|
|
Eagle的破文:(重写)FlashGet1.65的算号器
: e) @2 ~: Z+ l5 S3 `1 p, A& l/ Q# g; P/ `
再次声明:本破文曾发表于www.chinadfcg.com
; c0 e* J& d/ H# m声明:上次写完1.60A的算号器,LeNgHost告诉我,FlashGet会在一段时间后验证第四段KEY,所以现在针对最新的FlashGet重写了算号破文。谢谢大家的支持。其实,这个算号器算出来的号还不是正版的。只能用一段时间,因为最后的几段的算法我没有时间去找了。2 C0 @1 A6 C3 Z/ i" a5 l0 n. J4 x, O
& _7 {% h: j1 H( L/ `( H* I
【破解作者】 Eagle
8 @6 ^ L4 r( Y【作者邮箱】 eagle_twenty@163.com
7 D8 l& o. h: b6 z【使用工具】 OllyDbg1.09
$ C- d- _: u& w【破解平台】 WinXP# k% R4 n! Q* r2 b" a
【软件名称】 FlashGet1.65* E1 m0 j% q5 Y, e
【加壳方式】 无壳
8 I& v$ E/ ]- c) o: T: S【破解声明】
, z8 S* ` G* v5 a L$ U--------------------------------------------------------------------------------
R1 g( i( A: m' A/ H% u【破解内容】
' P$ I* Z6 g$ p9 m* k& u K) J7 M
! k1 j5 E7 C5 R/ E
安装FlashGet1.60A并运行,输入完注册码的时候,它会提示重新启动软件来检测是否注册成功,同时用RegMoniter监视到FlashGet1.60A写入注册表项RegPass, RegName等。用PEID侦壳:无。
: J% z- ^' T" O! ?9 n0 S" w& E# M4 o6 Y, m
1.用OD加载FlashGet1.60A,查找参考字符串,在涉及RegPass的地方下断,运行
: Z* }& Q! } S, V/ S: S/ n* ?2.程序第一次即中断在此,从上下文来看,这段代码有大量的跳转,有很大可能是注册码验证代码
) d3 J- D: O- ?* M* K F% `0041DCE6 |. 68 98E55200 PUSH flashget.0052E598 ; ASCII "RegPass"
6 [. M" V, X% ^2 M, i0041DCEB |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
9 i/ x8 c& c5 O8 [0041DCEF |. 68 A0C15200 PUSH flashget.0052C1A0 ; ASCII "General"
