【破解作者】 stasi[DCM][FCG][DFCG][BCG][OCN][CZG][D.4s]
【作者邮箱】 stasi@163.com
【使用工具】 od 1.10 W32Dasm
【破解平台】 Win9x/NT/2000/XP
【软件名称】 开心斗地主v1.8s1
【下载地址】 飞碟网络
a1eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4g2X3L8$3y4F1i4K6u0W2j5$3!0E0 EMAIL:ufocn@ufocn.com
【软件简介】 ①提升了整体素质,美化了部分界面,修改了部分细节
②修改了1.7(s9)版本报告的BUG,修改了网络联机部分BUG
③开通了网络连机功能
④实现完整卸载,包括卸载开始和IE栏上的快捷方式
⑤隐藏支持外围插件,准备开放外围功能,需要网站支持
⑦彻底改进了注册方式
【软件大小】 1m
【加壳方式】 upx
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
--------------------------------------------------------------------------------
【破解内容】
看雪上看见鸡蛋壳5分钟搞定了开心斗地主v1.8s1的网络验证功能,却又引起很多口水战。
我和鸡蛋壳没什么瓜葛,只是看看自己5分钟能做什么?
UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo的壳,现在这么老实的软件开发人员已经很少了:)
几步搞掉,看到是vb写的,注册部分有 msgbox,直接断......
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:006A6B38(U)
|
:006A6B44 8B45CC mov eax, dword ptr [ebp-34]
:006A6B47 50 push eax
:006A6B48 8B4DD0 mov ecx, dword ptr [ebp-30]
:006A6B4B 51 push ecx
* Reference To: MSVBVM50.__vbaStrCmp, Ord:0000h msgbox断下,往上到vbaStrCmp
就是最后注册码和注册名的验证
|
:006A6B4C FF1520846B00 Call dword ptr [006B8420]
:006A6B52 F7D8 neg eax
:006A6B54 1BC0 sbb eax, eax
:006A6B56 40 inc eax
:006A6B57 F7D8 neg eax
:006A6B59 66898520FFFFFF mov word ptr [ebp+FFFFFF20], ax
:006A6B60 8D55D0 lea edx, dword ptr [ebp-30]
:006A6B63 52 push edx
:006A6B64 8D45CC lea eax, dword ptr [ebp-34]
:006A6B67 50 push eax
:006A6B68 8D4DD4 lea ecx, dword ptr [ebp-2C]
:006A6B6B 51 push ecx
:006A6B6C 6A03 push 00000003
* Reference To: MSVBVM50.__vbaFreeStrList, Ord:0000h
|
:006A6B6E FF1524856B00 Call dword ptr [006B8524]
:006A6B74 83C410 add esp, 00000010
:006A6B77 8D55C4 lea edx, dword ptr [ebp-3C]
:006A6B7A 52 push edx
:006A6B7B 8D45C8 lea eax, dword ptr [ebp-38]
:006A6B7E 50 push eax
:006A6B7F 6A02 push 00000002
* Reference To: MSVBVM50.__vbaFreeObjList, Ord:0000h
|
:006A6B81 FF1544836B00 Call dword ptr [006B8344]
:006A6B87 83C40C add esp, 0000000C
:006A6B8A 0FBF8D20FFFFFF movsx ecx, word ptr [ebp+FFFFFF20]
:006A6B91 85C9 test ecx, ecx
:006A6B93 0F84560E0000 je 006A79EF
:006A6B99 C745FC19000000 mov [ebp-04], 00000019
* Possible StringData Ref from Code Obj ->"False" 写入注册表部分
|
:006A6BA0 C7855CFFFFFFF0114400 mov dword ptr [ebp+FFFFFF5C], 004411F0
:006A6BAA C78554FFFFFF08000000 mov dword ptr [ebp+FFFFFF54], 00000008
:006A6BB4 8D9554FFFFFF lea edx, dword ptr [ebp+FFFFFF54]
:006A6BBA 8D4D94 lea ecx, dword ptr [ebp-6C]
* Reference To: MSVBVM50.__vbaVarDup, Ord:0000h
|
:006A6BBD FF1564856B00 Call dword ptr [006B8564]
* Possible StringData Ref from Code Obj ->"TJJS"
|
:006A6BC3 C7856CFFFFFF88344400 mov dword ptr [ebp+FFFFFF6C], 00443488
:006A6BCD C78564FFFFFF08000000 mov dword ptr [ebp+FFFFFF64], 00000008
:006A6BD7 8D9564FFFFFF lea edx, dword ptr [ebp+FFFFFF64]
