|
Eagle的破文:(重写)FlashGet1.65的算号器4 r! A' v& N; R4 K5 _
. d, {3 f3 C& c5 u2 A- y2 F7 Z再次声明:本破文曾发表于www.chinadfcg.com
( t4 F. Y& o& A2 k" P. M- t声明:上次写完1.60A的算号器,LeNgHost告诉我,FlashGet会在一段时间后验证第四段KEY,所以现在针对最新的FlashGet重写了算号破文。谢谢大家的支持。其实,这个算号器算出来的号还不是正版的。只能用一段时间,因为最后的几段的算法我没有时间去找了。
% a1 D, o! E1 b Z. p+ G% _% Y* F& o# S( K7 W0 q
【破解作者】 Eagle6 ?9 |, [1 C9 x$ h
【作者邮箱】 eagle_twenty@163.com
& `" n2 `9 `$ R+ [7 q! i- {【使用工具】 OllyDbg1.095 X) P1 y9 Y' {& b" l
【破解平台】 WinXP
% |8 O* Z; E5 q' I0 a【软件名称】 FlashGet1.659 \1 [. v; T3 O( q! o1 C& ?
【加壳方式】 无壳
9 ]8 f0 i- c i' B& ?【破解声明】
, U6 q- P/ Q: z/ p7 F7 f--------------------------------------------------------------------------------% i8 @$ L* H# Z4 ^7 k7 f6 `: e
【破解内容】
! U5 D3 C, r- W& K
- K9 ~' G: R0 b l6 j3 l9 ^: ~+ b Q
安装FlashGet1.60A并运行,输入完注册码的时候,它会提示重新启动软件来检测是否注册成功,同时用RegMoniter监视到FlashGet1.60A写入注册表项RegPass, RegName等。用PEID侦壳:无。
; Q8 v- |$ S3 s7 x; r* H' u6 ?6 `3 k$ s' V$ K5 N" o: b3 F/ l& E
1.用OD加载FlashGet1.60A,查找参考字符串,在涉及RegPass的地方下断,运行0 @: M. U2 R/ v# [9 U
2.程序第一次即中断在此,从上下文来看,这段代码有大量的跳转,有很大可能是注册码验证代码0 R- i) h6 f) W
0041DCE6 |. 68 98E55200 PUSH flashget.0052E598 ; ASCII "RegPass"8 b6 _$ ?4 S* i
0041DCEB |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
6 g2 l) b& Y& h, F: A0041DCEF |. 68 A0C15200 PUSH flashget.0052C1A0 ; ASCII "General"* j- Z. e/ k* m* b+ }+ I
0041DCF4 |. 51 PUSH ECX6 w" x. a7 ~0 V, g
0041DCF5 |. 8BCD MOV ECX,EBP
) g, _8 S* |- ~$ G( m( R;这个CALL将从注册表中读入注册码
) s Z# c/ t R5 b0041DCF7 |. E8 54C70C00 CALL flashget.004EA450
F0 O% i, W' Y
$ T! L! l3 z7 e* R; l0 X$ `# Q0 ?8 j: ~+ l- P3 @/ T" R# ^: `: Y; p8 d! a
分析下面一段代码,可以发现每个条件跳转都跳向flashget.0041DE7B,可以那儿就是验证失败后的跳转方向
3 _) `' V, r; `, p& [" i……
" D8 f( ?5 [" }* q) H& W8 V( X0041DD27 |. 0F84 4E010000 JE flashget.0041DE7B$ a: }% j& D6 N3 `7 q% d% t1 f
……
6 s# S( M4 U, ?5 [4 ]1 k0041DD35 |. 0F84 40010000 JE flashget.0041DE7B
! t+ `8 e7 |+ \/ ~……- o# a4 h0 g4 U7 W
0041DD4F |. 0F8E 26010000 JLE flashget.0041DE7B
) U( y# R# l$ u5 \$ m; [……
/ k* \2 m0 z& a' @0041DD63 |. 0F8C 12010000 JL flashget.0041DE7B+ p4 K) M% `1 W; V+ o
……+ n0 e6 I- e1 X( ^6 E6 R& h. ]
0041DD77 |. 0F8C FE000000 JL flashget.0041DE7B: W0 G, s1 P2 y( M& L: P# ?
