 该用户从未签到
|
Eagle的破文:(重写)FlashGet1.65的算号器
! [) r/ f1 ]1 p0 \- \7 j/ ~9 I# Y' u/ F; J% [1 e. n, q& j, `9 ]% p
再次声明:本破文曾发表于www.chinadfcg.com
( B3 I3 ]* u k2 q$ O0 B声明:上次写完1.60A的算号器,LeNgHost告诉我,FlashGet会在一段时间后验证第四段KEY,所以现在针对最新的FlashGet重写了算号破文。谢谢大家的支持。其实,这个算号器算出来的号还不是正版的。只能用一段时间,因为最后的几段的算法我没有时间去找了。+ H* R! { S7 C" x ^& ^
s# D- k0 G7 `2 `" u5 g$ l【破解作者】 Eagle) ^" _# J/ x+ n6 ]" N4 e. b
【作者邮箱】 eagle_twenty@163.com
( ^% c4 c6 j/ b' \2 t* i【使用工具】 OllyDbg1.09. q7 Z- i7 r. [& k: }
【破解平台】 WinXP. [8 \3 _' s# P+ R' d. j6 v
【软件名称】 FlashGet1.65 I9 H& S) O. J6 C7 Y: {# U
【加壳方式】 无壳
6 e! L% J# G$ ^【破解声明】 1 Q# L) U# Y0 L2 `
--------------------------------------------------------------------------------: K& f* f9 r8 n6 X, Z( @: S- t
【破解内容】
* M; G. o: T* u ^5 T+ s' l3 ~
! C8 z- y, A+ f- U W
/ ~- a9 _6 ^& T. q0 ]+ a2 f) w安装FlashGet1.60A并运行,输入完注册码的时候,它会提示重新启动软件来检测是否注册成功,同时用RegMoniter监视到FlashGet1.60A写入注册表项RegPass, RegName等。用PEID侦壳:无。+ p1 d- c" {8 U0 X- I& ]4 P/ o7 p, g
. {+ `9 ?& f0 v- j- z# {' w* Z1.用OD加载FlashGet1.60A,查找参考字符串,在涉及RegPass的地方下断,运行, v) p$ H9 T% a% g: Q, N
2.程序第一次即中断在此,从上下文来看,这段代码有大量的跳转,有很大可能是注册码验证代码" T3 F; y+ {4 r/ z3 ]+ F4 u$ i, g
0041DCE6 |. 68 98E55200 PUSH flashget.0052E598 ; ASCII "RegPass", [( a& b3 K, z) B/ O0 L8 D
0041DCEB |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]9 x( R' T3 M* q2 }
0041DCEF |. 68 A0C15200 PUSH flashget.0052C1A0 ; ASCII "General", E) J) I$ M, Z5 u5 R' |4 L
0041DCF4 |. 51 PUSH ECX \# H( H0 |8 @. o' O: [
0041DCF5 |. 8BCD MOV ECX,EBP
& `8 |% N0 x5 o: _* g;这个CALL将从注册表中读入注册码& [9 Y% w! p+ }1 n( V% l$ G2 }9 a5 G
0041DCF7 |. E8 54C70C00 CALL flashget.004EA4507 }& q. y: d; C+ L' F% g' M# l/ s
' n* d7 d4 }+ r! I* w) K! Y+ v1 l. B0 B. m) q7 F- p, _5 \ v
分析下面一段代码,可以发现每个条件跳转都跳向flashget.0041DE7B,可以那儿就是验证失败后的跳转方向, E" w: _$ I1 o1 n- c
……/ T8 ]1 x6 ] t! n' ]" ^, w3 S
0041DD27 |. 0F84 4E010000 JE flashget.0041DE7B
: B9 p4 q1 u& _" L$ I5 A……
* B2 v3 _* ~+ }" i( w( B8 ^1 d0041DD35 |. 0F84 40010000 JE flashget.0041DE7B
* A; N" K1 v! b3 r9 s1 |* H……0 {- s! \6 ]6 o3 f6 `) G
0041DD4F |. 0F8E 26010000 JLE flashget.0041DE7B* v7 d3 X6 ~0 W9 S$ i% D
……
