-
-
[旧帖] 一个InstallShield的setup.inx安装序列号破解,算法没看懂,请大虾们帮忙分析一下 0.00雪花
-
发表于: 2010-2-25 14:49
-
一个InstallShield的安装序列号破解,注册算法没看懂,请大虾们帮忙分析一下
用sid 1.0增强版 反汇编后,找到序列号开始的算法
@00008C68 开始的,本人算法实在太差,转了几圈就晕了,哪位大侠帮忙看看,或是修改哪条指令可以直接跳过序列号判断
我已经把文件传到网盘上去了,哪位高人帮忙研究下吧
a63K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8A6j5$3E0#2M7q4)9J5k6h3#2G2k6X3W2D9k6g2)9J5k6h3y4G2L8g2)9J5c8U0t1%4y4K6l9H3x3o6f1^5y4o6f1J5z5e0t1%4x3o6b7`.
或e9eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4$3x3o6l9$3k6q4)9J5k6h3#2G2k6X3W2D9k6g2)9J5k6h3y4G2L8g2)9J5c8U0t1%4y4K6l9H3x3o6f1^5y4o6f1J5z5e0t1%4x3o6c8Q4x3V1k6d9c8$3I4*7j5i4A6u0N6V1&6p5b7i4k6z5c8p5q4*7e0V1c8y4x3@1&6*7b7e0g2z5K9e0S2*7e0s2A6y4x3V1#2*7f1i4S2a6g2p5f1K6e0h3A6g2x3f1!0p5d9e0c8z5k6#2)9J5k6g2)9J5k6g2)9J5c8Y4y4W2N6s2g2H3i4K6u0W2M7X3q4J5
多谢楼下朋友们关注,有兴趣的点这里下载吧 setup.rar
下图是序列号输入对话框,随便填后下一步会有如图中的出错提示
序列号好像有长度或是格式要求,没分析出是几位
激活码是xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx格式的“-”号输入界面上已经有了
附一小段代码
@00008C68 begin
@00008C71:0006 local_string7 = "Dlg_ActivationKey";
@00008C8C:000D local_number9 = (global_number16 = 2);
@00008C9B:0004 if(local_number9) then // ref index: 1
@00008CA7:0021 SdMakeName(global_string3, local_string7, local_string1, local_number4);
@00008CB9:0021 SilentReadData(global_string3, "ProductCode", 1, local_string5, local_number3);
@00008CDB:0021 SilentReadData(global_string3, "ActivateKey", 1, local_string6, local_number3);
@00008CFD:0021 SilentReadData(global_string3, "Result", 2, local_string8, local_number1);
@00008D1A:0027 // return coming
@00008D1E:0023 return local_number1;
@00008D25:0004 endif;
@00008D25:0004 label_8d25:
@00008D27:0021 function_15(local_string6, local_string10, local_string11, local_string12, local_string13, local_string14, local_string15, local_string16);
@00008D45:000D local_number9 = (global_number14 = 0);
@00008D54:0004 if(local_number9) then // ref index: 1
@00008D60:0021 SdInit();
@00008D66:0006 endif;
@00008D66:0006 label_8d66:
@00008D68:0021 EzDefineDialog(local_string7, "", "", 22017);
@00008D7C:0006 local_number9 = LASTRESULT;
@00008D86:000D local_number9 = (local_number9 = -1);
@00008D95:0004 if(local_number9) then // ref index: 1
@00008DA1:0027 // return coming
@00008DA5:0023 return -1;
@00008DAE:0001 endif;
@00008DAE:0001 label_8dae:
@00008DB0:0006 local_number5 = 0;
@00008DBC:0006 label_8dbc:
@00008DBE:0001 // switch/while/???
@00008DC2:000D local_number9 = (local_number5 = 0);
@00008DD1:0004 if(local_number9) then // ref index: 43
@00008DDD:0021 CmdGetHwndDlg/WaitOnDialog(local_string7);
@00008DE6:0006 local_number1 = LASTRESULT;
@00008DF0:0001 // switch/while/???
