|
Power DVD XP v4.0 |
|
amois |
|
Program Tipi: * |
|
Araçlar:
Installshield Decompiler |
|
|
|
|
"... Sevda kusun kanadinda, urkutursen tutamazsin. Okse ile sapanla, vurursun da saramazsin. Hayat sirrinin suyunu, cesmelerde bulamazsin. Ansizin bir deli caydan, icersin de kanamazsin ..."
|
Yazı |
Installshield password ile korunuyor. Install directory'sinde setup.inx isimli
bir sifreli script file var. Bu tur dosyalari decompile eden utility'ler mevcut.
Sallama serial sonucu cikan hatayi, decompile ettigimiz dosyada arayalim.
label_007B:
/* 00009E69: 0021 */ function_0005(g_str0013); <- kontrol
/* 00009E72: 0006 */ g_number0020 = LAST_RESULT;
/* 00009E7C: 000D */ g_number0047 = g_number0020 == 0x00000000;
/* 00009E8B: 0004 */ if(! g_number0047) goto label_007D;
/* 00009E97: 0021 */ function_0172("ERR_INVALIDCDKEY"); <- hata
function_0005 -> inceleyecegiz
function NUMBER
function_0005(/*STRING*/ s0000)
begin
/* 0000E98F: 0021 */ function_0236(s0000); <-
StrLen fonksiyonu
/* 0000E998: 0006 */ n0006 = LAST_RESULT;
/* 0000E9A2: 000E */ n0006 = n0006 != 0x00000010; <- 16 karakter mi ?
/* 0000E9B1: 0004 */ if(! n0006) goto label_016A;
/* 0000E9C1: 0023 */ return 0x00000000; <- kotu cocuk
function_0236'yi incelememiz sonucu -> StrLen fonksiyonu oldugunu bulacagiz.
n0006 fonksiyon sonucu donen deger ve 10h = 16 olmasi gerekiyor. ->
1234567890987654 ->
label_016A:
/* 0000E9CC: 0029 */ StrSub(s0001, s0000, 0x00000000, 0x00000002); <- "12"
/* 0000E9E0: 0029 */ StrSub(s0003, s0000, 0x00000002, 0x00000001); <- "3"
/* 0000E9F4: 0029 */ StrSub(s0004, s0000, 0x0000000D, 0x00000003); <- "654"
/* 0000EA08: 0007 */ s0006 = s0003 + s0004; <- "3654"
/* 0000EA15: 002C */ StrToNum(n0001, s0006); <- 3654
/* 0000EA1F: 0006 */ n0006 = LAST_RESULT; <- 3654
/* 0000EA29: 0009 */ n0006 = n0006 < 0x00000000; <- 0 mi ?
/* 0000EA38: 0004 */ if(! n0006) goto label_016B; <- iyi cocuk
/* 0000EA48: 0023 */ return 0x00000000; <- kotu cocuk
Sallama serial 3 bolume ayrildi. Daha sonra 2 bolumu birlestirilerek 0 ile
kontrol edildi. -> devam ->
label_016B:
/* 0000EA53: 0029 */ StrSub(s0002, s0000, 0x00000003, 0x0000000A); <-
4567890987
/* 0000EA67: 0014 */ s0009 = g_str0018 ^ "CUSTOM.INI"; <- Registered ?
/* 0000EA7E: 0021 */ function_019C(s0009, "PowerDVD", "KEY", g_str001D);
/* 0000EA9B: 0006 */ n0006 = LAST_RESULT;
/* 0000EAA5: 000D */ n0006 = n0006 == 0x00000000;
/* 0000EAB4: 0004 */ if(! n0006) goto label_016C;
/* 0000EAC0: 0006 */ s0007 = g_str001D;
/* 0000EACA: 002B */ StrCompare(s0001, s0007);
/* 0000EAD4: 0006 */ n0006 = LAST_RESULT;
/* 0000EADE: 000E */ n0006 = n0006 != 0x00000000;
/* 0000EAED: 0004 */ if(! n0006) goto label_016C;
/* 0000EAFD: 0023 */ return 0x00000000;
Bu bolum, kullanicinin halihazirda Registered olup olmadigini kontrol ediyor.
Biz, Unregistered oldugumuz icin label_016C'ye geciyoruz.
label_016C:
/* 0000EB08: 002B */ StrCompare(s0001, "MV"); <- "12" ile "MV" esit mi ?
/* 0000EB14: 0006 */ n0006 = LAST_RESULT;
/* 0000EB1E: 000E */ n0006 = n0006 != 0x00000000;
/* 0000EB2D: 0004 */ if(! n0006) goto label_0173;
/* 0000EB39: 002B */ StrCompare(s0001, "DX"); <- "12" ile "DX" esit mi ?
/* 0000EB45: 0006 */ n0006 = LAST_RESULT;
/* 0000EB4F: 000E */ n0006 = n0006 != 0x00000000;
/* 0000EB5E: 0004 */ if(! n0006) goto label_0171;
/* 0000EB6A: 002B */ StrCompare(s0001, "BX"); <- "12" ile "BX" esit mi ?