:006A6BDD 8D4DA4 lea ecx, dword ptr [ebp-5C]
* Reference To: MSVBVM50.__vbaVarDup, Ord:0000h
|
:006A6BE0 FF1564856B00 Call dword ptr [006B8564]
* Possible StringData Ref from Code Obj ->"Reg"
|
:006A6BE6 C7857CFFFFFF10D24300 mov dword ptr [ebp+FFFFFF7C], 0043D210
:006A6BF0 C78574FFFFFF08000000 mov dword ptr [ebp+FFFFFF74], 00000008
:006A6BFA 8D9574FFFFFF lea edx, dword ptr [ebp+FFFFFF74]
:006A6C00 8D4DB4 lea ecx, dword ptr [ebp-4C]
* Reference To: MSVBVM50.__vbaVarDup, Ord:0000h
软件口碑不错,但注册部分写的很乱啊,全程注册表键值验证有3次,注册表项多达20多处:(
* Reference To: MSVBVM50.__vbaVarDup, Ord:0000h
|
:006A7A52 FF1564856B00 Call dword ptr [006B8564]
:006A7A58 8D4584 lea eax, dword ptr [ebp-7C]
:006A7A5B 50 push eax
:006A7A5C 8D4D94 lea ecx, dword ptr [ebp-6C]
:006A7A5F 51 push ecx
:006A7A60 8D55A4 lea edx, dword ptr [ebp-5C]
:006A7A63 52 push edx
:006A7A64 6A10 push 00000010
:006A7A66 8D45B4 lea eax, dword ptr [ebp-4C]
:006A7A69 50 push eax
* Reference To: MSVBVM50.__vbaObjSet, Ord:0253h
|
:006A7A6A FF15B8836B00 Call dword ptr [006B83B8] 这里就是vb语句的errorbox
:006A7A70 8D4D84 lea ecx, dword ptr [ebp-7C]
:006A7A73 51 push ecx
:006A7A74 8D5594 lea edx, dword ptr [ebp-6C]
:006A7A77 52 push edx
:006A7A78 8D45A4 lea eax, dword ptr [ebp-5C]
:006A7A7B 50 push eax
:006A7A7C 8D4DB4 lea ecx, dword ptr [ebp-4C]
:006A7A7F 51 push ecx
:006A7A80 6A04 push 00000004
注册部分简单的不可思议了:
注册名不能大于30位
注册码不能大于20位
用户名=注册算法函数(注册码)
令注册名位m1m2m3m4m5m6m7......
注册码 r1=m1+1
r2=m2+1
r3=m3+6
r4=m4+2
r5=m5+5
r6=m6-3
r7后循环加法因子 over!
--------------------------------------------------------------------------------
【破解总结】
能写进教科书的经典初级加密算法,无话可说!
--------------------------------------------------------------------------------
【算法注册机】
--------------VB6.0在WIN2000 sp4下编译通过--------------
Private Sub Command1_Click()
Dim regcode As String
Dim regname As String
Dim reglen As String
Dim i As Integer
Dim var As Integer
regname = Text1.Text
reglen = Len(regname)
If reglen <= 0 Then
MsgBox "Where is your regname? Maybe fogot! ", 16, "Be careful!"
End If
If reglen > 30 Then
MsgBox ("regname is too long !")
Else
End If
For i = 1 To reglen
l = AscB(Mid(regname, i, 1))
var = i Mod 6
Select Case var
Case 1
l = l + 1
Case 2
l = l + 1
Case 3
l = l + 6
Case 4
l = l + 2
Case 5
l = l + 5
Case 0
l = l - 3
Case Else
MsgBox "Please check it again!", 16, "Be careful!"
End Select
regcode = regcode & Chr(l)
Next i
Text2.Text = regcode
End Sub
--------------------------------------------------------------------------------
【用户名、密码】
注册名:stasi@163.com
注册码:tugun=2790hln
--------------------------------------------------------------------------------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢!
2005-6-11
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
~~~年份记不清了,这个软件真的太远古了
(入图)作者官方截图:
