=======================以下为算法CALL=============================== |
004083B0 /$ 6A FF PUSH -0x1 ; 这里是算法3 |
004083B2 | . 68 A73B4200 PUSH USBRecov.00423BA7 |
004083B7 | . 64:A1 0000000>MOV EAX, DWORD PTR FS:[0] |
004083BE | . 81EC B0000000 SUB ESP, 0xB0 |
004083C6 | . A1 80BD4300 MOV EAX, DWORD PTR DS:[0x43BD80] |
004083CB | . 33C4 XOR EAX, ESP |
004083CE | . 8D8424 BC0000>LEA EAX, DWORD PTR SS:[ESP+0xBC] |
004083D5 | . 64:A3 0000000>MOV DWORD PTR FS:[0], EAX |
004083DB | . C78424 C40000>MOV DWORD PTR SS:[ESP+0xC4], 0x0 |
004083E6 | . C74424 1C 000>MOV DWORD PTR SS:[ESP+0x1C], 0x0 |
004083EE | . C78424 C40000>MOV DWORD PTR SS:[ESP+0xC4], 0x2 ; 下面为加入特征字串 |
004083F9 | . 6A 38 PUSH 0x38 ; 8 |
004083FB | . 8D8424 D40000>LEA EAX, DWORD PTR SS:[ESP+0xD4] |
00408403 | . 8D4C24 34 LEA ECX, DWORD PTR SS:[ESP+0x34] |
00408408 | . E8 E3C8FFFF CALL USBRecov.00404CF0 |
0040840D | . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x3 |
00408415 | . 6A 62 PUSH 0x62 ; b |
00408418 | . 8D5424 5C LEA EDX, DWORD PTR SS:[ESP+0x5C] |
0040841D | . E8 CEC8FFFF CALL USBRecov.00404CF0 |
00408422 | . C68424 DC0000>MOV BYTE PTR SS:[ESP+0xDC], 0x4 |
0040842A | . 6A 33 PUSH 0x33 ; 3 |
0040842D | . 8D4424 58 LEA EAX, DWORD PTR SS:[ESP+0x58] |
00408432 | . E8 B9C8FFFF CALL USBRecov.00404CF0 |
00408437 | . C68424 E80000>MOV BYTE PTR SS:[ESP+0xE8], 0x5 |
0040843F | . 6A 7A PUSH 0x7A ; z |
00408442 | . 8D4C24 4C LEA ECX, DWORD PTR SS:[ESP+0x4C] |
00408447 | . E8 A4C8FFFF CALL USBRecov.00404CF0 |
0040844C | . C68424 F40000>MOV BYTE PTR SS:[ESP+0xF4], 0x6 |
00408454 | . 6A 6F PUSH 0x6F ; o |
00408457 | . 8D9424 8C0000>LEA EDX, DWORD PTR SS:[ESP+0x8C] |
0040845F | . E8 8CC8FFFF CALL USBRecov.00404CF0 |
00408464 | . 83C4 3C ADD ESP, 0x3C |
00408467 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x8 |
0040846F | . 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20] |
00408473 | . E8 784A0000 CALL USBRecov.0040CEF0 |
00408478 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x9 |
00408480 | . 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38] |
00408484 | . E8 674A0000 CALL USBRecov.0040CEF0 |
00408489 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xA |
00408491 | . 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48] |
00408495 | . E8 564A0000 CALL USBRecov.0040CEF0 |
0040849A | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xB |
004084A2 | . 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C] |
004084A6 | . E8 454A0000 CALL USBRecov.0040CEF0 |
004084AB | . 8B4424 58 MOV EAX, DWORD PTR SS:[ESP+0x58] |
004084AF | . 85C0 TEST EAX, EAX ; 用户名加上特征字串,这里加上的是8b3zo |
004084B1 | . 74 05 JE SHORT USBRecov.004084B8 ; ASCII "CrackVip8b3zo" |
004084B3 | . 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8] |
004084B6 | . EB 07 JMP SHORT USBRecov.004084BF |