@00008DF4:0017 label_8df4:
@00008DF6:000D local_number9 = (local_number1 = -100);
@00008E05:0004 if(local_number9) then // ref index: 1
@00008E11:0006 local_number6 = 0;
@00008E1D:0021 function_496(local_string7, 50, local_string1);
@00008E2E:0021 function_496(local_string7, 711, local_string2);
@00008E3F:0021 function_496(local_string7, 719, local_string3);
@00008E50:0021 CtrlSetCurSel(local_string7, 1001, local_string5);
@00008E61:0021 function_496(local_string7, 720, local_string4);
@00008E72:0021 CtrlSetCurSel(local_string7, 1002, local_string10);
@00008E83:0021 CtrlSetCurSel(local_string7, 1003, local_string11);
@00008E94:0021 CtrlSetCurSel(local_string7, 1004, local_string12);
@00008EA5:0021 CtrlSetCurSel(local_string7, 1005, local_string13);
@00008EB6:0021 CtrlSetCurSel(local_string7, 1006, local_string14);
@00008EC7:0021 CtrlSetCurSel(local_string7, 1007, local_string15);
@00008ED8:0021 CtrlSetCurSel(local_string7, 1008, local_string16);
@00008EE9:0021 CtrlGetSubCommand/CmdGetHwndDlg(local_string7);
@00008EF2:0006 local_number7 = LASTRESULT;
@00008EFC:0021 function_492(local_string7, local_number7, 64, global_string2);
@00008F10:0021 function_14(local_number7, 1, local_string10, local_string11, local_string12, local_string13, local_string14, local_string15, local_string16);
@00008F33:0020 GetDlgItem(local_number7, 1001); // dll: USER.dll
@00008F41:0006 local_number8 = LASTRESULT;
@00008F4B:0020 SetFocus(local_number8); // dll: USER.dll
@00008F54:0005 goto label_9e06;
@00008F5D:0007 endif;
========================
这里应该是序列号的计算了
@00009E25:0021 function_491();
@00009E2B:0007 local_string17 = (local_string10 + "-");
@00009E39:0007 local_string17 = (local_string17 + local_string11);
@00009E46:0007 local_string17 = (local_string17 + "-");
@00009E54:0007 local_string17 = (local_string17 + local_string12);
@00009E61:0007 local_string17 = (local_string17 + "-");
@00009E6F:0007 local_string17 = (local_string17 + local_string13);
@00009E7C:0007 local_string17 = (local_string17 + "-");
@00009E8A:0007 local_string17 = (local_string17 + local_string14);
@00009E97:0007 local_string17 = (local_string17 + "-");
@00009EA5:0007 local_string17 = (local_string17 + local_string15);
@00009EB2:0007 local_string17 = (local_string17 + "-");
@00009EC0:0007 local_string6 = (local_string17 + local_string16);
@00009ECD:0021 SdMakeName(global_string3, local_string7, local_string1, local_number4);
@00009EDF:0021 SilentReadData/SilentWriteData(global_string3, "ProductCode", 1, local_string5, 0);
@00009F03:0021 SilentReadData/SilentWriteData(global_string3, "ActivateKey", 1, local_string6, 0);
@00009F27:0021 SilentReadData/SilentWriteData(global_string3, "Result", 2, "", local_number1);
@00009F44:0027 // return coming
@00009F48:0023 return local_number1;
@00009F4F:0026 end; // checksum: 67281a44
@00009F5B:0009 label_9f5b:
@00009F5D:0022 function BOOL function_14(local_number1, local_number2, local_string1, local_string2, local_string3, local_string4, local_string5, local_string6, local_string7)
@00009F5D NUMBER local_number3, local_number4, local_number5;
@00009F5D
@00009F5D
@00009F5D begin
@00009F66:0020 GetDlgItem(local_number1, local_number2); // dll: USER.dll
@00009F72:0006 local_number3 = LASTRESULT;
@00009F7C:0020 IsWindow(local_number3); // dll: USER.dll
@00009F85:0006 local_number4 = LASTRESULT;
@00009F8F:000D local_number4 = (local_number4 = 0);
@00009F9E:0004 if(local_number4) then // ref index: 1
@00009FAA:0027 // return coming
@00009FAE:0023 return 0;
@00009FB7:0027 endif;
@00009FB7:0027 label_9fb7:
@00009FB9:0021 function_502(local_string1);
@00009FC2:0021 function_502(local_string2);
@00009FCB:0021 function_502(local_string3);
@00009FD4:0021 function_502(local_string4);
@00009FDD:0021 function_502(local_string5);
@00009FE6:0021 function_502(local_string6);
