吾爱汇编

 找回密码
 立即注册

QQ登录

绑定QQ避免忘记帐号

查看: 2870|回复: 8

[NET逆向图文] NETGATE系列软件之USB注册算法分析笔记

[复制链接]
Shark_鹏 发表于 2015-3-26 21:21 | 显示全部楼层 |阅读模式


=======================以下为算法CALL===============================
004083B0 /$ 6A FF PUSH -0x1 ; 这里是算法3
004083B2 . 68 A73B4200 PUSH USBRecov.00423BA7
004083B7 . 64:A1 0000000>MOV EAX, DWORD PTR FS:[0]
004083BD . 50 PUSH EAX
004083BE . 81EC B0000000 SUB ESP, 0xB0
004083C4 . 53 PUSH EBX
004083C5 . 56 PUSH ESI
004083C6 . A1 80BD4300 MOV EAX, DWORD PTR DS:[0x43BD80]
004083CB . 33C4 XOR EAX, ESP
004083CD . 50 PUSH EAX
004083CE . 8D8424 BC0000>LEA EAX, DWORD PTR SS:[ESP+0xBC]
004083D5 . 64:A3 0000000>MOV DWORD PTR FS:[0], EAX
004083DB . C78424 C40000>MOV DWORD PTR SS:[ESP+0xC4], 0x0
004083E6 . C74424 1C 000>MOV DWORD PTR SS:[ESP+0x1C], 0x0
004083EE . C78424 C40000>MOV DWORD PTR SS:[ESP+0xC4], 0x2 ; 下面为加入特征字串
004083F9 . 6A 38 PUSH 0x38 ; 8
004083FB . 8D8424 D40000>LEA EAX, DWORD PTR SS:[ESP+0xD4]
00408402 . 50 PUSH EAX
00408403 . 8D4C24 34 LEA ECX, DWORD PTR SS:[ESP+0x34]
00408407 . 51 PUSH ECX
00408408 . E8 E3C8FFFF CALL USBRecov.00404CF0
0040840D . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x3
00408415 . 6A 62 PUSH 0x62 ; b
00408417 . 50 PUSH EAX
00408418 . 8D5424 5C LEA EDX, DWORD PTR SS:[ESP+0x5C]
0040841C . 52 PUSH EDX
0040841D . E8 CEC8FFFF CALL USBRecov.00404CF0
00408422 . C68424 DC0000>MOV BYTE PTR SS:[ESP+0xDC], 0x4
0040842A . 6A 33 PUSH 0x33 ; 3
0040842C . 50 PUSH EAX
0040842D . 8D4424 58 LEA EAX, DWORD PTR SS:[ESP+0x58]
00408431 . 50 PUSH EAX
00408432 . E8 B9C8FFFF CALL USBRecov.00404CF0
00408437 . C68424 E80000>MOV BYTE PTR SS:[ESP+0xE8], 0x5
0040843F . 6A 7A PUSH 0x7A ; z
00408441 . 50 PUSH EAX
00408442 . 8D4C24 4C LEA ECX, DWORD PTR SS:[ESP+0x4C]
00408446 . 51 PUSH ECX
00408447 . E8 A4C8FFFF CALL USBRecov.00404CF0
0040844C . C68424 F40000>MOV BYTE PTR SS:[ESP+0xF4], 0x6
00408454 . 6A 6F PUSH 0x6F ; o
00408456 . 50 PUSH EAX
00408457 . 8D9424 8C0000>LEA EDX, DWORD PTR SS:[ESP+0x8C]
0040845E . 52 PUSH EDX
0040845F . E8 8CC8FFFF CALL USBRecov.00404CF0
00408464 . 83C4 3C ADD ESP, 0x3C
00408467 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x8
0040846F . 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20]
00408473 . E8 784A0000 CALL USBRecov.0040CEF0
00408478 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x9
00408480 . 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38]
00408484 . E8 674A0000 CALL USBRecov.0040CEF0
00408489 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xA
00408491 . 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48]
00408495 . E8 564A0000 CALL USBRecov.0040CEF0
0040849A . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xB
004084A2 . 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C]
004084A6 . E8 454A0000 CALL USBRecov.0040CEF0
004084AB . 8B4424 58 MOV EAX, DWORD PTR SS:[ESP+0x58]
004084AF . 85C0 TEST EAX, EAX ; 用户名加上特征字串,这里加上的是8b3zo
004084B1 . 74 05 JE SHORT USBRecov.004084B8 ; ASCII "CrackVip8b3zo"
004084B3 . 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
004084B6 . EB 07 JMP SHORT USBRecov.004084BF
004084B8 > 33C9 XOR ECX, ECX
004084BA . B8 E03E4300 MOV EAX, USBRecov.00433EE0
004084BF > 51 PUSH ECX
004084C0 . 50 PUSH EAX
004084C1 . E8 2AE6FFFF CALL USBRecov.00406AF0 ; 变换算法,使用户名加密
004084C6 . 51 PUSH ECX
004084C7 . 8D4424 60 LEA EAX, DWORD PTR SS:[ESP+0x60]
004084CB . 8BCC MOV ECX, ESP
004084CD . 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
004084D1 . 50 PUSH EAX
004084D2 . E8 E9490000 CALL USBRecov.0040CEC0
004084D7 . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0xC