/* 0000EB76: 0006 */ n0006 = LAST_RESULT;
/* 0000EB80: 000E */ n0006 = n0006 != 0x00000000;
/* 0000EB8F: 0004 */ if(! n0006) goto label_016F;
/* 0000EB9B: 002B */ StrCompare(s0001, "LX"); <- "12" ile "LX" esit mi ?
/* 0000EBA7: 0006 */ n0006 = LAST_RESULT;
/* 0000EBB1: 000E */ n0006 = n0006 != 0x00000000;
/* 0000EBC0: 0004 */ if(! n0006) goto label_016D;
/* 0000EBCC: 0005 */ goto label_016E;
Girmemiz gereken serialin ilk digiti, "MV", "DX", "BX", "LX" olabilir. Sallama
seriali MV12345678901907 seklinde degistirelim. Label_0173'e zipladik.
label_0173:
/* 0000EC46: 0021 */ function_0006(s0002, 0x00000001); <- ??
/* 0000EC54: 0006 */ n0002 = LAST_RESULT;
label_0174:
/* 0000EC60: 000E */ n0006 = n0002 != n0001; <- kontrol
/* 0000EC6D: 0004 */ if(! n0006) goto label_0175;
/* 0000EC7D: 0023 */ return 0x00000000; <- kotu cocuk
label_0175:
/* 0000EC8C: 0023 */ return 0x00000001; <- iyi cocuk
Bastaki kontrole donersek, function_0005'in 0 olarak donmesi hataya neden
oluyordu. Bu nedenle, function_006 sonucunda cikan degerin n0001'e esit olmasi
gerekiyor.
MV12345678901907 -> n0001 = "1" + "907" -> "1907" -> 1907
Function_0006 sonucu bulmamiz gereken deger 1907 olacak. Veya, 1907 degerimiz
function_0006 sonucunda cikan degere esit olacak.
function NUMBER
function_0006(/*STRING*/ s0000, /*INT*/ n0000)
begin
/* 0000ECAC: 0006 */ n0005 = 0x00000001;
/* 0000ECB8: 0021 */ function_0007(s0000, s0001); <- ?
/* 0000ECC4: 0006 */ n0006 = LAST_RESULT;
/* 0000ECCE: 000D */ n0007 = n0006 == 0x00000000;
/* 0000ECDD: 0004 */ if(! n0007) goto label_0177;
/* 0000ECED: 0023 */ return n0005; <- kotu cocuk
function_0007 cagrisini inceledigimizde, girilen serialin digitleri kontrol
edildigini gorecegiz. Yani, ascii degerlerinin 30 ile 39 arasinda olup
olmadiklarina bakiliyor. Bizim icin onemli degil.
label_0177:
/* 0000ECF6: 0006 */ n0001 = 0x00000001;
label_0178:
/* 0000ED04: 000B */ n0007 = n0001 <= 0x00000002; <- 2 kez donen bir dongu
/* 0000ED13: 0004 */ if(! n0007) goto label_017A; <- dongu sonucu git
/* 0000ED1F: 0021 */ function_0008(s0001, s0002, s0003); <- ?
/* 0000ED2E: 0006 */ n0006 = LAST_RESULT;
/* 0000ED38: 000D */ n0007 = n0006 == 0x00000000;
/* 0000ED47: 0004 */ if(! n0007) goto label_0179;
/* 0000ED57: 0023 */ return 0x00000000;
label_0179:
/* 0000ED62: 0007 */ s0001 = s0002 + s0003;
/* 0000ED6F: 0007 */ n0001++;
/* 0000ED7E: 0005 */ goto label_0178; <- dongu
Kritik bir bolume geldik. Normalde 2 kez isletilecek bir function_0008 cagrisi
var ve bunun sonucunda label_017A'ya ziplama soz konusu.
function
NUMBER function_0008
begin
/* 0000F005: 0021 */ function_0236(s0000); <- StrLen "2345678901"
/* 0000F00E: 0006 */ n0002 = LAST_RESULT; <- n2=10
/* 0000F018: 0009 */ n0003 = n0002 < 0x00000000;
/* 0000F027: 0004 */ if(! n0003) goto label_0184;
/* 0000F037: 0023 */ return 0x00000000;
label_0184:
/* 0000F042: 0006 */ n0001 = 0x00000000;
/* 0000F04E: 0006 */ n0000 = 0x00000000;
/* 0000F05A: 0011 */ n0003 = n0002 / 0x00000002; <- n3 = 10 / 2 = 5
/* 0000F069: 000F */ n0003--; <- n3 = 5 - 1 = 4
label_0185:
/* 0000F07A: 000B */ n0004 = n0000 <= n0003; <-
/* 0000F087: 0004 */ if(! n0004) goto label_0186;
/* 0000F093: 001E */ n0004 = s0000[n0001]; <- 2 4 6 8 0
/* 0000F0A0: 001D */ s0001[n0000] = n0004; <- 2 24 246 2468 24680
/* 0000F0AD: 0007 */ n0001++;
/* 0000F0BC: 001E */ n0004 = s0000[n0001]; <- 3 5 7 9 1
/* 0000F0C9: 001D */ s0002[n0000] = n0004; <- 3 35 357 3579 35791
/* 0000F0D6: 0007 */ n0001++;
/* 0000F0E5: 0007 */ n0000++;
/* 0000F0F4: 0005 */ goto label_0185;
label_0186:
/* 0000F103: 0023 */ return 0x00000001;
end;
label_0185'den itibaren yine bir dongu var. F07A'daki kosul -> n0004 = n0000
olacak ve bu deger n0003'e kucuk / esit oldugu surece dongu surecek. Buyuk
oldugunda ise label_0186'ya ziplayacak. Ilk tur sonunda s0001="24680" ve
s0002="35791" oldu. Yani, tek basamaklar ile cift basamaklar kumesi olusturuldu.
