【下載地址】：  
http://www.softreg.com.cn/download.asp?id=/CD05D77E-E9F5-4445-9350-E2FFC8B4F89A/
【軟件限制】：還沒(méi)注意。
【作者聲明】：初學(xué)Crack，只是感興趣，沒(méi)有其它目的。失誤之處敬請(qǐng)諸位大俠賜教！如果你有條件，請(qǐng)支持國(guó)產(chǎn)軟件。  
【破解工具】：Ollydbg1.09、Language2K、Dede3.02
【過(guò)    程】：  

1、用 Language2K 檢查 有殼,脫殼后為Delphi程序。

2、想辦法找到這個(gè)關(guān)鍵Call

0040C9A4  /$  55            PUSH EBP
0040C9A5  |.  8BEC          MOV EBP,ESP
0040C9A7  |.  81C4 2CFFFFFF ADD ESP,-0D4
0040C9AD  |.  56            PUSH ESI
0040C9AE  |.  57            PUSH EDI
0040C9AF  |.  B8 EC6D4A00   MOV EAX,CREXEICO.004A6DEC
0040C9B4  |.  E8 4B6C0700   CALL CREXEICO.00483604
0040C9B9  |.  C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0040C9C0  |.  8D55 08       LEA EDX,DWORD PTR SS:[EBP+8]
0040C9C3  |.  8D45 08       LEA EAX,DWORD PTR SS:[EBP+8]
0040C9C6  |.  E8 D91B0800   CALL CREXEICO.0048E5A4
0040C9CB  |.  FF45 F8       INC DWORD PTR SS:[EBP-8]
0040C9CE  |.  66:C745 EC 08>MOV WORD PTR SS:[EBP-14],8
0040C9D4  |.  C645 DB 00    MOV BYTE PTR SS:[EBP-25],0
0040C9D8  |.  837D 08 00    CMP DWORD PTR SS:[EBP+8],0
0040C9DC  |.  74 08         JE SHORT CREXEICO.0040C9E6
0040C9DE  |.  8B55 08       MOV EDX,DWORD PTR SS:[EBP+8]
0040C9E1  |.  8B4A FC       MOV ECX,DWORD PTR DS:[EDX-4]
0040C9E4  |.  EB 02         JMP SHORT CREXEICO.0040C9E8
0040C9E6  |>  33C9          XOR ECX,ECX
0040C9E8  |>  83F9 18       CMP ECX,18
0040C9EB  |.  0F85 90000000 JNZ CREXEICO.0040CA81
0040C9F1  |.  BE C1684A00   MOV ESI,CREXEICO.004A68C1                         ;  ASCII "1z1h+2a0n-0g8y*9a1n|"
0040C9F6  |.  8D7D 84       LEA EDI,DWORD PTR SS:[EBP-7C]
0040C9F9  |.  B9 05000000   MOV ECX,5
0040C9FE  |.  F3:A5         REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
0040CA00  |.  A4            MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
0040CA01  |.  837D 08 00    CMP DWORD PTR SS:[EBP+8],0
0040CA05  |.  74 05         JE SHORT CREXEICO.0040CA0C
0040CA07  |.  8B45 08       MOV EAX,DWORD PTR SS:[EBP+8]
0040CA0A  |.  EB 05         JMP SHORT CREXEICO.0040CA11
0040CA0C  |>  B8 4D694A00   MOV EAX,CREXEICO.004A694D
0040CA11  |>  50            PUSH EAX                                          ; /Arg2
0040CA12  |.  8D55 9C       LEA EDX,DWORD PTR SS:[EBP-64]                     ; |
0040CA15  |.  52            PUSH EDX                                          ; |Arg1
0040CA16  |.  E8 45690700   CALL CREXEICO.00483360                            ; \CREXEICO.00483360
0040CA1B  |.  83C4 08       ADD ESP,8
0040CA1E  |.  C645 DB 01    MOV BYTE PTR SS:[EBP-25],1
0040CA22  |.  33C9          XOR ECX,ECX
0040CA24  |.  894D D4       MOV DWORD PTR SS:[EBP-2C],ECX
0040CA27  |>  8B45 D4       /MOV EAX,DWORD PTR SS:[EBP-2C]
0040CA2A  |.  40            |INC EAX
0040CA2B  |.  B9 05000000   |MOV ECX,5
0040CA30  |.  99            |CDQ
0040CA31  |.  F7F9          |IDIV ECX
0040CA33  |.  85D2          |TEST EDX,EDX
