>.子程序_取消_被单击<BR><BR>销毁()<BR><BR>.子程序_确定_被单击<BR>.局部变量用户名,文本型<BR>.局部变量用户名长度,长整数型<BR><BR>用户名=删全部空(输入编辑框.内容)<BR>用户名长度=取文本长度(用户名)<BR>.如果(用户名长度<1)<BR>结果编辑框.内容=“请输入用户名!”<BR>.否则<BR>结果编辑框.内容=注册码(用户名,用户名长度)<BR>返回()<BR>.如果结束<BR>返回()<BR><BR>.子程序__启动窗口_创建完毕<BR><BR>结果编辑框.内容=busheler@****.com<BR><BR>.子程序注册码,文本型<BR>.参数用户名,文本型<BR>.参数用户名长度,长整数型<BR>.局部变量c盘序列号,文本型<BR>.局部变量异或值,长整数型<BR>.局部变量a,整数型<BR>.局部变量基础1,长整数型<BR>.局部变量基础2,长整数型<BR>.局部变量基础3,长整数型<BR>.局部变量基础4,长整数型<BR>.局部变量数据码,文本型<BR>.局部变量数据码1,文本型<BR>.局部变量数据码2,文本型<BR>.局部变量数据码3,文本型<BR>.局部变量数据码4,文本型<BR>.局部变量注册码,文本型<BR>.局部变量中间码,文本型<BR>.局部变量n,整数型<BR>.局部变量最后注册码,文本型<BR>.局部变量aa,整数型<BR>.局部变量bb,长整数型<BR>.局部变量cc,长整数型<BR>.局部变量ee,文本型<BR><BR><BR>'程序第一部分:计算四段基础数据:<BR>基础1=0<BR>基础2=0<BR>基础3=0<BR>基础4=0<BR><BR>'取C盘序列号。<BR>c盘序列号=取磁盘序列号()<BR><BR>'C盘序列号与19830326做异或运算,并是第四段基础数据。<BR>异或值=位异或(428016422,到数值(取十进制文本(c盘序列号,16)))<BR><BR><BR>'开始用用户名计算出四段基础数据:<BR>.变量循环首(1,用户名长度,1,n)<BR>a=取代码(用户名,n)<BR>基础1=取整((求次方(a,1÷2)×n+1)×a×n×n+基础1)%100000<BR>基础2=(求次方(a,2)×n+基础2×n)%100000<BR>基础3=(基础2+取整(求次方(基础1,1÷2)))%100000<BR>.变量循环尾()<BR>基础4=异或值<BR>'计算结束!<BR><BR>'程序第二部分,计算出20组数据码:<BR>数据码=“”<BR>数据码1=“”<BR>数据码2=“”<BR>数据码3=“”<BR>数据码4=“”<BR><BR>'计算第一组1-5组数据码:<BR>数据码1=计算数据码(基础1,0,4)<BR><BR>'计算第二组5-10组数据码:<BR>数据码2=计算数据码(基础2,5,9)<BR><BR>'计算第三组10-15组数据码:<BR>数据码3=计算数据码(基础3,10,14)<BR><BR>'计算第四组15-20组数据码:<BR>数据码4=计算数据码(基础4,15,19)<BR><BR>数据码=数据码1+数据码2+数据码3+数据码4<BR><BR>'程序第三部分,计算注册码:<BR>注册码=计算注册码(数据码,0,133)<BR><BR>返回(注册码)<BR><BR><BR><BR>.子程序取磁盘序列号,文本型,,读取磁盘序列号,你可以更改盘符来取不同盘的序列号<BR>.局部变量pos,整数型<BR>.局部变量HiWord,整数型<BR>.局部变量LoWord,长整数型<BR>.局部变量VolumeSN,整数型<BR>.局部变量MaxFNLen,整数型<BR>.局部变量Temp1,文本型<BR>.局部变量Temp2,文本型<BR>.局部变量DriveVolume,文本型<BR><BR><BR>DriveVolume=“C:\”<BR>Temp1=取空白文本(255)<BR>Temp2=取空白文本(255)<BR><BR>pos=GetVolumeInformation(DriveVolume,Temp1,255,VolumeSN,0,0,Temp2,255)<BR><BR>返回(到文本(取十六进制文本(VolumeSN)))<BR><BR><BR><BR>.子程序计算数据码,文本型<BR>.参数基础,长整数型<BR>.参数x1,整数型<BR>.参数x2,整数型<BR>.局部变量y,整数型<BR>.局部变量a1,长整数型<BR>.局部变量a2,长整数型<BR>.局部变量aa,整数型<BR>.局部变量ab,整数型<BR>.局部变量数据码,文本型<BR><BR>数据码=“”<BR><BR>.变量循环首(x1,x2,1,y)<BR>a1=y×y×y+基础+31<BR>aa=位与(a1,-2147483521)<BR>.如果(aa<0)<BR>aa=位或(aa-1,-128)+1<BR>.否则<BR><BR>.如果结束<BR><BR>.如果(取文本长度(取文本右边(到文本(取十六进制文本(aa)),2))=1)<BR>数据码=数据码+“0”<BR>.否则<BR>.如果(取文本长度(取文本右边(到文本(取十六进制文本(aa)),2))=0)<BR>数据码=数据码+“00”<BR>.否则<BR><BR>.如果结束<BR><BR>.