004084B8 | > 33C9 XOR ECX, ECX |
004084BA | . B8 E03E4300 MOV EAX, USBRecov.00433EE0 |
004084C1 | . E8 2AE6FFFF CALL USBRecov.00406AF0 ; 变换算法,使用户名加密 |
004084C7 | . 8D4424 60 LEA EAX, DWORD PTR SS:[ESP+0x60] |
004084CB | . 8BCC MOV ECX, ESP |
004084CD | . 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP |
004084D2 | . E8 E9490000 CALL USBRecov.0040CEC0 |
004084D7 | . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0xC |
004084DF | . 8D8C24 AC0000>LEA ECX, DWORD PTR SS:[ESP+0xAC] |
004084E7 | . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0xB |
004084EF | . E8 4CE5FFFF CALL USBRecov.00406A40 |
004084F4 | . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0xD ; 下面为加入特征字串 |
004084FC | . 6A 63 PUSH 0x63 ; c |
004084FE | . 8D9424 F00000>LEA EDX, DWORD PTR SS:[ESP+0xF0] |
00408506 | . 8D4424 38 LEA EAX, DWORD PTR SS:[ESP+0x38] |
0040850B | . E8 E0C7FFFF CALL USBRecov.00404CF0 |
00408510 | . C68424 E00000>MOV BYTE PTR SS:[ESP+0xE0], 0xE |
00408518 | . 6A 36 PUSH 0x36 ; 6 |
0040851B | . 8D4C24 5C LEA ECX, DWORD PTR SS:[ESP+0x5C] |
00408520 | . E8 CBC7FFFF CALL USBRecov.00404CF0 |
00408525 | . C68424 EC0000>MOV BYTE PTR SS:[ESP+0xEC], 0xF |
0040852D | . 6A 65 PUSH 0x65 ; e |
00408530 | . 8D5424 78 LEA EDX, DWORD PTR SS:[ESP+0x78] |
00408535 | . E8 B6C7FFFF CALL USBRecov.00404CF0 |
0040853A | . C68424 F80000>MOV BYTE PTR SS:[ESP+0xF8], 0x10 |
00408542 | . 6A 74 PUSH 0x74 ; t |
00408545 | . 8D4424 68 LEA EAX, DWORD PTR SS:[ESP+0x68] |
0040854A | . E8 A1C7FFFF CALL USBRecov.00404CF0 |
0040854F | . 83C4 40 ADD ESP, 0x40 |
00408552 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x11 |
0040855A | . 6A 65 PUSH 0x65 ; e |
0040855D | . 8D4C24 68 LEA ECX, DWORD PTR SS:[ESP+0x68] |
00408562 | . E8 89C7FFFF CALL USBRecov.00404CF0 ; 邮箱加入特征字串c6ete |
00408567 | . 83C4 0C ADD ESP, 0xC |
0040856A | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x13 |
00408572 | . 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C] |
00408576 | . E8 75490000 CALL USBRecov.0040CEF0 |
0040857B | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x14 |
00408583 | . 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48] |
00408587 | . E8 64490000 CALL USBRecov.0040CEF0 |
0040858C | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x15 |
00408594 | . 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38] |
00408598 | . E8 53490000 CALL USBRecov.0040CEF0 |
0040859D | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x16 |
004085A5 | . 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20] |
004085A9 | . E8 42490000 CALL USBRecov.0040CEF0 |
004085AE | . 8B4424 64 MOV EAX, DWORD PTR SS:[ESP+0x64] |
004085B2 | . 85C0 TEST EAX, EAX |
004085B4 | . 74 05 JE SHORT USBRecov.004085BB |
004085B6 | . 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8] |
