اعادة الرفع للافادة
https://mega.nz/file/1w1FkAJK#hRwBltIOdo...YbcBZuKFm8
====================
طريقة ثانية من احد الردود بااحد المواقع
إقتباس :patch one of md5 hashes, for example.
serial: 00000-00000-00000-00000
MD5: 0983ee15b6abc402d6bf89a61af19bb9
find and replace one from the list with 0983ee15b6abc402d6bf89a61af19bb9
open program and register it with any name and 00000-00000-00000-00000 serial
or replace with d41d8cd98f00b204e9800998ecf8427e so no need to put anything for serial, only name
or if you have good hardware, like mining farm, try to crack it with something like:
attack: bruteforce
charset (?x): 0123456789ABCDEF
mask: ?x?x?x?x?x-?x?x?x?x?x-?x?x?x?x?x-?x?x?x?x?x
MD5 hashes of serials:
2ce78c0a5aaf440ace43c74773b98d6d
04d0298c41e427e32980b94faf0be564
562a865b05444575a88d6d8d36ca7138
bad5e6c1c7bd8d59e4300d3b9c9a5823
766b1c393e9c7cc19fde2bc0c060da9b
4e4c8040a042856d18fe1f6b2fbdd1dc
ed5ab2648267e95105985a16e37d6ef9
64901a8094dfe68c6d7965520e8e8c5a
580b1df218eda15a38bba915eb76c34e
b4589d83ceb19543a35180e5bf2304c8
428e934598a23f58f5f645060afc9df5
18d2ec789d496beff821967121054dfb
ff260d1a203d905d5be54b90e0d47f2e
00daca8d3d812e9c2c8f0ab57e9c68c8
f4adc3e53f90f5f5476d086ba9475720
6c73c1a79b53937c0afa6823ef477af2
e06171aec53a3fc60348213cd3dd53a3
53d57a7e411e14db07abb135e55893f3
74cebbca67c5edb74b489a7df73f080d
48dc547a3fd074bf3a7a2c0ddb13ce95
f5ae8fb27f462635e07d82fb2a3d4619
84377825abe59be96c58fee535ea6509
22a7f25ab194815398f95f5f99f4e0b0
fa019938978bc4cc5c003d24583a796c
495c3f58611ff77b44c9eacee55a0980
1b6bc18b74dde590ba92705ace46af4c
1fcd48230ab8ed49529c907abb21acc3
c37f0036f378eb917e2f2dbb35fedff0
bcd06389a0d7bce41a63ecafd9902549
36bcd4c5982040850651c02ddf49d724
bcfdfaf33747b75c515705505682cb08
10d0707f9b4816f3e40b1889e9d50520
0f0dbbfdbfb2baa5dd1a1d19c3ccfaa0
e8a73d23f3286726fef3847d3f68e4af
73ef592fd6ae258a3acc82e76e6f3cac
7c19020b7b88c3e52cf31bd205565bd6
968e42a5cb07267c0c9f7b78199599af
0cfcff53e349bcbcdd9437bbb098fd69
76b578bf20d7af4cef998cd3766bc669
b07c51d18f9dd2ea8b7f617fcebb0304
e0ef58af371c0848c1d7c1dfee4588ab
e061129edd78ce05caa1733f4089b185
9dd48fdeecfca47c997dba987bb252a8
e4ff8c6ac02f77d03a8637f76da6f2b7
2b338240d533ef5f8c54d7784ab1148b
963c92d1a50438f73b91c8f1c92be88e
b10b35488edf71e61da0120b990115cb
2d8093567252591c6ea3136f4bf207a3
b06a14d825efaf0557a018f44833be84
0e47331230554fead712d5a3a322c8c4
0a8e6f1e51bd62e9005bc496e3cf658d
6e351196fee3188c320177711e102e39
f918419d57a9c18d0c8a740ed8768681
32abc2cd78c13c1fe96197413be0ed10
29a1479d88a827bfc40acd814e5eb499
289a59673bb18188ebfdaced7d60d774
3b1a0f17fc46977dc475486e83cca415
0e8043cdb230a0abaef98b91e8816d93
3c3e38519cedbacb91d7179ce60278eb
bb778bc9be3e5d0ab16f269256109607
3763a31d268f9fab3487010f831bfcfe
fb1beea27ea768f8ac381004379fe73e
5970b6cd9aa1b51eca91b27870df6629
8f3d6f6768760f0347b08e1092919ec4
c5afc8bef336632b3f68645db1d99137
9c9edc56662e9a3073cd95ccfd7e047f
b94a33890d1f455e2e0198870e0bd9fd
0e399734b6314b066ee134960c7877c2
7573dc13f0abb014c06e433e5fc28b83
