 该用户从未签到
|
Eagle的破文:(重写)FlashGet1.65的算号器
- n8 Z y# `( c$ s4 R. G6 I9 }6 U
; b8 f( G& Y( f% _/ V再次声明:本破文曾发表于www.chinadfcg.com
! G* X H1 s6 h5 C声明:上次写完1.60A的算号器,LeNgHost告诉我,FlashGet会在一段时间后验证第四段KEY,所以现在针对最新的FlashGet重写了算号破文。谢谢大家的支持。其实,这个算号器算出来的号还不是正版的。只能用一段时间,因为最后的几段的算法我没有时间去找了。& x& Z8 q1 k; Q6 ~( J6 d2 h
N8 I7 u* X: U+ O; Y/ k' W3 s【破解作者】 Eagle
# O' S) e! N _" j* M【作者邮箱】 eagle_twenty@163.com# o L% @ M2 B2 Y
【使用工具】 OllyDbg1.095 ^# N( Q0 |5 s5 [9 h
【破解平台】 WinXP
/ |* }: `( [1 K7 V6 M" ^8 v4 _【软件名称】 FlashGet1.65
) Y* G; _/ Z4 a* e1 L【加壳方式】 无壳( J8 U( Q( O2 A" \5 l A6 m
【破解声明】
5 Z: E+ p$ T" j$ U--------------------------------------------------------------------------------, G9 N3 U' M/ d5 R3 v1 D
【破解内容】' |* e; \5 ^, e. F# Z" L J0 ]
; z) ]. |7 H3 K" g2 C+ g# ~
: a- T4 d( s+ H& f- ^ _1 f安装FlashGet1.60A并运行,输入完注册码的时候,它会提示重新启动软件来检测是否注册成功,同时用RegMoniter监视到FlashGet1.60A写入注册表项RegPass, RegName等。用PEID侦壳:无。) G* D) Q C* v& O1 f# h9 v2 ?# H
. b+ V+ ]; F w1.用OD加载FlashGet1.60A,查找参考字符串,在涉及RegPass的地方下断,运行
7 S# t6 S; ~' Z# `2.程序第一次即中断在此,从上下文来看,这段代码有大量的跳转,有很大可能是注册码验证代码) d2 h$ k# y+ V# m: I- c
0041DCE6 |. 68 98E55200 PUSH flashget.0052E598 ; ASCII "RegPass", U* R- d% C; p- n, K
0041DCEB |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]$ f) \8 K9 c7 H6 C5 r b% I" I
0041DCEF |. 68 A0C15200 PUSH flashget.0052C1A0 ; ASCII "General"/ }' l) G8 K+ f- M6 V" K* [
0041DCF4 |. 51 PUSH ECX
. J- ~0 z, r2 |/ @5 R# g% ^ Z0041DCF5 |. 8BCD MOV ECX,EBP
6 ?2 w1 p1 J( _0 ]& ]) u$ p;这个CALL将从注册表中读入注册码- L. k1 h6 _* h( m" @2 Q
0041DCF7 |. E8 54C70C00 CALL flashget.004EA450$ O9 v& w3 D+ M, y( h
3 ` [% W# ~: P K( M/ k E
( [0 g1 I& t) ^' t, ?2 \, g分析下面一段代码,可以发现每个条件跳转都跳向flashget.0041DE7B,可以那儿就是验证失败后的跳转方向" [3 F5 z8 C; c7 Z
……) V# P7 `) j: l& |+ ]
0041DD27 |. 0F84 4E010000 JE flashget.0041DE7B
6 T+ {7 ?) N/ s& X- j& }' I2 ?……
1 o: y/ r) s0 v3 k$ ?0041DD35 |. 0F84 40010000 JE flashget.0041DE7B* M7 W5 m" |; C2 @9 U+ A2 b% t
……
4 b% y! [4 y! x5 y: M0041DD4F |. 0F8E 26010000 JLE flashget.0041DE7B# y v/ v% l2 y) P. }$ h& ?