004085B9 | . EB 07 JMP SHORT USBRecov.004085C2 |
004085BB | > 33C9 XOR ECX, ECX |
004085BD | . B8 E03E4300 MOV EAX, USBRecov.00433EE0 |
004085C4 | . E8 27E5FFFF CALL USBRecov.00406AF0 ; 变形算法 |
004085CA | . 8D5424 6C LEA EDX, DWORD PTR SS:[ESP+0x6C] |
004085CE | . 8BCC MOV ECX, ESP |
004085D0 | . 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP |
004085D5 | . E8 E6480000 CALL USBRecov.0040CEC0 |
004085DA | . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x17 |
004085E2 | . 8D8424 9C0000>LEA EAX, DWORD PTR SS:[ESP+0x9C] |
004085EA | . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x16 |
004085F2 | . E8 49E4FFFF CALL USBRecov.00406A40 ; MD5 |
004085F7 | . 83C4 10 ADD ESP, 0x10 |
004085FA | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x18 |
00408602 | . 6A FF PUSH -0x1 |
00408604 | . 68 E03E4300 PUSH USBRecov.00433EE0 |
00408609 | . 8D4C24 18 LEA ECX, DWORD PTR SS:[ESP+0x18] |
0040860D | . E8 0E520000 CALL USBRecov.0040D820 |
00408612 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19 |
0040861A | . 68 BC91E911 PUSH 0x11E991BC ; 这个是什么数字,转成数字后是300519868,经过分析这里为软 |
0040861F | . 8D4C24 14 LEA ECX, DWORD PTR SS:[ESP+0x14] |
00408623 | . E8 E8530000 CALL USBRecov.0040DA10 ; 取其中的后面8位数字? |
00408628 | . 6A FF PUSH -0x1 |
0040862A | . 68 E03E4300 PUSH USBRecov.00433EE0 |
0040862F | . 8D4C24 74 LEA ECX, DWORD PTR SS:[ESP+0x74] |
00408633 | . E8 E8510000 CALL USBRecov.0040D820 |
00408638 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1A ; 再加上特征字串 |
00408640 | . 6A 6B PUSH 0x6B ; k |
00408643 | . 8D8C24 800000>LEA ECX, DWORD PTR SS:[ESP+0x80] |
0040864B | . E8 A0C6FFFF CALL USBRecov.00404CF0 |
00408650 | . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x1B |
00408658 | . 6A 72 PUSH 0x72 ; r |
0040865B | . 8D5424 34 LEA EDX, DWORD PTR SS:[ESP+0x34] |
00408660 | . E8 8BC6FFFF CALL USBRecov.00404CF0 |
00408665 | . C68424 DC0000>MOV BYTE PTR SS:[ESP+0xDC], 0x1C |
0040866D | . 6A 78 PUSH 0x78 ; x |
00408670 | . 8D4424 58 LEA EAX, DWORD PTR SS:[ESP+0x58] |
00408675 | . E8 76C6FFFF CALL USBRecov.00404CF0 |
0040867A | . C68424 E80000>MOV BYTE PTR SS:[ESP+0xE8], 0x1D |
00408682 | . 6A 35 PUSH 0x35 ; 5 |
00408685 | . 8D4C24 74 LEA ECX, DWORD PTR SS:[ESP+0x74] |
0040868A | . E8 61C6FFFF CALL USBRecov.00404CF0 |
0040868F | . B3 1E MOV BL, 0x1E ; 长度吗?30 |
00408691 | . 889C24 F40000>MOV BYTE PTR SS:[ESP+0xF4], BL |
00408698 | . 6A 6C PUSH 0x6C ; l |
0040869B | . 8D5424 64 LEA EDX, DWORD PTR SS:[ESP+0x64] |
004086A0 | . E8 4BC6FFFF CALL USBRecov.00404CF0 |
004086A5 | . 83C4 3C ADD ESP, 0x3C |
004086A8 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1F |
004086B1 | . 8D4C24 14 LEA ECX, DWORD PTR SS:[ESP+0x14] |
004086B5 | . E8 16500000 CALL USBRecov.0040D6D0 |
004086BA | . 889C24 C40000>MOV BYTE PTR SS:[ESP+0xC4], BL |
004086C1 | . 8D4C24 2C LEA ECX, DWORD PTR SS:[ESP+0x2C] |