Label_0179'da bu iki deger birlestirildi -> "24680" + "35791" = "2468035791"
oldu. Ve tekrardan bu deger function_0008 icin push edildi.
-> n0004 -> 2 6 0 5 9
-> s0001 -> 2 26 260 2605 26059
-> n0004 -> 4 8 3 7 1
-> s0002 -> 4 48 483 4837 48371
Evet, label_017A'ya geldigimizde iki adet stringimiz mevcut. "26059" ve "48371".
label_017A:
/* 0000ED89: 002C */ StrToNum(n0002, s0002); <- "26059"
/* 0000ED93: 0006 */ n0007 = LAST_RESULT; <- 26059
/* 0000ED9D: 0009 */ n0007 = n0007 < 0x00000000;
/* 0000EDAC: 0004 */ if(! n0007) goto label_017B;
/* 0000EDBC: 0023 */ return n0005; <- kotu cocuk
label_017B:
/* 0000EDC5: 002C */ StrToNum(n0003, s0003); <- "48371"
/* 0000EDCF: 0006 */ n0007 = LAST_RESULT; <- 48371
/* 0000EDD9: 0009 */ n0007 = n0007 < 0x00000000;
/* 0000EDE8: 0004 */ if(! n0007) goto label_017C;
/* 0000EDF8: 0023 */ return n0005; <- kotu cocuk
label_017C:
/* 0000EE01: 0008 */ n0007 = n0002 % 0x000003E8; <- Mod (26059, 3E8h)
/* 0000EE10: 0010 */ n0007 = n0007 * 0x00000016;
/* 0000EE1F: 0007 */ n0002 = n0007 + n0004; <- n0004 = 1
/* 0000EE2C: 0008 */ n0007 = n0003 % 0x00002710; <- Mod (n0003, 2710h)
/* 0000EE3B: 0011 */ n0007 = n0007 / 0x00000019;
/* 0000EE4A: 0007 */ n0003 = n0007 + n0004;
/* 0000EE57: 0007 */ n0004 = n0000 + 0x0000019D;
/* 0000EE66: 0007 */ n0002 = n0002 + n0004;
/* 0000EE73: 0007 */ n0003 = n0003 + n0004;
/* 0000EE80: 0010 */ n0005 = n0002 * n0003;
/* 0000EE8D: 0008 */ n0005 = n0005 % 0x0000270F; <- Mod (n0005, 270Fh)
/* 0000EE9C: 0007 */ n0005++; <- ??05
/* 0000EEAF: 0023 */ return n0005;
end;
Birtakim aritmetik islemler var. Dikkat etmemiz gereken, n0004 degiskenin
EE1F'deki degeri. Bu deger, label_0173'de function_0006 cagrisi ile push edilen
degere esit, yani 1. Diger secenekler icin, ornegin ilk 2 digit "DX" ise -> 2
degerini aliyor. Ayrica, EE57'deki n0000 degerimiz de 0 degerine sahip. EE9C'de
n0005'in aldigi deger ile "1907" degerimizin ayni olmasi gerekiyor. Bu nedenle
1907 degerimizi ??05 olarak degistirmemiz gerek. KeyGen kodunu VB olarak
veriyorum.
Private Sub Form_Load()
s1 = "2345678901"
label_0177:
n1 = 1
label_0178:
n7 = n1
If n1 > 2 Then GoTo cikis
Call f8(s1, s2, s3) ; bu function'i kendiniz yaziverin artik.
label_0179:
s1 = s2 + s3 ; "24680" + "35791" = "2468035791"
n1 = n1 + 1
GoTo label_0178
cikis:
n04 = 1 ; "MV" icin 1 degeri
n02 = CDec(s2) ; 26059
n03 = CDec(s3) ; 48371
n07 = n02 Mod &H3E8
n07 = n07 * &H16
n02 = n07 + n04
n07 = n03 Mod &H2710
n07 = Int(n07 / &H19)
n03 = n07 + n04
n04 = n00 + &H19D
n02 = n02 + n04
n03 = n03 + n04
n05 = n02 * n03
n05 = n05 Mod &H270F
n05 = n05 + 1
MsgBox (n05)
End Sub
|
|
Bir programı kullanarak para kazanıyorsanız, programı satın alın.