' f; z! s0 M* D+ }# ]0041DD63 |. 0F8C 12010000 JL flashget.0041DE7B
0 A1 X. |2 H0 w% ^( I……) G/ c5 v, C) h# m- S+ p1 T
0041DD77 |. 0F8C FE000000 JL flashget.0041DE7B6 P! z4 u3 z& Y) N. ]/ C
……( u& i* I3 W, p( P) [3 w
;下面这个CALL是计算KEY的长度的,要求的KEY的长度为0x2C,也就是44位3 }: T: Z0 }9 v6 f0 I
0041DD86 |. E8 F4200B00 CALL flashget.004CFE7F
7 G; X. I1 C5 Q0 n1 w5 X" c0041DD8B |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP]
7 L, ^: h+ M4 E! F5 x- s0041DD8E |. 8B42 F8 MOV EAX,DWORD PTR DS:[EDX-8]- k/ n' L( N' O
0041DD91 |. 83F8 2C CMP EAX,2C
" n t( ]" a7 V6 r. V+ ~- g0041DD94 |. 0F85 E1000000 JNZ flashget.0041DE7B
/ P* O5 q0 x/ N/ Q! C2 C5 P
. B# @$ h# M5 y6 C# P, i;下面是验证注册码的类型的,fgc-和fgf-两种KEY的验证算法是一的,
, e% n j2 Y' `;但用来对KEY进行解密的密钥是不一样的,我们可以看到密钥类型的标志是存入DWORD PTR SS:[ESP+10]
: } t/ m2 ]/ ]& F* S;这次破解我们用的是fgf-的类型的密钥
/ h* A: _# U5 q* }* \$ E$ j0041DD9A |. 68 B0E55200 PUSH flashget.0052E5B0 ; ASCII "fgc-"
( Y/ k: } }7 s5 Y' N$ S4 m5 C( n- s0041DD9F |. 8BCD MOV ECX,EBP5 g6 t# V4 T7 J6 e) r; N" Y
0041DDA1 |. E8 401D0B00 CALL flashget.004CFAE64 V& K+ V4 f; W
0041DDA6 |. 85C0 TEST EAX,EAX
% v5 {2 t# Z8 i' X+ |1 X& a0 W6 N0041DDA8 |. 75 06 JNZ SHORT flashget.0041DDB0$ R8 v: w- H" j* m, C" ]) `$ h
0041DDAA |. 895C24 10 MOV DWORD PTR SS:[ESP+10],EBX6 ~/ M" k9 L, a- R& J, }7 v( V c0 Y
0041DDAE |. EB 18 JMP SHORT flashget.0041DDC8- U9 a8 l. _' Q9 {% ~8 o0 t
0041DDB0 |> 68 A8E55200 PUSH flashget.0052E5A8 ; ASCII "fgf-"" A$ {8 N+ U+ l$ V0 l4 g! U
0041DDB5 |. 8BCD MOV ECX,EBP
. y% i7 D& y( E9 c. z0 ~# |0041DDB7 |. E8 2A1D0B00 CALL flashget.004CFAE6+ a2 o3 [7 w9 N( |/ r
0041DDBC |. 85C0 TEST EAX,EAX) l2 `# z/ p4 f0 _
0041DDBE |. 0F85 B7000000 JNZ flashget.0041DE7B2 U6 i/ a3 Z+ g( H
0041DDC4 |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX7 t# u4 U) V* M5 z2 P$ u$ o
6 B9 J) A6 x5 A1 \
/ ~6 P" ?( d# z$ m: i: K. w;下面是对KEY的验证算法+ a( M q5 Y# u: E
0041DDC8 |> 6A 2C PUSH 2C
$ u2 B% p5 e0 x" u0 m! W, K) f& [0041DDCA |. 8BCD MOV ECX,EBP
. c$ _0 w* U9 h5 B0 J0041DDCC |. E8 7A680B00 CALL flashget.004D464B5 s+ q. m' K$ c6 W( l2 W; {( Z
0041DDD1 |. 8BF8 MOV EDI,EAX