20391b3842d98e87627981fb83724383
257c30ddbd02f40a97171f298e3f640b
25834326ab162b26a5ee91299f9f170c
db28fc7d5fad84a26e7309536cc0abf8
bd422030cc9c9bb18cd789a5c032bc67
40b9505f7248fd47d503177843e5bf8d
96f78f5cebd8d54facfcab6fadd8eea4
b05ffb43bcf8bd0abdc697b096982727
ec8ad2e3d3eb99bebb23ec8b557f957b
72eff2f086c5f73ba6b6037ccba9b16d
ae1788f146bdecab92fb08581e6d6063
530baef547f8bad037b6ded17e65d993
d82504f60f68a404cbf3c0c4056503d8
08697a976f076f9fd71ea4abf54896bb
0d105fe3efa970942bbeaf015923a79e
b1cdf2d72b1c107e1bb343fbea111df6
6ad8fd792a0fda9f5c4a07eb6773634e
2f09efc0b48df999139faa76ddcf238f
7fb64daa1b68cf5285f4bb6bbb9e37d3
19bb918440ba5ddf6b3fc290789e5d9a
0bfbf0a48bed6db4921daf09ee318db5
851d6f23698d842556543bc5eafed8d8
df8b06097ac5983071a30b5723f8542a
df0bae1882169def4a0bce151ecdd9e0
6f0241f7445be8f0a6e9a773283c88da
61dfcef2b28ed995d63a79ca218477bc
90bf1ecebeb87b2da7cf4fb148694018
cf9688469e41c5d1c4bae06af4b43f8f
6d7de22338410da975bbd24b257bedc3
29faea5ff10c122bcd80251af0f360af
==================================
طريقة ثالثه
[ Software introduction ]: I believe that everyone is familiar with Quick Batch File Compiler, which can convert batch files (.bat, .cmd format) into real executable programs (.exe format), it can run under Win95/98/ME/2000/2003/XP without limitation. For the converted program, you can customize the program's icon and version information; the contents of the batch file can also be encrypted and protected to prevent modification. -------------------------------------------------- ------------------------------
[Detailed process] [Detailed process] The shelling process is relatively simple, it is best to use UPXShell to unpack it, which is relatively clean and refreshing. After the OD is loaded and run, enter the fake code YourName: BeyondMe LicenseKy: WWW.UNPACK.CN in the registration dialog box and find that the registration dialog box disappears immediately. It may be a restart detection, which can detect whether it is saved in a file or in the registry. But it's faster to find ASCII strings . Locate a useful ASCII string:
address=004A0937 disassembly=MOV EDX,quickbfc.004A0988text string=registered version
Double click to the code:
004A0908 . 53 PUSH EBX
004A0909 . 8BD8 MOV EBX,EAX
004A090B . 8B15 58784A00 MOV EDX,DWORD PTR DS:[4A7858] ; quickbfc.004AB1CC
004A0911 . 8B52 04 MOV EDX,DWORD PTR DS:[EDX+4]
004A0914 . A1 58784A00 MOV EAX,DWORD PTR DS:[4A7858]
004A0919 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
004A091B . E8 1C200000 CALL quickbfc.004A293C ; key algorithm, enter F7 to see
004A0920 . 84C0 TEST AL,AL
004A0922 . 74 57 JE SHORT quickbfc.004A097B ; key comparison
004A0924 . 8B15 58784A00 MOV EDX,DWORD PTR DS:[4A7858] ; quickbfc.004AB1CC
004A092A . 8B12 MOV EDX,DWORD PTR DS:[EDX]
004A092C . 8B83 18030000 MOV EAX,DWORD PTR DS:[EBX+318]
004A0932 . E8 7D75FBFF CALL quickbfc.00457EB4
004A0937 . BA 88094A00 MOV EDX,quickbfc.004A0988 ; registered version //registered version.