2 ]. \5 e) @5 K- r M( X O: |" s0041DCF4 |. 51 PUSH ECX
/ t! n l3 z" Q+ P, g0041DCF5 |. 8BCD MOV ECX,EBP# ] G, t @0 q: l! H
;这个CALL将从注册表中读入注册码! f; S9 }% \# @8 S# d
0041DCF7 |. E8 54C70C00 CALL flashget.004EA450
9 X1 ^; D; c& w! r9 Y! ~. ~2 b6 s) p! [% J& P( ?
7 k/ ~ K7 q# Y6 e* d8 K分析下面一段代码,可以发现每个条件跳转都跳向flashget.0041DE7B,可以那儿就是验证失败后的跳转方向4 z. t; \! k8 d6 y
……: @5 }: H+ w8 S6 C, @& j
0041DD27 |. 0F84 4E010000 JE flashget.0041DE7B1 M' p8 N3 ]$ {/ [
……! ]- \- s) A' s4 w+ b' K' |
0041DD35 |. 0F84 40010000 JE flashget.0041DE7B, @/ g" ?, g# n5 r6 _( j% ^) r$ r
……) }# U' X1 f: k5 z
0041DD4F |. 0F8E 26010000 JLE flashget.0041DE7B1 C' E8 |3 D) M, }9 t
……0 h7 C2 @% E) I( F) y
0041DD63 |. 0F8C 12010000 JL flashget.0041DE7B) E& o, ?7 ? Q3 a0 {4 q9 u% V
……
" h. Y1 |' R& f* W% e) P: _1 A9 u; \0041DD77 |. 0F8C FE000000 JL flashget.0041DE7B; l3 A. F: m Z3 P. A
……6 g7 x4 g T# g0 p x/ {
;下面这个CALL是计算KEY的长度的,要求的KEY的长度为0x2C,也就是44位
! Y# f* \* h& m' e0 C: a0041DD86 |. E8 F4200B00 CALL flashget.004CFE7F
! L4 d) X% b {( v1 b/ I/ J/ N0041DD8B |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP]
$ y7 j% _+ f. B( h# E0041DD8E |. 8B42 F8 MOV EAX,DWORD PTR DS:[EDX-8]
; `% [, _" \8 u, ~/ a% ]0041DD91 |. 83F8 2C CMP EAX,2C
4 N( M) `2 M% t1 Y0041DD94 |. 0F85 E1000000 JNZ flashget.0041DE7B" A/ {0 V% j# ^. m
7 A+ ~, L" L5 C! b' |
;下面是验证注册码的类型的,fgc-和fgf-两种KEY的验证算法是一的,3 y0 a+ \/ ?# w
;但用来对KEY进行解密的密钥是不一样的,我们可以看到密钥类型的标志是存入DWORD PTR SS:[ESP+10]( r* |6 y5 E0 n, f
;这次破解我们用的是fgf-的类型的密钥2 K- P5 {# n3 `4 E5 A! ?" d
0041DD9A |. 68 B0E55200 PUSH flashget.0052E5B0 ; ASCII "fgc-"
8 x/ Z0 H: c& H7 u( n0041DD9F |. 8BCD MOV ECX,EBP% q) l2 a& f9 y: g
0041DDA1 |. E8 401D0B00 CALL flashget.004CFAE6/ ^# \7 B$ ?, Q5 P) a6 T* @, |+ T) U
0041DDA6 |. 85C0 TEST EAX,EAX
4 e, \! i; _4 i; E! S1 r" b0041DDA8 |. 75 06 JNZ SHORT flashget.0041DDB0" d% Q7 r0 K* D9 M! K) n
0041DDAA |. 895C24 10 MOV DWORD PTR SS:[ESP+10],EBX
4 }4 A2 q) U% z2 E2 F0041DDAE |. EB 18 JMP SHORT flashget.0041DDC8
( i/ S0 a u# k: I/ |0041DDB0 |> 68 A8E55200 PUSH flashget.0052E5A8 ; ASCII "fgf-"' k0 r- ?4 G% J" C; g% m6 @, H
0041DDB5 |. 8BCD MOV ECX,EBP' e, x- _; A8 u `! v& W! S
0041DDB7 |. E8 2A1D0B00 CALL flashget.004CFAE6
2 ^ M! a# o5 @- \& G2 @! k0041DDBC |. 85C0 TEST EAX,EAX9 ~/ @- f: U# v* ~! V J