004084DF . 8D8C24 AC0000>LEA ECX, DWORD PTR SS:[ESP+0xAC]
004084E6 . 51 PUSH ECX
004084E7 . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0xB
004084EF . E8 4CE5FFFF CALL USBRecov.00406A40
004084F4 . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0xD ; 下面为加入特征字串
004084FC . 6A 63 PUSH 0x63 ; c
004084FE . 8D9424 F00000>LEA EDX, DWORD PTR SS:[ESP+0xF0]
00408505 . 52 PUSH EDX
00408506 . 8D4424 38 LEA EAX, DWORD PTR SS:[ESP+0x38]
0040850A . 50 PUSH EAX
0040850B . E8 E0C7FFFF CALL USBRecov.00404CF0
00408510 . C68424 E00000>MOV BYTE PTR SS:[ESP+0xE0], 0xE
00408518 . 6A 36 PUSH 0x36 ; 6
0040851A . 50 PUSH EAX
0040851B . 8D4C24 5C LEA ECX, DWORD PTR SS:[ESP+0x5C]
0040851F . 51 PUSH ECX
00408520 . E8 CBC7FFFF CALL USBRecov.00404CF0
00408525 . C68424 EC0000>MOV BYTE PTR SS:[ESP+0xEC], 0xF
0040852D . 6A 65 PUSH 0x65 ; e
0040852F . 50 PUSH EAX
00408530 . 8D5424 78 LEA EDX, DWORD PTR SS:[ESP+0x78]
00408534 . 52 PUSH EDX
00408535 . E8 B6C7FFFF CALL USBRecov.00404CF0
0040853A . C68424 F80000>MOV BYTE PTR SS:[ESP+0xF8], 0x10
00408542 . 6A 74 PUSH 0x74 ; t
00408544 . 50 PUSH EAX
00408545 . 8D4424 68 LEA EAX, DWORD PTR SS:[ESP+0x68]
00408549 . 50 PUSH EAX
0040854A . E8 A1C7FFFF CALL USBRecov.00404CF0
0040854F . 83C4 40 ADD ESP, 0x40
00408552 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x11
0040855A . 6A 65 PUSH 0x65 ; e
0040855C . 50 PUSH EAX
0040855D . 8D4C24 68 LEA ECX, DWORD PTR SS:[ESP+0x68]
00408561 . 51 PUSH ECX
00408562 . E8 89C7FFFF CALL USBRecov.00404CF0 ; 邮箱加入特征字串c6ete
00408567 . 83C4 0C ADD ESP, 0xC
0040856A . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x13
00408572 . 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C]
00408576 . E8 75490000 CALL USBRecov.0040CEF0
0040857B . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x14
00408583 . 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48]
00408587 . E8 64490000 CALL USBRecov.0040CEF0
0040858C . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x15
00408594 . 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38]
00408598 . E8 53490000 CALL USBRecov.0040CEF0
0040859D . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x16
004085A5 . 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20]
004085A9 . E8 42490000 CALL USBRecov.0040CEF0
004085AE . 8B4424 64 MOV EAX, DWORD PTR SS:[ESP+0x64]
004085B2 . 85C0 TEST EAX, EAX
004085B4 . 74 05 JE SHORT USBRecov.004085BB
004085B6 . 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
004085B9 . EB 07 JMP SHORT USBRecov.004085C2
004085BB > 33C9 XOR ECX, ECX
004085BD . B8 E03E4300 MOV EAX, USBRecov.00433EE0
004085C2 > 51 PUSH ECX
004085C3 . 50 PUSH EAX
004085C4 . E8 27E5FFFF CALL USBRecov.00406AF0 ; 变形算法
004085C9 . 51 PUSH ECX
004085CA . 8D5424 6C LEA EDX, DWORD PTR SS:[ESP+0x6C]
004085CE . 8BCC MOV ECX, ESP
004085D0 . 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
004085D4 . 52 PUSH EDX
004085D5 . E8 E6480000 CALL USBRecov.0040CEC0
004085DA . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x17
004085E2 . 8D8424 9C0000>LEA EAX, DWORD PTR SS:[ESP+0x9C]
004085E9 . 50 PUSH EAX
004085EA . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x16
004085F2 . E8 49E4FFFF CALL USBRecov.00406A40 ; MD5
004085F7 . 83C4 10 ADD ESP, 0x10
004085FA . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x18
00408602 . 6A FF PUSH -0x1
00408604 . 68 E03E4300 PUSH USBRecov.00433EE0
00408609 . 8D4C24 18 LEA ECX, DWORD PTR SS:[ESP+0x18]
0040860D . E8 0E520000 CALL USBRecov.0040D820
00408612 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19
0040861A . 68 BC91E911 PUSH 0x11E991BC ; 这个是什么数字,转成数字后是300519868,经过分析这里为软

