电子档案人力资源管理系统 V5.0 特别版算法分析
本帖最后由 pendan2001 于 2014-9-18 16:15 编辑如不合适请立即删除,呵呵。
Borland Delphi 6.0 - 7.0
MD5 :: 001E1A87 :: 005E2687
The reference is above.
用户识别码:88770312586996006856
公司名:zwt
注册码:MG545678901234567890
005E47DC/.55 push ebp
005E47DD|.8BEC mov ebp, esp
005E47DF|.B9 06000000 mov ecx, 6
005E47E4|>6A 00 /push 0
005E47E6|.6A 00 |push 0
005E47E8|.49 |dec ecx
005E47E9|.^ 75 F9 \jnz short 005E47E4
005E47EB|.53 push ebx
005E47EC|.56 push esi
005E47ED|.8BF2 mov esi, edx
005E47EF|.8BD8 mov ebx, eax
005E47F1|.33C0 xor eax, eax
005E47F3|.55 push ebp
005E47F4|.68 B6495E00 push 005E49B6
005E47F9|.64:FF30 push dword ptr fs:
005E47FC|.64:8920 mov dword ptr fs:, esp
005E47FF|.8D55 F8 lea edx, dword ptr
005E4802|.8B83 3C030000 mov eax, dword ptr
005E4808|.E8 4731EAFF call 00487954
005E480D|.8B45 F8 mov eax, dword ptr
005E4810|.8D55 FC lea edx, dword ptr
005E4813|.E8 B854E2FF call 00409CD0
005E4818|.837D FC 00 cmp dword ptr , 0
005E481C|.75 0F jnz short 005E482D
005E481E|.B8 CC495E00 mov eax, 005E49CC ;请输入公司名称
005E4823|.E8 109EFDFF call 005BE638
005E4828|.E9 1B010000 jmp 005E4948
005E482D|>8D55 F0 lea edx, dword ptr
005E4830|.8B83 10030000 mov eax, dword ptr
005E4836|.E8 1931EAFF call 00487954
005E483B|.8B45 F0 mov eax, dword ptr
005E483E|.8D55 F4 lea edx, dword ptr
005E4841|.E8 8A54E2FF call 00409CD0
005E4846|.837D F4 00 cmp dword ptr , 0
005E484A|.75 0F jnz short 005E485B
005E484C|.B8 E4495E00 mov eax, 005E49E4 ;请输入注册码
005E4851|.E8 E29DFDFF call 005BE638
005E4856|.E9 ED000000 jmp 005E4948
005E485B|>8D55 E8 lea edx, dword ptr
005E485E|.8B83 3C030000 mov eax, dword ptr
005E4864|.E8 EB30EAFF call 00487954
005E4869|.8B45 E8 mov eax, dword ptr
005E486C|.8D55 EC lea edx, dword ptr
005E486F|.E8 5C54E2FF call 00409CD0
005E4874|.8B45 EC mov eax, dword ptr
005E4877|.50 push eax
005E4878|.8D55 E0 lea edx, dword ptr
005E487B|.8B83 10030000 mov eax, dword ptr
005E4881|.E8 CE30EAFF call 00487954
005E4886|.8B45 E0 mov eax, dword ptr
005E4889|.8D55 E4 lea edx, dword ptr
005E488C|.E8 3F54E2FF call 00409CD0
005E4891|.8B45 E4 mov eax, dword ptr
005E4894|.5A pop edx
005E4895|.E8 CEF5FFFF call 005E3E68/////////////////////////
005E489A|.84C0 test al, al
005E489C|.74 77 je short 005E4915
005E489E|.8D55 D8 lea edx, dword ptr
005E48A1|.8B83 3C030000 mov eax, dword ptr
005E48A7|.E8 A830EAFF call 00487954
005E48AC|.8B45 D8 mov eax, dword ptr
005E48AF|.8D55 DC lea edx, dword ptr
005E48B2|.E8 1954E2FF call 00409CD0
005E48B7|.8B45 DC mov eax, dword ptr
005E48BA|.50 push eax
005E48BB|.8D55 D0 lea edx, dword ptr
005E48BE|.8B83 10030000 mov eax, dword ptr
005E48C4|.E8 8B30EAFF call 00487954
005E48C9|.8B45 D0 mov eax, dword ptr
005E48CC|.8D55 D4 lea edx, dword ptr
005E48CF|.E8 FC53E2FF call 00409CD0
005E48D4|.8B45 D4 mov eax, dword ptr
005E48D7|.5A pop edx
005E48D8|.E8 E7F7FFFF call 005E40C4
005E48DD|.B8 FC495E00 mov eax, 005E49FC ;注册成功,谢谢您的支持,祝您使用愉快!
