An algorithm disassembly for software registration (the test software is Splish.exe)

The test software is Splish.exe.
Bytes ------------------------------------------------------------------------------------------
 
I am sure everyone knows the beginning of searching for an algorithm. I will not talk about it here. Next I will directly discuss the assembly code and comments of the algorithm.
 
Bytes ------------------------------------------------------------------------------------------------
004015E4 55 push ebp; algorithm started
004015E5 8BEC mov ebp, ESP
004015E7 6A 20 PUSH 20
004015E9 68 42324000 PUSH Splish.00403242
004015EE FF75 0C push dword ptr ss: [EBP + C]
004015F1 E8 34010000 CALL <JMP. & USER32.GetWindowTextA>; get the serial number length
004015F6 85C0 test eax, EAX
004015F8 0F84 95000000 JE Splish.00401693
004015FE A3 67344000 mov dword ptr ds: [403467], EAX
00401603 6A 0B PUSH 0B
00401605 68 36324000 PUSH Splish.00403236
0040160A FF75 08 push dword ptr ss: [EBP + 8]
0040160D E8 18010000 CALL <JMP. & USER32.GetWindowTextA>; get the username Length
00401612 85C0 test eax, EAX
00401614 74 68 je short Splish.0040167E
00401616 A3 63344000 mov dword ptr ds: [403463], EAX
0040161B 33C9 xor ecx, ECX; cleared
0040161D 33DB xor ebx, EBX
0040161F 33D2 xor edx, EDX
00401621 8D35 36324000 lea esi, dword ptr ds: [403236]; the first address of the user name is to esi
00401627 8D3D 58324000 lea edi, dword ptr ds: [403258]; place the calculated User Name
0040162D B9 0A000000 mov ecx, 0A; ecx = 10
00401632 0FBE041E movsx eax, byte ptr ds: [ESI + EBX]; eax = the first character of the user name
00401636 99 CDQ
00401637 F7F9 idiv ecx; division operation, eax = 122/10 = 12 = ch, edx (remainder) 122% 10 = 2
00401639 33D3 xor edx, EBX; abnormal or operate edx = 2 ^ 0 = 2
0040163B 83C2 02 add edx, 2; edx + 2 = 4
Comparison between 0040163E 80FA 0A cmp dl, 0A; edx and 10
00401641 7C 03 jl short Splish.00401646; smaller than the hop, greater than or equal to the edx-10
00401643 80EA 0A sub dl, 0A
00401646 88141F mov byte ptr ds: [EDI + EBX], DL; [edi + ebx] = edx = 4, put edx in the address of the calculated User Name
00401649 43 inc ebx; ebx ++
0040164A 3B1D 63344000 cmp ebx, dword ptr ds: [403463]; Comparison Between ebx and User Name Length
00401650 ^ 75 E0 jnz short Splish.00401632; cyclic statement
00401652 33C9 xor ecx, ECX; cleared
00401654 33DB xor ebx, EBX
00401656 33D2 xor edx, EDX
00401658 8D35 42324000 lea esi, dword ptr ds: [403242]; the first address of the registration code is to esi
0040165E 8D3D 4D324000 lea edi, dword ptr ds: [40324D]; place the calculated registration code
00401664 B9 0A000000 mov ecx, 0A; ecx = 10
00401669 0FBE041E movsx eax, byte ptr ds: [ESI + EBX]; eax = the first character of the registration code
0040166D 99 CDQ
0040166E F7F9 idiv ecx; eax = eax/ecx = 49/10 = 4 edx = eax % 10 = 9
00401670 88141F mov byte ptr ds: [EDI + EBX], DL; [edi + ebx] = edx = 9
00401673 43 inc ebx; ebx ++
00401674 3B1D 67344000 cmp ebx, dword ptr ds: [403467]; Comparison Between ebx and registration code length
0040167A ^ 75 ed jnz short Splish.00401669; Loop
0040167C EB 2A jmp short Splish.004016A8
0040167E 6A 00 PUSH 0
00401680 68 0A304000 PUSH Splish.0040300A; Splish, Splash
00401685 68 A0304000 PUSH Splish.004030A0; Please enter your name.
0040168A 6A 00 PUSH 0
0040168C E8 B7000000 CALL <JMP. & USER32.MessageBoxA>
00401691 EB 62 jmp short Splish.004016F5
00401693 6A 00 PUSH 0
00401695 68 0A304000 PUSH Splish.0040300A; Splish, Splash
0040169A 68 B8304000 PUSH Splish.004030B8; Please enter your serial number.
0040169F 6A 00 PUSH 0
004016A1 E8 A2000000 CALL <JMP. & USER32.MessageBoxA>
004016A6 EB 4D jmp short Splish.004016F5
004016A8 8D35 4D324000 lea esi, dword ptr ds: [40324D]; calculated registration code
004016AE 8D3D 58324000 lea edi, dword ptr ds: [403258]; calculated User Name
004016B4 33DB xor ebx, EBX; cleared
004016B6 3B1D 63344000 cmp ebx, dword ptr ds: [403463]; ebx and username Length
004016BC 74 0F je short Splish.004016CD
004016BE 0FBE041F movsx eax, byte ptr ds: [EDI + EBX]; eax = username [I]
004016C2 0FBE0C1E movsx ecx, byte ptr ds: [ESI + EBX]; ecx = serials [I]
004016C6 3BC1 cmp eax, ECX; Comparison
004016C8 75 18 jnz short Splish.004016E2
004016CA 43 INC EBX
004016CB ^ EB E9 jmp short Splish.004016B6
004016CD 6A 00 PUSH 0
004016CF 68 0A304000 PUSH Splish.0040300A; Splish, Splash
004016D4 68 42304000 PUSH Splish.00403042; Good job, now keygen it.
004016D9 6A 00 PUSH 0
004016DB E8 68000000 CALL <JMP. & USER32.MessageBoxA>
004016E0 EB 13 jmp short Splish.004016F5
004016E2 6A 00 PUSH 0
004016E4 68 0A304000 PUSH Splish.0040300A; Splish, Splash
004016E9 68 67304000 PUSH Splish.00403067; Sorry, please try again.
004016EE 6A 00 PUSH 0
004016F0 E8 53000000 CALL <JMP. & USER32.MessageBoxA>
004016F5 C9 LEAVE
004016F6 C2 0800 RETN 8
 
Bytes ------------------------------------------------------------------------------------------------------
Below is the C language code of the disassembly Algorithm
Bytes -----------------------------------------------------------------------------------------------------
# Include <stdio. h>
# Include <string. h>
# Include <stdlib. h>
Int main ()
{
Char username [50];
Int namelenghth;
Int I;
Int a = 10;
Int c;


 
Printf ("Enter the User name: \ n ");
Gets (username );
Namelenghth = strlen (username );
For (I = 0; I <namelenghth; I ++)
{

C = username [I] % 10;
C = c ^ I;
C = c + 2;
If (c> = 10)
{
C = C-10;
}
C = c * 11% 256;
Printf ("% c", c );
}
Printf ("\ n ");
Return 0;
}
 
 
Bytes -----------------------------------------------------------------------------------------------------
Run the C code, enter the user name, and then copy the registration code, OK, and register successfully. During the discussion with IQ, IQ also obtained the registration code using other algorithms, so there are many registration code algorithms for this software, let's take a closer look ..........