@00009FEF:0021 function_502(local_string7);
@00009FF8:0021 StrLength(local_string1);
@0000A001:0006 local_number4 = LASTRESULT;
@0000A00B:0009 local_number4 = (local_number4 < 4);
@0000A01A:0021 StrLength(local_string2);
@0000A023:0006 local_number5 = LASTRESULT;
@0000A02D:0009 local_number5 = (local_number5 < 4);
@0000A03C:0018 local_number4 = (local_number4 || local_number5);
@0000A049:0021 StrLength(local_string3);
@0000A052:0006 local_number5 = LASTRESULT;
@0000A05C:0009 local_number5 = (local_number5 < 4);
@0000A06B:0018 local_number4 = (local_number4 || local_number5);
@0000A078:0021 StrLength(local_string4);
@0000A081:0006 local_number5 = LASTRESULT;
@0000A08B:0009 local_number5 = (local_number5 < 4);
@0000A09A:0018 local_number4 = (local_number4 || local_number5);
@0000A0A7:0021 StrLength(local_string5);
@0000A0B0:0006 local_number5 = LASTRESULT;
@0000A0BA:0009 local_number5 = (local_number5 < 4);
@0000A0C9:0018 local_number4 = (local_number4 || local_number5);
@0000A0D6:0021 StrLength(local_string6);
@0000A0DF:0006 local_number5 = LASTRESULT;
@0000A0E9:0009 local_number5 = (local_number5 < 4);
@0000A0F8:0018 local_number4 = (local_number4 || local_number5);
@0000A105:0021 StrLength(local_string7);
@0000A10E:0006 local_number5 = LASTRESULT;
@0000A118:0009 local_number5 = (local_number5 < 4);
@0000A127:0018 local_number4 = (local_number4 || local_number5);
@0000A134:0004 if(local_number4) then // ref index: 1
@0000A140:0020 EnableWindow(local_number3, 0); // dll: USER.dll
@0000A14E:0027 // return coming
@0000A152:0023 return 0;
@0000A15B:0005 goto label_a18a;
@0000A164:0004 endif;
用sid 1.0增强版 反汇编后,找到序列号开始的算法
@00008C68 开始的,本人算法实在太差,转了几圈就晕了,哪位大侠帮忙看看,或是修改哪条指令可以直接跳过序列号判断
我已经把文件传到网盘上去了,哪位高人帮忙研究下吧
a63K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8A6j5$3E0#2M7q4)9J5k6h3#2G2k6X3W2D9k6g2)9J5k6h3y4G2L8g2)9J5c8U0t1%4y4K6l9H3x3o6f1^5y4o6f1J5z5e0t1%4x3o6b7`.
或e9eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4$3x3o6l9$3k6q4)9J5k6h3#2G2k6X3W2D9k6g2)9J5k6h3y4G2L8g2)9J5c8U0t1%4y4K6l9H3x3o6f1^5y4o6f1J5z5e0t1%4x3o6c8Q4x3V1k6d9c8$3I4*7j5i4A6u0N6V1&6p5b7i4k6z5c8p5q4*7e0V1c8y4x3@1&6*7b7e0g2z5K9e0S2*7e0s2A6y4x3V1#2*7f1i4S2a6g2p5f1K6e0h3A6g2x3f1!0p5d9e0c8z5k6#2)9J5k6g2)9J5k6g2)9J5c8Y4y4W2N6s2g2H3i4K6u0W2M7X3q4J5
多谢楼下朋友们关注,有兴趣的点这里下载吧 setup.rar
下图是序列号输入对话框,随便填后下一步会有如图中的出错提示
序列号好像有长度或是格式要求,没分析出是几位
激活码是xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx格式的“-”号输入界面上已经有了
附一小段代码
@00008C68 begin
@00008C71:0006 local_string7 = "Dlg_ActivationKey";
@00008C8C:000D local_number9 = (global_number16 = 2);
@00008C9B:0004 if(local_number9) then // ref index: 1
@00008CA7:0021 SdMakeName(global_string3, local_string7, local_string1, local_number4);
@00008CB9:0021 SilentReadData(global_string3, "ProductCode", 1, local_string5, local_number3);
@00008CDB:0021 SilentReadData(global_string3, "ActivateKey", 1, local_string6, local_number3);
@00008CFD:0021 SilentReadData(global_string3, "Result", 2, local_string8, local_number1);
@00008D1A:0027 // return coming
@00008D1E:0023 return local_number1;
@00008D25:0004 endif;
@00008D25:0004 label_8d25:
@00008D27:0021 function_15(local_string6, local_string10, local_string11, local_string12, local_string13, local_string14, local_string15, local_string16);
@00008D45:000D local_number9 = (global_number14 = 0);
@00008D54:0004 if(local_number9) then // ref index: 1
@00008D60:0021 SdInit();
@00008D66:0006 endif;
@00008D66:0006 label_8d66:
@00008D68:0021 EzDefineDialog(local_string7, "", "", 22017);
@00008D7C:0006 local_number9 = LASTRESULT;
@00008D86:000D local_number9 = (local_number9 = -1);
@00008D95:0004 if(local_number9) then // ref index: 1
@00008DA1:0027 // return coming
@00008DA5:0023 return -1;
@00008DAE:0001 endif;
@00008DAE:0001 label_8dae:
@00008DB0:0006 local_number5 = 0;
@00008DBC:0006 label_8dbc:
@00008DBE:0001 // switch/while/???