……* u: I8 [) d$ W0 ~; H' K
;下面这个CALL是计算KEY的长度的,要求的KEY的长度为0x2C,也就是44位
0 [+ ?8 c$ R* N6 n0041DD86 |. E8 F4200B00 CALL flashget.004CFE7F
1 C, l; A& w5 v! G1 E a0041DD8B |. 8B55 00 MOV EDX,DWORD PTR SS:[EBP]
) [0 U3 y$ ^/ I3 W) \% l5 o3 |0041DD8E |. 8B42 F8 MOV EAX,DWORD PTR DS:[EDX-8]( y3 p" a, [$ w' {
0041DD91 |. 83F8 2C CMP EAX,2C
- U8 F# v6 Q4 F* X2 G8 k8 r0041DD94 |. 0F85 E1000000 JNZ flashget.0041DE7B
5 [; s1 J; f1 b1 A5 X1 C5 }$ b) C: F% T7 P4 F
;下面是验证注册码的类型的,fgc-和fgf-两种KEY的验证算法是一的,5 m+ b U { V0 X7 K
;但用来对KEY进行解密的密钥是不一样的,我们可以看到密钥类型的标志是存入DWORD PTR SS:[ESP+10]" P2 G2 i* v) t" y1 G2 ~! u( B
;这次破解我们用的是fgf-的类型的密钥
3 q; T; g7 f R* I) {7 d Z0041DD9A |. 68 B0E55200 PUSH flashget.0052E5B0 ; ASCII "fgc-"
+ ^7 U+ y" d6 b% Y0041DD9F |. 8BCD MOV ECX,EBP6 q3 s3 K- n% a. V
0041DDA1 |. E8 401D0B00 CALL flashget.004CFAE6
) S5 x3 B; i0 j7 o! J; W5 J0 c0041DDA6 |. 85C0 TEST EAX,EAX- r$ [7 K& Z s- x
0041DDA8 |. 75 06 JNZ SHORT flashget.0041DDB0: H+ f3 J. ^: L+ I
0041DDAA |. 895C24 10 MOV DWORD PTR SS:[ESP+10],EBX/ r( }: t/ Z! c, R ]% `+ p
0041DDAE |. EB 18 JMP SHORT flashget.0041DDC8% o/ B: \0 F; m( a5 y! _' i
0041DDB0 |> 68 A8E55200 PUSH flashget.0052E5A8 ; ASCII "fgf-"( x$ i) e* Q) ^% q8 @0 |: |. s
0041DDB5 |. 8BCD MOV ECX,EBP
+ h: s1 `5 K) U+ K9 q8 l0041DDB7 |. E8 2A1D0B00 CALL flashget.004CFAE6
" y+ J1 X$ C& e j4 V. H0041DDBC |. 85C0 TEST EAX,EAX
% x$ A5 f% T5 D6 R* s' n$ X: V0041DDBE |. 0F85 B7000000 JNZ flashget.0041DE7B
5 k; _* M* D& i N' @1 P9 Y5 S9 J0041DDC4 |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
8 g5 c$ L+ g7 ]" S% Z9 |3 t0 G3 M4 V" a# E; A S1 f
. V, K; @6 S& P4 z- b' l) k) ]
;下面是对KEY的验证算法
( \; q, H3 O$ Q: n% n/ a0041DDC8 |> 6A 2C PUSH 2C4 a" F% v Z/ g
0041DDCA |. 8BCD MOV ECX,EBP0 _! I- i: I1 S/ c
0041DDCC |. E8 7A680B00 CALL flashget.004D464B
0 v! c2 \" S8 [0041DDD1 |. 8BF8 MOV EDI,EAX# O. J' I; M4 L$ U/ f# V9 b' C, W