004086C5 | . E8 26480000 CALL USBRecov.0040CEF0 |
004086CA | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1D |
004086D2 | . 8D4C24 48 LEA ECX, DWORD PTR SS:[ESP+0x48] |
004086D6 | . E8 15480000 CALL USBRecov.0040CEF0 |
004086DB | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1C |
004086E3 | . 8D4C24 38 LEA ECX, DWORD PTR SS:[ESP+0x38] |
004086E7 | . E8 04480000 CALL USBRecov.0040CEF0 |
004086EC | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1B |
004086F4 | . 8D4C24 20 LEA ECX, DWORD PTR SS:[ESP+0x20] |
004086F8 | . E8 F3470000 CALL USBRecov.0040CEF0 |
004086FD | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x1A |
00408705 | . 8D4C24 78 LEA ECX, DWORD PTR SS:[ESP+0x78] |
00408709 | . E8 E2470000 CALL USBRecov.0040CEF0 |
0040870E | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19 |
00408716 | . 8D4C24 6C LEA ECX, DWORD PTR SS:[ESP+0x6C] |
0040871A | . E8 D1470000 CALL USBRecov.0040CEF0 ; 上面的字串,再加特征码,这个特征码是固定的 |
0040871F | . 8B4424 14 MOV EAX, DWORD PTR SS:[ESP+0x14] ; ASCII "300519868krx5l" |
00408723 | . 85C0 TEST EAX, EAX |
00408725 | . 74 05 JE SHORT USBRecov.0040872C |
00408727 | . 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8] |
0040872A | . EB 07 JMP SHORT USBRecov.00408733 |
0040872C | > 33C9 XOR ECX, ECX |
0040872E | . B8 E03E4300 MOV EAX, USBRecov.00433EE0 |
00408735 | . E8 B6E3FFFF CALL USBRecov.00406AF0 |
0040873B | . 8D4424 1C LEA EAX, DWORD PTR SS:[ESP+0x1C] |
0040873F | . 8BCC MOV ECX, ESP |
00408741 | . 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP |
00408746 | . E8 75470000 CALL USBRecov.0040CEC0 |
0040874B | . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x20 |
00408753 | . 8D8C24 B80000>LEA ECX, DWORD PTR SS:[ESP+0xB8] |
0040875B | . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x19 |
00408763 | . E8 D8E2FFFF CALL USBRecov.00406A40 ; MD5运算 |
00408768 | . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x21 |
00408770 | . 83C4 04 ADD ESP, 0x4 |
00408773 | . 8D9424 B80000>LEA EDX, DWORD PTR SS:[ESP+0xB8] |
0040877A | . 8BCC MOV ECX, ESP |
0040877C | . 896424 18 MOV DWORD PTR SS:[ESP+0x18], ESP |
00408781 | . E8 3A470000 CALL USBRecov.0040CEC0 ; 刚刚取到的MD5值 |
00408786 | . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x22 |
0040878E | . 68 1C494300 PUSH USBRecov.0043491C ; - |
00408793 | . 83EC 0C SUB ESP, 0xC |
00408796 | . 8BF4 MOV ESI, ESP |
00408798 | . 89A424 B80000>MOV DWORD PTR SS:[ESP+0xB8], ESP |
0040879F | . 83EC 0C SUB ESP, 0xC |
004087A2 | . 8D8424 B80000>LEA EAX, DWORD PTR SS:[ESP+0xB8] |
004087A9 | . 8BCC MOV ECX, ESP |
004087AB | . 89A424 E00000>MOV DWORD PTR SS:[ESP+0xE0], ESP |
004087B3 | . E8 08470000 CALL USBRecov.0040CEC0 |
004087B8 | . B3 23 MOV BL, 0x23 |
004087BA | . 889C24 EC0000>MOV BYTE PTR SS:[ESP+0xEC], BL |
