|
|
Eagle的破文:(重写)FlashGet1.65的算号器: c. C( M6 C4 E; M( n4 W9 [/ B+ V1 F I
+ S+ _' S' C% b5 }* J( w
再次声明:本破文曾发表于www.chinadfcg.com# M0 I. X0 v; P7 q) s! Q' Y0 `
声明:上次写完1.60A的算号器,LeNgHost告诉我,FlashGet会在一段时间后验证第四段KEY,所以现在针对最新的FlashGet重写了算号破文。谢谢大家的支持。其实,这个算号器算出来的号还不是正版的。只能用一段时间,因为最后的几段的算法我没有时间去找了。, _/ n5 a) e$ j0 P( R+ z7 w
/ T9 N) ^; X' s" p# d
【破解作者】 Eagle
5 g! S7 Q9 U8 [【作者邮箱】 eagle_twenty@163.com/ I# b0 T! z( S: D
【使用工具】 OllyDbg1.09
1 R. ^& Q9 }# A0 Y# B【破解平台】 WinXP
! \0 B7 T; P# ~, X/ `0 l5 V【软件名称】 FlashGet1.65
/ j& F( @% [; ~0 r6 B% C2 G【加壳方式】 无壳! C& K. B" P; M* s
【破解声明】 8 \7 [6 j1 J1 [# ]
--------------------------------------------------------------------------------: B0 L8 Z4 l' k- z3 x. S1 k: F
【破解内容】& o: K$ [, c# N
- t, V- [) v9 i; y0 j
V7 ^' j( i- Q5 [( \4 K4 S+ a" M
安装FlashGet1.60A并运行,输入完注册码的时候,它会提示重新启动软件来检测是否注册成功,同时用RegMoniter监视到FlashGet1.60A写入注册表项RegPass, RegName等。用PEID侦壳:无。
9 _& L/ U, H# m( F8 @0 @" |
+ d) l3 B1 k) v. {" k1.用OD加载FlashGet1.60A,查找参考字符串,在涉及RegPass的地方下断,运行9 D* k8 d" A7 p. m
2.程序第一次即中断在此,从上下文来看,这段代码有大量的跳转,有很大可能是注册码验证代码
" K, `$ V/ t0 R6 j* M: r6 i0041DCE6 |. 68 98E55200 PUSH flashget.0052E598 ; ASCII "RegPass"
. ]4 J- R9 Q" I% M$ f c0041DCEB |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
, s1 e) S1 a- w0041DCEF |. 68 A0C15200 PUSH flashget.0052C1A0 ; ASCII "General"
; g" ^* R% `6 [ f# G9 Q% g0041DCF4 |. 51 PUSH ECX# L% D# J3 L7 g6 N) V
0041DCF5 |. 8BCD MOV ECX,EBP4 S9 k+ j- W- C% Q# e7 B1 l5 h4 V9 T. x, i
;这个CALL将从注册表中读入注册码
: `, A6 v/ Z/ l8 `0041DCF7 |. E8 54C70C00 CALL flashget.004EA450
+ K' Z% \& z- l/ B4 B0 X# L9 h( n/ W0 ~
+ h+ Q' W; x" x3 S2 H) `
分析下面一段代码,可以发现每个条件跳转都跳向flashget.0041DE7B,可以那儿就是验证失败后的跳转方向
* a- F* z: g, ]7 C4 g2 s……
" E/ ^4 t- r" A8 o2 B: V0041DD27 |. 0F84 4E010000 JE flashget.0041DE7B9 g [/ Y5 m4 y( \' @: p1 ^) s/ n2 e2 \
……/ F2 P& T7 g" G: G( _2 ~
0041DD35 |. 0F84 40010000 JE flashget.0041DE7B4 l) x3 H7 n# Z
……) V: ]& K X+ M" s* t4 I# H
0041DD4F |. 0F8E 26010000 JLE flashget.0041DE7B
7 Z% y' Q- M* |/ i5 z; [……
- S2 A5 p9 w; [8 G7 s% v0041DD63 |. 0F8C 12010000 JL flashget.0041DE7B* a: ?+ O# O( l$ B( a
……1 Z, u9 t9 D( |+ U: \/ y3 B- {
0041DD77 |. 0F8C FE000000 JL flashget.0041DE7B
; { ?1 j c1 J/ M7 L9 j+ e……
