|
|
运行环境:如 WIN11
涉及工具:如 exeinfope,dnSpy 64
教程类型:如 逆向限制,算法分析等
是否讲解思路和原理:是
以下为图文内容:
因为需要进行C#代码转换到C++,网上的逆向版太老V17.10.2,在官方网站下载最新版本,免费版本只能转换 100 行代码。还是自己逆向。
拿起工具进行逆向,首先用exeinfope检测文件,文件未加密,为.NET X64程序。
用dnSpy 64打开程序进行调试。
1、按数字/字符串,搜索 Free 字符,选择点击 frmMain 之 _g2318,查到如下代码
Private Sub _g2318()
If App._g0 Then
Me.Text = App.ProductName + " (Free Edition)"
Return
End If
Me.Text = App.ProductName
End Sub
分析上面代码,App._g0 为 False 则为注册版本,True则为自由版本,免费版本只能转换 100 行代码。
2、在 frmMain 代码中,重点搜索查找 _g0 逻辑关系,查到此代码:
Private Shared Sub Main(args As String())
Application.EnableVisualStyles()
Try
App._g0 = Not App._g99()
Catch
App._g0 = True
End Try
AddHandler Application.ThreadException, AddressOf New _g4074()._g4075
frmMain._g2315 = args
If Not App._g40 OrElse App._g12 OrElse App._g13 Then
_g3917.Copyright_Tangible_Software_Solutions_g3936 = (frmMain._g2315.Length <> 0)
End If
Application.Run(New frmMain())
End Sub
使用编辑 IL 指令,将 App._g0 = Not App._g99() 改为 App._g0 = False ,编辑 IL 指令如下
1 0005 call bool App::_g99()
2 000A ldc.i4.0
3 000B ceq
4 000D stsfld bool App::_g0
5 0012 leave.s 10 (001D) newobj instance void _g4074::.ctor()
修改为:
1 0005 nop
2 0006 ldc.i4.0
3 0007 nop
4 0008 stsfld bool App::_g0
5 000D leave.s 10 (0018) newobj instance void _g4074::.ctor()
修改后:
Private Shared Sub Main(args As String())
Application.EnableVisualStyles()
Try
App._g0 = False
Catch
App._g0 = True
End Try
AddHandler Application.ThreadException, AddressOf New _g4074()._g4075
frmMain._g2315 = args
If Not App._g40 OrElse App._g12 OrElse App._g13 Then
_g3917.Copyright_Tangible_Software_Solutions_g3936 = (frmMain._g2315.Length <> 0)
End If
Application.Run(New frmMain())
End Sub
保存本模块文件,测试运行,没有想到很容易逆向了,但关于窗口注册码为空,不好看。
3、按数字/字符串,搜索 Registration code: 选择点击 _g2635 之 _g778 查到以下代码:
Me.Copyright_Tangible_Software_Solutions_g2286.Location = New Point(529, 185)
Me.Copyright_Tangible_Software_Solutions_g2286.MaxLength = 21
Me.Copyright_Tangible_Software_Solutions_g2286.Name = "txtRegCode"
Me.Copyright_Tangible_Software_Solutions_g2286.[ReadOnly] = True
Me.Copyright_Tangible_Software_Solutions_g2286.Size = New Size(141, 22)
Me.Copyright_Tangible_Software_Solutions_g2286.TabIndex = 4
Me.Copyright_Tangible_Software_Solutions_g2286.TextAlign = HorizontalAlignment.Center
Me._g2639.Location = New Point(12, 187)
Me._g2639.Name = "lblBuildDate"
Me._g2639.Size = New Size(326, 20)
Me._g2639.TabIndex = 2
Me._g2639.Text = "<set at runtime>"
Me._g2640.Location = New Point(344, 187)
Me._g2640.Name = "lblRegistrationCodeLabel"
Me._g2640.Size = New Size(179, 20)
Me._g2640.TabIndex = 3
Me._g2640.Text = "Registration code:"
很容易分析名称为 txtRegCode 的注册码文本框为 Copyright_Tangible_Software_Solutions_g2286
按以上所有,搜索 Copyright_Tangible_Software_Solutions_g2286 点击 _g2635,分析如下代码
Friend Class _g2635
Inherits _g949
Public Sub New(_p0 As Boolean)
Me._g778()
