usb network gate 11.0.2724 离线激活
usb network gate 11.0.2724 离线激活
目录
离线激活流程
1、UsbConfig.exe
mfc 程序,注册触发点有多处,这里直接定位CActivatorCodeDialogE
CDialog::DoModal ==》sub_48E7C0
==》
u2ec.dll
LicenseActivate
unsigned int __stdcall LicenseActivate(VARIANTARG code, VARIANTARG OFFLINEANSWER, VARIANTARG *b64data)
{
// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]
var2wstr_10063140(&code_1, &code);
var2wstr_10063140(&wstr_OFFLINEANSWER, &OFFLINEANSWER);
v3 = x_CAtlStringMgr_10048430();
if ( !v3 )
sub_100482B0(0x80004005);
Hi = ((*(*v3 + 0xC))(v3) + 0x10);
code.cyVal.Hi = Hi;
Hi_1 = sub_10070810(wstr_OFFLINEANSWER);
OFFLINEANSWER.cyVal.Hi = Hi_1;
if ( Hi_1 == 0xFFFFFFFF || (b64data_1 = b64data, Hi_1 == 1) && !b64data )
{
ret = 0;
}
else
{
// COMMAND ACTIVATE
sub_100622F0(&map_, 0x18); // map insert
if ( OFFLINEANSWER.cyVal.Hi == 2 )
{
sub_10062FB0(&map_, 3);
}
else
{
// ACT_KEY 88888-88888-88888-88888-88888
sub_10063060(&map_, 0x2E, &code_1); // map insert
if ( OFFLINEANSWER.cyVal.Hi == 1 )
{
// ACT_ANSWER
sub_10062FB0(&map_, 0x30);
v7 = x_CAtlStringMgr_10048430();
if ( !v7 )
sub_100482B0(0x80004005);
v8 = (*(*v7 + 0xC))(v7);
b64data_2 = 0i64;
pvarSrc_2 = (v8 + 0x10);
pvarSrc_3 = (v8 + 0x10);
VariantInit(&b64data_2);
pExceptionObject = VariantChangeType(&b64data_2, b64data_1, 0, 8u);
if ( pExceptionObject < 0 )
sub_100482B0(pExceptionObject);
w_b64data = b64data_2.bstrVal;
if ( b64data_2.lVal
&& (v11 = WideCharToMultiByte(3u, 0, b64data_2.bstrVal, 0xFFFFFFFF, 0, 0, 0, 0),
cbMultiByte = v11 - 1,
v11 - 1 > 0) )
{
if ( ((ADJ(pvarSrc_2)->nDataLength - cbMultiByte) | (1 - ADJ(pvarSrc_2)->nAllocLength)) < 0 )
{
ATL::CSimpleStringT<char,0>::PrepareWrite2(&pvarSrc_3, v11 - 1);
pvarSrc_2 = pvarSrc_3;
}
WideCharToMultiByte(3u, 0, w_b64data, 0xFFFFFFFF, pvarSrc_2, cbMultiByte, 0, 0);
if ( cbMultiByte > ADJ(pvarSrc_2)->nDataLength )
sub_100482B0(0x80070057);
ADJ(pvarSrc_2)->nRefs = cbMultiByte;
ADJ(pvarSrc_2)->data[cbMultiByte] = 0;
}
else
{
sub_6FC9D0(&pvarSrc_3);
pvarSrc_2 = pvarSrc_3;
}
VariantClear(&b64data_2);
sub_4A6A00(&cstr_data, &pvarSrc_3);
v13 = ADJ(pvarSrc_2);
if ( _InterlockedDecrement(&v13->nAllocLength) <= 0 )
(*(*v13->pStringMgr + 4))(v13->pStringMgr, v13);
// PARAM b64_bindata
sub_10063060(&map_, 2, &cstr_data);
Hi = cstr_data;
}
}
CByteArray_100487E0(&Info);
if ( local_send_and_recv_1004C560(&map_, &Info, 0) )
{
std::map<int,int>::map<int,int>(&map_._Mysize);
// ERR=+CORRUPTED
str_100489E0 = get_str_100489E0(&Info);
// cG9waw==
// ERR=+CORRUPTED
ERR__CORRUPTED = load_str_10047B30(&cstr_data, str_100489E0);// ERR=+CORRUPTED
// '=' 分隔 作为key和value
HIBYTE(pvarSrc_1) = !map_insert_1004A7F0(&map_._Mysize, ERR__CORRUPTED, 1);
v17 = ADJ(cstr_data);
if ( _InterlockedDecrement(&ADJ(cstr_data)->nAllocLength) <= 0 )
(*(*v17->pStringMgr + 4))(v17->pStringMgr, v17);
if ( HIBYTE(pvarSrc_1) )
{
ret = 0;
}
else
{
// this way
value = get_value_10063DE0(&map_._Mysize, &pvarSrc_1);// [eax]:"+CORRUPTED"
status = get_status_index_100707D0(*ADJ(value)->data);
cstr_data = status;
v20 = ADJ(pvarSrc_1);
target__1 = _InterlockedDecrement(&ADJ(pvarSrc_1)->nAllocLength);