004A093C . 8B83 20030000 MOV EAX,DWORD PTR DS:[EBX+320]
004A0942 . E8 6D75FBFF CALL quickbfc.00457EB4
004A0947 . 33D2 XOR EDX,EDX
004A0949 . 8B83 08030000 MOV EAX,DWORD PTR DS:[EBX+308]
004A094F . E8 5074FBFF CALL quickbfc.00457DA4
004A0954 . 33D2 XOR EDX,EDX
004A0956 . 8B83 F8020000 MOV EAX,DWORD PTR DS:[EBX+2F8]
004A095C . 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A095E . FF51 64 CALL DWORD PTR DS:[ECX+64]
004A0961 . 33D2 XOR EDX,EDX
004A0963 . 8B83 18030000 MOV EAX,DWORD PTR DS:[EBX+318]
004A0969 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A096B . FF51 64 CALL DWORD PTR DS:[ECX+64]
004A096E . 33D2 XOR EDX,EDX
004A0970 . 8B83 20030000 MOV EAX,DWORD PTR DS:[EBX+320]
004A0976 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
004A0978 . FF51 64 CALL DWORD PTR DS:[ECX+64]
004A097B > 5B POP EBX
004A097C . C3 RETN
copy code
F7 enters CALL quickbfc.004A293C at offset 004A091B
004A293C / $ 55 PUSH EBP ; Core Algorithm Process
004A293D |. 8BEC MOV EBP,ESP
004A293F |. 33C9 XOR ECX,ECX
004A2941 |. 51 PUSH ECX
004A2942 |. 51 PUSH ECX
004A2943 |. 51 PUSH ECX
004A2944 |. 51 PUSH ECX
004A2945 |. 51 PUSH ECX
004A2946 |. 53 PUSH EBX
004A2947 |. 56 PUSH ESI
004A2948 |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
004A294B |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; uppercase form of pseudocode
004A294E |. E8 2921F6FF CALL quickbfc.00404A7C
004A2953 |. 33C0 XOR EAX,EAX
004A2955 |. 55 PUSH EBP
004A2956 |. 68 D5294A00 PUSH quickbfc.004A29D5
004A295B |. 64:FF30 PUSH DWORD PTR FS:[EAX]
004A295E |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
004A2961 |. 33DB XOR EBX,EBX
004A2963 . | B8 50B04700 MOV EAX, quickbfc.0047B050 ; 2ce78c0a5aaf440ace43c747 73b98d6d04d0298c41e427e3 2980b94faf0be564562a865b 05444575a88d6d8d36ca7138 bad5e6c1c7bd8d59e4300d3b 9c9a5823766b1c393e9c7cc1 9fde2bc0c060da9b4e4c8040 a042856d18fe1f6b2fbdd1dc ed5ab2648267e95105985a16 e37d6ef964901a8094dfe68c 6d7965520e8e ..
004A2968 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
004A296B |. 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
004A296E |. E8 591CF6FF CALL quickbfc.004045CC
004A2973 |. 8D4D F4 LEA ECX,DWORD PTR SS:[EBP-C] ; (initial cpu selection)
004A2976 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
004A2979 |. B8 03010000 MOV EAX,103
004A297E |. E8 397FFDFF CALL quickbfc.0047A8BC
004A2983 |. 33F6 XOR ESI,ESI
004A2985 |> 8D45 EC /LEA EAX,DWORD PTR SS:[EBP-14]
004A2988 | .8BD6 |MOV EDX,ESI
004A298A |. C1E2 02 | SHL EDX,2
004A298D |. 8B4D F0 |MOV ECX,DWORD PTR SS:[EBP-10] ; The memory [EBP-10] corresponds to the huge string table above
004A2990 |. 8D14D1 |LEA EDX,DWORD PTR DS:[ECX+EDX*8]
004A2993 | .B9 20000000 |MOV ECX,20
004A2998 |. E8 9F1EF6FF | CALL quickbfc.0040483C ; read 32 each time
004A299D |. 8B45 EC | MOV EAX,DWORD PTR SS:[EBP-14]
004A29A0 |. 8B55 F4 |MOV EDX,DWORD PTR SS:[EBP-C] ; pseudocode MD5 value - how to know? Based on experience and verification
004A29A3 |. E8 3020F6FF | CALL quickbfc.004049D8 ; Compare with the MD5 value of the fake code
004A29A8 |. 75 02 | JNZ SHORT quickbfc.004A29AC
004A29AA |. B3 01 |MOV BL,1 ; if they are equal, set the flag to 1, that is, the registration is successful
004A29AC |> 46 |INC ESI
004A29AD |. 83FE 65 | CMP ESI, 65 ; cycled 101 times?