……
4 P K( H( L6 l7 G$ B3 i8 N3 L0041DD63 |. 0F8C 12010000 JL flashget.0041DE7B; v9 j" V, m; A% G0 D+ F2 d% {) z
……+ Z' _+ \" |" y
0041DD77 |. 0F8C FE000000 JL flashget.0041DE7B7 B) ^, ~# z' ]8 @4 ^6 a4 V
……& U+ y9 x3 w9 F9 H- a
;下面这个CALL是计算KEY的长度的,要求的KEY的长度为0x2C,也就是44位
! n+ j- V+ r5 b% Y% [0041DD86 |. E8 F4200B00 CALL flashget.004CFE7F
$ V. R0 ?1 m2 m! X0041DD8B |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP]
. t: Y0 V( M0 K. T0041DD8E |. 8B42 F8 MOV EAX,DWORD PTR DS:[EDX-8]. ]5 K* b3 L& |' l6 E7 W: o7 P" u
0041DD91 |. 83F8 2C CMP EAX,2C3 [9 p' C- O/ I6 j1 X6 f, ^$ y
0041DD94 |. 0F85 E1000000 JNZ flashget.0041DE7B
) W+ D& z* D$ F5 Q' N" B% b
- _* {$ f7 o; Q;下面是验证注册码的类型的,fgc-和fgf-两种KEY的验证算法是一的,
! c- e7 }: J0 d! J/ E;但用来对KEY进行解密的密钥是不一样的,我们可以看到密钥类型的标志是存入DWORD PTR SS:[ESP+10]
) w( @. m1 U9 j. n' ]4 F: L( D;这次破解我们用的是fgf-的类型的密钥
# @9 F1 t e4 C) Z0 r0041DD9A |. 68 B0E55200 PUSH flashget.0052E5B0 ; ASCII "fgc-"
5 I/ o. \! f( I- Z' G0041DD9F |. 8BCD MOV ECX,EBP+ ^& R; \0 A6 y0 {( p" ~; p2 p( i
0041DDA1 |. E8 401D0B00 CALL flashget.004CFAE67 |# ~: r% d) R( L
0041DDA6 |. 85C0 TEST EAX,EAX) D; L( O. b- L9 G' o: f7 u. I9 a u
0041DDA8 |. 75 06 JNZ SHORT flashget.0041DDB0
' c2 G4 s! f% j0041DDAA |. 895C24 10 MOV DWORD PTR SS:[ESP+10],EBX
0 Q/ N5 F5 K( ~7 N- R' P0041DDAE |. EB 18 JMP SHORT flashget.0041DDC88 T8 E( o$ }2 L& W
0041DDB0 |> 68 A8E55200 PUSH flashget.0052E5A8 ; ASCII "fgf-"2 v5 g4 O& r0 A% F6 k0 a
0041DDB5 |. 8BCD MOV ECX,EBP
4 R0 D+ J3 F* K1 n$ a/ u* {0041DDB7 |. E8 2A1D0B00 CALL flashget.004CFAE6
' p* c6 \4 Z- B) w0041DDBC |. 85C0 TEST EAX,EAX; I3 A& r: r+ e) \
0041DDBE |. 0F85 B7000000 JNZ flashget.0041DE7B3 v) t9 X% E. T% |/ A, Y7 p$ J
0041DDC4 |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
! {1 l, P; v0 y q+ y0 F7 A) I3 s/ |% o: |3 {1 q4 G
$ G( N, T2 i: l. g% y;下面是对KEY的验证算法
; n' Z2 H; S+ n/ ^$ P% i. |2 H0041DDC8 |> 6A 2C PUSH 2C/ p$ c, X1 o6 y1 r u4 S
0041DDCA |. 8BCD MOV ECX,EBP
) j* U! F# K9 ~5 p0041DDCC |. E8 7A680B00 CALL flashget.004D464B# [0 y) j. k. w& A k* Q/ o# ?