件特征
0040861F . 8D4C24 14 LEA ECX, DWORD PTR SS:[ESP+0x14]
00408623 . E8 E8530000 CALL USBRecov.0040DA10 ; 取其中的后面8位数字?
00408628 . 6A FF PUSH -0x1
0040862A . 68 E03E4300 PUSH USBRecov.00433EE0
0040862F . 8D4C24 74 LEA ECX, DWORD PTR SS:[ESP+0x74]
00408633 . E8 E8510000 CALL USBRecov.0040D820
00408638 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1A ; 再加上特征字串
00408640 . 6A 6B PUSH 0x6B ; k
00408642 . 50 PUSH EAX
00408643 . 8D8C24 800000>LEA ECX, DWORD PTR SS:[ESP+0x80]
0040864A . 51 PUSH ECX
0040864B . E8 A0C6FFFF CALL USBRecov.00404CF0
00408650 . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x1B
00408658 . 6A 72 PUSH 0x72 ; r
0040865A . 50 PUSH EAX
0040865B . 8D5424 34 LEA EDX, DWORD PTR SS:[ESP+0x34]
0040865F . 52 PUSH EDX
00408660 . E8 8BC6FFFF CALL USBRecov.00404CF0
00408665 . C68424 DC0000>MOV BYTE PTR SS:[ESP+0xDC], 0x1C
0040866D . 6A 78 PUSH 0x78 ; x
0040866F . 50 PUSH EAX
00408670 . 8D4424 58 LEA EAX, DWORD PTR SS:[ESP+0x58]
00408674 . 50 PUSH EAX
00408675 . E8 76C6FFFF CALL USBRecov.00404CF0
0040867A . C68424 E80000>MOV BYTE PTR SS:[ESP+0xE8], 0x1D
00408682 . 6A 35 PUSH 0x35 ; 5
00408684 . 50 PUSH EAX
00408685 . 8D4C24 74 LEA ECX, DWORD PTR SS:[ESP+0x74]
00408689 . 51 PUSH ECX
0040868A . E8 61C6FFFF CALL USBRecov.00404CF0
0040868F . B3 1E MOV BL, 0x1E ; 长度吗?30
00408691 . 889C24 F40000>MOV BYTE PTR SS:[ESP+0xF4], BL
00408698 . 6A 6C PUSH 0x6C ; l
0040869A . 50 PUSH EAX
0040869B . 8D5424 64 LEA EDX, DWORD PTR SS:[ESP+0x64]
0040869F . 52 PUSH EDX
004086A0 . E8 4BC6FFFF CALL USBRecov.00404CF0
004086A5 . 83C4 3C ADD ESP, 0x3C
004086A8 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1F
004086B0 . 50 PUSH EAX
004086B1 . 8D4C24 14 LEA ECX, DWORD PTR SS:[ESP+0x14]
004086B5 . E8 16500000 CALL USBRecov.0040D6D0
004086BA . 889C24 C40000>MOV BYTE PTR SS:[ESP+0xC4], BL
004086C1 . 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C]
004086C5 . E8 26480000 CALL USBRecov.0040CEF0
004086CA . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1D
004086D2 . 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48]
004086D6 . E8 15480000 CALL USBRecov.0040CEF0
004086DB . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1C
004086E3 . 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38]
004086E7 . E8 04480000 CALL USBRecov.0040CEF0
004086EC . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1B
004086F4 . 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20]
004086F8 . E8 F3470000 CALL USBRecov.0040CEF0
004086FD . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1A
00408705 . 8D4C24 78 LEA ECX, DWORD PTR SS:[ESP+0x78]
00408709 . E8 E2470000 CALL USBRecov.0040CEF0
0040870E . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19