004A29B0 |.^ 75 D3 \JNZ SHORT quickbfc.004A2985
004A29B2 |. 33C0 XOR EAX,EAX
004A29B4 |. 5A POP EDX
004A29B5 |. 59 POP ECX
004A29B6 |. 59 POP ECX
004A29B7 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
004A29BA |. 68 DC294A00 PUSH quickbfc.004A29DC
004A29BF |> 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
004A29C2 |. E8 051CF6FF CALL quickbfc.004045CC
004A29C7 |. 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
004A29CA |. BA 03000000 MOV EDX,3
004A29CF |. E8 1C1CF6FF CALL quickbfc.004045F0
004A29D4 \. C3 RETN
copy code
This verification process is not difficult, but the author uses a huge string table, which is interrupted in OD at 004A298D |. 8B4D F0 | MOV ECX, DWORD PTR SS:[EBP-10] ; memory [EBP-10] corresponds to the above A string of giant string tables can be found at the giant string table as follows: (after processing: line breaks every 32 bits)
2ce78c0a5aaf440ace43c747 73b98d6d
04d0298c41e427e32980b94f af0be564
562a865b05444575a88d6d8d 36ca7138
bad5e6c1c7bd8d59e4300d3b 9c9a5823
766b1c393e9c7cc19fde2bc0 c060da9b
4e4c8040a042856d18fe1f6b 2fbdd1dc
ed5ab2648267e95105985a16 e37d6ef9
64901a8094dfe68c6d796552 0e8e8c5a
580b1df218eda15a38bba915eb76c34e _
b4589d83ceb19543a35180e5 bf2304c8
428e934598a23f58f5f64506 0afc9df5
18d2ec789d496beff8219671 21054dfb
ff260d1a203d905d5be54b90e0d47f2e _
00daca8d3d812e9c2c8f0ab5 7e9c68c8
f4adc3e53f90f5f5476d086b a9475720
6c73c1a79b53937c0afa6823 ef477af2
e06171aec53a3fc60348213c d3dd53a3
53d57a7e411e14db07abb135e55893f3 _
74cebbca67c5edb74b489a7d f73f080d
48dc547a3fd074bf3a7a2c0d db13ce95
f5ae8fb27f462635e07d82fb 2a3d4619
84377825abe59be96c58fee5 35ea6509
22a7f25ab194815398f95f5f 99f4e0b0
fa019938978bc4cc5c003d24 583a796c
495c3f58611ff77b44c9eace e55a0980
1b6bc18b74dde590ba92705a ce46af4c
1fcd48230ab8ed49529c907a bb21acc3
c37f0036f378eb917e2f2dbb 35fedff0
bcd06389a0d7bce41a63ecaf d9902549
36bcd4c5982040850651c02d df49d724
bcfdfaf33747b75c51570550 5682cb08
10d0707f9b4816f3e40b1889e9d50520 _
0f0dbbfdbfb2baa5dd1a1d19 c3ccfaa0
e8a73d23f3286726fef3847d 3f68e4af
73ef592fd6ae258a3acc82e7 6e6f3cac
7c19020b7b88c3e52cf31bd2 05565bd6
968e42a5cb07267c0c9f7b78 199599af
0cfcff53e349bcbcdd9437bb b098fd69
76b578bf20d7af4cef998cd3 766bc669
b07c51d18f9dd2ea8b7f617f cebb0304
e0ef58af371c0848c1d7c1df ee4588ab
e061129edd78ce05caa1733f 4089b185
9dd48fdeecfca47c997dba98 7bb252a8
e4ff8c6ac02f77d03a8637f7 6da6f2b7
2b338240d533ef5f8c54d778 4ab1148b
963c92d1a50438f73b91c8f1 c92be88e
b10b35488edf71e61da0120b 990115cb
54f260edab3d3d4f48bba050 3192bdab
2d8093567252591c6ea3136f 4bf207a3
b06a14d825efaf0557a018f4 4833be84
0e47331230554fead712d5a3 a322c8c4
0a8e6f1e51bd62e9005bc496e3cf658d _
6e351196fee3188c32017771 1e102e39
f918419d57a9c18d0c8a740e d8768681
32abc2cd78c13c1fe9619741 3be0ed10
29a1479d88a827bfc40acd81 4e5eb499
57362388dc1bbf20a2b9a22d 12d22bb4
289a59673bb18188ebfdaced 7d60d774
3b1a0f17fc46977dc475486e 83cca415
0e8043cdb230a0abaef98b91 e8816d93
3c3e38519cedbacb91d7179c e60278eb
bb778bc9be3e5d0ab16f2692 56109607
3763a31d268f9fab3487010f 831bfcfe
fb1beea27ea768f8ac381004 379fe73e
5970b6cd9aa1b51eca91b278 70df6629
8f3d6f6768760f0347b08e10 92919ec4
c5afc8bef336632b3f68645d b1d99137
9c9edc56662e9a3073cd95cc fd7e047f