6 p& F3 q9 B2 c3 [+ i' X0041DDD3 |. 33C9 XOR ECX,ECX7 ?# P$ [5 p5 |7 S8 F$ d+ H
0041DDD5 |. 83C7 04 ADD EDI,47 p/ w/ Q8 P; s3 {; e; F- ^- g+ u
0041DDD8 |. 33F6 XOR ESI,ESI* y9 ?/ J, E. r2 d% i
, J% G b- z- c8 k; J) Q% d: j6 P0 V$ t+ b+ Y0 E, @! g
分析下面一个循环,我们把每一段KEY的四们定义成ABCD,则有 I/ \3 q7 @5 E
0041DDDA |> 8B07 /MOV EAX,DWORD PTR DS:[EDI]
$ t& K+ T1 ^/ Z0 m: r& m* T0041DDDC |. 8BD6 |MOV EDX,ESI {" i0 }9 i6 T
0041DDDE |. 83C7 04 |ADD EDI,4
# E2 y4 u6 U2 ?9 n5 |0 w7 l7 e: I0041DDE1 |. 83EA 00 |SUB EDX,0 ; Switch (cases 0..2)
+ R/ l# p6 I8 I8 t8 r0041DDE4 |. 894424 1C |MOV DWORD PTR SS:[ESP+1C],EAX
! K1 L7 n( D. _! M o6 ~0041DDE8 |. 74 26 |JE SHORT flashget.0041DE10
$ x2 J5 D- C7 U% ~3 w0041DDEA |. 4A |DEC EDX
- d6 V3 i1 y" ^& `' j. z5 E0041DDEB |. 74 17 |JE SHORT flashget.0041DE04 ?- r6 H( @9 T& U
0041DDED |. 4A |DEC EDX% X4 o& L) |/ U" |% X
0041DDEE |. 75 38 |JNZ SHORT flashget.0041DE286 |' B9 S7 x& B
& a) ^% A: Z( N# c+ j, W9 e
0041DDF0 |. 0FBE4C24 1E |MOVSX ECX,BYTE PTR SS:[ESP+1E] ; Case 2 of switch 0041DDE1
* c: |; A, |. D7 O- f9 E0041DDF5 |. 0FBED4 |MOVSX EDX,AH
3 I9 u" S& `# X3 e! ]0041DDF8 |. 0FAFCA |IMUL ECX,EDX4 E, ^/ u) e$ g- R5 j" }
0041DDFB |. 0FBE5424 1F |MOVSX EDX,BYTE PTR SS:[ESP+1F]
& V+ M' x* y" j0041DE00 |. 03CA |ADD ECX,EDX
; M( Q: q/ `) i5 X) G- i0041DE02 |. EB 1F |JMP SHORT flashget.0041DE23
- J& Z I+ G: m! R6 V @& n;ECX = B * C + D
5 O; L! \/ o3 N4 x. r8 n7 M0 v! z6 S1 s. f# a1 N5 u- y) r' ~0 ^
% H" s" n5 x7 L+ {0041DE04 |> 0FBE4C24 1E |MOVSX ECX,BYTE PTR SS:[ESP+1E] ; Case 1 of switch 0041DDE1! C# L; I" A; ^* n
0041DE09 |. 0FBED4 |MOVSX EDX,AH
! K( [! _% k' i) i; e9 |$ G0041DE0C |. 23CA |AND ECX,EDX
) W& \$ s( M1 M5 ?% v( w0041DE0E |. EB 0B |JMP SHORT flashget.0041DE1B' O9 E3 d# v; F7 s5 D* ^
;ECX = C AND B+ T1 ^* R8 o7 a: e( N
; n( G! N# y- i& O+ q9 ^: k# j; {# }+ ]' j% p* |- \3 R. `( t
0041DE10 |> 8A4C24 1E |MOV CL,BYTE PTR SS:[ESP+1E] ; Case 0 of switch 0041DDE1 M1 v: a. w2 K; ~4 t) _
0041DE14 |. 8AD4 |MOV DL,AH
1 \9 N y7 U' w4 O9 p2 V# M4 @( R$ T! [0041DE16 |. 33CA |XOR ECX,EDX* G+ J; l6 g* o
0041DE18 |. 83E1 7F |AND ECX,7F" c& Q# {- s1 J3 }1 T8 S ?
