|
|
[ 逆向工具 ] UEDIT32,Reflector,DotNet Helper
[ 逆向平台 ] Windows XP SP2
[ 软件名称 ] XX数学软件
[ 保护方式 ] 无壳
[ 软件简介 ] Microsoft Visual C# / Basic .NET
[ 逆向声明 ] 应SCS成员小杨写的一个,高人不要看了,太简单了,不会的看一下就不要笑偶了,呵呵
-----------------------------------------------------
[ 逆向过程 ]-----------------------------------------
先用PDIE查壳吧,无壳,是个Microsoft Visual C# / Basic .NET编写的家伙
先运行软件观察一下有什么限制吧,发现过期后会弹出一大堆的网页,很烦的啦,所认我们要干掉他。
此软件为一个重启注册软件,所以看上去有点麻烦,呵呵,还好这个软件只要改到两处。
第一处:
再看一下注册方式,这时我们打开Reflector导入REG.DLL,找到我们注册的地方
public bool Check(string reg)
{
if (reg == this.Md5())
{
this.Info.RegCode = reg;
this.Info.IsReg = 3; 此位置是判断注册,如果为3就是注册成功
this.SetReg();
this.SetFile();
Mail mail = new Mail(this.Info.Email);
mail.Info.Name = this.Info.SoftName + " " + this.Ver;
mail.Info.Subject = "软件注册成功!"; 软件注册成功
mail.Info.Body = "用户:" + this.Info.Computer + "<br>序列号:" + this.MacCode + "<br>版本:" + this.Ver + "<br>软件号:"
+ this.Info.Soft.ToString() + "<br>总使用次数:" + this.Info.UseCount.ToString();
mail.Send();
return true;
}
return false;
}
这时我们打开先用DotNet Helper反编译成代码再打开UEDIT32将下面位置改动
IL_0000: nop
IL_0001: ldarg.1
IL_0002: ldarg.0
IL_0003: call instance string LibReg.Reg::Md5()
IL_0008: call bool [mscorlib]System.String::op_Equality(string,
string)
IL_000d: ldc.i4.0 改成ldc.i4.1
IL_000e: ceq
IL_0010: stloc.2
IL_0011: ldloc.2
IL_0012: brtrue IL_0118
IL_0017: nop
IL_0018: ldarg.0
IL_0019: ldflda valuetype LibReg.Reg/RegInfo LibReg.Reg::Info
IL_001e: ldarg.1
IL_001f: stfld string LibReg.Reg/RegInfo::RegCode
IL_0024: ldarg.0
IL_0025: ldflda valuetype LibReg.Reg/RegInfo LibReg.Reg::Info
第二处:
我们再用Reflector查看哪里在比较
private void Check()
{
Mail mail;
Dictionary<int, string> data = new Dictionary<int, string>();
Dictionary<int, string> dictionary2 = new Dictionary<int, string>();
bool flag = this.CheckReg(ref data);
bool flag2 = this.CheckFile(ref dictionary2);
if (!(flag || flag2))
{
this.Info.MacCode = this.GetCode();
mail = new Mail(this.Info.Email);
mail.Info.Name = this.Info.SoftName + " " + this.Ver;
mail.Info.Subject = "第一次使用";
mail.Info.Body = "用户:" + this.Info.Computer + "<br>序列号:" + this.MacCode + "<br>版本:" + this.Ver + "<br>软件号:"
+ this.Info.Soft.ToString();
mail.Send();
}
else if (flag && flag2)
{
for (int i = 0; i < 4; i++)
{
if (data != dictionary2)
{
this.Info.MacCode = this.GetCode();
if (dictionary2[1] == this.Info.MacCode)
{
flag = false;
}
else if (data[1] == this.Info.MacCode)
{
flag2 = false;
}
else
{
flag = false;
flag2 = false;
}
break;
}
}
}
if (flag)
{
this.Info.Computer = data[0];
this.Info.MacCode = data[1];
this.Info.RegCode = data[2];
this.Info.StartDate = Convert.ToInt64(data[3]);
}
if (flag2)
{
this.Info.Computer = dictionary2[0];
this.Info.MacCode = dictionary2[1];
this.Info.RegCode = dictionary2[2];
this.Info.StartDate = Convert.ToInt64(dictionary2[3]);
this.Info.LastDate = Convert.ToInt64(dictionary2[4]);
this.Info.UseCount = Convert.ToInt32(dictionary2[5]) + 1;
}
if (this.Info.RegCode == this.Md5())
{
this.Info.IsReg = 3; 如果ISREG为3的话就是已注册
}
else
{
if (this.Info.LastDate > this.Info.CurDate)
{
this.Info.IsReg = 2; 这里是最主要的判断点,我们要改的就是这里了。
}
long num2 = (this.Info.CurDate - this.Info.StartDate) / 0xc92a69c000L;
int num3 = Convert.ToInt32(num2);