0041DDD1 |. 8BF8 MOV EDI,EAX- Y/ Z9 k4 S( Q4 O0 ^0 \
0041DDD3 |. 33C9 XOR ECX,ECX
* x: b9 {4 `/ Z: F6 L6 C% o8 f0041DDD5 |. 83C7 04 ADD EDI,4' j5 [; x; o0 g( Q! G2 `% s
0041DDD8 |. 33F6 XOR ESI,ESI
' R9 w3 H: y; b( f. ]* I" C$ b7 C6 T$ v8 n1 x
: ]2 {) h- c, e1 t1 t0 p1 u分析下面一个循环,我们把每一段KEY的四们定义成ABCD,则有
5 q$ v* L& l, H0041DDDA |> 8B07 /MOV EAX,DWORD PTR DS:[EDI]
6 T" f7 p8 W# A# u/ S0041DDDC |. 8BD6 |MOV EDX,ESI
8 G: E- d$ G0 ?0 @9 { L ]0041DDDE |. 83C7 04 |ADD EDI,4
$ o& f: }8 w6 \. a( D/ \3 D1 x1 p% O0041DDE1 |. 83EA 00 |SUB EDX,0 ; Switch (cases 0..2)) K' f3 H( Q/ Y% {4 f
0041DDE4 |. 894424 1C |MOV DWORD PTR SS:[ESP+1C],EAX
: w W5 u, Q( ?3 r @/ }1 N9 h1 [- V0041DDE8 |. 74 26 |JE SHORT flashget.0041DE10
, \+ {, x' E3 a" p0041DDEA |. 4A |DEC EDX
$ {- t; @; x8 m- u0041DDEB |. 74 17 |JE SHORT flashget.0041DE040 W- C( \; \0 h! ]
0041DDED |. 4A |DEC EDX
: N6 Q* C! \) { J/ J) u1 c0041DDEE |. 75 38 |JNZ SHORT flashget.0041DE28
- R+ X& H3 f/ k7 v8 T+ ?4 L* h, r. k0 H5 Q; k+ x: ~
0041DDF0 |. 0FBE4C24 1E |MOVSX ECX,BYTE PTR SS:[ESP+1E] ; Case 2 of switch 0041DDE1
( \2 Y6 s. U( U0041DDF5 |. 0FBED4 |MOVSX EDX,AH/ V1 Z# H: m. x8 B2 V
0041DDF8 |. 0FAFCA |IMUL ECX,EDX
- l' W- R/ U! g, ^% T# X5 |0041DDFB |. 0FBE5424 1F |MOVSX EDX,BYTE PTR SS:[ESP+1F]( b W+ `7 w2 J1 u# A- a V
0041DE00 |. 03CA |ADD ECX,EDX. [; s% f# D' q0 \( |
0041DE02 |. EB 1F |JMP SHORT flashget.0041DE23
8 d3 l2 R. G5 K. f! m" X;ECX = B * C + D* q9 X+ g7 Z5 v7 g: X. z
5 R4 y. b- W& ?. n
& V5 V: D& X0 o% a2 o1 }! A0041DE04 |> 0FBE4C24 1E |MOVSX ECX,BYTE PTR SS:[ESP+1E] ; Case 1 of switch 0041DDE14 Y# w4 m' B) C2 Z
0041DE09 |. 0FBED4 |MOVSX EDX,AH, {( u' j _ D
0041DE0C |. 23CA |AND ECX,EDX% C# K; \& M4 O" S
0041DE0E |. EB 0B |JMP SHORT flashget.0041DE1B
: J, D; [* g* d5 o4 h;ECX = C AND B
4 \9 `% e( i4 ]# P$ \: `+ m; T5 m. l% q
7 j+ |* i* i8 `, o) p0041DE10 |> 8A4C24 1E |MOV CL,BYTE PTR SS:[ESP+1E] ; Case 0 of switch 0041DDE1
8 }/ T/ ]) ~1 E9 K$ C+ E( D0041DE14 |. 8AD4 |MOV DL,AH) h0 e' J( c; V- M' n+ @$ h7 X; U
0041DE16 |. 33CA |XOR ECX,EDX