if ( target__1 <= 0 )
{
(*(*v20->pStringMgr + 4))(v20->pStringMgr, v20);
status = cstr_data;
}
if ( status )
{
if ( status == 1 )
{
ret = 0;
}
else if ( b64data_1 )
{
get_value_10063DE0(&map_._Mysize, &lpMultiByteStr);
v33[0] = v23;
load_str_10047B30(v33, off_10263180[0]);// "PARAM"
if ( sub_10049C70(&map_._Mysize, ADJ(v33[0])->data) )
{
v33[0] = v24;
load_str_10047B30(v33, id);
target_ = target__2;
load_str_10047B30(&target_, off_10263180[0]);// "PARAM"
v33[0] = sub_1004A2C0(&map_._Mysize, &OFFLINEANSWER.pRecInfo, target_, ADJ(v33[0])->data);
v26 = sub_10062C30(&cstr_data, &lpMultiByteStr, ",");
v27 = sub_10062AC0(&pvarSrc_1, v26, ADJ(v33[0])->data);
sub_4A6A00(&lpMultiByteStr, v27);
sub_10047D90(&pvarSrc_1);
sub_10047D90(&cstr_data);
sub_10047D90(&OFFLINEANSWER.decVal.Lo64 + 4);
}
pvarg_.vt = 0;
sub_10062760(&pvarg_, lpMultiByteStr);
if ( VariantClear(b64data_1) >= 0 )
{
v33[0] = 0;
*b64data_1 = pvarg_;
ATL::AtlCrtErrorCheck(ADJ(v33[0])->data);
pvarg_.vt = 0;
}
ret = 0;
VariantClear(&pvarg_);
sub_10047D90(&lpMultiByteStr);
}
else
{
ret = 0;
}
}
else
{
if ( OFFLINEANSWER.cyVal.Hi == 2 && b64data_1 )
{
v33[0] = 0;
target_ = target__1;
load_str_10047B30(&target_, off_10263180[0]);// "PARAM"
lVal = sub_10049F90(&map_._Mysize, target_, ADJ(v33[0])->data);
pvarg__1.vt = 3;
pvarg__1.lVal = lVal;
if ( VariantClear(b64data_1) >= 0 )
{
v33[0] = 0;
*b64data_1 = pvarg__1;
ATL::AtlCrtErrorCheck(ADJ(v33[0])->data);
pvarg__1.vt = 0;
}
VariantClear(&pvarg__1);
}
ret = 0xFFFFFFFF;
}
}
sub_10048DA0(&map_._Mysize);
}
else
{
ret = 0;
}
sub_10048810(&Info);
sub_10048DA0(&map_);
}
v28 = ADJ(Hi);
if ( _InterlockedDecrement(v28 + 3) <= 0 )
(*(**v28 + 4))(*v28, v28);
v29 = wstr_OFFLINEANSWER + 0xFFFFFFF0;
if ( _InterlockedDecrement(wstr_OFFLINEANSWER + 0xFFFFFFFF) <= 0 )
(*(**v29 + 4))(*v29, v29);
v30 = (code_1 - 0x10);
if ( _InterlockedDecrement((code_1 - 4)) <= 0 )
(*(**v30 + 4))(*v30, v30);
return ret;
}
local_send_and_recv_1004C560
连接本地5475端口(UsbService64.exe 监听UDP 5475),进行发送和接受数据
char __cdecl local_send_and_recv_1004C560(_Tree_node_i_i *map, CByteArray *Info, char a3)
{
LPSTR s; // edi
int len; // kr00_4
int v5; // eax
char v6; // bl
char *v7; // eax
char *buf_1; // [esp+10h] [ebp-14h] BYREF
char *buf; // [esp+14h] [ebp-10h] BYREF
int v11; // [esp+20h] [ebp-4h]
// ACT_ANSWER,ACT_KEY=88888-88888-88888-88888-88888,COMMAND=ACTIVATE,PARAM=xxxx
map_dumps_10049930(map, &buf_1); // ??map dumps
v11 = 0;
buf = buf_1;
EnterCriticalSection(&CriticalSection);
s = local_socks_10263054;
LeaveCriticalSection(&CriticalSection);
if ( s == LPSTR_TEXTCALLBACKW )
{
s = local_init_1004BCC0(localhost_10266120, 0x1563, 0x32);
if ( s == LPSTR_TEXTCALLBACKW )
goto LABEL_9;
}
EnterCriticalSection(&CriticalSection);
len = strlen(buf);
if ( send(s, buf, len, 0) != len || (v5 = recv(s, &buf, 1, 0), v5 == 0xFFFFFFFF) )
{
LABEL_8:
closesocket(s);
local_socks_10263054 = 0xFFFFFFFF;
LeaveCriticalSection(&CriticalSection);
LABEL_9:
v6 = 0;
goto LABEL_10;
}
while ( v5 && buf != 0xFF )
{
CByteArray_append_10048880(Info, buf);
v5 = recv(s, &buf, 1, 0);
if ( v5 == 0xFFFFFFFF )
