锦州市广厦电脑维修|上门维修电脑|上门做系统|0416-3905144热诚服务,锦州广厦维修电脑,公司IT外包服务
topFlag1 设为首页
topFlag3 收藏本站
 
maojin003 首 页 公司介绍 服务项目 服务报价 维修流程 IT外包服务 服务器维护 技术文章 常见故障
锦州市广厦电脑维修|上门维修电脑|上门做系统|0416-3905144热诚服务技术文章
记一款.net软件的注册分析[.NET逆向]

作者: 佚名  日期:2018-06-20 18:44:55   来源: 本站整理

 软件名称:深蓝取模工具 2018夏季版
官网地址:http://www.cybertrons.cn/SoftwareDownload/dmt2.aspx
使用工具:ScanId、de4dot、dnspy




第一步:使用ScanId查壳,发现有混淆,使用de4dot脱壳,然后载入dnspy
 
要找到注册点击事件很简单
this.tBoxSerialNo.Text就是输入的假码

[C#] 纯文本查看 复制代码
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
public static string smethod_1(string string_2, string string_3)/进入smethod_1发现会对假码进行解密
        {
                string text = Class4.string_1;
                string result = string.Empty;
                try
                {
                        char[] array = new char[8];
                        if (string_2.Length > 8)
                        {
                                string_2 = string_2.Remove(8);
                        }
                        string_2.CopyTo(0, array, 0, string_2.Length);
                        char[] array2 = new char[8];
                        if (text.Length > 8)
                        {
                                text = text.Remove(8);
                        }
                        text.CopyTo(0, array2, 0, text.Length);
                        if (string_3 == null || string_3 == "")
                        {
                                return result;
                        }
                        SymmetricAlgorithm symmetricAlgorithm = new DESCryptoServiceProvider();
                        symmetricAlgorithm.Key = Encoding.ASCII.GetBytes(array);
                        symmetricAlgorithm.IV = Encoding.ASCII.GetBytes(array2);
                        byte[] buffer = Convert.FromBase64String(string_3);
                        MemoryStream memoryStream = new MemoryStream(buffer);
                        CryptoStream cryptoStream = new CryptoStream(memoryStream, symmetricAlgorithm.CreateDecryptor(), CryptoStreamMode.Read);
                        StreamReader streamReader = new StreamReader(cryptoStream);
                        result = streamReader.ReadToEnd();
                        streamReader.Dispose();
                        cryptoStream.Dispose();
                        memoryStream.Dispose();
                        symmetricAlgorithm.Clear();
                }
                catch (Exception)
                {
                        return "密钥错误,数据包解密失败.";
                }
                return result;
        }



在注册事件下面又能找到机器码的生成

[C#] 纯文本查看 复制代码
1
2
3
4
5
6
private void RegisteredForm_Load(object sender, EventArgs e)
                {
                        this.tBoxMac.Text = Class4.smethod_0(this.string_1, Class3.smethod_8()); /机器码的生成
                        string string_ = Class4.smethod_1(Class4.string_0, Class6.smethod_2("Shinkpod"));
                        this.tBoxSerialNo.Text = Class4.smethod_0(this.string_0, string_);
                }


进入smethod_0看看

[C#] 纯文本查看 复制代码
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
public static string smethod_0(string string_2, string string_3)/这个应该就是加密函数了
        {
                string text = Class4.string_1;
                char[] array = new char[8];
                if (string_2.Length > 8)
                {
                        string_2 = string_2.Remove(8);
                }
                string_2.CopyTo(0, array, 0, string_2.Length);
                char[] array2 = new char[8];
                if (text.Length > 8)
                {
                        text = text.Remove(8);
                }
                text.CopyTo(0, array2, 0, text.Length);
                if (string_3 != null && !(string_3 == ""))
                {
                        SymmetricAlgorithm symmetricAlgorithm = new DESCryptoServiceProvider();
                        symmetricAlgorithm.Key = Encoding.ASCII.GetBytes(array);
                        symmetricAlgorithm.IV = Encoding.ASCII.GetBytes(array2);
                        MemoryStream memoryStream = new MemoryStream();
                        CryptoStream cryptoStream = new CryptoStream(memoryStream, symmetricAlgorithm.CreateEncryptor(), CryptoStreamMode.Write);
                        StreamWriter streamWriter = new StreamWriter(cryptoStream);
                        streamWriter.Write(string_3);
                        streamWriter.Dispose();
                        cryptoStream.Dispose();
                        byte[] inArray = memoryStream.ToArray();
                        memoryStream.Dispose();
                        symmetricAlgorithm.Clear();
                        return Convert.ToBase64String(inArray);
                }
                return string.Empty;
        }