7 p! f3 n5 u3 d8 A;下面这个CALL是计算KEY的长度的,要求的KEY的长度为0x2C,也就是44位
2 N3 ?, B1 L+ Q! Y! b8 _6 J0041DD86 |. E8 F4200B00 CALL flashget.004CFE7F3 A+ S8 ^' E2 D5 P+ `
0041DD8B |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP]
! z8 `1 E5 n, b6 r' s1 Q8 w6 z0041DD8E |. 8B42 F8 MOV EAX,DWORD PTR DS:[EDX-8]( H p2 u: T; @0 o
0041DD91 |. 83F8 2C CMP EAX,2C1 x- l6 j' Q5 c8 p+ @! p. Y
0041DD94 |. 0F85 E1000000 JNZ flashget.0041DE7B
9 k/ F* g# s" ^4 w6 h' o
+ y2 {! W8 k% [) U" J. l;下面是验证注册码的类型的,fgc-和fgf-两种KEY的验证算法是一的,
+ m1 q; q# `6 ? k;但用来对KEY进行解密的密钥是不一样的,我们可以看到密钥类型的标志是存入DWORD PTR SS:[ESP+10]
4 ^: C# M- J o# g0 l! Z% N;这次破解我们用的是fgf-的类型的密钥
) c4 e) X; g5 O* g. S0041DD9A |. 68 B0E55200 PUSH flashget.0052E5B0 ; ASCII "fgc-"
0 S0 t1 O, E5 y9 ~- D/ C0041DD9F |. 8BCD MOV ECX,EBP
$ l* ^0 f1 J% O+ S2 K. [% V% S0041DDA1 |. E8 401D0B00 CALL flashget.004CFAE6
& t7 x; Y5 J0 k; B0041DDA6 |. 85C0 TEST EAX,EAX
$ z$ y' Z2 c( l- k4 a) t8 a0041DDA8 |. 75 06 JNZ SHORT flashget.0041DDB01 D* m4 o& a5 G, d
0041DDAA |. 895C24 10 MOV DWORD PTR SS:[ESP+10],EBX
( o; z) u$ K, q$ b, D0041DDAE |. EB 18 JMP SHORT flashget.0041DDC8
6 k& ]3 v; b3 ?% t& u" ^1 p0041DDB0 |> 68 A8E55200 PUSH flashget.0052E5A8 ; ASCII "fgf-"& \7 N( Z( ^0 M$ I
0041DDB5 |. 8BCD MOV ECX,EBP
& B w. i" ]1 R' m" W' n( H/ g/ X* l0041DDB7 |. E8 2A1D0B00 CALL flashget.004CFAE6& s$ R2 v) u0 D9 t5 V. ~2 g
0041DDBC |. 85C0 TEST EAX,EAX
8 @; p G! i: p8 H6 `* W0041DDBE |. 0F85 B7000000 JNZ flashget.0041DE7B
5 e" N) S( |) C2 W; P* y, D0041DDC4 |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
/ Z, Q4 s# j8 R3 h- C# P' D- C: |
5 o# Y: M: u2 k# [# P8 `
( F# q$ O. n( O;下面是对KEY的验证算法) j: g% `) J* d) S! Z% {
0041DDC8 |> 6A 2C PUSH 2C1 ?7 H* D( @! \
0041DDCA |. 8BCD MOV ECX,EBP. z2 ~# t. |% l/ @9 r2 S U
0041DDCC |. E8 7A680B00 CALL flashget.004D464B
5 I- q: H- u; z3 w! X( N& f0041DDD1 |. 8BF8 MOV EDI,EAX
+ c Y9 u4 |2 o) ?2 F- ]0 i0041DDD3 |. 33C9 XOR ECX,ECX
6 \, [5 Z' N* d" B' g" g5 w0041DDD5 |. 83C7 04 ADD EDI,4- O% j" o8 b0 ]1 e
0041DDD8 |. 33F6 XOR ESI,ESI
, R7 Z4 z4 _3 K$ X/ U
& s; ?; I% h+ k5 O2 {, G6 F9 }/ k* ^' W' s+ t! s, U% L
分析下面一个循环,我们把每一段KEY的四们定义成ABCD,则有" b/ H/ q: ~# i' {
0041DDDA |> 8B07 /MOV EAX,DWORD PTR DS:[EDI]& Z1 P/ ^6 E" ~4 D