;ECX = C XOR B,不要被后面的那个AND ECX,7F迷惑了,它只不过是用来把高位屏蔽的" I" ^( m5 h* L4 o9 v
( G. p! N. u: a6 v% k/ K5 K3 {
6 C. i- d) D2 E0041DE1B |> 0FBE5424 1F |MOVSX EDX,BYTE PTR SS:[ESP+1F]; I! q2 e6 E# r; C+ H; Q% {9 P$ r; g9 v
0041DE20 |. 0FAFCA |IMUL ECX,EDX4 b1 G& [) v d1 x: B0 k
;ECX = ECX * D3 Z5 I8 t/ N: S2 ^0 I) F/ r
! T) f; M" T% @! X8 ]! Y! l$ A A e; E8 k' V
0041DE23 |> 0FBEC0 |MOVSX EAX,AL
/ r8 C* _' D+ U( X" d' L) t0041DE26 |. 03C8 |ADD ECX,EAX: G* X8 T* m' H# ]5 Y
;ECX = ECX + A
8 H K: v" J# J# Q; l5 J5 A;处理后那些跳转,可以得到$ G3 i: `' P9 e$ H. r( y
;Case 0:ECX = (C XOR B) * D + A
1 Y2 R% o0 G5 @& B;Case 1:ECX = (C AND B) * D + A
* T! ?" `) n, R) x! I# q;Case 2:ECX = B * C + D + A3 b$ A& h6 U4 J
* O6 J' ?& y3 I" q% Z L) H( y0 Z; ?. j) R/ f$ ^) h* h/ Q
, \5 w& { `$ O) x: C" s;下面是用验证密钥来对算得的ECX值进行验证,我们来看它的密钥获取方法
0 O- b( K% r& q4 F. B* m;密钥存放在DS:[52C72B]起始的一段空间,为kevinhyx12345,
9 B( b6 \' r6 ]2 |. v;如果KEY的第一段为fgf-,运算所用到的密钥是顺序从这个字符串中读取的,
! W* o' H0 {1 };如果KEY的第一段是fgc-,运算所用到的密钥是顺序在Case 2的时候会从DS:[52C72B]中读取,即密钥的第四位: i/ m2 i7 R- m8 L8 {
0041DE28 |> 8B4424 10 |MOV EAX,DWORD PTR SS:[ESP+10] ; Default case of switch 0041DDE1
- K& q' \& f) U2 x0 X4 a# x4 s0041DE2C |. 85C0 |TEST EAX,EAX
% M! A' D& r, V. y# K$ E! r! l( f0041DE2E |. 74 0C |JE SHORT flashget.0041DE3C
, _5 @$ Y5 o f) Q9 r0041DE30 |. 0FBE1D 2BC7520>|MOVSX EBX,BYTE PTR DS:[52C72B]
. O! ^) M9 P' g5 ^; b7 G2 P( a0041DE37 |. 83FE 02 |CMP ESI,2
* A7 y' H6 h5 o0 O. V- \0041DE3A |. 74 07 |JE SHORT flashget.0041DE43
) ]/ _$ K L$ d; X- {' R, o0041DE3C |> 0FBE9E 28C7520>|MOVSX EBX,BYTE PTR DS:[ESI+52C728]( r! c8 s a" m& V( K- S' J7 M
8 s2 a5 J( F% k
;对于运算结果的验证也很简单,只是用密钥的ASC码来除ECX中的值,余数在EDX中。& }) O; X8 \) \& r2 U A7 C
0041DE43 |> 8BC1 |MOV EAX,ECX& O0 D* \( g+ h# p, Y" E
0041DE45 |. 33D2 |XOR EDX,EDX
2 G7 g; S; d! s4 s* P+ O3 Z0041DE47 |. F7F3 |DIV EBX
3 I" c5 K$ q! J/ {! E7 d
' W; E( ?: w& [; [/ Z1 P" C
' l3 U4 t2 g' b" ~5 S9 r2 y5 G( ^$ g/ J. ?( G. |4 b, \* l' [
;以上是对指定段的KEY的验证运算,下面是对结果的判断
1 _( T& y" p$ c0041DE49 |. 8BC6 |MOV EAX,ESI
1 Z- A; A( R: S6 `5 I0041DE4B |. 83E8 00 |SUB EAX,0 ; Switch (cases 0..2). U7 g6 U- f9 l2 j3 }
0041DE4E |. 74 13 |JE SHORT flashget.0041DE636 e/ r: Z9 g. g( ^ j! Q) l9 {