0041DDD3 |. 33C9 XOR ECX,ECX) P3 Q& o9 J$ K/ w+ Z, }) p
0041DDD5 |. 83C7 04 ADD EDI,4 N9 f5 i! m! R) m
0041DDD8 |. 33F6 XOR ESI,ESI4 i% B$ P) G; G
: N8 ]1 F5 R! L9 ]& J8 m
! c! k% H$ Z' Q0 [/ x分析下面一个循环,我们把每一段KEY的四们定义成ABCD,则有6 v6 ^0 U4 |1 p T' z9 i6 O
0041DDDA |> 8B07 /MOV EAX,DWORD PTR DS:[EDI]
! h2 j- m* ^: o: f8 m* n) k0041DDDC |. 8BD6 |MOV EDX,ESI
% h3 D% n1 C! U2 \% \0041DDDE |. 83C7 04 |ADD EDI,4* S$ g4 f% S, g3 v# a8 T
0041DDE1 |. 83EA 00 |SUB EDX,0 ; Switch (cases 0..2)1 f' k8 [+ |, c! B) x
0041DDE4 |. 894424 1C |MOV DWORD PTR SS:[ESP+1C],EAX
% L4 |% L$ o9 t+ y0041DDE8 |. 74 26 |JE SHORT flashget.0041DE10% N5 O7 Y7 i A8 \3 g+ u
0041DDEA |. 4A |DEC EDX4 ~: [7 S3 l/ ~/ j2 j
0041DDEB |. 74 17 |JE SHORT flashget.0041DE04
& s# V* }# o$ D" X; y" j9 F0041DDED |. 4A |DEC EDX, x$ F. ~* z c7 U3 d/ C2 _. ]* y* o
0041DDEE |. 75 38 |JNZ SHORT flashget.0041DE28
5 v3 J1 Y* [* F% q6 C( Q
P2 O0 v9 E7 J9 G0041DDF0 |. 0FBE4C24 1E |MOVSX ECX,BYTE PTR SS:[ESP+1E] ; Case 2 of switch 0041DDE1, C+ Q! a% K% A5 V
0041DDF5 |. 0FBED4 |MOVSX EDX,AH
2 ~4 @: x7 w% C6 B/ i4 w0041DDF8 |. 0FAFCA |IMUL ECX,EDX
) ?) U0 o: T# e2 z3 ~9 D. z' c0041DDFB |. 0FBE5424 1F |MOVSX EDX,BYTE PTR SS:[ESP+1F]
7 q' A2 c/ I7 v6 Q9 I9 T0041DE00 |. 03CA |ADD ECX,EDX2 A7 M7 Y, O3 |( y4 x
0041DE02 |. EB 1F |JMP SHORT flashget.0041DE23. ^' B4 n0 V$ C7 Z0 |( [: j0 ^, R
;ECX = B * C + D, i H8 \3 A6 a$ ^" t
+ e* e1 H+ v+ g& [+ m1 H8 e4 ]; X0 C7 g5 i- ~
0041DE04 |> 0FBE4C24 1E |MOVSX ECX,BYTE PTR SS:[ESP+1E] ; Case 1 of switch 0041DDE14 A# T T$ K. O; E
0041DE09 |. 0FBED4 |MOVSX EDX,AH$ q# \5 U( P( e# V9 ^
0041DE0C |. 23CA |AND ECX,EDX
9 h% i4 [0 g. H% O0041DE0E |. EB 0B |JMP SHORT flashget.0041DE1B
8 v5 b6 F: T) J2 u" ~ y9 p6 F;ECX = C AND B
+ ~/ [% ^% L) u4 w) \# G
6 r! ^. X0 l5 J! l6 w v9 p) g* S% z3 T7 V$ p3 ?