00408716 . 8D4C24 6C LEA ECX, DWORD PTR SS:[ESP+0x6C]
0040871A . E8 D1470000 CALL USBRecov.0040CEF0 ; 上面的字串,再加特征码,这个特征码是固定的
0040871F . 8B4424 14 MOV EAX, DWORD PTR SS:[ESP+0x14] ; ASCII "300519868krx5l"
00408723 . 85C0 TEST EAX, EAX
00408725 . 74 05 JE SHORT USBRecov.0040872C
00408727 . 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
0040872A . EB 07 JMP SHORT USBRecov.00408733
0040872C > 33C9 XOR ECX, ECX
0040872E . B8 E03E4300 MOV EAX, USBRecov.00433EE0
00408733 > 51 PUSH ECX
00408734 . 50 PUSH EAX
00408735 . E8 B6E3FFFF CALL USBRecov.00406AF0
0040873A . 51 PUSH ECX
0040873B . 8D4424 1C LEA EAX, DWORD PTR SS:[ESP+0x1C]
0040873F . 8BCC MOV ECX, ESP
00408741 . 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
00408745 . 50 PUSH EAX
00408746 . E8 75470000 CALL USBRecov.0040CEC0
0040874B . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x20
00408753 . 8D8C24 B80000>LEA ECX, DWORD PTR SS:[ESP+0xB8]
0040875A . 51 PUSH ECX
0040875B . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x19
00408763 . E8 D8E2FFFF CALL USBRecov.00406A40 ; MD5运算
00408768 . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x21
00408770 . 83C4 04 ADD ESP, 0x4
00408773 . 8D9424 B80000>LEA EDX, DWORD PTR SS:[ESP+0xB8]
0040877A . 8BCC MOV ECX, ESP
0040877C . 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP
00408780 . 52 PUSH EDX
00408781 . E8 3A470000 CALL USBRecov.0040CEC0 ; 刚刚取到的MD5值
00408786 . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x22
0040878E . 68 1C494300 PUSH USBRecov.0043491C ; -
00408793 . 83EC 0C SUB ESP, 0xC
00408796 . 8BF4 MOV ESI, ESP
00408798 . 89A424 B80000>MOV DWORD PTR SS:[ESP+0xB8], ESP
0040879F . 83EC 0C SUB ESP, 0xC
004087A2 . 8D8424 B80000>LEA EAX, DWORD PTR SS:[ESP+0xB8]
004087A9 . 8BCC MOV ECX, ESP
004087AB . 89A424 E00000>MOV DWORD PTR SS:[ESP+0xE0], ESP
004087B2 . 50 PUSH EAX
004087B3 . E8 08470000 CALL USBRecov.0040CEC0
004087B8 . B3 23 MOV BL, 0x23
004087BA . 889C24 EC0000>MOV BYTE PTR SS:[ESP+0xEC], BL
004087C1 . 68 1C494300 PUSH USBRecov.0043491C ; -
004087C6 . 83EC 0C SUB ESP, 0xC
004087C9 . 8D9424 D80000>LEA EDX, DWORD PTR SS:[ESP+0xD8]
004087D0 . 8BCC MOV ECX, ESP
004087D2 . 896424 7C MOV DWORD PTR SS:[ESP+0x7C], ESP
004087D6 . 52 PUSH EDX
004087D7 . E8 E4460000 CALL USBRecov.0040CEC0
004087DC . C68424 FC0000>MOV BYTE PTR SS:[ESP+0xFC], 0x24
004087E4 . 8D8424 B00000>LEA EAX, DWORD PTR SS:[ESP+0xB0]
004087EB . 50 PUSH EAX
004087EC . 889C24 000100>MOV BYTE PTR SS:[ESP+0x100], BL
004087F3 . E8 B894FFFF CALL USBRecov.00401CB0
004087F8 . 83C4 14 ADD ESP, 0x14
004087FB . C68424 EC0000>MOV BYTE PTR SS:[ESP+0xEC], 0x25
00408803 . 50 PUSH EAX
00408804 . B3 26 MOV BL, 0x26 ; 26?
00408806 . 56 PUSH ESI
00408807 . 889C24 F40000>MOV BYTE PTR SS:[ESP+0xF4], BL