005E48E2|.E8 E99CFDFF call 005BE5D0
005E48E7|.33D2 xor edx, edx
005E48E9|.8B83 FC020000 mov eax, dword ptr
005E48EF|.E8 70DDE5FF call 00442664
005E48F4|.A1 E8A76300 mov eax, dword ptr
005E48F9|.8B00 mov eax, dword ptr
005E48FB|.E8 54E10400 call 00632A54
005E4900|.A1 E8A76300 mov eax, dword ptr
005E4905|.8B00 mov eax, dword ptr
005E4907|.E8 20DC0400 call 0063252C
005E490C|.8BC3 mov eax, ebx
005E490E|.E8 0108ECFF call 004A5114
005E4913|.EB 33 jmp short 005E4948
005E4915|>A1 E8A76300 mov eax, dword ptr
005E491A|.8B00 mov eax, dword ptr
005E491C|.80B8 49050000>cmp byte ptr , 0
005E4923|.74 0C je short 005E4931
005E4925|.B8 2C4A5E00 mov eax, 005E4A2C ;注册码错误,请重新输入!
005E492A|.E8 099DFDFF call 005BE638
005E492F|.EB 17 jmp short 005E4948
005E4931|>B8 504A5E00 mov eax, 005E4A50 ;* 你输入的用户名或注册码有错误,请检查!\n\n* 如果你没有正确的注册码,请看下面条款或者向作者发邮件咨询\n\n\n\n* 请问你现在就想生成用户注册文档并考虑注册本软件吗?
call 005E3E68
005E3E68/$55 push ebp
005E3E69|.8BEC mov ebp, esp
005E3E6B|.B9 05000000 mov ecx, 5
005E3E70|>6A 00 /push 0
005E3E72|.6A 00 |push 0
005E3E74|.49 |dec ecx
005E3E75|.^ 75 F9 \jnz short 005E3E70
005E3E77|.53 push ebx
005E3E78|.56 push esi
005E3E79|.8955 F8 mov dword ptr , edx
005E3E7C|.8945 FC mov dword ptr , eax
005E3E7F|.8B45 FC mov eax, dword ptr
005E3E82|.E8 8514E2FF call 0040530C
005E3E87|.8B45 F8 mov eax, dword ptr
005E3E8A|.E8 7D14E2FF call 0040530C
005E3E8F|.33C0 xor eax, eax
005E3E91|.55 push ebp
005E3E92|.68 09405E00 push 005E4009
005E3E97|.64:FF30 push dword ptr fs:
005E3E9A|.64:8920 mov dword ptr fs:, esp
005E3E9D|.E8 A6F2E1FF call 00403148
005E3EA2|.C645 F7 00 mov byte ptr , 0
005E3EA6|.8D55 E8 lea edx, dword ptr
005E3EA9|.8B45 F8 mov eax, dword ptr ;(ASCII "zwt")
005E3EAC|.E8 73FEFFFF call 005E3D24/////////////////////////////////////////////////
005E3EB1|.8D45 E8 lea eax, dword ptr
005E3EB4|.BA 24405E00 mov edx, 005E4024 ;~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$
005E3EB9|.E8 6612E2FF call 00405124
005E3EBE|.8B45 E8 mov eax, dword ptr ;(ASCII "MG54FCFF85CB2990D7FE~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$")
005E3EC1|.8D55 F0 lea edx, dword ptr
005E3EC4|.E8 C7EFFFFF call 005E2E90
005E3EC9|.8D45 E4 lea eax, dword ptr
005E3ECC|.B9 24405E00 mov ecx, 005E4024 ;~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$
005E3ED1|.8B55 FC mov edx, dword ptr ;(ASCII "MG545678901234567890")
005E3ED4|.E8 8F12E2FF call 00405168
005E3ED9|.8B45 E4 mov eax, dword ptr ;(ASCII "MG545678901234567890~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$")