0040CA35  |.  74 41         |JE SHORT CREXEICO.0040CA78
0040CA37  |.  8B45 D4       |MOV EAX,DWORD PTR SS:[EBP-2C]
0040CA3A  |.  8A90 28384B00 |MOV DL,BYTE PTR DS:[EAX+4B3828]
0040CA40  |.  8B4D D4       |MOV ECX,DWORD PTR SS:[EBP-2C]
0040CA43  |.  32540D 84     |XOR DL,BYTE PTR SS:[EBP+ECX-7C]  ；這里對(duì)應(yīng)密鑰串異或
0040CA47  |.  0FBEC2        |MOVSX EAX,DL
0040CA4A  |.  8945 D0       |MOV DWORD PTR SS:[EBP-30],EAX
0040CA4D  |.  8B45 D0       |MOV EAX,DWORD PTR SS:[EBP-30]
0040CA50  |.  99            |CDQ
0040CA51  |.  33C2          |XOR EAX,EDX
0040CA53  |.  2BC2          |SUB EAX,EDX
0040CA55  |.  69C0 F00A0000 |IMUL EAX,EAX,0AF0               ;再把異或的值 * 0x0AF0
0040CA5B  |.  B9 1A000000   |MOV ECX,1A                      ;得到的值再除以 0x1A
0040CA60  |.  99            |CDQ
0040CA61  |.  F7F9          |IDIV ECX
0040CA63  |.  83C2 41       |ADD EDX,41                       ;結(jié)果再加上41
0040CA66  |.  8B45 D4       |MOV EAX,DWORD PTR SS:[EBP-2C]
0040CA69  |.  0FBE4C05 9C   |MOVSX ECX,BYTE PTR SS:[EBP+EAX-64]
0040CA6E  |.  3BD1          |CMP EDX,ECX
0040CA70  |.  74 06         |JE SHORT CREXEICO.0040CA78
0040CA72  |.  C645 DB 00    |MOV BYTE PTR SS:[EBP-25],0
0040CA76  |.  EB 09         |JMP SHORT CREXEICO.0040CA81
0040CA78  |>  FF45 D4       |INC DWORD PTR SS:[EBP-2C]
0040CA7B  |.  837D D4 14    |CMP DWORD PTR SS:[EBP-2C],14
0040CA7F  |.^ 7C A6         \JL SHORT CREXEICO.0040CA27
0040CA81  |>  837D 08 00    CMP DWORD PTR SS:[EBP+8],0
0040CA85  |.  74 08         JE SHORT CREXEICO.0040CA8F
0040CA87  |.  8B55 08       MOV EDX,DWORD PTR SS:[EBP+8]
0040CA8A  |.  8B42 FC       MOV EAX,DWORD PTR DS:[EDX-4]
0040CA8D  |.  EB 02         JMP SHORT CREXEICO.0040CA91
0040CA8F  |>  33C0          XOR EAX,EAX
0040CA91  |>  83F8 28       CMP EAX,28
0040CA94  |.  0F85 B1010000 JNZ CREXEICO.0040CC4B
0040CA9A  |.  BE D6684A00   MOV ESI,CREXEICO.004A68D6                         ;  ASCII "1z1h+2a0n-0g8y*9a1n|"
0040CA9F  |.  8DBD 40FFFFFF LEA EDI,DWORD PTR SS:[EBP-C0]
0040CAA5  |.  B9 05000000   MOV ECX,5
0040CAAA  |.  F3:A5         REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
0040CAAC  |.  A4            MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
0040CAAD  |.  66:C745 EC 08>MOV WORD PTR SS:[EBP-14],8
0040CAB3  |.  837D 08 00    CMP DWORD PTR SS:[EBP+8],0
0040CAB7  |.  74 05         JE SHORT CREXEICO.0040CABE
0040CAB9  |.  8B45 08       MOV EAX,DWORD PTR SS:[EBP+8]
0040CABC  |.  EB 05         JMP SHORT CREXEICO.0040CAC3
0040CABE  |>  B8 4E694A00   MOV EAX,CREXEICO.004A694E
0040CAC3  |>  50            PUSH EAX                                          ; /Arg2
0040CAC4  |.  8D95 58FFFFFF LEA EDX,DWORD PTR SS:[EBP-A8]                     ; |
0040CACA  |.  52            PUSH EDX                                          ; |Arg1
0040CACB  |.  E8 90680700   CALL CREXEICO.00483360                            ; \CREXEICO.00483360
0040CAD0  |.  83C4 08       ADD ESP,8