0041DE50 |. 48 |DEC EAX0 r n8 ~) Z8 [3 s( i V( m2 u
0041DE51 |. 74 09 |JE SHORT flashget.0041DE5C
$ R4 j: B; M8 |/ T( K/ f0041DE53 |. 48 |DEC EAX
, ~1 k, _( e8 m6 s6 R0041DE54 |. 75 11 |JNZ SHORT flashget.0041DE67: M* l. y& q/ t/ P' |
- o8 o+ S6 R9 I2 W" b: Y;余数是否为0! A6 e" y4 N# ]" s4 l. V1 u
0041DE56 |. 85D2 |TEST EDX,EDX ; Case 2 of switch 0041DE4B
. ]3 P+ G+ _; H% @6 T/ k5 w0041DE58 |. 75 18 |JNZ SHORT flashget.0041DE72
3 x3 p0 i+ W' {1 N- S& B0041DE5A |. EB 0B |JMP SHORT flashget.0041DE67
& A* ]2 e; L% b9 |% M8 [) d' h: N3 y( x$ g- W% m1 Q
;余数是否为8& q, ~; e# \( V+ l
0041DE5C |> 83FA 08 |CMP EDX,8 ; Case 1 of switch 0041DE4B4 R4 |1 g/ }7 ?' W4 j0 j( F
0041DE5F |. 75 11 |JNZ SHORT flashget.0041DE72/ Z: A3 H: ^. k9 h9 ?
0041DE61 |. EB 04 |JMP SHORT flashget.0041DE67
' {- ?# F# e) {, l( S( z' {
! w9 T" b2 N. i' R F, j( m;余数是否为09 i# ]' K- B9 f+ Y0 Y, f. y& B! `
0041DE63 |> 85D2 |TEST EDX,EDX ; Case 0 of switch 0041DE4B
" ]$ W$ Q# [) F; @4 Z! _0041DE65 |. 75 0B |JNZ SHORT flashget.0041DE72
6 N+ K% |- f5 w4 q& n: a9 T* w
$ g# S; [, Q* ~) z1 X3 \% x0 a0041DE67 |> 46 |INC ESI ; Default case of switch 0041DE4B
1 K" g4 l$ F& u6 f4 m) f! i( ?0041DE68 |. 83FE 03 |CMP ESI,3! l0 s7 O. \6 h
0041DE6B |. 7D 23 |JGE SHORT flashget.0041DE90
- }5 E9 B1 C/ L" [, @/ ]2 d0041DE6D |.^E9 68FFFFFF \JMP flashget.0041DDDA) \% Z* r, N/ }3 p- f; ? A
1 L5 H, Y! w S; n* ?# V所以这三段的KEY的验证算法是:
0 k4 l! ^: N8 S- O0 W+ `" |3 HCase 0(B XOR C) * D + A) MOD X = 0,这儿X是'k'- c% u( [; n$ I) b0 x- y
Case 1(B AND C) * D + A) MOD X = 0,这儿X是'e'
* L" i2 s- N9 jCase 2B * C + D + A) MOD X = 0,对于fgf-类的KEY,这儿X是'v';对于fgc-类的KEY,这儿X是'i'
1 c8 I, D; J3 e4 S, I& R; Q
) ^2 Z: b M0 M( d7 P! LLeNgHost告诉我,FlashGet会在一段时间后验证第四段KEY,于是我就在程序正常运行后在那段已经读入内存的KEY上下了内存断点,并在RegPass也下了断点。出去逛完一个下午后……中断成功了……
s0 F7 p3 |0 } `: T0042514C |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10]
& F n n! p$ V0042514F |. 83C0 10 ADD EAX,10
9 \- I. g5 V( w00425152 |. 894C24 08 MOV DWORD PTR SS:[ESP+8],ECX
( w: [; o3 o; C! Q+ M: Z00425156 |. 6A FF PUSH -1
" _; v' n1 R1 @9 p& S) I00425158 |. 0FBE4424 0E MOVSX EAX,BYTE PTR SS:[ESP+E]
' U# p! |1 \6 t# U0042515D |. 0FBED5 MOVSX EDX,CH' F! o# |* E# ]' x
00425160 |. 0BC2 OR EAX,EDX% i! j @- ?" ^1 a% e* @