0041DDDC |. 8BD6 |MOV EDX,ESI
+ }3 y5 R+ o8 G0 D0041DDDE |. 83C7 04 |ADD EDI,4! ]3 K4 k: `9 z# @( V# ~# G- t
0041DDE1 |. 83EA 00 |SUB EDX,0 ; Switch (cases 0..2)" \$ o$ g2 k% R+ |. n
0041DDE4 |. 894424 1C |MOV DWORD PTR SS:[ESP+1C],EAX
3 [- R1 V" w2 q0 Q5 z9 S0041DDE8 |. 74 26 |JE SHORT flashget.0041DE10( S$ ~/ n3 a3 T5 E- u3 V+ g
0041DDEA |. 4A |DEC EDX
" ]# ~3 H# G% ]# w9 E: @( f0041DDEB |. 74 17 |JE SHORT flashget.0041DE04
: G( ~/ y: ]0 f/ @$ O0041DDED |. 4A |DEC EDX0 Z/ V$ q2 y8 a. z' a
0041DDEE |. 75 38 |JNZ SHORT flashget.0041DE28, ~* K% S( ~3 M, y4 i# ?6 t
. B- }6 X1 l! F6 N7 o0041DDF0 |. 0FBE4C24 1E |MOVSX ECX,BYTE PTR SS:[ESP+1E] ; Case 2 of switch 0041DDE1; _" a j+ O9 u0 P6 R
0041DDF5 |. 0FBED4 |MOVSX EDX,AH3 a/ v2 }$ p5 g- q
0041DDF8 |. 0FAFCA |IMUL ECX,EDX
; C8 F7 Y& {; F0041DDFB |. 0FBE5424 1F |MOVSX EDX,BYTE PTR SS:[ESP+1F]
0 {% p" y8 J& {7 c, k& i0041DE00 |. 03CA |ADD ECX,EDX9 f9 ^6 |( K5 q$ l
0041DE02 |. EB 1F |JMP SHORT flashget.0041DE23
% p& |4 C, \% P$ d. z7 R;ECX = B * C + D
, O) y9 Y5 y4 w% E; z
7 _( O7 [8 L$ n$ q2 o. B. \0 q9 ^: \+ u" S
0041DE04 |> 0FBE4C24 1E |MOVSX ECX,BYTE PTR SS:[ESP+1E] ; Case 1 of switch 0041DDE19 M! _5 N3 }4 n+ K' f- P
0041DE09 |. 0FBED4 |MOVSX EDX,AH, q7 s" q6 ]! A& K, ?7 g
0041DE0C |. 23CA |AND ECX,EDX( l v0 `9 F1 i
0041DE0E |. EB 0B |JMP SHORT flashget.0041DE1B1 D! [* L$ D8 h4 k4 a
;ECX = C AND B8 ^ F( ~" j/ c z
/ L7 i( F- V- a4 l5 P' }* d
9 C7 N( {! i# `9 y x
0041DE10 |> 8A4C24 1E |MOV CL,BYTE PTR SS:[ESP+1E] ; Case 0 of switch 0041DDE1
' L8 [) ]5 l1 r, q6 S+ T* }0041DE14 |. 8AD4 |MOV DL,AH
' ~7 e; D2 q6 a" s0041DE16 |. 33CA |XOR ECX,EDX E, Y3 l5 @7 L& O( k! R
0041DE18 |. 83E1 7F |AND ECX,7F
" p) [9 F3 e' V;ECX = C XOR B,不要被后面的那个AND ECX,7F迷惑了,它只不过是用来把高位屏蔽的0 g" y/ Q: d# s( ]
7 I8 u' @( e$ {+ A- Z& z
) Q! f+ [1 [" b, s, V1 ~ L0041DE1B |> 0FBE5424 1F |MOVSX EDX,BYTE PTR SS:[ESP+1F]
& G- ^7 J4 ` R# q0041DE20 |. 0FAFCA |IMUL ECX,EDX
7 I3 [. }2 U/ }( B7 c/ n;ECX = ECX * D8 ^+ n$ b7 k1 u$ s" m+ e. s. p* X2 e1 Q
/ i" B7 f+ A% H6 x6 Q x$ [+ [
2 o4 V/ M) `- s Z& s. Y6 I7 x. V3 V0041DE23 |> 0FBEC0 |MOVSX EAX,AL' Y$ H) _: f2 }. r; v
0041DE26 |. 03C8 |ADD ECX,EAX1 s/ L; ^' A, `3 i! ?