0041DDBE |. 0F85 B7000000 JNZ flashget.0041DE7B
8 s% m5 r* B6 e' O& d6 G' V0041DDC4 |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX, @$ [! c# n' k# N
$ ]9 t& ?2 y! f( R7 G8 j
; e- g, D/ B1 M0 r/ a& g& Y
;下面是对KEY的验证算法
; ^! o5 g& Y1 n* X+ v0041DDC8 |> 6A 2C PUSH 2C' E: E, q* v+ Q) Q1 W
0041DDCA |. 8BCD MOV ECX,EBP1 O/ @- e ^# X( Q# d
0041DDCC |. E8 7A680B00 CALL flashget.004D464B
" B6 C8 l; H& Q' O: l# E0041DDD1 |. 8BF8 MOV EDI,EAX
% Q0 t( e& k2 k0041DDD3 |. 33C9 XOR ECX,ECX) O; t# M7 R2 g3 y, N4 Q
0041DDD5 |. 83C7 04 ADD EDI,4+ q0 @+ |/ _5 j; {7 I: N
0041DDD8 |. 33F6 XOR ESI,ESI- {4 `1 e# L9 k& t9 U; r+ i \
+ H [, |$ j9 B$ @+ ^
* q% }% y, r" @' W9 L5 M/ L5 M分析下面一个循环,我们把每一段KEY的四们定义成ABCD,则有& G6 J3 F& L4 Y5 r
0041DDDA |> 8B07 /MOV EAX,DWORD PTR DS:[EDI]/ f4 u7 w) X& J. A
0041DDDC |. 8BD6 |MOV EDX,ESI2 j: J5 d* E9 B! P; D& f, T
0041DDDE |. 83C7 04 |ADD EDI,4
# s" w9 k F7 y4 Q! Y0041DDE1 |. 83EA 00 |SUB EDX,0 ; Switch (cases 0..2). G2 N) v7 g0 z; V* ^9 F
0041DDE4 |. 894424 1C |MOV DWORD PTR SS:[ESP+1C],EAX- u& D" M* _3 l. \2 {
0041DDE8 |. 74 26 |JE SHORT flashget.0041DE10
, \5 X. q1 P; G# a0041DDEA |. 4A |DEC EDX
8 M" f+ I5 d; \' ]3 o& r" e1 M0041DDEB |. 74 17 |JE SHORT flashget.0041DE04
& i% Q; F4 u9 J8 |& Q1 B0041DDED |. 4A |DEC EDX
& @7 O) }, F+ h7 y% b) k) D, {0041DDEE |. 75 38 |JNZ SHORT flashget.0041DE28/ t+ [, k5 f4 ^+ p; V8 [
, Q% D5 |2 p+ t' K. Q8 t$ w
0041DDF0 |. 0FBE4C24 1E |MOVSX ECX,BYTE PTR SS:[ESP+1E] ; Case 2 of switch 0041DDE1
% \1 t. V# P/ j1 O. N0041DDF5 |. 0FBED4 |MOVSX EDX,AH
6 H0 F* ~) c, ?+ D) r- \0041DDF8 |. 0FAFCA |IMUL ECX,EDX$ {1 R1 ?) F( h2 j5 X7 b! L$ M
0041DDFB |. 0FBE5424 1F |MOVSX EDX,BYTE PTR SS:[ESP+1F]* `) Z8 i2 Y" d
0041DE00 |. 03CA |ADD ECX,EDX/ j7 F w6 k4 { g1 N) c
0041DE02 |. EB 1F |JMP SHORT flashget.0041DE23
' i. ^6 N$ s" {+ m- {1 Q! Q1 K7 b;ECX = B * C + D$ ^. E' {5 V: }$ e. p' o/ e/ f$ J
5 g+ n1 k- `- Q, Z0 Z- M; I; U, u- `
% X d8 [/ g3 r$ |! j7 s
0041DE04 |> 0FBE4C24 1E |MOVSX ECX,BYTE PTR SS:[ESP+1E] ; Case 1 of switch 0041DDE1
( K4 O$ ?# ?' o0 V6 t i/ }( m0041DE09 |. 0FBED4 |MOVSX EDX,AH% t% A4 t2 D7 n
0041DE0C |. 23CA |AND ECX,EDX* ~5 v6 q/ F8 G) E: C T$ v- S
0041DE0E |. EB 0B |JMP SHORT flashget.0041DE1B
3 o; ~: o0 L5 ], r* B r" h, W;ECX = C AND B
; ^$ ], j$ h1 F! a& a3 }