0040CAD3  |.  0FBE8D 59FFFF>MOVSX ECX,BYTE PTR SS:[EBP-A7]
0040CADA  |.  83F9 23       CMP ECX,23
0040CADD  |.  0F85 68010000 JNZ CREXEICO.0040CC4B
0040CAE3  |.  C645 DB 01    MOV BYTE PTR SS:[EBP-25],1
0040CAE7  |.  C745 CC 02000>MOV DWORD PTR SS:[EBP-34],2
0040CAEE  |>  8B45 CC       /MOV EAX,DWORD PTR SS:[EBP-34]
0040CAF1  |.  0FBE9405 40FF>|MOVSX EDX,BYTE PTR SS:[EBP+EAX-C0]
0040CAF9  |.  8B4D CC       |MOV ECX,DWORD PTR SS:[EBP-34]
0040CAFC  |.  0FBE840D 57FF>|MOVSX EAX,BYTE PTR SS:[EBP+ECX-A9]
0040CB04  |.  03D0          |ADD EDX,EAX
0040CB06  |.  8B4D CC       |MOV ECX,DWORD PTR SS:[EBP-34]
0040CB09  |.  0FBE840D 58FF>|MOVSX EAX,BYTE PTR SS:[EBP+ECX-A8]
0040CB11  |.  33D0          |XOR EDX,EAX
0040CB13  |.  8B4D CC       |MOV ECX,DWORD PTR SS:[EBP-34]
0040CB16  |.  0FBE840D 40FF>|MOVSX EAX,BYTE PTR SS:[EBP+ECX-C0]
0040CB1E  |.  33D0          |XOR EDX,EAX
0040CB20  |.  8955 C8       |MOV DWORD PTR SS:[EBP-38],EDX
0040CB23  |.  8B45 C8       |MOV EAX,DWORD PTR SS:[EBP-38]
0040CB26  |.  99            |CDQ
0040CB27  |.  33C2          |XOR EAX,EDX
0040CB29  |.  2BC2          |SUB EAX,EDX
0040CB2B  |.  B9 1A000000   |MOV ECX,1A
0040CB30  |.  99            |CDQ
0040CB31  |.  F7F9          |IDIV ECX
0040CB33  |.  83C2 41       |ADD EDX,41
0040CB36  |.  8B45 CC       |MOV EAX,DWORD PTR SS:[EBP-34]
0040CB39  |.  0FBE8405 61FF>|MOVSX EAX,BYTE PTR SS:[EBP+EAX-9F]
0040CB41  |.  3BD0          |CMP EDX,EAX
0040CB43  |.  74 06         |JE SHORT CREXEICO.0040CB4B
0040CB45  |.  C645 DB 00    |MOV BYTE PTR SS:[EBP-25],0
0040CB49  |.  EB 09         |JMP SHORT CREXEICO.0040CB54
0040CB4B  |>  FF45 CC       |INC DWORD PTR SS:[EBP-34]
0040CB4E  |.  837D CC 0A    |CMP DWORD PTR SS:[EBP-34],0A
0040CB52  |.^ 7C 9A         \JL SHORT CREXEICO.0040CAEE
0040CB54  |>  807D DB 00    CMP BYTE PTR SS:[EBP-25],0
0040CB58  |.  0F84 DD000000 JE CREXEICO.0040CC3B
0040CB5E  |.  C745 C4 18000>MOV DWORD PTR SS:[EBP-3C],18
0040CB65  |.  66:C745 EC 08>MOV WORD PTR SS:[EBP-14],8
0040CB6B  |.  837D C4 28    CMP DWORD PTR SS:[EBP-3C],28
0040CB6F  |.  7D 58         JGE SHORT CREXEICO.0040CBC9
0040CB71  |>  8B55 C4       /MOV EDX,DWORD PTR SS:[EBP-3C]
0040CB74  |.  0FBE8415 41FF>|MOVSX EAX,BYTE PTR SS:[EBP+EDX-BF]
0040CB7C  |.  B9 06000000   |MOV ECX,6
0040CB81  |.  99            |CDQ
0040CB82  |.  F7F9          |IDIV ECX
0040CB84  |.  8BCA          |MOV ECX,EDX
0040CB86  |.  8B45 C4       |MOV EAX,DWORD PTR SS:[EBP-3C]
0040CB89  |.  0FBE9405 42FF>|MOVSX EDX,BYTE PTR SS:[EBP+EAX-BE]
0040CB91  |.  D3E2          |SHL EDX,CL
0040CB93  |.  8B45 C4       |MOV EAX,DWORD PTR SS:[EBP-3C]
0040CB96  |.  0FBE8C05 43FF>|MOVSX ECX,BYTE PTR SS:[EBP+EAX-BD]
0040CB9E  |.  0BD1          |OR EDX,ECX
0040CBA0  |.  8955 C0       |MOV DWORD PTR SS:[EBP-40],EDX
0040CBA3  |.  8B45 C0       |MOV EAX,DWORD PTR SS:[EBP-40]
0040CBA6  |.  99            |CDQ
0040CBA7  |.  33C2          |XOR EAX,EDX