- e9 r! n# \: g, h8 @0041DE18 |. 83E1 7F |AND ECX,7F2 J; h) E1 K6 c- G$ S# [3 h
;ECX = C XOR B,不要被后面的那个AND ECX,7F迷惑了,它只不过是用来把高位屏蔽的
* ^4 G8 I7 ?, e9 m
$ b' V- A# P/ Y: w- a M" p
3 _2 N: {% I+ a0 P0 }. J- ~1 X) j0041DE1B |> 0FBE5424 1F |MOVSX EDX,BYTE PTR SS:[ESP+1F]
# q+ |$ E# Y" t! Q0041DE20 |. 0FAFCA |IMUL ECX,EDX6 p1 b) a% o' ^( F. T
;ECX = ECX * D
$ e1 |) i+ H- d B% V0 E
/ ~1 W3 B+ G- y2 a5 P: T
7 B( n) Q0 w6 U# l- M) v, m- g0041DE23 |> 0FBEC0 |MOVSX EAX,AL
. w8 _9 n- C( G& U6 ^5 S" G0041DE26 |. 03C8 |ADD ECX,EAX3 K/ i) F! Y# k0 ]
;ECX = ECX + A% B8 Y( k: i5 q' F: F
;处理后那些跳转,可以得到* g; Z! d/ E& Z. I) L. G
;Case 0:ECX = (C XOR B) * D + A" U- U; R: |9 u+ T2 Y
;Case 1:ECX = (C AND B) * D + A5 V, H1 x; T4 `" s/ b
;Case 2:ECX = B * C + D + A
' y7 g7 j. G. G! T6 [! V* B
* ]% J M# ~: \$ r/ v5 C8 H/ Z5 Y- i+ |
% |# t( a3 j* ?
;下面是用验证密钥来对算得的ECX值进行验证,我们来看它的密钥获取方法3 i# |$ Y* |$ C7 C" c W6 f
;密钥存放在DS:[52C72B]起始的一段空间,为kevinhyx12345,
1 D$ x3 W- L' t; o7 _' `4 {/ Y& z;如果KEY的第一段为fgf-,运算所用到的密钥是顺序从这个字符串中读取的,
& v! X5 v W# J;如果KEY的第一段是fgc-,运算所用到的密钥是顺序在Case 2的时候会从DS:[52C72B]中读取,即密钥的第四位: i( K9 E6 p+ B" |: _$ }4 b9 y
0041DE28 |> 8B4424 10 |MOV EAX,DWORD PTR SS:[ESP+10] ; Default case of switch 0041DDE1
/ L& |- Y4 T4 s' [. z3 _# l0041DE2C |. 85C0 |TEST EAX,EAX% K0 f& I8 d9 O
0041DE2E |. 74 0C |JE SHORT flashget.0041DE3C& N# o- K. v# n$ P, L
0041DE30 |. 0FBE1D 2BC7520>|MOVSX EBX,BYTE PTR DS:[52C72B]4 w ~/ k4 P: z9 d
0041DE37 |. 83FE 02 |CMP ESI,2& E& ^8 E7 x' @& ]! U# X% m
0041DE3A |. 74 07 |JE SHORT flashget.0041DE43
) |8 q2 z I" R" w/ r6 R: e0041DE3C |> 0FBE9E 28C7520>|MOVSX EBX,BYTE PTR DS:[ESI+52C728]: G1 C, Q9 j6 a
3 v2 I( e( k- o; o1 v) K;对于运算结果的验证也很简单,只是用密钥的ASC码来除ECX中的值,余数在EDX中。& l" h- ~9 ]# l. ]/ ]+ v
0041DE43 |> 8BC1 |MOV EAX,ECX5 e4 I2 t% S0 X
0041DE45 |. 33D2 |XOR EDX,EDX3 ?% O. S6 U8 {; [% e
0041DE47 |. F7F3 |DIV EBX ?3 m2 ]& J+ X' s# W B
, O' T0 F" N K; t* t
, {1 K# ^3 a& i) w9 y; h" r. J# q9 ]! Z5 K T1 i2 e1 j) {
;以上是对指定段的KEY的验证运算,下面是对结果的判断
8 X" [" @9 a' ]* r0041DE49 |. 8BC6 |MOV EAX,ESI