005E3EDC|.8D55 EC lea edx, dword ptr
;MD5(MG545678901234567890~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$)=A2E12E9A296580E1CF3BD6CFE06E684C
005E3EDF|.E8 ACEFFFFF call 005E2E90
005E3EE4|.8B45 FC mov eax, dword ptr
005E3EE7|.E8 3012E2FF call 0040511C
005E3EEC|.83F8 14 cmp eax, 14 ;注册码20位
005E3EEF|.74 4A je short 005E3F3B
005E3EF1|.68 54405E00 push 005E4054 ;(ASCII "-_-")
005E3EF6|.FF75 FC push dword ptr ;(ASCII "MG545678901234567890")
005E3EF9|.68 60405E00 push 005E4060 ;dsfasfsadfasdfsafasfasdfasdfasd
005E3EFE|.8D45 E0 lea eax, dword ptr
005E3F01|.BA 03000000 mov edx, 3
005E3F06|.E8 D112E2FF call 004051DC
005E3F0B|.8B45 E0 mov eax, dword ptr ;(ASCII "-_-12345678901234567890dsfasfsadfasdfsafasfasdfasdfasd")
005E3F0E|.8D55 F0 lea edx, dword ptr
005E3F11|.E8 7AEFFFFF call 005E2E90
005E3F16|.BB 0A000000 mov ebx, 0A
005E3F1B|>B8 64000000 /mov eax, 64
005E3F20|.E8 5FF8E1FF |call 00403784
005E3F25|.83F8 32 |cmp eax, 32
005E3F28|.0F8F B3000000 |jg 005E3FE1
005E3F2E|.68 F4010000 |push 1F4 ; /Timeout = 500. ms
005E3F33|.E8 74BFE2FF |call <jmp.&kernel32.Sleep> ; \Sleep
005E3F38|.4B |dec ebx
005E3F39|.^ 75 E0 \jnz short 005E3F1B
005E3F3B|>8D45 DC lea eax, dword ptr
005E3F3E|.50 push eax
005E3F3F|.B9 03000000 mov ecx, 3
005E3F44|.BA 01000000 mov edx, 1
005E3F49|.8B45 FC mov eax, dword ptr
005E3F4C|.E8 2B14E2FF call 0040537C
005E3F51|.8B45 DC mov eax, dword ptr ;(ASCII "123")
005E3F54|.BA 88405E00 mov edx, 005E4088 ;(ASCII "MG5")
005E3F59|.E8 0A13E2FF call 00405268 ;比较注册码前3位是否为MG5
005E3F5E|.74 46 je short 005E3FA6
005E3F60|.68 94405E00 push 005E4094 ;^_^
005E3F65|.FF75 FC push dword ptr ;(ASCII "MG545678901234567890")
005E3F68|.68 A0405E00 push 005E40A0 ;2341234123412341234123423142314123
005E3F6D|.8D45 D8 lea eax, dword ptr
005E3F70|.BA 03000000 mov edx, 3
005E3F75|.E8 6212E2FF call 004051DC
005E3F7A|.8B45 D8 mov eax, dword ptr ;(ASCII "^_^MG5456789012345678902341234123412341234123423142314123")
005E3F7D|.8D55 EC lea edx, dword ptr
005E3F80|.E8 0BEFFFFF call 005E2E90
005E3F85|.BB 0A000000 mov ebx, 0A
005E3F8A|>B8 64000000 /mov eax, 64
005E3F8F|.E8 F0F7E1FF |call 00403784
005E3F94|.83F8 32 |cmp eax, 32
005E3F97|.7F 48 |jg short 005E3FE1
005E3F99|.68 F4010000 |push 1F4 ; /Timeout = 500. ms
005E3F9E|.E8 09BFE2FF |call <jmp.&kernel32.Sleep> ; \Sleep
005E3FA3|.4B |dec ebx
005E3FA4|.^ 75 E4 \jnz short 005E3F8A
005E3FA6|> \8B45 F0 mov eax, dword ptr ;(ASCII "DB88D566D49C74F7798082A371E65549")
