【原创】还是PB程序破解分析 »

« 【原创】CD刻录器 3.0---破解分析（视频）

ls_redraw_typein-----------用户输入的注册码
ls_solid----------机器码

真假码进行校验
ls_redraw_right = redraw(ls_solid)
IF digitize(mid(ls_redraw_right,1,1)) = mid(ls_redraw_typein,1,1) AND

digitize(mid(ls_redraw_right,5,1)) = mid(ls_redraw_typein,5,1) AND

digitize(mid(ls_redraw_right,11,1)) = mid(ls_redraw_typein,11,1) AND

digitize(mid(ls_redraw_right,6,1)) = mid(ls_redraw_typein,6,1) AND

digitize(mid(ls_redraw_right,8,1)) = mid(ls_redraw_typein,8,1) AND

digitize(mid(ls_redraw_right,9,1)) = mid(ls_redraw_typein,9,1) AND

digitize(mid(ls_redraw_right,7,1)) = mid(ls_redraw_typein,7,1) AND

digitize(mid(ls_redraw_right,2,1)) = mid(ls_redraw_typein,2,1) AND

digitize(mid(ls_redraw_right,3,1)) = mid(ls_redraw_typein,3,1) THEN

//80
THIS.ib_redrawed = TRUE

关键函数 redraw()   digitize()
//Private function redraw (string as_in) returns string
//string as_in
string ls_out
string ls_number_code="0123456789"
string ls_string_code="WZBNCHSDXR"
string ls_matrix="ABCDEFGHIJKLMNOPQRSTUVWXYZ"
long ll_no
long ll_len
long ll_code_no
long ll_code_len
long ll_sum
string ls_digit
string ls_digit_revert
string ls_code_char
string ls_encrypt_char
integer li_code_pos
integer li_matrix_pos

ls_matrix = smile("$!o{&<}${]966@-9$8@!XVV6ZX")
ll_len = len(as_in)
FOR ll_no = 1 TO ll_len //2
ls_digit = mid(as_in,ll_no,1)
ls_digit_revert = mid(as_in,ll_len - ll_no + 1,1)
IF NOT (isnumber(ls_digit)) THEN //33
   messagebox("提示",gs_solid_info[1])
   RETURN ""
END IF //33
li_code_pos = pos(ls_number_code,ls_digit)
ls_code_char = mid(ls_string_code,li_code_pos,1)
ll_sum = 1.67 * ll_sum + long(ls_digit_revert) + li_code_pos
li_matrix_pos = mod(pos(ls_matrix,ls_code_char) + ll_sum,26)
IF li_matrix_pos = 0 THEN li_matrix_pos = 1
ls_encrypt_char = mid(ls_matrix,li_matrix_pos,1)
ls_out = ls_out + ls_encrypt_char
NEXT //2
RETURN ls_out

//Public function digitize (string input) returns string
//string input
string ls_out_put=""
string ls_char
long ll_no
long ll_len

 

ll_len = len(input)
FOR ll_no = 1 TO ll_len //1
ls_char = mid(input,ll_no,1)
CHOOSE CASE ls_char //3
   CASE "A","a" //3
    ls_out_put = ls_out_put + "1"
   CASE "B","b" //3
    ls_out_put = ls_out_put + "2"
   CASE "C","c" //3
    ls_out_put = ls_out_put + "3"
   CASE "D","d" //3
    ls_out_put = ls_out_put + "4"
   CASE "E","e" //3
    ls_out_put = ls_out_put + "5"
   CASE "F","f" //3
    ls_out_put = ls_out_put + "6"
   CASE "G","g" //3
    ls_out_put = ls_out_put + "7"
   CASE "H","h" //3
    ls_out_put = ls_out_put + "8"
   CASE "I","i" //3
    ls_out_put = ls_out_put + "9"
   CASE "J","j" //3
    ls_out_put = ls_out_put + "1"
   CASE "K","k" //3
    ls_out_put = ls_out_put + "2"
   CASE "L","l" //3
    ls_out_put = ls_out_put + "3"
   CASE "M","m" //3
    ls_out_put = ls_out_put + "4"
   CASE "N","m" //3
    ls_out_put = ls_out_put + "5"
   CASE "O","o" //3
    ls_out_put = ls_out_put + "6"
   CASE "P","p" //3
    ls_out_put = ls_out_put + "7"
   CASE "Q","q" //3
    ls_out_put = ls_out_put + "8"
   CASE "R","r" //3
    ls_out_put = ls_out_put + "9"
   CASE "S","s" //3
    ls_out_put = ls_out_put + "1"
   CASE "T","t" //3
    ls_out_put = ls_out_put + "2"
   CASE "U","u" //3
    ls_out_put = ls_out_put + "3"
   CASE "V","v" //3
    ls_out_put = ls_out_put + "4"
   CASE "W","w" //3
    ls_out_put = ls_out_put + "5"
   CASE "X","x" //3
    ls_out_put = ls_out_put + "6"
   CASE "Y","y" //3
    ls_out_put = ls_out_put + "7"
   CASE "Z","z" //3
    ls_out_put = ls_out_put + "8"
   CASE "1","2","3","4","5","6","7","8","9","0" //3
    ls_out_put = ls_out_put + ls_char
   CASE ELSE //3
    ls_out_put = ls_out_put + "0"
END CHOOSE //3
NEXT //1
RETURN ls_out_put