0041DE10 |> 8A4C24 1E |MOV CL,BYTE PTR SS:[ESP+1E] ; Case 0 of switch 0041DDE1: ]9 M) g" a) ]' F! k
0041DE14 |. 8AD4 |MOV DL,AH5 D2 q7 j r5 @# e
0041DE16 |. 33CA |XOR ECX,EDX
3 ?/ E4 f# s1 N/ b2 i, t0041DE18 |. 83E1 7F |AND ECX,7F2 W& h, V7 A! s$ q, x9 x
;ECX = C XOR B,不要被后面的那个AND ECX,7F迷惑了,它只不过是用来把高位屏蔽的
: \# ]& [& V, Q! Y- K4 G2 c( E) ]6 c! C1 @; N
) F* I W1 w; K. X/ A# n( B3 q
0041DE1B |> 0FBE5424 1F |MOVSX EDX,BYTE PTR SS:[ESP+1F]$ ^7 I/ F5 U" | k. V% z
0041DE20 |. 0FAFCA |IMUL ECX,EDX
: W2 ~/ H7 Y5 m$ U% H8 s;ECX = ECX * D
* }+ a8 X0 a8 u0 N, g9 w
% X' @& ?) j8 V$ W. n- q; ]7 [3 h% Z$ C u1 e
0041DE23 |> 0FBEC0 |MOVSX EAX,AL
, V2 i, H- A9 \7 ~: q4 u$ ^0041DE26 |. 03C8 |ADD ECX,EAX1 } I: q g1 E7 O; ^5 Z# o- C
;ECX = ECX + A* H9 a% l( \; L) E' |
;处理后那些跳转,可以得到
% L, c, e* y" I% t% z;Case 0:ECX = (C XOR B) * D + A
- I" ~7 g' [+ z;Case 1:ECX = (C AND B) * D + A
2 ~) l8 U; ~( r# P0 G5 a' X;Case 2:ECX = B * C + D + A
: X- X6 P- ~4 d% z" l, R) K" m7 O1 c/ u7 Z
8 p! i7 g2 G! U& x, J
$ C+ p8 r9 O6 ~% X/ H) f6 V
;下面是用验证密钥来对算得的ECX值进行验证,我们来看它的密钥获取方法0 |$ X) j4 e" u' e( c4 |
;密钥存放在DS:[52C72B]起始的一段空间,为kevinhyx12345,
9 E0 z- f* x s2 o/ {& \* ~;如果KEY的第一段为fgf-,运算所用到的密钥是顺序从这个字符串中读取的,) f }/ b1 w/ [4 f
;如果KEY的第一段是fgc-,运算所用到的密钥是顺序在Case 2的时候会从DS:[52C72B]中读取,即密钥的第四位: i% G1 }& c9 y- J4 H; Y) u
0041DE28 |> 8B4424 10 |MOV EAX,DWORD PTR SS:[ESP+10] ; Default case of switch 0041DDE1
$ f3 `% T* C8 j3 A( }8 r0041DE2C |. 85C0 |TEST EAX,EAX
( d/ ]( Z% @5 a$ X( B! F; r9 t8 L0041DE2E |. 74 0C |JE SHORT flashget.0041DE3C0 U+ j! j0 h# \
0041DE30 |. 0FBE1D 2BC7520>|MOVSX EBX,BYTE PTR DS:[52C72B]5 p" j1 t7 ], w
0041DE37 |. 83FE 02 |CMP ESI,2
* n4 I6 R. ~* ^9 r0041DE3A |. 74 07 |JE SHORT flashget.0041DE43% C; r9 |! U5 i5 j7 _: j. I$ A: ?
0041DE3C |> 0FBE9E 28C7520>|MOVSX EBX,BYTE PTR DS:[ESI+52C728]* f9 `* \/ t0 a& w7 s: ^; n9 t
% \! ?" A: E+ I" j- p! S+ W
;对于运算结果的验证也很简单,只是用密钥的ASC码来除ECX中的值,余数在EDX中。( x0 f' z: N& C; }
0041DE43 |> 8BC1 |MOV EAX,ECX
$ z. ^1 a, `; D0041DE45 |. 33D2 |XOR EDX,EDX A Y, @3 _2 l* S/ r
0041DE47 |. F7F3 |DIV EBX S$ G+ Y3 C. d7 W! P. q! v* m2 I
8 E2 b* Q- O) y9 d& ]# O: e5 m