0040880E . E8 1D94FFFF CALL USBRecov.00401C30
00408813 . 83C4 14 ADD ESP, 0x14
00408816 . C68424 E00000>MOV BYTE PTR SS:[ESP+0xE0], 0x27
0040881E . 8D8C24 880000>LEA ECX, DWORD PTR SS:[ESP+0x88]
00408825 . 51 PUSH ECX
00408826 . 889C24 E40000>MOV BYTE PTR SS:[ESP+0xE4], BL
0040882D . E8 7E94FFFF CALL USBRecov.00401CB0
00408832 . 83C4 14 ADD ESP, 0x14
00408835 . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x28
0040883D . 8BB424 D80000>MOV ESI, DWORD PTR SS:[ESP+0xD8]
00408844 . 50 PUSH EAX
00408845 . 56 PUSH ESI
00408846 . C68424 D80000>MOV BYTE PTR SS:[ESP+0xD8], 0x2A
0040884E . E8 DD93FFFF CALL USBRecov.00401C30
00408853 . 83C4 14 ADD ESP, 0x14
00408856 . BB 01000000 MOV EBX, 0x1
0040885B . 895C24 1C MOV DWORD PTR SS:[ESP+0x1C], EBX
0040885F . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x29
00408867 . 8D4C24 6C LEA ECX, DWORD PTR SS:[ESP+0x6C]
0040886B . E8 80460000 CALL USBRecov.0040CEF0
00408870 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x21
00408878 . 8D4C24 78 LEA ECX, DWORD PTR SS:[ESP+0x78]
0040887C . E8 6F460000 CALL USBRecov.0040CEF0
00408881 . 83EC 0C SUB ESP, 0xC
00408884 . 8BCC MOV ECX, ESP
00408886 . 896424 50 MOV DWORD PTR SS:[ESP+0x50], ESP
0040888A . 56 PUSH ESI
0040888B . E8 30460000 CALL USBRecov.0040CEC0
00408890 . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x2B
00408898 . 8D9424 900000>LEA EDX, DWORD PTR SS:[ESP+0x90]
0040889F . 52 PUSH EDX
004088A0 . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x21
004088A8 . E8 93E1FFFF CALL USBRecov.00406A40 ; 再MD5
004088AD . 83C4 10 ADD ESP, 0x10
004088B0 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x2C
004088B8 . 8D8424 840000>LEA EAX, DWORD PTR SS:[ESP+0x84]
004088BF . 50 PUSH EAX
004088C0 . 8BCE MOV ECX, ESI
004088C2 . E8 29470000 CALL USBRecov.0040CFF0
004088C7 . 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
004088CA . 85C0 TEST EAX, EAX
004088CC . 74 12 JE SHORT USBRecov.004088E0
004088CE . 8378 F8 08 CMP DWORD PTR DS:[EAX-0x8], 0x8
004088D2 . 7C 0C JL SHORT USBRecov.004088E0
004088D4 . 6A 07 PUSH 0x7 ; 第7个替换
004088D6 . 8BCE MOV ECX, ESI
004088D8 . E8 D3440000 CALL USBRecov.0040CDB0
004088DD . C600 2D MOV BYTE PTR DS:[EAX], 0x2D ; -
004088E0 > 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
004088E3 . 85C0 TEST EAX, EAX
004088E5 . 74 12 JE SHORT USBRecov.004088F9
004088E7 . 8378 F8 10 CMP DWORD PTR DS:[EAX-0x8], 0x10
004088EB . 7C 0C JL SHORT USBRecov.004088F9
004088ED . 6A 0F PUSH 0xF ; 第F(15)个替换-
004088EF . 8BCE MOV ECX, ESI
004088F1 . E8 BA440000 CALL USBRecov.0040CDB0
004088F6 . C600 2D MOV BYTE PTR DS:[EAX], 0x2D
004088F9 > 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
004088FC . 85C0 TEST EAX, EAX