;ECX = ECX + A
: A& w: R% u! m9 N0 K5 s;处理后那些跳转,可以得到7 G- l4 `5 h* @8 p, ^' g
;Case 0:ECX = (C XOR B) * D + A; t4 o4 Y6 h% R; m \
;Case 1:ECX = (C AND B) * D + A
\2 `) f' k" a; i a;Case 2:ECX = B * C + D + A
8 J+ x1 V: Q0 K8 Z& I$ O! s' U( q$ k+ L" a0 h- f8 B; R/ o
% ~. G" g5 e2 G* g7 A# x0 z* X+ |5 [- u0 O( ^6 P1 F5 H$ o* `: z
;下面是用验证密钥来对算得的ECX值进行验证,我们来看它的密钥获取方法5 R( Q0 M% h6 } z
;密钥存放在DS:[52C72B]起始的一段空间,为kevinhyx12345,
L2 _& B. p5 W1 t8 m4 [0 d1 C;如果KEY的第一段为fgf-,运算所用到的密钥是顺序从这个字符串中读取的,
! A( l/ t( [, \) O;如果KEY的第一段是fgc-,运算所用到的密钥是顺序在Case 2的时候会从DS:[52C72B]中读取,即密钥的第四位: i2 O8 J- ?+ r, J) ]4 u
0041DE28 |> 8B4424 10 |MOV EAX,DWORD PTR SS:[ESP+10] ; Default case of switch 0041DDE1: D8 a) H! |/ p& Z6 P, S7 {0 q7 R
0041DE2C |. 85C0 |TEST EAX,EAX
0 g- J$ v; v$ q/ d7 _. l0041DE2E |. 74 0C |JE SHORT flashget.0041DE3C1 ]& N2 {0 \; W& R" |. l- E2 A
0041DE30 |. 0FBE1D 2BC7520>|MOVSX EBX,BYTE PTR DS:[52C72B]% [+ p. Z: o+ y, Y
0041DE37 |. 83FE 02 |CMP ESI,2
" \& g8 I- Z- M/ F* d ]2 m$ C+ T0041DE3A |. 74 07 |JE SHORT flashget.0041DE43
; P; F" k! L1 J4 }# ^+ H# k& ?! I4 v" }0041DE3C |> 0FBE9E 28C7520>|MOVSX EBX,BYTE PTR DS:[ESI+52C728]( B7 @, Q. S3 W( X8 l% q
" x2 _1 a, y! x) {% C5 h# e# _
;对于运算结果的验证也很简单,只是用密钥的ASC码来除ECX中的值,余数在EDX中。) l/ l' x4 ^6 L8 z
0041DE43 |> 8BC1 |MOV EAX,ECX4 W0 K7 v' D) `
0041DE45 |. 33D2 |XOR EDX,EDX8 l- M1 q3 w* n) ?+ N }' j
0041DE47 |. F7F3 |DIV EBX
& u( O; Q8 H7 Y" g
- w& x4 U/ D# ^, G' {; V) g3 x. Q/ v
& J- ~+ E3 M8 M
;以上是对指定段的KEY的验证运算,下面是对结果的判断
: i) w; L% ?' x9 A0041DE49 |. 8BC6 |MOV EAX,ESI) e" I5 E* o; p K% _5 C1 { |
0041DE4B |. 83E8 00 |SUB EAX,0 ; Switch (cases 0..2)( Q6 y# ?6 q2 Q- A
0041DE4E |. 74 13 |JE SHORT flashget.0041DE63" |( n0 H! X' z3 S+ i$ m" N* Y
0041DE50 |. 48 |DEC EAX! [7 {; A0 v6 z& q" G" ^
0041DE51 |. 74 09 |JE SHORT flashget.0041DE5C" E: \- |/ f" W+ Y
0041DE53 |. 48 |DEC EAX
a6 K% {, Y1 l6 h0041DE54 |. 75 11 |JNZ SHORT flashget.0041DE67: x, w; O; j8 q$ f2 n0 v
- e4 d( X* k" r4 [) n;余数是否为0
+ ?% N( o% F$ k5 V& j. }0041DE56 |. 85D2 |TEST EDX,EDX ; Case 2 of switch 0041DE4B/ r' i6 J- N. ~
0041DE58 |. 75 18 |JNZ SHORT flashget.0041DE72