@00008DC2:000D local_number9 = (local_number5 = 0);
@00008DD1:0004 if(local_number9) then // ref index: 43
@00008DDD:0021 CmdGetHwndDlg/WaitOnDialog(local_string7);
@00008DE6:0006 local_number1 = LASTRESULT;
@00008DF0:0001 // switch/while/???
@00008DF4:0017 label_8df4:
@00008DF6:000D local_number9 = (local_number1 = -100);
@00008E05:0004 if(local_number9) then // ref index: 1
@00008E11:0006 local_number6 = 0;
@00008E1D:0021 function_496(local_string7, 50, local_string1);
@00008E2E:0021 function_496(local_string7, 711, local_string2);
@00008E3F:0021 function_496(local_string7, 719, local_string3);
@00008E50:0021 CtrlSetCurSel(local_string7, 1001, local_string5);
@00008E61:0021 function_496(local_string7, 720, local_string4);
@00008E72:0021 CtrlSetCurSel(local_string7, 1002, local_string10);
@00008E83:0021 CtrlSetCurSel(local_string7, 1003, local_string11);
@00008E94:0021 CtrlSetCurSel(local_string7, 1004, local_string12);
@00008EA5:0021 CtrlSetCurSel(local_string7, 1005, local_string13);
@00008EB6:0021 CtrlSetCurSel(local_string7, 1006, local_string14);
@00008EC7:0021 CtrlSetCurSel(local_string7, 1007, local_string15);
@00008ED8:0021 CtrlSetCurSel(local_string7, 1008, local_string16);
@00008EE9:0021 CtrlGetSubCommand/CmdGetHwndDlg(local_string7);
@00008EF2:0006 local_number7 = LASTRESULT;
@00008EFC:0021 function_492(local_string7, local_number7, 64, global_string2);
@00008F10:0021 function_14(local_number7, 1, local_string10, local_string11, local_string12, local_string13, local_string14, local_string15, local_string16);
@00008F33:0020 GetDlgItem(local_number7, 1001); // dll: USER.dll
@00008F41:0006 local_number8 = LASTRESULT;
@00008F4B:0020 SetFocus(local_number8); // dll: USER.dll
@00008F54:0005 goto label_9e06;
@00008F5D:0007 endif;
========================
这里应该是序列号的计算了
@00009E25:0021 function_491();
@00009E2B:0007 local_string17 = (local_string10 + "-");
@00009E39:0007 local_string17 = (local_string17 + local_string11);
@00009E46:0007 local_string17 = (local_string17 + "-");
@00009E54:0007 local_string17 = (local_string17 + local_string12);
@00009E61:0007 local_string17 = (local_string17 + "-");
@00009E6F:0007 local_string17 = (local_string17 + local_string13);
@00009E7C:0007 local_string17 = (local_string17 + "-");
@00009E8A:0007 local_string17 = (local_string17 + local_string14);
@00009E97:0007 local_string17 = (local_string17 + "-");
@00009EA5:0007 local_string17 = (local_string17 + local_string15);
@00009EB2:0007 local_string17 = (local_string17 + "-");
@00009EC0:0007 local_string6 = (local_string17 + local_string16);
@00009ECD:0021 SdMakeName(global_string3, local_string7, local_string1, local_number4);
@00009EDF:0021 SilentReadData/SilentWriteData(global_string3, "ProductCode", 1, local_string5, 0);
@00009F03:0021 SilentReadData/SilentWriteData(global_string3, "ActivateKey", 1, local_string6, 0);
@00009F27:0021 SilentReadData/SilentWriteData(global_string3, "Result", 2, "", local_number1);