004088FE . 74 12 JE SHORT USBRecov.00408912
00408900 . 8378 F8 18 CMP DWORD PTR DS:[EAX-0x8], 0x18
00408904 . 7C 0C JL SHORT USBRecov.00408912
00408906 . 6A 17 PUSH 0x17 ; 第0x17个位置替换-
00408908 . 8BCE MOV ECX, ESI
0040890A . E8 A1440000 CALL USBRecov.0040CDB0
0040890F . C600 2D MOV BYTE PTR DS:[EAX], 0x2D ; -
00408912 > 8BCE MOV ECX, ESI
00408914 . E8 F74A0000 CALL USBRecov.0040D410
00408919 . 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4]
0040891C . 85C0 TEST EAX, EAX
0040891E . 74 05 JE SHORT USBRecov.00408925
00408920 . 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8]
00408923 . EB 02 JMP SHORT USBRecov.00408927
00408925 > 33C9 XOR ECX, ECX
00408927 > 85C0 TEST EAX, EAX
00408929 . 75 05 JNZ SHORT USBRecov.00408930
0040892B . B8 E03E4300 MOV EAX, USBRecov.00433EE0
00408930 > 51 PUSH ECX
00408931 . 50 PUSH EAX
00408932 . E8 D9E1FFFF CALL USBRecov.00406B10 ; 替换字串0为E
00408937 . 83C4 08 ADD ESP, 0x8
0040893A . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x21
00408942 . 8D8C24 840000>LEA ECX, DWORD PTR SS:[ESP+0x84]
00408949 . E8 A2450000 CALL USBRecov.0040CEF0
0040894E . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19
00408956 . 8D8C24 AC0000>LEA ECX, DWORD PTR SS:[ESP+0xAC]
0040895D . E8 8E450000 CALL USBRecov.0040CEF0
00408962 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x18
0040896A . 8D4C24 10 LEA ECX, DWORD PTR SS:[ESP+0x10]
0040896E . E8 7D450000 CALL USBRecov.0040CEF0
00408973 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x16
0040897B . 8D8C24 900000>LEA ECX, DWORD PTR SS:[ESP+0x90]
00408982 . E8 69450000 CALL USBRecov.0040CEF0
00408987 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xD
0040898F . 8D4C24 60 LEA ECX, DWORD PTR SS:[ESP+0x60]
00408993 . E8 58450000 CALL USBRecov.0040CEF0
00408998 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xB
004089A0 . 8D8C24 A00000>LEA ECX, DWORD PTR SS:[ESP+0xA0]
004089A7 . E8 44450000 CALL USBRecov.0040CEF0
004089AC . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x2
004089B4 . 8D4C24 54 LEA ECX, DWORD PTR SS:[ESP+0x54]
004089B8 . E8 33450000 CALL USBRecov.0040CEF0
004089BD . 889C24 C40000>MOV BYTE PTR SS:[ESP+0xC4], BL
004089C4 . 8D8C24 D00000>LEA ECX, DWORD PTR SS:[ESP+0xD0]
004089CB . E8 20450000 CALL USBRecov.0040CEF0
004089D0 . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x0
004089D8 . 8D8C24 DC0000>LEA ECX, DWORD PTR SS:[ESP+0xDC]
004089DF . E8 0C450000 CALL USBRecov.0040CEF0
004089E4 . 8BC6 MOV EAX, ESI
004089E6 . 8B8C24 BC0000>MOV ECX, DWORD PTR SS:[ESP+0xBC]
004089ED . 64:890D 00000>MOV DWORD PTR FS:[0], ECX
004089F4 . 59 POP ECX
004089F5 . 5E POP ESI
004089F6 . 5B POP EBX
004089F7 . 81C4 BC000000 ADD ESP, 0xBC
004089FD \. C3 RETN


