本帖最后由 lcd159678 于 2019-8-11 17:49 编辑
杀毒 链接:http://r.virscan.org/language/zh-cn/report/2257655664a21eb4d4ed0b0d045edb2c
软件 链接:https://www.lanzouw.com/i5ipvqf
软件我压缩了下里面有软件和图片
大家好 我是刚接触pj的小白
刚好近期得到一个百宝云的FZ 单纯就为了技术研究 所以到论坛找了一些资料都是难寻大神的 然后进行了逆向 看来之后 作为小白的我也是半知半解 ,最后通过大神的dll找出来token
OD我也找到了token 和项目名啥的
token 497f9a91d6faf87af1ccd07fcd44b0d3
下面讲一下我做的过程
首先查壳
很简单的upx 直接找工具脱就行了然后拖入od 直接ctrl+g 401000 然后右键智能搜索 找到 百宝云的dll 首段 然后token 就出来了 我直接替换了,之后山寨
然后保存打开,但是好像不行,不是很清楚,下面是难寻大神dll的数据,搞了个正版号,想问下token替换了之后怎么操作,需要在我们自己建的端口操作么?
[TOKEN]
1=497f9a91d6faf87af1ccd07fcd44b0d3
2=497f9a91d6faf87af1ccd07fcd44b0d3
[传送数据]
3={"method":"UserLogin","param":{"mach":"EC1AE5A1","prog":"项目名","pass":"EE6FC95BFB6215AE71C802CDBC2ECEF1"},"user":"ff"}
5={"method":"GetNotice","param":"项目名","user":"ff"}
7={"method":"GetConfig","param":{"key":"1","prog":"项目名","sess":"01059e28-bc07-11e9-a762-00163e09e5ec"},"user":"ff"}
9={"method":"GetConfig","param":{"key":"2","prog":"项目名","sess":"01059e28-bc07-11e9-a762-00163e09e5ec"},"user":"ff"}
11={"method":"UserLogout","param":"01059e28-bc07-11e9-a762-00163e09e5ec","user":"ff159678"}
[返回数据]
4={"status":0,"result":{"id":"14616","name":"ff","pass":"9626316D755F740E9E2CBB5855E2273E",
"exptime":"2019-08-18 ","remark":"","forbidden":"0","prog":"1","regtime":"2019-08-11 ",
"regmach":"","unbind":"0","machs":"1","machs_max":"0","uparam":"","admin":"4","introducer":"0",
"reg_ip":"IP地址","login_last_time":"2019-08-11 ","login_ip":"IP地址",
"bindtime":"2019-08-11 15:09:16","session":"01059e28-bc07-11e9-a762-00163e09e5ec","key":""}}
6={"status":0,"result":"【最新版本为0808】 "}
8={"status":0,"result":"0808"}
10={"status":0,"result":"svchost.exe"}
12={"status":0,"result":null}
|