@00009F44:0027 // return coming
@00009F48:0023 return local_number1;
@00009F4F:0026 end; // checksum: 67281a44
@00009F5B:0009 label_9f5b:
@00009F5D:0022 function BOOL function_14(local_number1, local_number2, local_string1, local_string2, local_string3, local_string4, local_string5, local_string6, local_string7)
@00009F5D NUMBER local_number3, local_number4, local_number5;
@00009F5D
@00009F5D
@00009F5D begin
@00009F66:0020 GetDlgItem(local_number1, local_number2); // dll: USER.dll
@00009F72:0006 local_number3 = LASTRESULT;
@00009F7C:0020 IsWindow(local_number3); // dll: USER.dll
@00009F85:0006 local_number4 = LASTRESULT;
@00009F8F:000D local_number4 = (local_number4 = 0);
@00009F9E:0004 if(local_number4) then // ref index: 1
@00009FAA:0027 // return coming
@00009FAE:0023 return 0;
@00009FB7:0027 endif;
@00009FB7:0027 label_9fb7:
@00009FB9:0021 function_502(local_string1);
@00009FC2:0021 function_502(local_string2);
@00009FCB:0021 function_502(local_string3);
@00009FD4:0021 function_502(local_string4);
@00009FDD:0021 function_502(local_string5);
@00009FE6:0021 function_502(local_string6);
@00009FEF:0021 function_502(local_string7);
@00009FF8:0021 StrLength(local_string1);
@0000A001:0006 local_number4 = LASTRESULT;
@0000A00B:0009 local_number4 = (local_number4 < 4);
@0000A01A:0021 StrLength(local_string2);
@0000A023:0006 local_number5 = LASTRESULT;
@0000A02D:0009 local_number5 = (local_number5 < 4);
@0000A03C:0018 local_number4 = (local_number4 || local_number5);
@0000A049:0021 StrLength(local_string3);
@0000A052:0006 local_number5 = LASTRESULT;
@0000A05C:0009 local_number5 = (local_number5 < 4);
@0000A06B:0018 local_number4 = (local_number4 || local_number5);
@0000A078:0021 StrLength(local_string4);
@0000A081:0006 local_number5 = LASTRESULT;
@0000A08B:0009 local_number5 = (local_number5 < 4);
@0000A09A:0018 local_number4 = (local_number4 || local_number5);
@0000A0A7:0021 StrLength(local_string5);
@0000A0B0:0006 local_number5 = LASTRESULT;
@0000A0BA:0009 local_number5 = (local_number5 < 4);
@0000A0C9:0018 local_number4 = (local_number4 || local_number5);
@0000A0D6:0021 StrLength(local_string6);
@0000A0DF:0006 local_number5 = LASTRESULT;
@0000A0E9:0009 local_number5 = (local_number5 < 4);
@0000A0F8:0018 local_number4 = (local_number4 || local_number5);
@0000A105:0021 StrLength(local_string7);
@0000A10E:0006 local_number5 = LASTRESULT;
@0000A118:0009 local_number5 = (local_number5 < 4);
@0000A127:0018 local_number4 = (local_number4 || local_number5);
@0000A134:0004 if(local_number4) then // ref index: 1
@0000A140:0020 EnableWindow(local_number3, 0); // dll: USER.dll
@0000A14E:0027 // return coming
@0000A152:0023 return 0;
@0000A15B:0005 goto label_a18a;
@0000A164:0004 endif;
|
|
|---|---|
|
|
|
|
|
哎,就是不会才麻烦
 算法没怎么学,看着就晕 |
|
|
|
|
|
下载了一下,本来想帮你搞一搞~可是我也没弄明白~辛苦攒的俩钱又搭进去啦
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
没朋友能帮下我吗?5555~~~~~
|
|
|
5555,太失望了。。
|