0 w4 @. g. I G3 S* i2 Z8 M4 b$ X' ?" G6 G- Z1 J1 J* b1 J7 O
0041DE10 |> 8A4C24 1E |MOV CL,BYTE PTR SS:[ESP+1E] ; Case 0 of switch 0041DDE17 s. f: e6 r' G
0041DE14 |. 8AD4 |MOV DL,AH
1 F; J Z1 D" d' E, p6 J0041DE16 |. 33CA |XOR ECX,EDX$ r; B* h* @5 N2 M) p
0041DE18 |. 83E1 7F |AND ECX,7F: Y" E$ o, v/ |3 O0 |+ q- r
;ECX = C XOR B,不要被后面的那个AND ECX,7F迷惑了,它只不过是用来把高位屏蔽的
% m; |9 s" n" } D, Q
( M h O4 I, J; Q* g2 D! J
( k/ {6 B b5 X- \! s; Z0041DE1B |> 0FBE5424 1F |MOVSX EDX,BYTE PTR SS:[ESP+1F]3 M0 {: d: j. s1 ?8 j
0041DE20 |. 0FAFCA |IMUL ECX,EDX0 o6 U8 Y- S: S) D: Z5 A
;ECX = ECX * D
5 C" Z# Z9 O8 Y, T6 _9 P+ W$ Y! z
2 f) }9 I/ c5 x$ t
0041DE23 |> 0FBEC0 |MOVSX EAX,AL! h# G6 F7 B# p$ D) V
0041DE26 |. 03C8 |ADD ECX,EAX. d3 W" g# Q% | @% m2 y' Y2 |
;ECX = ECX + A
- M1 H3 ]' z# i5 t) k5 u;处理后那些跳转,可以得到3 n: Y, d, D8 s: }3 I7 ~/ z; G
;Case 0:ECX = (C XOR B) * D + A% P- H# Z7 k" q6 ^+ B' T4 W+ b$ q
;Case 1:ECX = (C AND B) * D + A1 @( e1 _* H9 a1 v+ |4 y3 C
;Case 2:ECX = B * C + D + A
1 [5 J V3 x& U. p( s
& L- I2 J: ]6 T0 t0 ~2 N# B* T
' o: J$ s! l' A2 j0 m+ };下面是用验证密钥来对算得的ECX值进行验证,我们来看它的密钥获取方法
4 H3 `- A* M. N+ s5 k9 X0 Q;密钥存放在DS:[52C72B]起始的一段空间,为kevinhyx12345,% A3 c( U* A1 U# y9 V
;如果KEY的第一段为fgf-,运算所用到的密钥是顺序从这个字符串中读取的,
( M) u4 ]9 V4 w) a;如果KEY的第一段是fgc-,运算所用到的密钥是顺序在Case 2的时候会从DS:[52C72B]中读取,即密钥的第四位: i
( F+ ], _) I% @2 G$ _" i/ b0041DE28 |> 8B4424 10 |MOV EAX,DWORD PTR SS:[ESP+10] ; Default case of switch 0041DDE14 l! ~0 a- S ~& t4 e5 F6 D
0041DE2C |. 85C0 |TEST EAX,EAX3 I. G2 _% Z7 s
0041DE2E |. 74 0C |JE SHORT flashget.0041DE3C
1 |1 t, N. T) Z) V0041DE30 |. 0FBE1D 2BC7520>|MOVSX EBX,BYTE PTR DS:[52C72B]( H& T) h+ ^9 h& g; d* Y
0041DE37 |. 83FE 02 |CMP ESI,23 k: Y; i' @% v! J% T |0 m
0041DE3A |. 74 07 |JE SHORT flashget.0041DE43- m% \$ ] _+ ?$ E4 y; d
0041DE3C |> 0FBE9E 28C7520>|MOVSX EBX,BYTE PTR DS:[ESI+52C728]! U H/ g4 o( c( k0 ^
6 O) g* c: {! z$ I1 M3 W;对于运算结果的验证也很简单,只是用密钥的ASC码来除ECX中的值,余数在EDX中。% v, i0 D- O) m
0041DE43 |> 8BC1 |MOV EAX,ECX
7 H: q, @ S+ |: ]0041DE45 |. 33D2 |XOR EDX,EDX, ?' C$ q: M- |7 H) R$ G4 x0 S
0041DE47 |. F7F3 |DIV EBX
$ L5 e" \$ J) Q) G3 ?2 F4 E4 T$ k1 W+ t: l9 t9 v
: v Z* _4 M4 e3 c. {
: U0 A* l( u# E
;以上是对指定段的KEY的验证运算,下面是对结果的判断0 L6 r% S. K; e" \: K( M, k8 I
0041DE49 |. 8BC6 |MOV EAX,ESI% b, h% N3 h* ^$ G; h i; o' X