1 f) @ x2 W" x
# E0 o& B# Y& Y4 n;以上是对指定段的KEY的验证运算,下面是对结果的判断
. W: i, h9 h+ J6 ^! N/ s0041DE49 |. 8BC6 |MOV EAX,ESI& k' H2 x Y8 g) N' N" H
0041DE4B |. 83E8 00 |SUB EAX,0 ; Switch (cases 0..2)( q2 _4 } O: S; I
0041DE4E |. 74 13 |JE SHORT flashget.0041DE63
% ~. V# C0 R( }0041DE50 |. 48 |DEC EAX
# \" H O0 {2 I' F! S1 e$ s' G0041DE51 |. 74 09 |JE SHORT flashget.0041DE5C
6 t& W# @* I3 G& y3 r0041DE53 |. 48 |DEC EAX) j8 J7 ]) [8 N& d: z, ?& l
0041DE54 |. 75 11 |JNZ SHORT flashget.0041DE671 Z0 P' W# ]! N; ^
+ w5 w0 o3 D8 w& h7 t
;余数是否为04 C! q3 C% F: U1 I! N8 h$ B
0041DE56 |. 85D2 |TEST EDX,EDX ; Case 2 of switch 0041DE4B) e0 o, e( U9 h! b: G6 V
0041DE58 |. 75 18 |JNZ SHORT flashget.0041DE72! e4 |! _' H! O" O$ J1 q
0041DE5A |. EB 0B |JMP SHORT flashget.0041DE67$ V! c8 O+ V0 j7 m& c! d
7 W3 ~. X3 b& ]' o8 U9 Y5 t2 T
;余数是否为8- [& T1 X, M2 Q* c) n" L# _1 y
0041DE5C |> 83FA 08 |CMP EDX,8 ; Case 1 of switch 0041DE4B" W# e# ~: g* j
0041DE5F |. 75 11 |JNZ SHORT flashget.0041DE72& L& l& m* m% A; j
0041DE61 |. EB 04 |JMP SHORT flashget.0041DE67& \( g, v& `4 Z9 u
( H z4 C, A4 b1 g;余数是否为04 h% `. i- M2 E+ e
0041DE63 |> 85D2 |TEST EDX,EDX ; Case 0 of switch 0041DE4B
8 R- U: N: Q- r+ _* j0041DE65 |. 75 0B |JNZ SHORT flashget.0041DE72
- l, c, m/ Q- _0 @' E2 s
. s' X0 n& ?1 ~0041DE67 |> 46 |INC ESI ; Default case of switch 0041DE4B
* S9 }9 h$ [; C2 u6 S% L1 ~0041DE68 |. 83FE 03 |CMP ESI,3
# o7 m5 Z. `0 m$ M7 ?0041DE6B |. 7D 23 |JGE SHORT flashget.0041DE908 E# d$ y8 i/ K, l( e- e
0041DE6D |.^E9 68FFFFFF \JMP flashget.0041DDDA
R$ s3 f7 q+ P6 U% R* E2 u% U* l" Z
所以这三段的KEY的验证算法是:
+ S) a$ a+ a5 }4 R: o/ h& c' yCase 0(B XOR C) * D + A) MOD X = 0,这儿X是'k'
4 s. ]5 [, s' p7 Y% @6 } |# [Case 1(B AND C) * D + A) MOD X = 0,这儿X是'e'
, z2 }7 F5 h* z+ UCase 2B * C + D + A) MOD X = 0,对于fgf-类的KEY,这儿X是'v';对于fgc-类的KEY,这儿X是'i'8 T" a' s' ?8 s4 j6 I+ x
! r! B' U) Z/ N$ T3 Z# p: p
LeNgHost告诉我,FlashGet会在一段时间后验证第四段KEY,于是我就在程序正常运行后在那段已经读入内存的KEY上下了内存断点,并在RegPass也下了断点。出去逛完一个下午后……中断成功了……9 k0 s+ }. Z. b4 @! J: g
0042514C |. 8B48 10 MOV ECX,DWORD PTR DS:[EAX+10]/ ?3 m1 `5 p% A" f. s8 ?
