加入收藏  |  设为首页  |  联系我们
网站首页 公司概况 公司文化 新闻动态 加密狗展示 工作坏境 招贤纳士 精诚合作 在线留言
新闻中心
公司新闻
行业资讯
 
地    址:广东省深圳市地王大厦38层8801号。
客服QQ1:4642967
客服QQ2:5915307
手    机:13528540969(刘先生)
邮    箱:4642967@qq.com
网    址:/a/
新闻中心 当前位置:首页 >> 新闻中心 >> 公司新闻

|深思Ⅲ加密狗破解案例

发表时间:2018-02-03    来源:加密狗破解网    浏览次数:34
加密形式: 深思Ⅲ加密狗。
破解工具:Winice, Hiew, Wdasm893中文版。
作者:sworm
【破解过程】
㈠运行程序,显示“Internal Error. 软件出现致命错误,请检查加密狗是否正确!”后退出。
㈡在Wice中Bpx Messageboxa,再运行程序,显示上述信息时弹出。按F12若干次回到调用处,可见是xxxxxrx调用ACAD.acrx_abort。
㈢反汇编xxxxxrx.arx文件,得:
Exported fn(): acrxEntryPoint - Ord:0002h
:1C05CF00 8B442404 mov eax, dword ptr [esp+04]
:1C05CF04 48 dec eax
:1C05CF05 83F804 cmp eax, 00000004
:1C05CF08 0F878C000000 ja 1C05CF9A
:1C05CF0E FF2485A0CF051C jmp dword ptr [4*eax+1C05CFA0]
:1C05CF15 8B442408 mov eax, dword ptr [esp+08]
:1C05CF19 50 push eax
* Reference To: ACAD.acrxUnlockApplication, Ord:0D5Bh
|
:1C05CF1A E8BDC00800 Call 1C0E8FDC
:1C05CF1F 83C404 add esp, 00000004
:1C05CF22 E8C9AAFEFF call 1C0479F0
:1C05CF27 85C0 test eax, eax
:1C05CF29 7505 jne 1C05CF30
:1C05CF2B E8C0AAFEFF call 1C0479F0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C05CF29(C)
|
:1C05CF30 E84BFEFFFF call 1C05CD80
:1C05CF35 E8A6A8FEFF call 1C0477E0
:1C05CF3A E8019CFEFF call 1C046B40
:1C05CF3F A388E00F1C mov dword ptr [1C0FE088], eax
:1C05CF44 85C0 test eax, eax
:1C05CF46 7521 jne 1C05CF69
:1C05CF48 6A00 push 00000000
:1C05CF4A 6A04 push 00000004
:1C05CF4C E82FAAFEFF call 1C047980
:1C05CF51 83C408 add esp, 00000008
:1C05CF54 E807ABFEFF call 1C047A60
* Possible StringData Ref from Data Obj ->"
软件出现致命错误,请检查加密狗是否正确!"========>就在这!
|
:1C05CF59 6888560F1C push 1C0F5688
* Reference To: ACAD.acrx_abort, Ord:0D5Dh
|
:1C05CF5E E8CBBF0800 Call 1C0E8F2E
:1C05CF63 83C404 add esp, 00000004
:1C05CF66 33C0 xor eax, eax
:1C05CF68 C3 ret
㈣在显示错误前,ACAD.acrxUnlockApplication下面,有:
1C05CF22 E8C9AAFEFF call 1C0479F0-------看call 1C046B40也可
查看该处指令,见:
:1C0479F0 83EC60 sub esp, 00000060
:1C0479F3 E888FB0100 call 1C067580
:1C0479F8 85C0 test eax, eax
:1C0479FA 7507 jne 1C047A03-------------à是否为TDMD狗?
:1C0479FC B801000000 mov eax, 00000001
:1C047A01 EB31 jmp 1C047A34
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C0479FA(C)
|
:1C047A03 66C7442404AF07 mov [esp+04], 07AF―――>应用口令
:1C047A0A 66C74424060700 mov [esp+06], 0007―――>应用口令
:1C047A11 66C74424081A00 mov [esp+08], 001A―――>应用口令