004087C1 | . 68 1C494300 PUSH USBRecov.0043491C ; - |
004087C6 | . 83EC 0C SUB ESP, 0xC |
004087C9 | . 8D9424 D80000>LEA EDX, DWORD PTR SS:[ESP+0xD8] |
004087D0 | . 8BCC MOV ECX, ESP |
004087D2 | . 896424 7C MOV DWORD PTR SS:[ESP+0x7C], ESP |
004087D7 | . E8 E4460000 CALL USBRecov.0040CEC0 |
004087DC | . C68424 FC0000>MOV BYTE PTR SS:[ESP+0xFC], 0x24 |
004087E4 | . 8D8424 B00000>LEA EAX, DWORD PTR SS:[ESP+0xB0] |
004087EC | . 889C24 000100>MOV BYTE PTR SS:[ESP+0x100], BL |
004087F3 | . E8 B894FFFF CALL USBRecov.00401CB0 |
004087F8 | . 83C4 14 ADD ESP, 0x14 |
004087FB | . C68424 EC0000>MOV BYTE PTR SS:[ESP+0xEC], 0x25 |
00408804 | . B3 26 MOV BL, 0x26 ; 26? |
00408807 | . 889C24 F40000>MOV BYTE PTR SS:[ESP+0xF4], BL |
0040880E | . E8 1D94FFFF CALL USBRecov.00401C30 |
00408813 | . 83C4 14 ADD ESP, 0x14 |
00408816 | . C68424 E00000>MOV BYTE PTR SS:[ESP+0xE0], 0x27 |
0040881E | . 8D8C24 880000>LEA ECX, DWORD PTR SS:[ESP+0x88] |
00408826 | . 889C24 E40000>MOV BYTE PTR SS:[ESP+0xE4], BL |
0040882D | . E8 7E94FFFF CALL USBRecov.00401CB0 |
00408832 | . 83C4 14 ADD ESP, 0x14 |
00408835 | . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x28 |
0040883D | . 8BB424 D80000>MOV ESI, DWORD PTR SS:[ESP+0xD8] |
00408846 | . C68424 D80000>MOV BYTE PTR SS:[ESP+0xD8], 0x2A |
0040884E | . E8 DD93FFFF CALL USBRecov.00401C30 |
00408853 | . 83C4 14 ADD ESP, 0x14 |
00408856 | . BB 01000000 MOV EBX, 0x1 |
0040885B | . 895C24 1C MOV DWORD PTR SS:[ESP+0x1C], EBX |
0040885F | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x29 |
00408867 | . 8D4C24 6C LEA ECX, DWORD PTR SS:[ESP+0x6C] |
0040886B | . E8 80460000 CALL USBRecov.0040CEF0 |
00408870 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x21 |
00408878 | . 8D4C24 78 LEA ECX, DWORD PTR SS:[ESP+0x78] |
0040887C | . E8 6F460000 CALL USBRecov.0040CEF0 |
00408881 | . 83EC 0C SUB ESP, 0xC |
00408884 | . 8BCC MOV ECX, ESP |
00408886 | . 896424 50 MOV DWORD PTR SS:[ESP+0x50], ESP |
0040888B | . E8 30460000 CALL USBRecov.0040CEC0 |
00408890 | . C68424 D00000>MOV BYTE PTR SS:[ESP+0xD0], 0x2B |
00408898 | . 8D9424 900000>LEA EDX, DWORD PTR SS:[ESP+0x90] |
004088A0 | . C68424 D40000>MOV BYTE PTR SS:[ESP+0xD4], 0x21 |
004088A8 | . E8 93E1FFFF CALL USBRecov.00406A40 ; 再MD5 |
004088AD | . 83C4 10 ADD ESP, 0x10 |
004088B0 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x2C |
004088B8 | . 8D8424 840000>LEA EAX, DWORD PTR SS:[ESP+0x84] |
004088C0 | . 8BCE MOV ECX, ESI |
004088C2 | . E8 29470000 CALL USBRecov.0040CFF0 |
004088C7 | . 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4] |
004088CA | . 85C0 TEST EAX, EAX |
004088CC | . 74 12 JE SHORT USBRecov.004088E0 |
004088CE | . 8378 F8 08 CMP DWORD PTR DS:[EAX-0x8], 0x8 |
004088D2 | . 7C 0C JL SHORT USBRecov.004088E0 |
004088D4 | . 6A 07 PUSH 0x7 ; 第7个替换 |
004088D6 | . 8BCE MOV ECX, ESI |