0042514F |. 83C0 10 ADD EAX,10. z" p5 |- a$ w9 A- J7 R2 d* d% z
00425152 |. 894C24 08 MOV DWORD PTR SS:[ESP+8],ECX) u ?& p' V5 M' l4 d
00425156 |. 6A FF PUSH -1
8 d0 |( i9 q/ q) g00425158 |. 0FBE4424 0E MOVSX EAX,BYTE PTR SS:[ESP+E]
4 R1 b0 |! n: H( p0 G* `) g0042515D |. 0FBED5 MOVSX EDX,CH
% l6 T+ R$ c/ p: i" g5 P3 `00425160 |. 0BC2 OR EAX,EDX( [8 D ?" W4 f
00425162 |. 0FBE5424 0F MOVSX EDX,BYTE PTR SS:[ESP+F]8 X2 A; Z8 _( V4 Y
00425167 |. 0FAFC2 IMUL EAX,EDX% V* \ x! t7 x% u0 U
0042516A |. 0FBEC9 MOVSX ECX,CL8 `' z0 p5 d3 ~& K: d- \0 ]. \1 N0 X. U
0042516D |. 03C1 ADD EAX,ECX
u8 s: r+ V' o% k2 w% U6 Y/ f;跟踪分析得EAX = (B OR C) * D + A/ M' Q8 Y: V4 n
# z" N! k) U8 S( _- u5 g+ e' T0042516F |. 33D2 XOR EDX,EDX9 h* k9 Q( s( G
5 R; e' B5 r w% ~( z
;验证用的密钥直接来自DS:[52C72B],哈哈,就是'i'
4 G# O* j) v b- q7 b* t00425171 |. 0FBE0D 2BC7520>MOVSX ECX,BYTE PTR DS:[52C72B]+ z! C9 H; X+ \0 h8 W9 y! v1 Q5 [
00425178 |. F7F1 DIV ECX% v) z2 B e- r- p
0042517A |. 8BCE MOV ECX,ESI
6 w% V4 f4 y6 O; E3 D: T
% @8 n/ t' K- _9 ?. I" h( m: K;判断余数是否为0
8 s! O- m k& W5 R0042517C |. 85D2 TEST EDX,EDX9 F+ F3 f% V: Q/ H: B1 ^8 \+ {! i% f3 M
0042517E |. 74 1E JE SHORT flashget.0042519E
! b6 |% t3 U1 l9 u5 i2 u: ^
( a; p* m+ g/ k: {! t: }+ V所以这一段的算法是((B OR C) * D + A) MOD X = 0,这儿X是'i'' \5 ?7 `( a8 V
* e. G$ F# f" ]: x e2 j1 o: X& i9 I: ]4 `$ f
只要KEY能符合这四个条件就可以了。我用VB做出了对应的算号器代码:0 @6 \4 ^% ?% ^$ S
Randomize
/ Q, E: H R6 Z; i& o) S7 ` Dim intEbx As Integer
{( l( o7 d% a& C' I4 v Dim i As Integer, j As Integer, k As Integer, intChar As Integer
1 R6 O( }5 }' m9 j/ b Dim strCode As String
! W& ~8 C2 v9 b( l( m, V
- h$ }# ^+ @# b% {1 x4 C$ w' O' p" t If fgf Then
. l; m. R' P% U6 v0 ^$ m1 Q strCode = "fgf-"
6 r, f' H$ ~1 Y# ^1 F intEbx = 118
5 P3 E% j" x/ y, }3 F* k4 m5 k Else# k- b" Z: n1 x" P
strCode = "fgc-"3 w/ @& X7 f9 ]# a' n; \
intEbx = 105
4 o& o }7 _/ f2 V( g% Z End If6 T6 Q5 n5 [( v
, w" \5 `+ V5 P# H; v9 |3 s
Do$ a2 E" x: v5 r% S
intChar = 97 + Int(Rnd() * 25)
) l5 w! Y+ }! d( X* q For i = 48 To 57
( F3 a! H' ^% B9 J, @! U For j = 48 To 57
: E3 o# T' f* ]5 e6 B7 w- `- u% o( b( N For k = 48 To 57" Q) g2 b7 l2 _
If (((i Xor j) And 127) * k + intChar) Mod 107 = 0 Then
) o0 C! L2 M4 u. h, t0 D+ M3 } strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)
/ D$ q; `7 Z" Y( ~5 d8 \ Exit Do8 }7 ]4 S1 i- \. ?1 V* c
End If
! B3 w! i. Q1 F# }! B/ ~ Next k, [6 a5 G! s$ A) s/ R
Next j _9 G* C0 A% W+ k" _3 Q/ ?