h% z, I0 B6 E3 h7 `5 m0041DE5A |. EB 0B |JMP SHORT flashget.0041DE67 j2 ~/ S7 n, n% @
1 G( }3 r4 _$ C# g( `1 c' d
;余数是否为8
# \8 `2 l3 @2 e- s0041DE5C |> 83FA 08 |CMP EDX,8 ; Case 1 of switch 0041DE4B
( ~& M2 `9 A3 \$ K: _' c$ J: Y \0041DE5F |. 75 11 |JNZ SHORT flashget.0041DE723 V# x+ v& x' I$ t
0041DE61 |. EB 04 |JMP SHORT flashget.0041DE67: I1 M" m7 p3 V1 {- z
( ~! ]4 d6 y+ l2 x% X5 s. t;余数是否为0
3 R- F. r/ c: W. w& V0041DE63 |> 85D2 |TEST EDX,EDX ; Case 0 of switch 0041DE4B
2 }# G6 M8 V) B% t Z0041DE65 |. 75 0B |JNZ SHORT flashget.0041DE72
2 V6 r( X% I( j& S& p4 b
. D* I6 A5 O) M" {0041DE67 |> 46 |INC ESI ; Default case of switch 0041DE4B
5 u j. f9 u* b3 ]) t6 |9 c& }0041DE68 |. 83FE 03 |CMP ESI,3
* o' U0 v- g6 p( F! o k0041DE6B |. 7D 23 |JGE SHORT flashget.0041DE90) |+ C: p n* ^
0041DE6D |.^E9 68FFFFFF \JMP flashget.0041DDDA, q. H& V2 W5 w8 @' F; N
2 v! c+ n0 t; z! T& K% f
所以这三段的KEY的验证算法是:- E% W9 h2 g) P, J
Case 0(B XOR C) * D + A) MOD X = 0,这儿X是'k'0 \! u, \5 {1 ?) _/ L
Case 1(B AND C) * D + A) MOD X = 0,这儿X是'e'
1 k; o. y% t" s: y, N" |Case 2B * C + D + A) MOD X = 0,对于fgf-类的KEY,这儿X是'v';对于fgc-类的KEY,这儿X是'i'( N; d+ x, V# E' g
/ P2 A2 X7 g \" @% L6 kLeNgHost告诉我,FlashGet会在一段时间后验证第四段KEY,于是我就在程序正常运行后在那段已经读入内存的KEY上下了内存断点,并在RegPass也下了断点。出去逛完一个下午后……中断成功了…… L- Z4 v. n! C( q" r
0042514C |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10]
1 K' v1 ~ d) F6 v; f J/ v0042514F |. 83C0 10 ADD EAX,10
) O ~/ V) |& _+ i5 g00425152 |. 894C24 08 MOV DWORD PTR SS:[ESP+8],ECX
' u/ k, E. N: z1 ^0 y00425156 |. 6A FF PUSH -1
% B" c% B# J$ T; V! o- o00425158 |. 0FBE4424 0E MOVSX EAX,BYTE PTR SS:[ESP+E]
, ]* {2 [6 W% V. F8 {, m0042515D |. 0FBED5 MOVSX EDX,CH; {/ D7 O$ m; m2 W8 B
00425160 |. 0BC2 OR EAX,EDX
0 \$ E. M6 {" Q$ H+ b( j00425162 |. 0FBE5424 0F MOVSX EDX,BYTE PTR SS:[ESP+F]" v. z6 F) B. J. K4 s" x
00425167 |. 0FAFC2 IMUL EAX,EDX
) ^' U! U( |' r& R* \0 a' f' }0042516A |. 0FBEC9 MOVSX ECX,CL! n/ m, O* ~; D& w0 ]
0042516D |. 03C1 ADD EAX,ECX
5 x. n1 S$ }* m+ a* C9 k. r;跟踪分析得EAX = (B OR C) * D + A
4 m: N V f) U8 |; {' S$ I J6 I: [9 D% m