0040CBA9  |.  2BC2          |SUB EAX,EDX
0040CBAB  |.  B9 1A000000   |MOV ECX,1A
0040CBB0  |.  99            |CDQ
0040CBB1  |.  F7F9          |IDIV ECX
0040CBB3  |.  80C2 61       |ADD DL,61
0040CBB6  |.  8B45 C4       |MOV EAX,DWORD PTR SS:[EBP-3C]
0040CBB9  |.  889405 14FFFF>|MOV BYTE PTR SS:[EBP+EAX-EC],DL
0040CBC0  |.  FF45 C4       |INC DWORD PTR SS:[EBP-3C]
0040CBC3  |.  837D C4 28    |CMP DWORD PTR SS:[EBP-3C],28
0040CBC7  |.^ 7C A8         \JL SHORT CREXEICO.0040CB71
0040CBC9  |>  C685 3CFFFFFF>MOV BYTE PTR SS:[EBP-C4],5A
0040CBD0  |.  C685 3DFFFFFF>MOV BYTE PTR SS:[EBP-C3],59
0040CBD7  |.  C745 BC 18000>MOV DWORD PTR SS:[EBP-44],18
0040CBDE  |.  66:C745 EC 08>MOV WORD PTR SS:[EBP-14],8
0040CBE4  |.  837D BC 28    CMP DWORD PTR SS:[EBP-44],28
0040CBE8  |.  7D 51         JGE SHORT CREXEICO.0040CC3B
0040CBEA  |>  8B45 BC       /MOV EAX,DWORD PTR SS:[EBP-44]
0040CBED  |.  0FBE9405 14FF>|MOVSX EDX,BYTE PTR SS:[EBP+EAX-EC]
0040CBF5  |.  C1E2 04       |SHL EDX,4
0040CBF8  |.  8B4D BC       |MOV ECX,DWORD PTR SS:[EBP-44]
0040CBFB  |.  0FBE840D 15FF>|MOVSX EAX,BYTE PTR SS:[EBP+ECX-EB]
0040CC03  |.  D1F8          |SAR EAX,1
0040CC05  |.  33D0          |XOR EDX,EAX
0040CC07  |.  8955 B8       |MOV DWORD PTR SS:[EBP-48],EDX
0040CC0A  |.  8B45 B8       |MOV EAX,DWORD PTR SS:[EBP-48]
0040CC0D  |.  99            |CDQ
0040CC0E  |.  33C2          |XOR EAX,EDX
0040CC10  |.  2BC2          |SUB EAX,EDX
0040CC12  |.  B9 1A000000   |MOV ECX,1A
0040CC17  |.  99            |CDQ
0040CC18  |.  F7F9          |IDIV ECX
0040CC1A  |.  83C2 41       |ADD EDX,41
0040CC1D  |.  8B45 BC       |MOV EAX,DWORD PTR SS:[EBP-44]
0040CC20  |.  0FBE8405 58FF>|MOVSX EAX,BYTE PTR SS:[EBP+EAX-A8]
0040CC28  |.  3BD0          |CMP EDX,EAX
0040CC2A  |.  74 06         |JE SHORT CREXEICO.0040CC32
0040CC2C  |.  C645 DB 00    |MOV BYTE PTR SS:[EBP-25],0
0040CC30  |.  EB 09         |JMP SHORT CREXEICO.0040CC3B
0040CC32  |>  FF45 BC       |INC DWORD PTR SS:[EBP-44]
0040CC35  |.  837D BC 28    |CMP DWORD PTR SS:[EBP-44],28
0040CC39  |.^ 7C AF         \JL SHORT CREXEICO.0040CBEA
0040CC3B  |>  0FBE95 62FFFF>MOVSX EDX,BYTE PTR SS:[EBP-9E]
0040CC42  |.  83FA 5A       CMP EDX,5A
0040CC45  |.  74 04         JE SHORT CREXEICO.0040CC4B
0040CC47  |.  C645 DB 00    MOV BYTE PTR SS:[EBP-25],0
0040CC4B  |>  8A45 DB       MOV AL,BYTE PTR SS:[EBP-25]
0040CC4E  |.  50            PUSH EAX
0040CC4F  |.  FF4D F8       DEC DWORD PTR SS:[EBP-8]
0040CC52  |.  8D45 08       LEA EAX,DWORD PTR SS:[EBP+8]
0040CC55  |.  BA 02000000   MOV EDX,2
0040CC5A  |.  E8 111A0800   CALL CREXEICO.0048E670
0040CC5F  |.  58            POP EAX
0040CC60  |.  8B55 DC       MOV EDX,DWORD PTR SS:[EBP-24]
0040CC63  |.  64:8915 00000>MOV DWORD PTR FS:[0],EDX
0040CC6A  |.  5F            POP EDI
0040CC6B  |.  5E            POP ESI
0040CC6C  |.  8BE5          MOV ESP,EBP
0040CC6E  |.  5D            POP EBP
0040CC6F  \.  C3            RETN


