To judge whether the registration code is correct, many people write this:
(princ "registered successfully! ") )
)
The compiled code of this function can be viewed in WinHex
Offset 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
00000032 14 00 00 00 00 03 07
00000048 00 03 06 00 35 02 05 00 03
67 0D 00 00 00 09 04
00000064 00 35 01 03 00 03 57 0E 00 00 00 09 02 00 35 01
00000080 03 00 03 0A 35 00 01 00 03 16
Decompile it manually:
14 00 00 00 00 function start
03 07 00 REG1
03 06 00 REG2
35 02 05 00 03 (= reg1 reg2)
67 0D 00 00 00 IF
09 04 00 "registration successfuly! "
35 01 03 00 03 (princ "registered successfully! ")
57 0e 00 00 00 skip 14 bytes
09 02 00 "registration failed"
35 01 03 00 03 0A (princ "registration failure")
35 00 01 00 03 (EXIT)
16 end of function
The cracking method is very simple. Find 67 and change the byte after 67 to 0.
In this way, whether reg1 and reg2 are equal or not, the registered successfully!" will be displayed
If the program is rewritten, the function remains unchanged, and it is changed into this:
(princ "registration failed") )
(princ "registered successfully! ") )
; here is the test code
(zhuce)
After the function is compiled, it looks like this
Offset 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
00000032 24 14 01 00 00 00 03
00000048 09 00 03 08 00 35 02 07 00 03 35 01 06 00 03 06
00000064 05 00 03 05 00 5D 00 00 5C 00 00 32 00 4B
67 1B 00000080 00 00 00 5C 00 00 50 5D 00 00 09 04 00 35 01 03
00000096 00 03 0A 35 00 02 00 03 0A 57 DA FF FF FF 09 01
00000112 00 35 01 03 00 03 16
If you still use the above cracking method, find 67 and change the byte after 67 to 0
You will find that "registration failed" will still be displayed, and the cracking has failed.
This method of changing if into repeat to complete the jump is effective. I will not talk about the cracking method. If you are interested, please study it yourself: -)