0042516F |. 33D2 XOR EDX,EDX
- b3 u1 a% o6 ]
$ M2 F+ n4 F( O9 y+ _, K;验证用的密钥直接来自DS:[52C72B],哈哈,就是'i'2 q% n/ N$ I# M5 O6 f7 Y
00425171 |. 0FBE0D 2BC7520>MOVSX ECX,BYTE PTR DS:[52C72B]/ k, C" y' k% M0 ^: n( d: F
00425178 |. F7F1 DIV ECX
. @; v+ Y" l/ t4 j0042517A |. 8BCE MOV ECX,ESI5 I/ o% s; [+ Y% U5 H
% {+ A Y5 X7 z; @; F* _$ a: n;判断余数是否为02 O7 z8 I, Y# \) [# Q8 j
0042517C |. 85D2 TEST EDX,EDX$ o) ?8 i2 o7 i' U/ n" C
0042517E |. 74 1E JE SHORT flashget.0042519E- d" @$ p- h& c/ u% ]/ N
) o% H, G6 O# ]% N2 r8 V& X6 F所以这一段的算法是((B OR C) * D + A) MOD X = 0,这儿X是'i'
3 c- G% c% J0 e- Z- J+ }: ^6 @2 k1 i4 J5 ]* t# {$ P
' b6 q% d$ v& T6 m2 M: e: I
只要KEY能符合这四个条件就可以了。我用VB做出了对应的算号器代码:8 q6 P: z9 j7 Z b v
Randomize+ U; ]: l! F. z) l+ D
Dim intEbx As Integer
" q7 e# ]9 S8 r- B0 A8 |. { Dim i As Integer, j As Integer, k As Integer, intChar As Integer
" `" c0 |- l3 G# Y* [ Dim strCode As String
; a* X- e p! ^6 M4 y( C, Z$ R. T
4 B& D+ m" p0 l2 X If fgf Then: \1 @2 O J% z% }
strCode = "fgf-"
' K' ~, n1 R9 U2 l( o intEbx = 118
" ]. [+ I9 G9 ^& x/ z Else4 [3 Q6 r8 k3 M2 m: J8 q6 `5 C1 @
strCode = "fgc-"
7 r1 b2 P8 c3 I: o7 e+ L8 b intEbx = 105( _( Q& J" m# k3 n* Y2 g
End If
. J% ~$ s. |1 _! V6 @, N
+ ~, y6 E5 k: i8 l: g Do
f1 {; B( l" P1 h3 i3 r. u& F intChar = 97 + Int(Rnd() * 25)
: W3 y @4 P5 M& k For i = 48 To 57
6 E, ?' ^/ g9 q$ y0 v For j = 48 To 57# w2 G* V+ @8 L& j6 n
For k = 48 To 57" a( I) r7 h9 m: ]+ ~
If (((i Xor j) And 127) * k + intChar) Mod 107 = 0 Then; G1 R, e6 O4 v+ S; h! m2 U0 Q+ z
strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)
! h' w9 ?. h2 B7 Y3 H; R; H; z Exit Do
- T+ |/ Y2 q9 I' W* l4 C$ ?2 B End If( D/ I+ {: }$ L& M) p6 c
Next k' q: o7 N- e9 \9 R( V+ l p
Next j
$ b) s& F% K0 g$ b% N Next i
6 j' O! T& X$ }5 f) r4 N Loop
! I. g* J0 ?: F8 Q
8 t# ^% z) J+ I; e a Do" x! y& n$ l& g& y5 S
intChar = 97 + Int(Rnd() * 25)9 R5 k, [/ F4 v1 W z3 _' z
For i = 48 To 57
2 {1 W4 l$ L7 D; n, ^+ e% C For j = 48 To 57
0 I: ]! i' X2 n5 U0 b; {( B/ i" k For k = 48 To 572 x q% y) s: K7 t
If ((i And j) * k + intChar) Mod 101 = 8 Then, P, a) y, J$ G& s5 |3 x% k
strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)# ~6 r, J7 b% T
Exit Do3 O2 h; G3 s9 `& C1 J1 X& U
End If! w: M' y: q( _3 Z
Next k
" Y$ L+ v0 `: u. g; x4 m7 X$ R: L Next j! G: u, w/ \: u+ \2 V( [9 L: r
Next i4 l- ~: _% }/ h( n, M( x" o
Loop) c& r8 K: ?9 Z% x% h( a: {. o2 U
- F- ^9 `6 @5 d, c( T
Do3 I/ C/ H. l6 t' i9 n: i
intChar = 97 + Int(Rnd() * 25)- M5 J% j2 W0 H* ]7 g
For i = 48 To 57
; q! v# v* j1 F, `$ G7 _ For j = 48 To 57" ?, W' [/ o& V. X( |3 `( X
For k = 48 To 57
( W/ t f; \+ r8 X) K$ M; v If (i * j + k + intChar) Mod intEbx = 0 Then
$ [" ~( k4 j( V& C strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)' F& f/ s; d$ }
Exit Do
$ F- w" f! b, Q* C End If
% c! F5 {5 e4 W; {) I8 @% h3 | Next k
% A2 `, u7 V, ~ Next j
' |, m# D8 L+ V" {1 ~ Next i
3 w3 r4 k- |6 }; b: Y Loop' R* U9 j5 |; H; R: q
2 j/ U" Y; o$ L s7 T; k3 M
Do
& b6 o2 [0 I: G# g! E) P$ s6 N8 ^/ ] intChar = 97 + Int(Rnd() * 25)! g j5 R( l( Y5 h8 E
For i = 48 To 57) r8 }! H$ o6 H1 _) D' x2 Q2 D( ]
For j = 48 To 57
# V1 s' M U. P* j/ O* v) o/ U" v& i For k = 48 To 57
) O$ i- w. e# `$ o7 j- v If ((i Or j) * k + intChar) Mod 105 = 0 Then
6 h) i8 s6 n' Z' {1 j1 ?# R strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)
0 n6 S* h: X# r3 c% E" ^$ V E Exit Do
4 Q x& b( v6 k& s5 t) ?: v End If
4 f' U0 x7 L$ J# l; i% M Next k
6 O( c. E4 Y2 i Next j! l8 i1 f- q' k& W' u
Next i6 j5 Y, D/ I' ~% A
Loop3 j" [6 L& f6 o2 \
7 |5 q G0 P0 x8 ]- E: x
) P- y0 V" c$ B5 f; @! H+ P '后面的24位随机生成。; H4 _) `6 F- I* B
For i = 1 To 6
( Q( w0 I, Y6 H* k2 h" e intChar = 97 + Int(Rnd() * 25) j/ k" r' f) \
strCode = strCode & Chr(intChar). L$ Z8 ^7 _* P9 T) ^0 B$ d) d
For j = 1 To 3, x2 W4 Y- X4 O; a ]/ v# \3 G
intChar = 48 + Int(Rnd() * 9), d5 W: [8 `1 {( q
strCode = strCode & Chr(intChar)
! x( ^; _: C% O1 F/ ^' @5 v2 @ Next j
5 O0 T. Q; e. B Next i
) k* K1 Y( F3 K& M4 m, G0 `
( Y* p8 s o- \/ A, \2 T! M- v- {3 Z0 A
最后字符串strCode就是所要求的KEY |
|
/1 
IP卡
狗仔卡
发表于 2004-11-1 13:35:00
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
顶
踩
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