MD5(MG54FCFF85CB2990D7FE~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$)=DB88D566D49C74F7798082A371E65549
005E3FA9|.E8 6E11E2FF call 0040511C
005E3FAE|.8BF0 mov esi, eax
005E3FB0|.6BDE 64 imul ebx, esi, 64
005E3FB3|.85DB test ebx, ebx
005E3FB5|.7E 1B jle short 005E3FD2
005E3FB7|>8BC6 /mov eax, esi
005E3FB9|.E8 C6F7E1FF |call 00403784
005E3FBE|.40 |inc eax
005E3FBF|.8B55 F0 |mov edx, dword ptr ;"DB88D566D49C74F7798082A371E65549"
005E3FC2|.8A5402 FF |mov dl, byte ptr
005E3FC6|.8B4D EC |mov ecx, dword ptr ;"A2E12E9A296580E1CF3BD6CFE06E684C"
005E3FC9|.3A5401 FF |cmp dl, byte ptr
005E3FCD|.75 12 |jnz short 005E3FE1
005E3FCF|.4B |dec ebx
005E3FD0|.^ 75 E5 \jnz short 005E3FB7
005E3FD2|>8B45 F0 mov eax, dword ptr
005E3FD5|.8B55 EC mov edx, dword ptr
005E3FD8|.E8 8B12E2FF call 00405268
005E3FDD|.0F9445 F7 sete byte ptr
005E3FE1|>33C0 xor eax, eax
005E3FE3|.5A pop edx
005E3FE4|.59 pop ecx
005E3FE5|.59 pop ecx
005E3FE6|.64:8910 mov dword ptr fs:, edx
005E3FE9|.68 10405E00 push 005E4010
005E3FEE|>8D45 D8 lea eax, dword ptr
005E3FF1|.BA 07000000 mov edx, 7
005E3FF6|.E8 850EE2FF call 00404E80
005E3FFB|.8D45 F8 lea eax, dword ptr
005E3FFE|.BA 02000000 mov edx, 2
005E4003|.E8 780EE2FF call 00404E80
005E4008\.C3 retn
005E3D24/$55 push ebp
005E3D25|.8BEC mov ebp, esp
005E3D27|.33C9 xor ecx, ecx
005E3D29|.51 push ecx
005E3D2A|.51 push ecx
005E3D2B|.51 push ecx
005E3D2C|.51 push ecx
005E3D2D|.51 push ecx
005E3D2E|.51 push ecx
005E3D2F|.51 push ecx
005E3D30|.53 push ebx
005E3D31|.8BDA mov ebx, edx
005E3D33|.8945 FC mov dword ptr , eax
005E3D36|.8B45 FC mov eax, dword ptr
005E3D39|.E8 CE15E2FF call 0040530C
005E3D3E|.33C0 xor eax, eax
005E3D40|.55 push ebp
005E3D41|.68 063E5E00 push 005E3E06
005E3D46|.64:FF30 push dword ptr fs:
005E3D49|.64:8920 mov dword ptr fs:, esp
005E3D4C|.A1 E8A76300 mov eax, dword ptr
005E3D51|.8B00 mov eax, dword ptr
005E3D53|.80B8 49050000>cmp byte ptr , 0
005E3D5A|.74 17 je short 005E3D73
005E3D5C|.8D55 F8 lea edx, dword ptr
005E3D5F|.A1 E8A76300 mov eax, dword ptr
005E3D64|.8B00 mov eax, dword ptr
005E3D66|.8B80 4C050000 mov eax, dword ptr
005E3D6C|.E8 1FF1FFFF call 005E2E90
005E3D71|.EB 0D jmp short 005E3D80
005E3D73|>8D45 F8 lea eax, dword ptr
005E3D76|.BA 1C3E5E00 mov edx, 005E3E1C ;qstudio manager
005E3D7B|.E8 7411E2FF call 00404EF4
005E3D80|>8D55 F4 lea edx, dword ptr
005E3D83|.8B45 FC mov eax, dword ptr
005E3D86|.E8 05F1FFFF call 005E2E90 ;md5(zwt)