Next i
( B7 } u6 I5 J7 ?3 n Loop( h3 M6 ]" b3 R7 R
& I9 X0 G9 Q2 C5 Y. k! I- e7 y' u- M Do
, h/ h% K% n6 Y! L1 O7 u" [9 { intChar = 97 + Int(Rnd() * 25)2 m- s2 C( ] d1 N" |$ n; [9 R! _
For i = 48 To 57
" i3 y! u: Z; \5 a0 j$ t For j = 48 To 572 k6 x3 r5 g. v; o! S9 L
For k = 48 To 57
4 t2 ]4 e- i, f5 K3 \$ d- D P If ((i And j) * k + intChar) Mod 101 = 8 Then$ k2 {: w# x; R4 Q3 g8 n
strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k). a* q3 ]4 H. ~4 d: D
Exit Do7 R. s6 F7 J/ ?* x, R
End If) c+ O5 h9 d- {* o% h6 B
Next k
; R4 d1 o+ D; |& K. E8 s% \2 h Next j8 f! ~2 Q |+ c% G. N- f
Next i
3 ?: @- F5 l+ ^2 K2 M7 u- T Loop e% B2 v' g8 _; d+ x3 I7 @
" m9 M( k- h7 p8 `: C
Do* t! y. N# L8 d- ~+ `2 h) W
intChar = 97 + Int(Rnd() * 25)
1 O5 A) w9 h8 u2 ~ For i = 48 To 57
! c4 ~9 S9 |" o8 W% Z For j = 48 To 57
8 P2 E5 J* P2 r+ n3 } For k = 48 To 573 @+ Z( w0 P5 J$ L# j+ \
If (i * j + k + intChar) Mod intEbx = 0 Then
6 @- _, j% g( y+ I strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)( a# u, a4 E+ o6 y$ c5 z, a
Exit Do" L k9 [7 k4 d0 j; y! P( ?
End If
) o: I) P# J$ b Next k. Q: C8 i- `' H! n2 Y& j' k% i" Y _
Next j
* q. z3 ~! X8 W y0 m# Z7 F Next i
# o2 D# {' `2 ~5 Q. t7 K Loop
' G6 F& M1 w% E% ^! u7 y' \! Y ; c! z/ N6 t8 B; m7 |* ]
Do
8 e. | F5 l8 d intChar = 97 + Int(Rnd() * 25)! v1 Y4 N- U9 ~6 F: g7 ~
For i = 48 To 578 o( u X, m3 `# g: c' U! {' ?
For j = 48 To 57
4 |, m+ r: X4 R. D! t7 ~ For k = 48 To 57, \; b& @2 C8 `+ ]
If ((i Or j) * k + intChar) Mod 105 = 0 Then/ T/ x2 Y* x; A# P( Z8 `
strCode = strCode & Chr(intChar) & Chr(i) & Chr(j) & Chr(k)$ t' A h- ?! E; W# E
Exit Do$ c5 t; m- E2 o$ `; a- T4 u0 W
End If
9 B* {8 l' C" E6 } Next k+ `! B, _( d! G3 I }9 \- n
Next j" F3 i0 i2 H% e b$ e+ d/ ~8 ?
Next i( F! N- d4 d7 ^3 X+ [" H; l1 _
Loop+ s6 h- O4 r" u. L# _! L# t
4 `$ o# t' D( a1 F8 s4 z$ Y4 S7 Z2 r" f9 V
'后面的24位随机生成。
. r. Y8 _; N9 i n3 ` For i = 1 To 6
2 |3 _1 ~, u# v6 S% f! F intChar = 97 + Int(Rnd() * 25)
$ L! `* b% v9 @) H strCode = strCode & Chr(intChar)$ f0 Q: w9 y3 h4 t0 _9 S3 m& w0 f
For j = 1 To 3
; f8 C" w, Q2 _+ K8 U intChar = 48 + Int(Rnd() * 9)
! l& ^! F2 |( K! ]; u6 [8 A strCode = strCode & Chr(intChar)- A9 o$ u/ e) {
Next j
6 L1 B' d, |7 }& L6 D4 y Next i( V! W2 V% F2 x' i# n
, P K% x5 L9 I$ X7 r" H4 f% g, R1 c8 ?5 Q8 e
最后字符串strCode就是所要求的KEY |
|