0041DE4B |. 83E8 00 |SUB EAX,0 ; Switch (cases 0..2)) l" q8 K7 s, H+ W n
0041DE4E |. 74 13 |JE SHORT flashget.0041DE635 p) D. _3 L; i/ ^" ~
0041DE50 |. 48 |DEC EAX
% v p- T8 P5 j% X6 O7 O0041DE51 |. 74 09 |JE SHORT flashget.0041DE5C, Z" T* |! j7 A7 w: U L6 Y
0041DE53 |. 48 |DEC EAX1 }" E4 h" j# Y7 }/ A
0041DE54 |. 75 11 |JNZ SHORT flashget.0041DE679 f* r9 h& c1 a7 |) X: X
: l. }1 q. i- f8 B& \# |* O4 @
;余数是否为0
9 u$ ~5 `* M8 J3 a3 `# d4 X0041DE56 |. 85D2 |TEST EDX,EDX ; Case 2 of switch 0041DE4B, l0 ?9 |* {7 O% r; V- u: J$ p
0041DE58 |. 75 18 |JNZ SHORT flashget.0041DE72
. \) U ]/ v+ s, o' b1 j( |- d0041DE5A |. EB 0B |JMP SHORT flashget.0041DE674 Y; {4 o) x" j; A; R
9 S4 F6 b$ [# V+ u! p( a1 r
;余数是否为8
4 u" V5 b+ d7 I! @, b$ H- ?0041DE5C |> 83FA 08 |CMP EDX,8 ; Case 1 of switch 0041DE4B
: q d+ a$ b# T1 O1 ] s0041DE5F |. 75 11 |JNZ SHORT flashget.0041DE72- ~( n9 H) v2 b+ A( r
0041DE61 |. EB 04 |JMP SHORT flashget.0041DE67
2 Z) }8 \& b9 X# D2 Z# l, p
( F# F! W% L7 h) y8 J" }( T/ I' y7 e;余数是否为06 ?# `. U1 F: D% y) H! U
0041DE63 |> 85D2 |TEST EDX,EDX ; Case 0 of switch 0041DE4B
) S- N% ^4 Q3 s2 o3 Q4 ?- }0041DE65 |. 75 0B |JNZ SHORT flashget.0041DE72
) K- p( y- w6 w4 _ B6 q
- V a5 X$ y" |' e: f0041DE67 |> 46 |INC ESI ; Default case of switch 0041DE4B
. u+ M0 |" {" N0041DE68 |. 83FE 03 |CMP ESI,30 B6 @8 [# `/ ^+ f! t7 E
0041DE6B |. 7D 23 |JGE SHORT flashget.0041DE90
6 ]: S. q" j& G& N. ?( `4 j0041DE6D |.^E9 68FFFFFF \JMP flashget.0041DDDA
' t' |! ]3 Z: G" b
( H5 M8 z2 v( K7 s( ~8 x7 O! H所以这三段的KEY的验证算法是:
3 i( _! B. {, t2 c3 H6 c4 L) G3 QCase 0(B XOR C) * D + A) MOD X = 0,这儿X是'k'
; g# R8 Q4 R( {, N; `' vCase 1(B AND C) * D + A) MOD X = 0,这儿X是'e') c( l( Y1 v' K2 e7 g8 Z/ g
Case 2B * C + D + A) MOD X = 0,对于fgf-类的KEY,这儿X是'v';对于fgc-类的KEY,这儿X是'i'- B) g+ x# A. J1 Q/ K) N/ z, w2 |
$ ~" e# |! d( l" A
LeNgHost告诉我,FlashGet会在一段时间后验证第四段KEY,于是我就在程序正常运行后在那段已经读入内存的KEY上下了内存断点,并在RegPass也下了断点。出去逛完一个下午后……中断成功了……1 F v; W" @4 u
0042514C |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10]/ A5 `3 J" y- X* Z! P
0042514F |. 83C0 10 ADD EAX,102 w9 m! ~6 B8 o; R5 u
00425152 |. 894C24 08 MOV DWORD PTR SS:[ESP+8],ECX( @# o0 I4 a( v6 G
00425156 |. 6A FF PUSH -1
6 a6 y% O9 f$ h7 n" J/ V- K00425158 |. 0FBE4424 0E MOVSX EAX,BYTE PTR SS:[ESP+E]8 X: E9 J7 l! Q$ ~% u