S3 B6 H: ?- g" F& I0041DE4B |. 83E8 00 |SUB EAX,0 ; Switch (cases 0..2)4 K2 Q) Q/ s) g0 `1 }
0041DE4E |. 74 13 |JE SHORT flashget.0041DE632 \" S: S) @: s8 O
0041DE50 |. 48 |DEC EAX
# L" {/ X8 e A6 H: R' H7 y: O0041DE51 |. 74 09 |JE SHORT flashget.0041DE5C
% v) t1 w* f9 C" N( P' x0041DE53 |. 48 |DEC EAX% v2 o( M5 A% x
0041DE54 |. 75 11 |JNZ SHORT flashget.0041DE67
2 D! `" H @, j, k# X* l. ~) U+ G+ t9 z) a7 p
;余数是否为0
" l" D* r# u& ?) ^( M0041DE56 |. 85D2 |TEST EDX,EDX ; Case 2 of switch 0041DE4B3 ^! Y G# ?: t( y! S& g0 J
0041DE58 |. 75 18 |JNZ SHORT flashget.0041DE72# L/ k9 [2 I5 C! C! n
0041DE5A |. EB 0B |JMP SHORT flashget.0041DE678 \) l$ a6 a) J8 u
; D( Z- l' g/ x/ e j/ R
;余数是否为80 v; Y; x3 ^" o) ?$ N( P) P1 [* ]
0041DE5C |> 83FA 08 |CMP EDX,8 ; Case 1 of switch 0041DE4B) V& L4 _1 R) s4 Y6 G& | U
0041DE5F |. 75 11 |JNZ SHORT flashget.0041DE729 f- W l3 Q$ g8 O W
0041DE61 |. EB 04 |JMP SHORT flashget.0041DE674 x, e* x2 x8 a
, g5 w2 {- k. B;余数是否为0( |& U. g' t8 t0 I0 Y& f% X
0041DE63 |> 85D2 |TEST EDX,EDX ; Case 0 of switch 0041DE4B
/ {0 l! u- c& ^- m0 Q/ j U5 u7 U0041DE65 |. 75 0B |JNZ SHORT flashget.0041DE72" }7 R0 t4 x c+ v& l* s* [
; T' N; |3 U' u: x0041DE67 |> 46 |INC ESI ; Default case of switch 0041DE4B6 s+ z7 f. ?, u; M6 ~, r1 S
0041DE68 |. 83FE 03 |CMP ESI,3; D% L D* F6 s* S9 l- `
0041DE6B |. 7D 23 |JGE SHORT flashget.0041DE90
* a5 U+ o" i3 }3 Q3 V* ?0041DE6D |.^E9 68FFFFFF \JMP flashget.0041DDDA
# z& \8 p' p; Q5 v1 E; j& t( V6 M/ M; P
所以这三段的KEY的验证算法是:
* e8 {% U9 z* k! n' i* eCase 0(B XOR C) * D + A) MOD X = 0,这儿X是'k'
& j9 X' H' v+ c+ [& W8 ~! w4 N# n) qCase 1(B AND C) * D + A) MOD X = 0,这儿X是'e'5 p) V* A& u: S) _; A' P
Case 2B * C + D + A) MOD X = 0,对于fgf-类的KEY,这儿X是'v';对于fgc-类的KEY,这儿X是'i'
! q, t9 D9 N; i, q4 b; j3 A8 w) Y, Z8 D l
LeNgHost告诉我,FlashGet会在一段时间后验证第四段KEY,于是我就在程序正常运行后在那段已经读入内存的KEY上下了内存断点,并在RegPass也下了断点。出去逛完一个下午后……中断成功了……2 |' `; S9 x- _( |5 i" Z$ c
0042514C |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10]
! \+ Q7 e: _9 c2 r8 e) \0042514F |. 83C0 10 ADD EAX,101 Z1 @3 b: V j+ O- f! n
