Romantic love letter v3.11 Registration Algorithm Analysis

Software size: 884 KB
Software language: Simplified Chinese
Software type: domestic software/shared version/Interesting Software
Application Platform: Win9x/NT/2000/XP
Issuer: http://go3.163.com/pyeditor/
: Http://www.skycn.com/soft/6605.html
Software introduction:
"Romantic Love Letter" is a professional love letter editing software! This software is a pure 32-bit software written in Delphi.
Clever, powerful, and easy to expand without any database driver support. The software has the following functions and features: 1. simple interface,
The operation is simple. You only need to click a few clicks to write a love letter that makes you feel satisfied. 2. The computer can automatically write a love letter,
And the love letter written by the computer is also very smooth; 3. Supports the e-mail function, you can use a variety of exquisite letter paper attached to the software, there are
Beautiful music, now the love letter can also be "colorful"; 4. Supports various text processing functions, including searching, replacing, copying,
Withdrawal, printing, etc.; 5. Open voice library management, You can automatically search for new words, you can make your own voice Library; 6. In addition to detailed
In addition to the help files, the "Love Letter Genie" reminds you how to use them in a timely manner. 7. More exciting functions are waiting for you to explore ......

Cracked by eCool 2002.07.20

I. Shell removal and file size judgment
This software is shelled with Aspack, which is easy to handle with Caspr, but cannot be run after shelling, prompting that the file size has changed,
However, Very is Easy to remove. We use w32dasm disassembly to find the prompt string when the error occurs. The result is as follows:

-------------------------------------------------------------------------------
: 004974C5 E8DAB2F6FF call 004027A4
: 004974CA 3DD0050500 cmp eax, 000505D0
: 004974CF 7F17 jg 004974E8 // if the file size exceeds 329168 bytes
: 004974D1 8D85B4FEFFFF lea eax, dword ptr [ebp + FFFFFEB4]
: 004974D7 E860E0F6FF call 0040553C
: 004974DC E8C3B2F6FF call 004027A4
: 004974E1 3D18FA0400 cmp eax, 0004FA18 // file size less than 326168 bytes also Over
: 004974E6 7D3D jge 00497525.

* Referenced by a (U) nconditional or? Onditional Jump at Address:
|: 004974CF?
|
: 004974E8 8D85B0FEFFFF lea eax, dword ptr [ebp + FFFFFEB0]
: 004974EE 8B8E90060000 mov ecx, dword ptr [esi + 00000690]

* Possible StringData Ref from Code Obj-> "file read/write error, for some reason (for example, virus infection)
"
-> "Changed the loveletter31.exe file to ensure security of your computer"
->"
All, the program will automatically exit!

We recommend that you download it from the following address"
-> "Romantic Love Letter" software:

"
-------------------------------------------------------------------------------

2. Search for registration algorithms
You can use DeDe to deal with the Delphi program. It is easy to come here:
-------------------------------------------------------------------------------
* Reference to control Trrr. username: TFlatEdit
|
00488F47 8B80E0020000 mov eax, [eax + $02E0] // obtain the user name

|
00488F4D E8DE5CFAFF call 0042EC30
00488F52 8B45F0 mov eax, [ebp-$10]

|
00488F55 E836ADF7FF call 00403C90
00488F5A 83F806 cmp eax, + $06 // if the user name length is less than 6, Over
00488F5D 7D20 jnl 00488F7F

* Possible String Reference to: 'The username length cannot be less than 6 characters! '
|
00488F5F B8F4914800 mov eax, $004891F4

|
00488F64 E8E78AFCFF call 00451A50
00488F69 8B45FC mov eax, [ebp-$04]

* Reference to control Trrr. username: TFlatEdit
|
00488F6C 8B80E0020000 mov eax, [eax + $02E0]
00488F72 8B10 mov edx, [eax]

* Possible reference to virtual method TFlatEdit. OFFS_00B4
|
00488F74 FF92B4000000 call dword ptr [edx + $00B4]
00488F7A E92F020000 jmp 004891AE
00488F7F 8D55F0 lea edx, [ebp-$10]
00488F82 8B45FC mov eax, [ebp-$04]