004088D8 | . E8 D3440000 CALL USBRecov.0040CDB0 |
004088DD | . C600 2D MOV BYTE PTR DS:[EAX], 0x2D ; - |
004088E0 | > 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4] |
004088E3 | . 85C0 TEST EAX, EAX |
004088E5 | . 74 12 JE SHORT USBRecov.004088F9 |
004088E7 | . 8378 F8 10 CMP DWORD PTR DS:[EAX-0x8], 0x10 |
004088EB | . 7C 0C JL SHORT USBRecov.004088F9 |
004088ED | . 6A 0F PUSH 0xF ; 第F(15)个替换- |
004088EF | . 8BCE MOV ECX, ESI |
004088F1 | . E8 BA440000 CALL USBRecov.0040CDB0 |
004088F6 | . C600 2D MOV BYTE PTR DS:[EAX], 0x2D |
004088F9 | > 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4] |
004088FC | . 85C0 TEST EAX, EAX |
004088FE | . 74 12 JE SHORT USBRecov.00408912 |
00408900 | . 8378 F8 18 CMP DWORD PTR DS:[EAX-0x8], 0x18 |
00408904 | . 7C 0C JL SHORT USBRecov.00408912 |
00408906 | . 6A 17 PUSH 0x17 ; 第0x17个位置替换- |
00408908 | . 8BCE MOV ECX, ESI |
0040890A | . E8 A1440000 CALL USBRecov.0040CDB0 |
0040890F | . C600 2D MOV BYTE PTR DS:[EAX], 0x2D ; - |
00408912 | > 8BCE MOV ECX, ESI |
00408914 | . E8 F74A0000 CALL USBRecov.0040D410 |
00408919 | . 8B46 04 MOV EAX, DWORD PTR DS:[ESI+0x4] |
0040891C | . 85C0 TEST EAX, EAX |
0040891E | . 74 05 JE SHORT USBRecov.00408925 |
00408920 | . 8B48 F8 MOV ECX, DWORD PTR DS:[EAX-0x8] |
00408923 | . EB 02 JMP SHORT USBRecov.00408927 |
00408925 | > 33C9 XOR ECX, ECX |
00408927 | > 85C0 TEST EAX, EAX |
00408929 | . 75 05 JNZ SHORT USBRecov.00408930 |
0040892B | . B8 E03E4300 MOV EAX, USBRecov.00433EE0 |
00408932 | . E8 D9E1FFFF CALL USBRecov.00406B10 ; 替换字串0为E |
00408937 | . 83C4 08 ADD ESP, 0x8 |
0040893A | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x21 |
00408942 | . 8D8C24 840000>LEA ECX, DWORD PTR SS:[ESP+0x84] |
00408949 | . E8 A2450000 CALL USBRecov.0040CEF0 |
0040894E | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x19 |
00408956 | . 8D8C24 AC0000>LEA ECX, DWORD PTR SS:[ESP+0xAC] |
0040895D | . E8 8E450000 CALL USBRecov.0040CEF0 |
00408962 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x18 |
0040896A | . 8D4C24 10 LEA ECX, DWORD PTR SS:[ESP+0x10] |
0040896E | . E8 7D450000 CALL USBRecov.0040CEF0 |
00408973 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x16 |
0040897B | . 8D8C24 900000>LEA ECX, DWORD PTR SS:[ESP+0x90] |
00408982 | . E8 69450000 CALL USBRecov.0040CEF0 |
00408987 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xD |
0040898F | . 8D4C24 60 LEA ECX, DWORD PTR SS:[ESP+0x60] |
00408993 | . E8 58450000 CALL USBRecov.0040CEF0 |
00408998 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0xB |
004089A0 | . 8D8C24 A00000>LEA ECX, DWORD PTR SS:[ESP+0xA0] |
004089A7 | . E8 44450000 CALL USBRecov.0040CEF0 |
004089AC | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x2 |
004089B4 | . 8D4C24 54 LEA ECX, DWORD PTR SS:[ESP+0x54] |
004089B8 | . E8 33450000 CALL USBRecov.0040CEF0 |