00425162 |. 0FBE5424 0F MOVSX EDX,BYTE PTR SS:[ESP+F]
9 d( N0 z( Y& Y8 e& ]' h00425167 |. 0FAFC2 IMUL EAX,EDX
# `' C7 `7 x; T* ]/ Y0042516A |. 0FBEC9 MOVSX ECX,CL
. P9 M/ O' t4 L0 e7 D0042516D |. 03C1 ADD EAX,ECX3 D: I( Z# F: N$ Y, x* P
;跟踪分析得EAX = (B OR C) * D + A
1 o; b7 u i! T9 {. a3 @# p: p9 U
+ o# R5 H; {) n5 A+ f7 y0042516F |. 33D2 XOR EDX,EDX k4 S7 x# y: N+ h* q
5 t+ `2 B: m% }$ Y- B% B
;验证用的密钥直接来自DS:[52C72B],哈哈,就是'i'# h- g ?; r6 }) q: ?
00425171 |. 0FBE0D 2BC7520>MOVSX ECX,BYTE PTR DS:[52C72B]7 [% T& d ]" j! Y$ R9 h# x
00425178 |. F7F1 DIV ECX
8 }2 g* o3 e9 _) P0042517A |. 8BCE MOV ECX,ESI
( l! d! p( H* H5 ?+ A& t
, D4 K. @: j) P( Z" r# i1 E;判断余数是否为09 ~; g' a% s! G8 q v
0042517C |. 85D2 TEST EDX,EDX1 j8 |0 s( {3 R* b
0042517E |. 74 1E JE SHORT flashget.0042519E
1 d; ^7 {5 Y8 U. C7 N6 q, z1 k" I9 E
所以这一段的算法是((B OR C) * D + A) MOD X = 0,这儿X是'i'9 q" j$ m u0 _4 \$ z* E
# T4 u8 F. h% B. m0 \6 J5 ]/ l2 D( \% N* _' e g$ u6 J) h& \
只要KEY能符合这四个条件就可以了。我用VB做出了对应的算号器代码:
# y4 t4 L; @; r/ x Randomize: ^ j- w6 t3 _4 x
Dim intEbx As Integer. K1 s. L! V, C9 r# x3 r$ M2 ~: F N
Dim i As Integer, j As Integer, k As Integer, intChar As Integer2 `9 c1 `, U2 z( b- H. X
Dim strCode As String
4 S2 L) W- K; D+ P; D; ~" \9 ? % D3 }7 M) E( }9 f$ K& A! q; Y
If fgf Then
6 e: L' c3 F% d4 o( p strCode = "fgf-"3 P3 J7 K, f$ S1 p- q6 Q
intEbx = 118
) z+ E# H H$ K) X; U Else( Z* c$ `" R) C9 x, R: T A) o# k& E
strCode = "fgc-" H6 T% \! M5 f/ C0 `+ x
intEbx = 105, F9 I# s8 k1 a9 U, t6 s
End If
! ~# K$ V j) ]6 g, N& ? 0 v* m6 Y j5 N% c. I. b9 Z! @
Do1 y! u, \; M- m8 \5 R) |
intChar = 97 + Int(Rnd() * 25). G4 L# {& k. W6 |4 q8 Q: i
For i = 48 To 57# p Y, ~- E7 z; a! F
For j = 48 To 571 u& L5 O- Z6 Y* p b
For k = 48 To 57% i$ f" Z& N1 y y
If (((i Xor j) And 127) * k + intChar) Mod 107 = 0 Then
v- N5 @& g1 h* ?- F strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)8 t* h# K T* E8 _* Z: B8 ]
Exit Do
# P1 E" A7 X4 B4 B8 L' c2 F- j End If& V" [- C* F2 R
Next k
/ z8 h( N% a$ ^7 I+ L Next j" l. f+ ?/ e+ D" J% ]
Next i. U/ j/ I, _) q
Loop7 @3 N) E% L2 q! E+ W4 K
6 E7 r: p. y8 A/ y
Do7 V/ L. L. p; I: o2 T% e
intChar = 97 + Int(Rnd() * 25)
6 w f0 D I) b k For i = 48 To 571 N4 j! A) K3 ]/ W