Me._g2642.Text = String.Concat(New String() { "Copyright ? ", CopyrightInfo.CopyrightYearRange(App.ProductName), " ", App.CompanyName, ", Inc." })
Me._g2639.Text = App._g89
Dim str As String = "22.1.19"
Dim g As String = App._g93
If App._g0 Then
Else
Me.Copyright_Tangible_Software_Solutions_g2641.Text = App.ProductName + " - Premium Edition (version " + str + ")"
Me.Copyright_Tangible_Software_Solutions_g2286.Text = App._g92
End If
End Class
使用编辑 IL 指令,将Me.Copyright_Tangible_Software_Solutions_g2286.Text = App._g92 修改为="China Redke Crack"
95 012C ldarg.0
96 012D ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox _g2635::Copyright_Tangible_Software_Solutions_g2286
97 0132 call string App::get__g92()
98 0137 callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
修改为:
95 012C ldarg.0
96 012D ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox _g2635::Copyright_Tangible_Software_Solutions_g2286
97 0132 ldstr "China Redke Crack"
98 0137 callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
测试转换代码,已经没有转换 100 行代码的限制,软件显示为 Premium 注册版
完美完成逆向!
逆向运行如下图:
原版下载:
https://www.tangiblesoftwaresolutions.com/download.html
逆向下载:附件已删除,禁止传播逆向版
|
评分
-
| 参与人数 33 | 威望 +1 |
HB +54 |
THX +17 |
收起
理由
|
|
猫妖的故事
| |
|
+ 1 |
|
|
NOP
| |
+ 2 |
|
|
|
爱编
| |
+ 2 |
|
[吾爱汇编论坛52HB.COM]-感谢楼主热心分享,小小评分不成敬意! |
|
虚心学习
| |
|
+ 1 |
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
Jawon
| |
|
+ 1 |
|
|
太阳神
| |
+ 2 |
+ 1 |
[吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩! |
|
创客者V2.0
| |
|
+ 1 |
|
|
极速菜
| |
+ 1 |
|
|
|
一路走来不容易
| |
+ 1 |
|
|
|
消逝的过去
| |
+ 2 |
|
|
|
459121520
| |
|
+ 1 |
|
|
Wayne
| |
+ 1 |
|
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
冷亦飞
| |
+ 1 |
|
|
|
飞刀梦想
| |
|
+ 1 |
|
|
liugu0hai
| |
+ 1 |
+ 1 |
[吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩! |
|
我是好人
| |
+ 1 |
|
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
4957465
| |
+ 1 |
+ 1 |
|
|
xmwd123
| |
+ 1 |
|
|
|
bnjzzheng
| |
|
+ 1 |
[吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩! |
|
mengzhan6
| |
+ 1 |
|
|
|
航0航
| |
+ 1 |
|
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
jflmao
| |
+ 1 |
|
|
|
xuesh
| |
+ 1 |
|
|
|
81NewArk
| |
+ 6 |
+ 1 |
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
DANNYSL
| |
+ 1 |
|
|
|
king51999
| |
+ 1 |
|
[吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩! |
|
东方
| |
+ 2 |
+ 1 |
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
渣渣渣渣辉
| |
+ 2 |
+ 1 |
|
|
成丰羽
| |
+ 1 |
|
[吾爱汇编论坛52HB.COM]-感谢楼主热心分享,小小评分不成敬意! |
|
XiaoWeiSec
| |
|
+ 1 |
[吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少! |
|
zsr849408332
| |
+ 1 |
+ 1 |
[吾爱汇编论坛52HB.COM]-吃水不忘打井人,给个评分懂感恩! |
|
zxjzzh
| |
|
+ 1 |
[吾爱汇编论坛52HB.COM]-学破解防破解,知进攻懂防守! |
|
Shark恒
| + 1 |
+ 20 |
+ 1 |
[吾爱汇编论坛52HB.COM]-软件反汇编逆向分析,软件安全必不可少! |
查看全部评分
|
[复制链接]
|RSS|手机版|小黑屋|帮助|吾爱汇编
( 
京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图
窥视卡
雷达卡
楼主