【算法總結(jié)】：

1、注冊(cè)碼需要24位。
2、"1z1h+2a0n-0g8y*9a1n|" 與機(jī)器碼異或，5，10，15，20位不計(jì)算，得到20位的注冊(cè)碼。再加上任意4位即可。


【應(yīng)用程序圖標(biāo)更換器v2.01  Java 注冊(cè)機(jī)】：

public class ExeIcoKey
{
  public static void main(String[] args)
  {
      String key = new String("1z1h+2a0n-0g8y*9a1n|");
      String id = new String("YZAB-DEFG-AABD-LKKG-EI20");            //這里是機(jī)器碼

      String sn = "";
      for(int i=0;i<key.length();i++)
      {
          char ckey = key.charAt(i);
          char cid = id.charAt(i);
          int flag =(i+1) % 5;
          if(flag == 0)
          {
                  sn+='-';
                  continue;
          }
          int c1 = cid ^ ckey;
          int c2 = c1* 0x0AF0;
          int c3 = c2 % 0x1A;
          int c4 = c3+ 0x41;
          sn+=(char)c4;
      }

      sn+="8888";

      System.out .println("－－－  應(yīng)用程序圖標(biāo)更換器   v2.01  注冊(cè)機(jī)　Cracked By CrazyXY[DFCG]－－－");
      System.out .println("用戶名：" +id);
      System.out .println("注冊(cè)碼：" +sn);
      System.out .println("－－－--------------------------－－－---------------------");
  }
}