005E3D8B|.8B55 F4 mov edx, dword ptr ;(ASCII "605B2B8900A9EAB7FBECEB20BD05BDCD")
005E3D8E|.8D45 F8 lea eax, dword ptr
005E3D91|.E8 8E13E2FF call 00405124
005E3D96|.8D45 F0 lea eax, dword ptr
005E3D99|.50 push eax
005E3D9A|.8D45 E4 lea eax, dword ptr
005E3D9D|.E8 96FCFFFF call 005E3A38
005E3DA2|.FF75 E4 push dword ptr ;(ASCII "88770312586996006856")
005E3DA5|.FF75 F8 push dword ptr
;(ASCII "QStudio Manager605B2B8900A9EAB7FBECEB20BD05BDCD")
005E3DA8|.68 343E5E00 push 005E3E34 ;(ASCII "MG5")
005E3DAD|.68 403E5E00 push 005E3E40 ;(ASCII "~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$")
005E3DB2|.8D45 E8 lea eax, dword ptr
005E3DB5|.BA 04000000 mov edx, 4
005E3DBA|.E8 1D14E2FF call 004051DC
005E3DBF|.8B45 E8 mov eax, dword ptr
堆栈 ss:=015048B8, (ASCII "88770312586996006856QStudio Manager605B2B8900A9EAB7FBECEB20BD05BDCDMG5~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$")
005E3DC2|.8D55 EC lea edx, dword ptr
005E3DC5|.E8 C6F0FFFF call 005E2E90 ; MD5
005E3DCA|.8B45 EC mov eax, dword ptr ;(ASCII "83379654E044FCFF85CB2990D7FE3A8A")
005E3DCD|.B9 11000000 mov ecx, 11
005E3DD2|.BA 0C000000 mov edx, 0C
005E3DD7|.E8 A015E2FF call 0040537C ;从第12位起取17位
005E3DDC|.8B4D F0 mov ecx, dword ptr ;(ASCII "4FCFF85CB2990D7FE")
005E3DDF|.8BC3 mov eax, ebx
005E3DE1|.BA 343E5E00 mov edx, 005E3E34 ;(ASCII "MG5")
005E3DE6|.E8 7D13E2FF call 00405168 ; MG54FCFF85CB2990D7FE
005E3DEB|.33C0 xor eax, eax
005E3DED|.5A pop edx
005E3DEE|.59 pop ecx
005E3DEF|.59 pop ecx
005E3DF0|.64:8910 mov dword ptr fs:, edx
005E3DF3|.68 0D3E5E00 push 005E3E0D
005E3DF8|>8D45 E4 lea eax, dword ptr
005E3DFB|.BA 07000000 mov edx, 7
005E3E00|.E8 7B10E2FF call 00404E80
005E3E05\.C3 retn
算法总结:
1.取公司名zwt进行MD5计算=605B2B8900A9EAB7FBECEB20BD05BDCD
2.将固定字符串QStudio Manager与结果连接得到QStudio Manager605B2B8900A9EAB7FBECEB20BD05BDCD
3.将机器码,上面的结果,“MG5”,“~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$”与之连接得到
88770312586996006856QStudio Manager605B2B8900A9EAB7FBECEB20BD05BDCDMG5~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$
4.第3步的结果进行MD5计算=83379654E044FCFF85CB2990D7FE3A8A
5.从第12位起取17位和“MG5”连接=MG54FCFF85CB2990D7FE
6.将第5步的结果连接"~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$",MD5计算得到DB88D566D49C74F7798082A371E65549
7.将注册码MD5(MG545678901234567890~!@#$%^&*()_+|)(*&^%$#@#^$%&%#$%!@#$)=A2E12E9A296580E1CF3BD6CFE06E684C
两者相等注册成功。
即注册码=MG54FCFF85CB2990D7FE
写注册机算法很简单,有兴趣的可以试试。
分析的不错 ~! 呵呵。继续努力。。 大牛威武,感谢分享了 十分给力,学习了! 很厉害,学习了。 感到很深奥.呵呵. 厉害,支持了
牛皮,真的很犀利!!{:tongue:} 不是管人事的这个用不上
页:
[1]
2