:1C047A18 66C7442402FFFF mov [esp+02], FFFF――――>开锁
:1C047A1F 8D442400 lea eax, dword ptr [esp]
:1C047A23 50 push eax
:1C047A24 E817170A00 call 1C0E9140―――――★
:1C047A29 66837C240001 cmp word ptr [esp], 0001
:1C047A2F 1BC0 sbb eax, eax
:1C047A31 83E002 and eax, 00000002
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C047A01(U)
|
:1C047A34 83F801 cmp eax, 00000001
:1C047A37 7509 jne 1C047A42
:1C047A39 B801000000 mov eax, 00000001
:1C047A3E 83C460 add esp, 00000060
:1C047A41 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C047A37(C)
|
:1C047A42 83F802 cmp eax, 00000002―――――>是否sense3狗
:1C047A45 7511 jne 1C047A58
:1C047A47 E874560100 call 1C05D0C0
:1C047A4C 663D0100 cmp ax, 0001
:1C047A50 1BC0 sbb eax, eax
:1C047A52 83C460 add esp, 00000060
:1C047A55 F7D8 neg eax
:1C047A57 C3 ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C047A45(C)
|
:1C047A58 33C0 xor eax, eax
:1C047A5A 83C460 add esp, 00000060
:1C047A5D C3 ret
标志处即为sense3狗操作函数。该[esp]=0 有狗。又是一个拿生日作口令的!
㈤查看1C0E9140处程序,见:
* Referenced by a CALL at Addresses
|:1C046774 , :1C0467EA , :1C046A26 , :1C046B75 , :1C046C96
|:1C046DD6 , :1C046F16 , :1C047065 , :1C047176 , :1C0472B6
|:1C047817 , :1C047A24 , :1C047A94 , :1C05D0E9 , :1C05D10E
|:1C05D1D6 , :1C05D2B0
|
:1C0E9140 8B442404 mov eax, dword ptr [esp+04]
:1C0E9144 6A01 push 00000001
:1C0E9146 50 push eax
:1C0E9147 E864020000 call 1C0E93B0
:1C0E914C 83C408 add esp, 00000008
:1C0E914F C20400 ret 0004
由reference表,知有17处加密狗操作。
前14处均为开锁操作,第15处为关锁操作,最后两处为狗操作,必然在开锁操作之后,我们随便观察一处开锁:
* Referenced by a CALL at Addresses:
|:1C0101AA , :1C0156C0 , :1C026A29 , :1C05CF3A , :1C06D469
|:1C0720C7 , :1C0CC80A , :1C0D65DA
|
:1C046B40 83EC64 sub esp, 00000064
:1C046B43 57 push edi
:1C046B44 E8370A0200 call 1C067580
:1C046B49 85C0 test eax, eax-------------à是否为TDMD狗?
:1C046B4B 7507 jne 1C046B54
:1C046B4D B801000000 mov eax, 00000001
:1C046B52 EB31 jmp 1C046B85
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1C046B4B(C)
|
:1C046B54 66C7442408AF07 mov [esp+08], 07AF
:1C046B5B 66C744240A0700 mov [esp+0A], 0007
:1C046B62 66C744240C1A00 mov [esp+0C], 001A
:1C046B69 66C7442406FFFF mov [esp+06], FFFF
:1C046B70 8D442404 &nbs

新疆时时彩走势图开奖关闭窗口】 【打印本页】 【收藏页面
Copyright (c) 2013 - 2016 加密狗破解网 Inc. All Rights Reserved 备案号:粤ICP备08125688号 版权所有:加密狗破解网
陕西快乐十分任五统计 北京pk10交流qq群 快乐8奖金多少 江西时时彩走势图 济州岛娱乐城
新疆时时彩 澳洲幸运快乐8号码统计器 天津时时彩开奖网站 牛牛bank 赌博网站大全