$+28 > 00A62C54 ASCII "1E32A25-7B2D9E4-6D62B8C-559A2E63"
0012ED58 00A62C54 ASCII "E62E51E-E85C1D2-2BCF48C-791D4946"

>0012ED58 00A62C54 ASCII "E62E51E-E85C1D2-2BCF48C-791D4946"
>

CrackVip
CrackVip@qq.com
E62E51E-E85C1D2-2BCF48C-791D4946

EAX 00000000
ECX 00433EE1 USBRecov.00433EE1
EDX 00A6449D ASCII "4ce6db3d030f90eea1d40f4c5c56b4f"
EAX 0012F0B0
ECX 00433EE1 USBRecov.00433EE1
EDX 00A64E65 ASCII "5a3523cd7106b9552b874cb26c99e71"
EAX 0012F014
ECX 00434965 USBRecov.00434965
EDX 00A64509 ASCII "4cb26c99e71"
EAX 0012F014
ECX 00434939 USBRecov.00434939
EDX 00A6450D ASCII "6c99e71"


软件版本特征码


4415=<2<ov|1h
========MD5======================
d2c1cc6258f65227e7835fc416191e3f (32)
58f65227e7835fc4 (16)

**me
hehe112233@qq.com
4444444-3333333-2222222-1111111

EAX 0012F0B0
ECX 00433EE1 USBRecov.00433EE1
EDX 00A64E7D ASCII ""
bf3820b3ea6c781ac9c608dc403d24f

EAX 0012EDC0
ECX 00433EE1 USBRecov.00433EE1
"9d0a5d0ff71be8dbf5ac618ba3195db"

堆栈 SS:[0012ECAC]=00A64B34, (ASCII "1111111-2222222c6ete300519868")
EAX=0012ECA8

5555555)6666666g2apa74415=<2<
-----》》》》MD5
a6853cdc095af227aabca40cccf15655

a6853cdc095af227aabca40cccf15655
" dc095af227aabca40cccf15655"
在第7位加入-,并转大写
ASCII "A6853C-C095AF227"
=============================================================
用户名加上特征字串------>>>ASCII "CrackVip8b3zo"
然后异或算法,得到加密后的字串 ASCII "GvegoRmt<f7~k"

该特征码MD5后
fbbbb696856b99fe30fa649668386e8f (32)
856b99fe30fa6496 (16)
============================================================
邮箱加上特征码------------->>>>>>>>>>crackvip@qq.comc6ete
然后与4异或算法,得到加密后的字串 ASCII "gvegormtDuu*gkig2apa"
该特征码MD5后
f14df3a3320192d94f106b6d306bdd1a (32)
320192d94f106b6d (16)