00425152 |. 894C24 08 MOV DWORD PTR SS:[ESP+8],ECX ]* j* H- S3 c% e" m5 I
00425156 |. 6A FF PUSH -1
) i4 I7 @- a7 t% T) h00425158 |. 0FBE4424 0E MOVSX EAX,BYTE PTR SS:[ESP+E]/ T0 B' x% y$ r2 ?) N7 o
0042515D |. 0FBED5 MOVSX EDX,CH! E9 p% j4 \% y1 A5 e* ]( B
00425160 |. 0BC2 OR EAX,EDX
3 ~+ g [7 H9 ~" B6 F00425162 |. 0FBE5424 0F MOVSX EDX,BYTE PTR SS:[ESP+F]
( w# s) l h( l4 Z00425167 |. 0FAFC2 IMUL EAX,EDX- {7 V. g% V9 c1 G
0042516A |. 0FBEC9 MOVSX ECX,CL$ Q8 q! V3 ]. ]$ C, w1 ^3 ^" `
0042516D |. 03C1 ADD EAX,ECX8 C4 T4 _, R0 A g& M
;跟踪分析得EAX = (B OR C) * D + A
6 I- R8 F( p1 i* [6 n @9 k4 P& p2 @8 T. s* y$ o; n* j
0042516F |. 33D2 XOR EDX,EDX
/ q, K! g- M( O& H9 A+ t2 b* h! U, \1 r: C
;验证用的密钥直接来自DS:[52C72B],哈哈,就是'i'
. Y6 ?: [, H0 g# Y" H00425171 |. 0FBE0D 2BC7520>MOVSX ECX,BYTE PTR DS:[52C72B]2 k$ X4 v# M. w0 o
00425178 |. F7F1 DIV ECX1 ^6 p2 W! l- R: }3 W% c, {
0042517A |. 8BCE MOV ECX,ESI
% ? @6 o9 T$ G* S2 E) u" Z; P9 K2 A5 g3 p1 E' t( T' `6 f) S
;判断余数是否为04 X2 b( K# V4 a1 s9 l
0042517C |. 85D2 TEST EDX,EDX/ e7 O- @+ p2 V( C" t0 }) q
0042517E |. 74 1E JE SHORT flashget.0042519E C6 D( s- @: ~* ]3 [! x9 a" {1 u
, }/ ?2 E4 b6 X" L# t, @
所以这一段的算法是((B OR C) * D + A) MOD X = 0,这儿X是'i'- |/ y# U8 T" h; R
' p2 ?" t, ^: r9 J9 `1 f- q( N
7 Y% D! _' c! |) d
只要KEY能符合这四个条件就可以了。我用VB做出了对应的算号器代码:
" f4 _# e$ w4 w% @ Randomize. i& {- z( z: J3 X% R' V
Dim intEbx As Integer
3 K- Z" t! Y6 h# s8 o ^* E6 r8 C Dim i As Integer, j As Integer, k As Integer, intChar As Integer4 J& T [( L) W* E o& l
Dim strCode As String
/ _# [" P2 T; ]1 j; C
. h/ t) N7 E8 P7 Q/ s( z% D If fgf Then) i; x, H0 A3 w8 z$ s) t
strCode = "fgf-"
+ s/ T: D! T5 W: v5 A intEbx = 118
& w8 ^/ r" j! X) ` Else* p& }, g0 s% n" h/ {
strCode = "fgc-": U$ l" P( U6 |) _ g/ M4 ?
intEbx = 105
: [# r8 C+ @* i End If( x$ k$ z! [: B( j
* `; j* k6 O0 Q3 e; x
Do
7 V- Y; n2 P1 J2 ~2 `( Q intChar = 97 + Int(Rnd() * 25)
[4 G0 W! ?2 \& F For i = 48 To 57
. I( X' r) L' [. ^* x. x For j = 48 To 57) u6 x) O9 c9 |4 A, N' X' d
For k = 48 To 576 w3 G5 T# j( g; w: ?