0042515D |. 0FBED5 MOVSX EDX,CH3 {6 x( h- k; K
00425160 |. 0BC2 OR EAX,EDX
, k# s: y g; Q Q00425162 |. 0FBE5424 0F MOVSX EDX,BYTE PTR SS:[ESP+F]3 W2 u, g( ?# j% g7 t! a
00425167 |. 0FAFC2 IMUL EAX,EDX7 d- W b+ A" y5 m
0042516A |. 0FBEC9 MOVSX ECX,CL
; {4 a7 N* K( p5 D0042516D |. 03C1 ADD EAX,ECX/ O4 C9 T. p$ M- z f4 d
;跟踪分析得EAX = (B OR C) * D + A
5 v3 P* J) a( v: Z9 d0 E8 u* I# i' B" P# U
0042516F |. 33D2 XOR EDX,EDX" o( O' O" g4 l
* ~8 q( k; |7 S;验证用的密钥直接来自DS:[52C72B],哈哈,就是'i'
# @6 S6 u' Y4 q0 M2 I/ N00425171 |. 0FBE0D 2BC7520>MOVSX ECX,BYTE PTR DS:[52C72B]
9 d! ]- w& L/ Q( Z2 F! Z, H00425178 |. F7F1 DIV ECX- o( b6 T: m5 }/ Q9 B. e5 G1 u: T E
0042517A |. 8BCE MOV ECX,ESI% N7 F4 E1 F- H
& M, ^* R' n z/ g2 g) B j) \;判断余数是否为0
, }2 T9 V- g8 Z0 b" q: S4 Y" {" K0042517C |. 85D2 TEST EDX,EDX2 @; K' @0 N9 K8 F# r$ i: a g7 l5 K9 ?# Y$ ]
0042517E |. 74 1E JE SHORT flashget.0042519E& O& B6 l4 k( ?
; q8 ?/ \; W9 L n" u5 z3 f% u2 Y
所以这一段的算法是((B OR C) * D + A) MOD X = 0,这儿X是'i'- @% ?8 w3 d& R; ~0 R; [
- }5 |1 M K" s g6 T7 L( N1 S5 u ]
只要KEY能符合这四个条件就可以了。我用VB做出了对应的算号器代码:/ Z2 {7 S0 Q' @6 ?6 w2 T# i4 s
Randomize. ^) t+ f9 s# `# @( H: C
Dim intEbx As Integer
1 } @3 ^/ ~8 k' W3 \( y Dim i As Integer, j As Integer, k As Integer, intChar As Integer& J0 q4 E$ c$ j- M
Dim strCode As String
0 K4 F6 Z+ _* }7 S6 r
% ?; S" k' ~" Z8 _ If fgf Then7 j( H. e# Q2 |# u
strCode = "fgf-"
9 c4 w6 c$ A2 ?) `+ @# K8 G0 w intEbx = 118+ r/ M- }& Q! F2 m- d. D/ K& o
Else
+ F2 ?+ Y+ m: @) n! g strCode = "fgc-"* C5 l) ]3 m* e
intEbx = 105
& y4 u. Z: U& V7 m S End If
2 _+ s/ G; E- i L" G* i$ E4 k ) Z) k0 F/ p4 m3 |4 ?9 M% \( ]
Do
2 Y$ i% C' H; O intChar = 97 + Int(Rnd() * 25)
5 t9 r8 O: e4 m3 e! e" P) ~ For i = 48 To 57/ d! P: {3 c7 L t
For j = 48 To 57
; T" @, i5 p" e; c4 c [, T; Z For k = 48 To 57
& _- @. n; U" \& B0 ~ If (((i Xor j) And 127) * k + intChar) Mod 107 = 0 Then$ a g+ u$ J) |1 p& q/ M' ^
strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)2 m, U; {) f: ~% Z! N5 a% U/ d
Exit Do: {+ h7 l% n# R7 ^: r! C4 N8 g
End If8 @+ A2 c" c0 ~" l" P+ G! l" i
Next k
3 A5 v. r: p# d Next j) r) u# d. s- J/ T
Next i
% q$ {% J- _! l' W' L/ O# o B2 ]( S Loop/ P) y9 Y4 x3 x( u+ g' F
3 @, ~5 z% ]5 V1 v' k Do( N- k& U$ P" N1 Q
intChar = 97 + Int(Rnd() * 25)