redraw()函数中内含smile()函数
//Public function smile (string mstext) returns string
//string mstext
integer li_lcw
integer li_ls2e
integer li_lam
integer li_mp
string ls_matrix
string ls_mov1
string ls_mov2
string ls_codeword
string ls_cwl
string ls_encryptedstring
string ls_encryptedletter
string lsa_cryptmatrix[97]
integer li_x
integer li_y
integer li_z
integer li_w
string ls_c2e
string ls_str2encrypt

ls_codeword = "ilikedress"
ls_matrix = "73ColinabcdefghjkmpqrstuvwxyzABDEFGHIJKLMNOPQRSTUVWXYZ

12456890-.#/\!@$<>&*()[]{}';:,?=+`^|%_"
ls_matrix = ls_matrix + char(34)
li_w = 1
li_lam = len(ls_matrix)
lsa_cryptmatrix[1] = ls_matrix
FOR li_x = 2 TO li_lam //6
ls_mov1 = left(lsa_cryptmatrix[li_w],1)
ls_mov2 = right(lsa_cryptmatrix[li_w],li_lam - 1)
lsa_cryptmatrix[li_x] = ls_mov2 + ls_mov1
li_w = li_w + 1
NEXT //6
ls_str2encrypt = mstext
li_ls2e = len(mstext)
li_lcw = len(ls_codeword)
ls_encryptedletter = ""
ls_encryptedstring = ""
li_y = 1
FOR li_x = 1 TO li_ls2e //18
ls_c2e = mid(ls_str2encrypt,li_x,1)
li_mp = pos(ls_matrix,ls_c2e,1)
ls_cwl = mid(ls_codeword,li_y,1)
FOR li_z = 1 TO li_lam //22
   IF mid(lsa_cryptmatrix[li_z],li_mp,1) = ls_cwl THEN

//53
    ls_encryptedletter = left(lsa_cryptmatrix

[li_z],1)
    ls_encryptedstring = ls_encryptedstring +

ls_encryptedletter
    EXIT
   END IF //53
NEXT //22
li_y = li_y + 1
IF li_y > li_lcw THEN li_y = 1
NEXT //18
RETURN ls_encryptedstring

小结：
一、注册码保存在：C:\WINDOWS\jdfchs32.dll文件中
1、文件中一大堆乱码，迷惑人，其实根本没用处；有用的就是其中一个节
2、文件名也是迷惑人，常规思维应该是个ini文件（因为程序使用ProfileString

函数读取的），但它为了隐蔽，作者故意搞成个dll文件

二、程序只对注册码的1、2、3、5、6、7、8、9、11位进行校验，其他位任意【注册码共16位】

三、贴个PB中的字符串操作函数
Pos()
功能在一个字符串中查找所包含的另一个字符串的起始位置。
语法Pos ( string1, string2 {, start } )
参数string1：string类型，指定要从中查找子串string2的字符串string2：string类型，指定要在string1中查找的字符串start：long类型，可选项，指定从string1的第几个字符开始查找。缺省值为1返回值Long。函数执行成功时返回在start位置后string2在string1中第一次出现的起始位置。如果在string1中按指定要求未找到string2、或start的值超过了string1的长度，那么Pos()函数返回0。如果任何参数的值为NULL，Pos()函数返回NULL。
用法Pos()函数在字符串查找时区分大小写，因此，"aa"不匹配"AA"。