如果结束<BR><BR>数据码=数据码+取文本右边(到文本(取十六进制文本(aa)),2)<BR><BR>.变量循环尾()<BR>返回(数据码)<BR><BR><BR>.子程序计算注册码,文本型<BR>.参数数据码,文本型<BR>.参数x1,整数型<BR>.参数x2,整数型<BR>.局部变量n,整数型<BR>.局部变量a,长整数型<BR>.局部变量b,长整数型<BR>.局部变量c,长整数型<BR>.局部变量f,文本型<BR>.局部变量xunhuan,整数型<BR>.局部变量zhucema,文本型<BR>.局部变量g,长整数型<BR><BR>zhucema=“”<BR>f=“”<BR>xunhuan=0<BR><BR>x1=0<BR>x2=133<BR><BR>.变量循环首(x1,x2,7,n)<BR>a=到数值(取十进制文本(取文本中间(数据码,n÷7×2+1,2),16))<BR><BR>'输出调试文本(到文本(a))<BR>g=a<BR>.循环判断首()<BR>输出调试文本(到文本(g))<BR>.如果(g≥48)<BR>.如果(g>57)<BR>.如果(g≥65)<BR>.如果(g>90)<BR>.如果(g≥97)<BR>.如果(g>122)<BR>b=g+n+31<BR>c=位与(b,-2147483521)<BR>.如果(c<0)<BR>c=位或(c-1,-128)+1<BR>.否则<BR><BR>.如果结束<BR><BR>.如果(取文本长度(取文本右边(到文本(取十六进制文本(c)),2))=1)<BR>f=“0”+取文本右边(到文本(取十六进制文本(c)),2)<BR>.否则<BR>.如果(取文本长度(取文本右边(到文本(取十六进制文本(c)),2))=0)<BR>f=“00”+取文本右边(到文本(取十六进制文本(c)),2)<BR>.否则<BR>f=取文本右边(到文本(取十六进制文本(c)),2)<BR>.如果结束<BR><BR>.如果结束<BR>g=到数值(取十进制文本(f,16))<BR>到循环尾()<BR><BR>.否则<BR>跳出循环()<BR>.如果结束<BR><BR>.否则<BR>b=g+n+31<BR>c=位与(b,-2147483521)<BR>.如果(c<0)<BR>c=位或(c-1,-128)+1<BR>.否则<BR><BR>.如果结束<BR><BR>.如果(取文本长度(取文本右边(到文本(取十六进制文本(c)),2))=1)<BR>f=“0”+取文本右边(到文本(取十六进制文本(c)),2)<BR>.否则<BR>.如果(取文本长度(取文本右边(到文本(取十六进制文本(c)),2))=0)<BR>f=“00”+取文本右边(到文本(取十六进制文本(c)),2)<BR>.否则<BR>f=取文本右边(到文本(取十六进制文本(c)),2)<BR>.如果结束<BR><BR>.如果结束<BR>g=到数值(取十进制文本(f,16))<BR>到循环尾()<BR><BR>.如果结束<BR><BR>.否则<BR>跳出循环()<BR>.如果结束<BR><BR>.否则<BR>b=g+n+31<BR>c=位与(b,-2147483521)<BR>.如果(c<0)<BR>c=位或(c-1,-128)+1<BR>.否则<BR><BR>.如果结束<BR><BR>.如果(取文本长度(取文本右边(到文本(取十六进制文本(c)),2))=1)<BR>f=“0”+取文本右边(到文本(取十六进制文本(c)),2)<BR>.否则<BR>.如果(取文本长度(取文本右边(到文本(取十六进制文本(c)),2))=0)<BR>f=“00”+取文本右边(到文本(取十六进制文本(c)),2)<BR>.否则<BR>f=取文本右边(到文本(取十六进制文本(c)),2)<BR>.如果结束<BR><BR>.如果结束<BR>g=到数值(取十进制文本(f,16))<BR>到循环尾()<BR><BR>.如果结束<BR><BR>.否则<BR>跳出循环()<BR>.如果结束<BR><BR>.否则<BR>b=g+n+31<BR>c=位与(b,-2147483521)<BR>.如果(c<0)<BR>c=位或(c-1,-128)+1<BR>.否则<BR><BR>.如果结束<BR><BR>.如果(取文本长度(取文本右边(到文本(取十六进制文本(c)),2))=1)<BR>f=“0”+取文本右边(到文本(取十六进制文本(c)),2)<BR>.否则<BR>.如果(取文本长度(取文本右边(到文本(取十六进制文本(c)),2))=0)<BR>f=“00”+取文本右边(到文本(取十六进制文本(c)),2)<BR>.否则<BR>f=取文本右边(到文本(取十六进制文本(c)),2)<BR>.如果结束<BR><BR>.如果结束<BR>g=到数值(取十进制文本(f,16))<BR>到循环尾()<BR><BR>.如果结束<BR><BR>.循环判断尾(xunhuan=0)<BR><BR>'输出调试文本(到文本(字符(g)))<BR>zhucema=zhucema+到文本(字符(g))<BR><BR>.变量循环尾()<BR><BR>返回(zhucema)<BR><BR>-------------------------------------------------------------------------<BR>【版权声明】交流学习,非商业应用,转载时请保证其完整!</FONT><BR></P>
页:
[1]