# u# _6 E0 l, r2 v( X+ \% a9 ? For i = 48 To 573 y' y6 N6 u; t
For j = 48 To 57
6 n' W: m6 r) _" G! d7 v) j) } For k = 48 To 57
7 \# b5 {7 S; T' G1 j0 m2 q6 u* n If ((i And j) * k + intChar) Mod 101 = 8 Then
L$ t# J8 r9 @2 ^/ d, O8 Q) t! f strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)
+ Y6 S* \ j! ~+ |& m0 B. v2 W Exit Do
1 f( ^; W: X0 j End If" B: q: s- ^0 k
Next k$ h0 L, W J6 v5 K
Next j8 E$ ?% s/ u- w1 C5 w$ ]& U2 A
Next i# d$ ?. Y8 c9 |% F1 I; i
Loop
6 O: t6 ^* h, T6 y. ?! g) \
' h$ P$ l0 s" E, K2 k5 g Do
: X" r4 D: i6 H& s intChar = 97 + Int(Rnd() * 25)- I8 p9 }5 t/ Z
For i = 48 To 57 F9 y+ X* ^0 T" g7 p- ]9 D
For j = 48 To 57+ F$ A8 [% k' `# }9 p* U
For k = 48 To 57
0 A4 f3 g) _- {& O8 }* n9 m, o If (i * j + k + intChar) Mod intEbx = 0 Then
! u9 Y7 u$ q+ T strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)$ _: s8 s) o/ {# { W* A
Exit Do
6 q3 j, f1 s: J4 b, `5 c) t End If
@; {' F6 d1 n: A Next k
8 j/ l) m! w; X* \+ a Next j
, ?2 K+ c2 q; M# p5 b Next i! z7 t& X' F0 |! D: L8 U+ R: ?: I
Loop
! j# }- b/ p8 b3 R' k: ?
* [4 I& M. s0 ~5 _4 U+ s Do
% l& ]4 S1 w3 R* ] intChar = 97 + Int(Rnd() * 25)
5 e3 T( Z9 c$ L, U# ?" L% C For i = 48 To 57& d5 u$ v! z# Q8 G. }6 M9 ]
For j = 48 To 57
1 E) k7 e4 i5 T6 u For k = 48 To 57$ j0 Q2 m o' G" V! ]7 c" i4 |
If ((i Or j) * k + intChar) Mod 105 = 0 Then
- ^: B1 F+ {: p3 Z strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)
$ t; {" P$ T0 i& B/ Q Exit Do/ r; v x9 ~: M! i% V
End If
" U, k# @: K; Y Next k
! Z; U) o" E3 f, t( _ Next j1 G% u: W3 B: F' O% T5 N/ w
Next i' j- L" {5 ^ q4 ?# M. Y4 {% [
Loop6 F4 G: F3 M. `) s! A ?9 ^1 V
+ l& n) R1 n7 @; z8 Z
: t: E$ v, d, I2 R0 p F '后面的24位随机生成。
. p. B! V$ k$ S For i = 1 To 6
1 W0 n, q- U" ~ intChar = 97 + Int(Rnd() * 25)- E6 I! V3 f' u- x2 h5 U) \2 ~" B& r
strCode = strCode & Chr(intChar)( k3 ?' Q+ t) W2 G% B4 K0 B0 R
For j = 1 To 3
% {) s+ n+ E% S intChar = 48 + Int(Rnd() * 9)
0 I" M* O J( J; @* S, j strCode = strCode & Chr(intChar)
- d: f3 a) ^# }9 N/ }( J Next j
! t( i2 k" u- L8 u! P7 E: Z Next i6 B; b2 Y& k5 L3 L% u
3 }; o# b. Y1 G. E9 r/ _2 _1 h* }: ~' F' _5 O: e
最后字符串strCode就是所要求的KEY |
|
/1 
IP卡
狗仔卡
发表于 2004-11-1 13:35:00
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
顶
踩
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