小白不太会解释,所以下面就动态调试一下吧
 
smethod_8这返回的text2 + text3 + text4实际上是未加密前的机器码
 
 
string_为解密从注册表中读出的注册码(未注册时注册表中当然就没有注册码了)
随后又对注册码进行加密显示为this.tBoxSerialNo.Text
以上就是机器码和注册码的形成,一系列的加密解密过程,看似很麻烦,但是我们只需要挑重点的

[C#] 纯文本查看 复制代码
1
2
string text = Class4.smethod_1(this.string_0, this.tBoxSerialNo.Text);
                        if (text == Class3.smethod_9(Class3.smethod_8()))


我们回到注册事件,看看要满足什么条件才能注册成功
Class3.smethod_8我们通过机器码如何形成的分析中可以知道它返回的就是未加密前的机器码

[C#] 纯文本查看 复制代码
01
02
03
04
05
06
07
08
09
10
11
12
13
public static string smethod_9(string string_8)
        {
                string text = string_8.Substring(0, 8);
                string text2 = string_8.Substring(8, 8);
                string text3 = string_8.Substring(16, 8);
                uint num = Convert.ToUInt32(text, 16) + 573920429u;
                uint num2 = Convert.ToUInt32(text2, 16) + 2783279276u;
                uint num3 = Convert.ToUInt32(text3, 16) + 3706659863u;
                text = Convert.ToString((long)((ulong)num), 16).ToUpper().PadLeft(8, 'A');
                text2 = Convert.ToString((long)((ulong)num2), 16).ToUpper().PadLeft(8, 'B');
                text3 = Convert.ToString((long)((ulong)num3), 16).ToUpper().PadLeft(8, 'C');
                return text + text2 + text3;
        }


因此注册成功的条件为:解密后的注册码应==Class3.smethod_9(Class3.smethod_8())
 
对Class3.smethod_8追下去可以看出机器码的生成是与网卡有关的
简单的分析就到这了



接下来是注册机的制作
首先要明确 Class4.smethod_0是加密函数, Class4.smethod_1是解密函数;
我们需要对加密后的机器码进行解密得到未加密的机器码(即Class3.smethod_8的返回值)

[C#] 纯文本查看 复制代码
1
2
3
string text = smethod_1("kdet@1&j", textBox1.Text);                                   /调用smethod_1对机器码进行解密
                string text2 = smethod_9(text);                                                 /调用smethod_9生成未加密的注册码
                textBox2.Text = smethod_0("3~2t@1!7", text2);                               /对注册码进行加密


以上就是注册机的主要思路
效果如图:
 




后记:第一次遇到这种有点麻烦的注册,对机器码和注册码都需要进行加密和解密,可能是作者为了防止直接的明码显示吧
一直都有大佬跟我说国产的注册机要慎发,所以这次只讨论该软件的算法,不提供注册机
欢迎大家探讨学习,以上分析如果有疑问的可在回复中指出



热门文章
  • 机械革命S1 PRO-02 开机不显示 黑...
  • 联想ThinkPad NM-C641上电掉电点不...
  • 三星一体激光打印机SCX-4521F维修...
  • 通过串口命令查看EMMC擦写次数和判...
  • IIS 8 开启 GZIP压缩来减少网络请求...
  • 索尼kd-49x7500e背光一半暗且闪烁 ...
  • 楼宇对讲门禁读卡异常维修,读卡芯...
  • 新款海信电视机始终停留在开机界面...
  • 常见打印机清零步骤
  • 安装驱动时提示不包含数字签名的解...
  • 共享打印机需要密码的解决方法
  • 图解Windows 7系统快速共享打印机的...
  • 锦州广厦电脑上门维修

    报修电话:13840665804  QQ:174984393 (联系人:毛先生)   
    E-Mail:174984393@qq.com
    维修中心地址:锦州广厦电脑城
    ICP备案/许可证号:辽ICP备2023002984号-1
    上门服务区域: 辽宁锦州市区
    主要业务: 修电脑,电脑修理,电脑维护,上门维修电脑,黑屏蓝屏死机故障排除,无线上网设置,IT服务外包,局域网组建,ADSL共享上网,路由器设置,数据恢复,密码破解,光盘刻录制作等服务

    技术支持:微软等