=============================================================
固定特征码字串
> 00A64E24 ASCII "300519868krx5l"
然后与4异或算法,得到加密后的字串 ASCII "74415=<2<ov|1h"

MD5后

fa10413a614948270e60f748774e9f83 (32)
614948270e60f748 (16)
==============================================================
将前面三组MD5中间加“-”号,再次进行MD5(全部为小写)
fbbbb696856b99fe30fa649668386e8f-f14df3a3320192d94f106b6d306bdd1a-fa10413a614948270e60f748774e9f83

$-70 > 00A647C4 ASCII "fbbbb696856b99fe30fa649668386e8f-f14df3a3320192d94f106b6d306bdd1a-fa10413a614948270e60f748774e9f83"


MD5后
2ae431a6f3aa183cd826dfcc518079f9 (32)
f3aa183cd826dfcc (16)
ASCII "2AE431A-F3AA183-D826DFC-518E79F9"
[/table][table=98%]


评分

参与人数 21HB +29 THX +10 收起 理由
花盗睡鼠 + 2 + 1 [吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守!
24567 + 2
attackmyth + 2 [吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守!
Soul1999 + 1
后学真 + 1
消逝的过去 + 2
飞刀梦想 + 1
冷亦飞 + 1
zxjzzh + 1 [吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少!
三月十六 + 1
jaunic + 2
hackysh + 1
上帝的恩赐 + 2 [吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少!
kll545012 + 1 [吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少!
lies + 1
lin83732703 + 1 + 1 ★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!!
xtzf + 1 + 1 评分=感恩!简单却充满爱!感谢您的作品!
逍遥枷锁 + 4 + 1 好人有好报!你的热心我永远不忘!谢谢!
雪里红 + 1 + 1 评分=感恩!简单却充满爱!感谢您的作品!
cfc0699 + 1 + 1 【补充思路】求思路请描述清楚自己的分析过程,希望稍后重新发布提问,并描述您的分析
Shark恒 + 3 + 1 评分=感恩!简单却充满爱!感谢您的作品!!

查看全部评分

吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
消逝的过去 发表于 2022-1-19 08:46 | 显示全部楼层
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
ldzsl 发表于 2022-1-19 10:24 | 显示全部楼层

好好学习天天向上
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
hackysh 发表于 2022-2-6 02:30 | 显示全部楼层
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
头像被屏蔽
别管我了行 发表于 2022-3-11 04:17 | 显示全部楼层

提示: 作者被禁止或删除 内容自动屏蔽
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
头像被屏蔽
4957465 发表于 2022-5-15 01:22 | 显示全部楼层
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
头像被屏蔽
4957465 发表于 2022-5-15 02:06 | 显示全部楼层

提示: 作者被禁止或删除 内容自动屏蔽
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
曾经沧海 发表于 2022-11-24 06:38 | 显示全部楼层

不明觉厉,赞一个!
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
一生逍遥 发表于 2022-12-17 06:45 | 显示全部楼层

我来继续学习,谢谢~!
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
一生逍遥 发表于 2023-5-17 20:28 | 显示全部楼层

感谢分享宝贵经验
吾爱汇编论坛-学破解,防破解!知进攻,懂防守!逆向分析,软件安全!52HB.COM
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

警告:本站严惩灌水回复,尊重自己从尊重他人开始!

1层
2层
3层
4层
5层
6层
7层
8层
9层
10层

免责声明

吾爱汇编(www.52hb.com)所讨论的技术及相关工具仅限用于研究学习,皆在提高软件产品的安全性,严禁用于不良动机。任何个人、团体、组织不得将其用于非法目的,否则,一切后果自行承担。吾爱汇编不承担任何因为技术滥用所产生的连带责任。吾爱汇编内容源于网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除。如有侵权请邮件或微信与我们联系处理。

站长邮箱:SharkHeng@sina.com
站长QQ:1140549900


QQ|RSS|手机版|小黑屋|帮助|吾爱汇编 ( 京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图

Powered by Discuz!

吾爱汇编 www.52hb.com

快速回复 返回顶部 返回列表