* Reference to control Trrr. regcode: TFlatEdit
|
00488F85 8B80D0020000 mov eax, [eax + $02D0] // get the registration code

|
00488F8B E8A05CFAFF call 0042EC30
00488F90 8B45F0 mov eax, [ebp-$10]

|
00488F93 E8F8ACF7FF call 00403C90 // if the registration code is null, Over
00488F98 48 dec eax
00488F99 7D20 jnl 00488FBB

* Possible String Reference to: 'enter the registration code! '
|
00488F9B B81C924800 mov eax, $ 0048921C

|
00488FA0 E8AB8AFCFF call 00451A50
00488FA5 8B45FC mov eax, [ebp-$04]

* Reference to control Trrr. regcode: TFlatEdit
|
00488FA8 8B80D0020000 mov eax, [eax + $02D0]
00488FAE 8B10 mov edx, [eax]

* Possible reference to virtual method TFlatEdit. OFFS_00B4
|
00488FB0 FF92B4000000 call dword ptr [edx + $00B4]
00488FB6 E9F3010000 jmp 004891AE
00488FBB 8D45F8 lea eax, [ebp-$08]

|
00488FBE E851AAF7FF call 00403A14
00488FC3 8D55F4 lea edx, [ebp-$ 0C]
00488FC6 8B45FC mov eax, [ebp-$04]

* Reference to control Trrr. regcode: TFlatEdit
|
00488FC9 8B80D0020000 mov eax, [eax + $02D0]

|
00488FCF E85C5CFAFF call 0042EC30
00488FD4 8B45F4 mov eax, [ebp-$ 0C] // get the length of the registration code

|
00488FD7 E8B4ACF7FF call 00403C90
00488FDC 8BF0 mov esi, eax
00488FDE 85F6 test esi, esi
00488FE0 7C37 jl 00489019
00488FE2 46 inc esi
00488FE3 33DB xor ebx, ebx
00488FE5 8B45F4 mov eax, [ebp-$ 0C]
00488FE8 8A4418FF mov al, byte ptr [eax + ebx-$01]
00488FEC 3C30 cmp al, $30 // "0"
0048800007225 jb 00489015
00488FF0 8B55F4 mov edx, [ebp-$ 0C]
00488FF3 3C39 cmp al, $39 // "9"
00488FF5 771E jnbe 00489015
00488FF7 8D45EC lea eax, [ebp-$14]
00488FFA 50 push eax
00488FFB b90000000 mov ecx, $00000001
00489000 8BD3 mov edx, ebx
00489002 8B45F4 mov eax, [ebp-$ 0C]

|
00489005 E88AAEF7FF call 00403E94
0048900A 8B55EC mov edx, [ebp-$14]
0048900D 8D45F8 lea eax, [ebp-$08]

|
00489010 E883ACF7FF call 00403C98
00489015 43 inc ebx
00489016 4E dec esi
00489017 75CC jnz 00488FE5
00489019 8D55F0 lea edx, [ebp-$10]
0048901C 8B45FC mov eax, [ebp-$04]

The preceding statement is used to determine whether the registration code is a number.
-------------------------------------------------------------------------------

* Reference to control Trrr. username: TFlatEdit
|
0048901F 8B80E0020000 mov eax, [eax + $02E0]

|
00489025 E8065CFAFF call 0042EC30
0048902A 8B45F0 mov eax, [ebp-$10]
0048902D 8D55EC lea edx, [ebp-$14]

|
00489030 E83BFEFFFF call 00488E70 // check it out.

---------------------------- CALL 00488E70 ----------------------------------------------

00488E70 55 push ebp
00488E71 8BEC mov ebp, esp
00488E73 83C4F8 add esp,-$08
00488E76 53 push ebx
00488E77 56 push esi
00488E78 57 push edi
00488E79 33C9 xor ecx, ecx
00488E7B 894DF8 mov [ebp-$08], ecx
00488E7E 8BF2 mov esi, edx
00488E80 8945FC mov [ebp-$04], eax
00488E83 8B45FC mov eax, [ebp-$04]

|
00488E86 E8B9AFF7FF call 00403E44
00488E8B 33C0 xor eax, eax
00488E8D 55 push ebp

* Possible String Reference to: 'slogan