For j = 48 To 57; _: _5 ]- i. }% a
For k = 48 To 57" H3 \. n" A6 o, q) @. K
If ((i And j) * k + intChar) Mod 101 = 8 Then5 P7 r4 Y% d) L& P0 s
strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)1 `) r( X+ {; M/ ]# f5 h
Exit Do
$ H8 R9 d+ p* O. U& v$ E/ m End If
{0 |, Y7 ~. M7 b, o" ^, n8 F* x Next k
- B$ e( G1 r. {7 O! M Next j8 U0 k. r" v/ q3 v: R1 L
Next i
5 K0 i* t. c1 Z2 h/ e; D/ @ Loop
. m" ]/ J% s$ D, H4 A
" r" K; S- q4 l- h Do# q4 l6 B6 l9 s
intChar = 97 + Int(Rnd() * 25)
" Z9 S/ q$ q/ I6 h) b For i = 48 To 57; V$ Q3 g# O; O" z+ t1 ^/ A' ~
For j = 48 To 57 b5 @( c! @6 i8 ~) P' v5 x! F
For k = 48 To 57
3 b) x x h$ e If (i * j + k + intChar) Mod intEbx = 0 Then" U& D( a$ J V: G) A
strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)
5 Z0 \3 E8 A- {4 O: u0 y6 ]* {5 L Exit Do8 y" Y2 v% P# f: C! P
End If
0 p) g- f! |* g) ^ Next k
& T5 ?' s2 e1 }! Z% R1 Y n7 N7 R Next j7 f6 W& ^, c" L
Next i
3 K) s: U. ~4 z: A% o, T* Q3 A Loop4 C$ a6 X5 G* s( c
, Y/ v' |2 C, F' B( _5 b
Do
9 b& V! T/ m# P1 v# s intChar = 97 + Int(Rnd() * 25)
9 b8 J/ M6 V% D, W& G For i = 48 To 57. _$ u6 [- E" j/ V6 u
For j = 48 To 57( C; g' I, U: C7 [& h+ F
For k = 48 To 57+ W, a |" M$ P3 [6 }, @0 u. g8 C
If ((i Or j) * k + intChar) Mod 105 = 0 Then
- \, V/ ]: _7 H& L9 g strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)
& E5 N6 b+ w# ~4 z2 ~! D Exit Do1 t( K- W2 I, `
End If7 p8 Y8 t4 Z7 [# V
Next k% v; I/ M4 x( o0 a e
Next j& y' e" ~/ D ?
Next i7 @$ j, ~: z& e, M3 p5 C! _
Loop
# H8 N0 d- U3 r* F6 U* ~7 u & P) c0 W& T& p ~& o
5 J# p( ~- x& A" K
'后面的24位随机生成。# v& Y- e* d G" U; k5 Z
For i = 1 To 62 ? ?; g) ~+ e- S @* r4 P1 ]
intChar = 97 + Int(Rnd() * 25)! N. {! R* `8 L S6 S3 U, J6 k
strCode = strCode & Chr(intChar)! z. y; J0 G/ q4 z* y
For j = 1 To 3% u3 l. |; o6 z' H" p& B5 F
intChar = 48 + Int(Rnd() * 9)
0 v" t8 [3 Y; W% ~ strCode = strCode & Chr(intChar)
/ T- `0 M& s) Q Next j
2 z/ Z/ W/ M4 ? Next i6 U/ R/ x" u# a e1 V
3 G" Z8 l8 v7 p, V- u/ g! r A- g8 }8 H/ Z* n/ y" i6 `
最后字符串strCode就是所要求的KEY |
|
/1 
IP卡
狗仔卡
发表于 2004-11-1 13:35:00
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
顶
踩
转发到微博
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