b94a33890d1f455e2e019887 0e0bd9fd
0e399734b6314b066ee13496 0c7877c2
7573dc13f0abb014c06e433e 5fc28b83
20391b3842d98e87627981fb 83724383
257c30ddbd02f40a97171f29 8e3f640b
25834326ab162b26a5ee9129 9f9f170c
db28fc7d5fad84a26e730953 6cc0abf8
bd422030cc9c9bb18cd789a5 c032bc67
40b9505f7248fd47d5031778 43e5bf8d
96f78f5cebd8d54facfcab6f add8eea4
b05ffb43bcf8bd0abdc697b0 96982727
ec8ad2e3d3eb99bebb23ec8b 557f957b
72eff2f086c5f73ba6b6037c cba9b16d
ae1788f146bdecab92fb0858 1e6d6063
530baef547f8bad037b6ded1 7e65d993
d82504f60f68a404cbf3c0c4 056503d8
08697a976f076f9fd71ea4ab f54896bb
0d105fe3efa970942bbeaf01 5923a79e
b1cdf2d72b1c107e1bb343fb ea111df6
6ad8fd792a0fda9f5c4a07eb 6773634e
2f09efc0b48df999139faa76 ddcf238f
7fb64daa1b68cf5285f4bb6b bb9e37d3
19bb918440ba5ddf6b3fc290 789e5d9a
0bfbf0a48bed6db4921daf09ee318db5 _
851d6f23698d842556543bc5 eafed8d8
df8b06097ac5983071a30b57 23f8542a
df0bae1882169def4a0bce15 1ecdd9e0
6f0241f7445be8f0a6e9a773 283c88da
61dfcef2b28ed995d63a79ca 218477bc
90bf1ecebeb87b2da7cf4fb1 48694018
cf9688469e41c5d1c4bae06a f4b43f8f
6d7de22338410da975bbd24b 257bedc3
29faea5ff10c122bcd80251a f0f360af
copy code
Then use a loop to read out every 32 bits, and then compare it with the MD5 value of the pseudo code. If there is the same value, assign BL to 1, and the registration is successful. This giant string has a total of 101 32-bit MD5 codes, so it loops 101 times to read. The algorithm process is like this, but it is quite difficult to crack these MD5 codes. I won't say anything about the MD5 algorithm, only vaguely know that it is irreversible. There are a lot of MD5 codes available on the Internet, but they all enter the database query by creating a large number of MD5 code values, which is not a reverse operation in the true sense. Of course , brute force cracking methods such as MD5CrackSp V4.0 can also be used to guess, but if you are not lucky enough and the CPU runs slowly, you may not be able to calculate it after running for a few years. So I had to abandon the idea of writing an algorithm registration machine. Use file-based patches instead, so that registration can be easily achieved. Since that string of strings is default, we can modify it to the MD5 value we already know, right? (Of course, some friends said that it is not easier to change the jump blasting? Look at it, the principle is similar) Run CyptTool (or other MD5 generation software), use WWW.UNPACK.CN to generate an MD5 value: 20e42d7e795566f2fd9da7f8 43094261 and then C32ASM Load the quickbfc.exe main program, and partially replace the string of giant strings above, paying attention to replacing every 32 bits, as long as any string in the 101 strings can be replaced correctly. Let's replace the first string 2ce78c0a5aaf440ace43c747 73b98d6d and run it to see the result. The register button has been greyed out.
The registration code is saved in the registry [HKEY_CURRENT_USER\Software\Abyssmedia\Quick Batch File Compiler\Settings], and it can be debugged after deleting it. There are plenty of patches on the Internet about this software, don't be long-winded, call it a day!
![[صورة مرفقة: quickbfc300.png]](https://www.abyssmedia.com/screenshots/quickbfc300.png)
كسر برنامج Qu!ck B@tch F!le C0mp!ler