if ((num3 > this.Info.Days) || (num3 < 0))
{
this.Info.IsReg = 2;
mail = new Mail(this.Info.Email);
mail.Info.Name = this.Info.SoftName + " " + this.Ver;
mail.Info.Subject = "此用户已使用了" + num2 + "天";
mail.Info.Body = string.Concat(new object[] { "用户:", this.Info.Computer, "<br>序列号:", this.MacCode, "<br>版
本:", this.Ver, "<br>软件号:", this.Info.Soft.ToString(), "<br>已使用天数:", num2, "<br>总使用次数:",
this.Info.UseCount.ToString() });
mail.Send();
}
}
if (!flag)
{
this.SetReg();
}
this.SetFile();
new Thread(new ThreadStart(this.CheckNet)).Start();
}
地方我们找到了,现在再打开UEDIT32,找到些地方
IL_02ba: ldc.i4.0 我们将这里改成ldc.i4.1那么我们也就注册成功
IL_02bb: ceq
IL_02bd: stloc.s V_8
IL_02bf: ldloc.s V_8
IL_02c1: brtrue.s IL_02d6
IL_02c3: nop
IL_02c4: ldarg.0
IL_02c5: ldflda valuetype LibReg.Reg/RegInfo LibReg.Reg::Info
IL_02ca: ldc.i4.3
IL_02cb: stfld int32 LibReg.Reg/RegInfo::IsReg
IL_02d0: nop
IL_02d1: br IL_0472
IL_02d6: nop
IL_02d7: ldarg.0
IL_02d8: ldflda valuetype LibReg.Reg/RegInfo LibReg.Reg::Info
IL_02dd: ldfld int64 LibReg.Reg/RegInfo::LastDate
IL_02e2: ldarg.0
IL_02e3: ldflda valuetype LibReg.Reg/RegInfo LibReg.Reg::Info
IL_02e8: ldfld int64 LibReg.Reg/RegInfo::CurDate
IL_02ed: cgt
IL_02ef: ldc.i4.0
IL_02f0: ceq
IL_02f2: stloc.s V_8
IL_02f4: ldloc.s V_8
IL_02f6: brtrue.s IL_0306
经过上面两处地方完全搞定我们再用DotNet Helper反编译成DLL文件就行了,我们再运行软件,这里我们可以看到已注册,再打开注册的地方
也是已注册好了,不用写注册码了,呵呵。
嘻嘻,是不是好简单的说呀!
|
评分
-
| 参与人数 37 | HB +43 |
THX +26 |
收起
理由
|
|
24567
| |
+ 1 |
|
|
Soul1999
| |
+ 1 |
|
|
李卓吾
| + 1 |
|
|
|
shaokui123
| + 1 |
|
|
|
后学真
| |
+ 1 |
|
|
娄胖胖
| + 1 |
|
|
|
消逝的过去
| + 2 |
|
|
|
飞刀梦想
| + 1 |
|
|
|
冷亦飞
| |
+ 1 |
|
|
ghostxu
| + 1 |
|
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
xgbnapsua
| |
+ 1 |
|
|
4957465
| + 1 |
+ 1 |
|
|
我是好人
| + 1 |
|
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
jaunic
| + 2 |
|
|
|
boot
| |
+ 1 |
|
|
hackysh
| |
+ 1 |
|
|
Shin
| + 2 |
|
|
|
zxjzzh
| |
+ 1 |
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
chenyuanpojie
| |
+ 1 |
|
|
土豆家的土豆
| |
+ 1 |
[吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩! |
|
kll545012
| + 1 |
|
[吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少! |
|
lies
| + 1 |
|
|
|
mzfanggong
| + 1 |
+ 1 |
值得学习。 |
|
tony2526
| + 2 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
飞行太保
| + 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
雪里红
| + 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
DaoGod
| + 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
2573668719
| + 1 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
逍遥枷锁
| + 4 |
+ 1 |
好人有好报!你的热心我永远不忘!谢谢! |
|
有何不可
| + 1 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
一蓑烟雨
| + 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
cfc0699
| + 1 |
+ 1 |
【补充思路】求思路请描述清楚自己的分析过程,希望稍后重新发布提问,并描述您的分析 |
|
路人乙
| + 3 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
王婆卖瓜
| + 5 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
风刃
| + 1 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
赵师傅
| + 2 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
Shark恒
| + 3 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品!! |
查看全部评分
|
[复制链接]
|RSS|手机版|小黑屋|帮助|吾爱汇编
( 
京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图
窥视卡
雷达卡