If (((i Xor j) And 127) * k + intChar) Mod 107 = 0 Then3 Q V+ p6 u1 y' |# {, D4 D
strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)
9 ^; {3 {+ n, f6 t$ P$ O w9 B' R Exit Do
5 {* B+ Q: v9 T5 N0 r. Y: t End If. h# v* e" F' F5 I4 _, v0 Z- B% x/ s
Next k
" Q( h5 z: c. W6 Q' E- b& p/ o Next j- E6 ^6 E! v- n* F* G5 a
Next i
8 v6 `2 E% V/ u z& d+ ?! A, N Loop: g/ j9 \+ v0 T' u8 h( [9 H* _
2 F) W5 D: s- p, t: T0 e
Do
0 K2 c) h# M4 f intChar = 97 + Int(Rnd() * 25)
9 d. X" G7 |( C% j, d For i = 48 To 57$ E3 X* Q8 E5 K% I; F U
For j = 48 To 57$ @2 e! w' N' |! ^$ ]8 t' k5 k Q
For k = 48 To 57
. O, F# v9 b4 {: F If ((i And j) * k + intChar) Mod 101 = 8 Then% [, G+ \+ g- {, M
strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)0 l' ^5 v; f8 z0 c7 X2 }2 l0 `
Exit Do/ F3 U5 U+ P% Y, t- [9 Y% g
End If
) d. C: f+ s. t# {$ _9 @5 P Next k
" c2 t4 j3 N- R' \, {9 U Next j
/ m+ v) @) W9 O. V! X7 W+ p Next i$ |, K' d/ ~+ T" [( k3 n
Loop
5 _7 r, \/ H! j0 e h- L 8 l& H( V$ M2 O) \
Do5 k4 [% k" Q+ ~
intChar = 97 + Int(Rnd() * 25)/ |9 B2 i" b& H* J8 v
For i = 48 To 57! K: Q2 k1 u0 f7 A; C
For j = 48 To 57
6 `8 I- d+ W. W$ z/ s For k = 48 To 57# i+ ]7 ]8 @% T4 ~7 T7 m
If (i * j + k + intChar) Mod intEbx = 0 Then
3 U1 [# U) \. N+ n strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)+ J6 N& i& ~/ ^) t8 y# b+ ]
Exit Do( ^8 c5 d1 m; f& A! w
End If
! r+ N; ~$ e# c4 w2 V! M Next k
8 y; i/ a6 @" q: c0 ~ Next j: d& P/ c! e% B1 n( B
Next i
3 J# j; l: q' A6 U% k9 O Loop. r( {5 x: @8 i6 L9 L# h, F. _
9 x% E6 ?" m q2 i2 ]
Do3 G5 t5 R4 n5 D! d% f
intChar = 97 + Int(Rnd() * 25)
7 A7 R. x1 v' d; ?) v; l- r For i = 48 To 57
' x t6 |, [$ x o7 Z m+ O% }. h For j = 48 To 57) K6 q4 {6 S- e# Q6 ?) [: ^' U
For k = 48 To 57
+ j& O/ F4 {% P- N! ] If ((i Or j) * k + intChar) Mod 105 = 0 Then
/ f3 ]: ?+ r, F# e: z strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)
" [& B, Q; `) \, f Exit Do2 Z o5 o& ?8 i, N1 l4 E2 e
End If1 E) k" b$ `" {, T* j
Next k# G" E+ Y5 W) Y5 m1 Q
Next j
; Q( P& n- z& F Next i
' y! I6 _5 ^! N }" _5 y Loop/ _* U0 L7 u$ ]( H
6 O3 B6 f7 u2 B
$ f( V: Q5 S- l9 S" r- r '后面的24位随机生成。 }8 G5 H* G6 l$ |2 O& u y
For i = 1 To 6
" `1 Y% \8 m. k% F! L4 Q! e( J intChar = 97 + Int(Rnd() * 25)* m( I$ w( j8 Y5 G+ H% Z* ?& o
strCode = strCode & Chr(intChar)) ?0 `0 S3 G; Q
For j = 1 To 3
9 S2 J8 _, I; ? intChar = 48 + Int(Rnd() * 9)
3 F! R; O8 m6 G: J4 G strCode = strCode & Chr(intChar)
) |" z7 C) ]( C Next j& L0 M" Y3 Y ~0 [
Next i
8 c& O8 W! c) B* i7 Q# \4 K. a: I7 t
$ N1 q; p5 r" W5 P1 r
最后字符串strCode就是所要求的KEY |
|
/1 
IP卡
狗仔卡
发表于 2004-11-1 13:35:00
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
顶
踩
转发到微博
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