004089BD | . 889C24 C40000>MOV BYTE PTR SS:[ESP+0xC4], BL |
004089C4 | . 8D8C24 D00000>LEA ECX, DWORD PTR SS:[ESP+0xD0] |
004089CB | . E8 20450000 CALL USBRecov.0040CEF0 |
004089D0 | . C68424 C40000>MOV BYTE PTR SS:[ESP+0xC4], 0x0 |
004089D8 | . 8D8C24 DC0000>LEA ECX, DWORD PTR SS:[ESP+0xDC] |
004089DF | . E8 0C450000 CALL USBRecov.0040CEF0 |
004089E4 | . 8BC6 MOV EAX, ESI |
004089E6 | . 8B8C24 BC0000>MOV ECX, DWORD PTR SS:[ESP+0xBC] |
004089ED | . 64:890D 00000>MOV DWORD PTR FS:[0], ECX |
004089F7 | . 81C4 BC000000 ADD ESP, 0xBC | $+28 > 00A62C54 ASCII "1E32A25-7B2D9E4-6D62B8C-559A2E63"
0012ED58 00A62C54 ASCII "E62E51E-E85C1D2-2BCF48C-791D4946"
>0012ED58 00A62C54 ASCII "E62E51E-E85C1D2-2BCF48C-791D4946"
>
CrackVip
CrackVip@qq.com
E62E51E-E85C1D2-2BCF48C-791D4946
EAX 00000000
ECX 00433EE1 USBRecov.00433EE1
EDX 00A6449D ASCII "4ce6db3d030f90eea1d40f4c5c56b4f"
EAX 0012F0B0
ECX 00433EE1 USBRecov.00433EE1
EDX 00A64E65 ASCII "5a3523cd7106b9552b874cb26c99e71"
EAX 0012F014
ECX 00434965 USBRecov.00434965
EDX 00A64509 ASCII "4cb26c99e71"
EAX 0012F014
ECX 00434939 USBRecov.00434939
EDX 00A6450D ASCII "6c99e71"
软件版本特征码
4415=<2<ov|1h
========MD5======================
d2c1cc6258f65227e7835fc416191e3f (32)
58f65227e7835fc4 (16)
**me
hehe112233@qq.com
4444444-3333333-2222222-1111111
EAX 0012F0B0
ECX 00433EE1 USBRecov.00433EE1
EDX 00A64E7D ASCII ""
bf3820b3ea6c781ac9c608dc403d24f
EAX 0012EDC0
ECX 00433EE1 USBRecov.00433EE1
"9d0a5d0ff71be8dbf5ac618ba3195db"
堆栈 SS:[0012ECAC]=00A64B34, (ASCII "1111111-2222222c6ete300519868")
EAX=0012ECA8
5555555)6666666g2apa74415=<2<
-----》》》》MD5
a6853cdc095af227aabca40cccf15655
a6853cdc095af227aabca40cccf15655
" dc095af227aabca40cccf15655"
在第7位加入-,并转大写
ASCII "A6853C-C095AF227"
=============================================================
用户名加上特征字串------>>>ASCII "CrackVip8b3zo"
然后异或算法,得到加密后的字串 ASCII "GvegoRmt<f7~k"
该特征码MD5后
fbbbb696856b99fe30fa649668386e8f (32)
856b99fe30fa6496 (16)
============================================================
邮箱加上特征码------------->>>>>>>>>>crackvip@qq.comc6ete
然后与4异或算法,得到加密后的字串 ASCII "gvegormtDuu*gkig2apa"
该特征码MD5后
f14df3a3320192d94f106b6d306bdd1a (32)
320192d94f106b6d (16)
=============================================================
固定特征码字串
> 00A64E24 ASCII "300519868krx5l"
然后与4异或算法,得到加密后的字串 ASCII "74415=<2<ov|1h"
MD5后
fa10413a614948270e60f748774e9f83 (32)
614948270e60f748 (16)
==============================================================
将前面三组MD5中间加“-”号,再次进行MD5(全部为小写)
fbbbb696856b99fe30fa649668386e8f-f14df3a3320192d94f106b6d306bdd1a-fa10413a614948270e60f748774e9f83
$-70 > 00A647C4 ASCII "fbbbb696856b99fe30fa649668386e8f-f14df3a3320192d94f106b6d306bdd1a-fa10413a614948270e60f748774e9f83"
MD5后
2ae431a6f3aa183cd826dfcc518079f9 (32)
f3aa183cd826dfcc (16)
ASCII "2AE431A-F3AA183-D826DFC-518E79F9"
|