goto LABEL_8;
}
CByteArray_append_10048880(Info, 0);
if ( a3 )
v6 = sub_10059380(Info);
else
v6 = 1;
local_socks_10263054 = s;
LeaveCriticalSection(&CriticalSection);
LABEL_10:
v11 = 0xFFFFFFFF;
v7 = buf_1 + 0xFFFFFFF0;
if ( _InterlockedDecrement(buf_1 + 0xFFFFFFFF) <= 0 )
(*(**v7 + 4))(v7);
return v6;
}
2、UsbService64.exe
CManager::ParseCommand
char __fastcall CManager::ParseCommand_140114CB4(__int64 a1, const char *a2, SOCKET s)
{
// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]
v33 = a1 + 0x120;
StaticInitializeInternal::ConstructType<std::map<ScriptingClassPtr,ScriptingClassPtr>,0>(&map);
cmd_key = (char *)cstring_get_s_1400C2C10(&map.KeyValue.value, (__int64)a2);
map_init_key_1400DB390(&map, cmd_key, 1);
data = ADJ(map.KeyValue.value)[0xFFFFFFFF].data;
if ( _InterlockedExchangeAdd(&ADJ(map.KeyValue.value)->nAllocLength, 0xFFFFFFFF) <= 1 )
(*(void (__fastcall **)(_QWORD))(**(_QWORD **)data + 8i64))(*(_QWORD *)data);
v8 = 0;
StaticInitializeInternal::ConstructType<std::map<ScriptingClassPtr,ScriptingClassPtr>,0>(&map._Right);
v34 = v28;
s_1400C2C10_1 = cstring_get_s_1400C2C10(v28, (__int64)&pass);
s_1400C2C10_2 = (const unsigned __int8 **)cstring_get_s_1400C2C10(v29, (__int64)off_1403EB000[0]);// "COMMAND"
map_get_1400DAC40((__int64 **)&map, &Str1, s_1400C2C10_2, s_1400C2C10_1);
n0x1C = COMMAND_id_14012227C(Str1);
if ( n0x1C > 0x13 )
{
if ( n0x1C > 0x1C )
{
switch ( n0x1C )
{
case 0x1D:
v8 = sub_140115D58(a1, &map);
break;
case 0x1E:
v12 = sub_1401162C8(a1, &map, &map._Right);
goto LABEL_74;
case 0x1F:
v12 = sub_14011654C(a1, &map, &map._Right);
goto LABEL_74;
case 0x20:
v12 = sub_140115B10(a1, &map);
goto LABEL_74;
case 0x21:
v12 = sub_140116728(a1, &map);
goto LABEL_74;
case 0x22:
v12 = sub_1401161B0(a1, &map);
goto LABEL_74;
case 0x23:
v12 = sub_140116424(a1, &map);
goto LABEL_74;
}
}
else
{
switch ( n0x1C )
{
case 0x1C:
v12 = sub_140115EB4(a1, &map, &map._Right);
goto LABEL_74;
case 0x15:
v12 = GETLICINFO_140112B90(a1, &map, &map._Right);
goto LABEL_74;
case 0x16:
v35 = xmmword_1403FAC18;
v17 = (volatile signed __int32 *)_mm_srli_si128((__m128i)xmmword_1403FAC18, 8).m128i_u64[0];
if ( v17 )
_InterlockedExchangeAdd(v17 + 2, 1u);
v8 = sub_1401013F4(v35);
if ( v17 )
{
if ( _InterlockedExchangeAdd(v17 + 2, 0xFFFFFFFF) == 1 )
{
(*(void (__fastcall **)(volatile signed __int32 *))(*(_QWORD *)v17 + 8i64))(v17);
if ( _InterlockedExchangeAdd(v17 + 3, 0xFFFFFFFF) == 1 )
(*(void (__fastcall **)(volatile signed __int32 *))(*(_QWORD *)v17 + 0x10i64))(v17);
}
}
break;
case 0x17:
v12 = sub_1401176F8(a1, &map, &map._Right);
goto LABEL_74;
case 0x18:
// ACT_ANSWER
v8 = parse_ACT_ANSWER_14010BF6C(a1, &map, &map._Right);
sub_1401175B8(a1);
break;
case 0x19:
v12 = sub_14010E8BC(a1, &map, &map._Right);
goto LABEL_74;
case 0x1A:
v12 = sub_140116078(a1, &map, &map._Right);
goto LABEL_74;
case 0x1B:
v12 = sub_140116114(a1, &map, &map._Right);
goto LABEL_74;
}
}
}
else
{
if ( n0x1C == 0x13 )
{
v12 = sub_140115F50(a1, &map);
goto LABEL_74;
}
if ( n0x1C > 0xB )
{
if ( n0x1C == 0xC )
{
CManager::GetListOfClient_14011303C(a1, &map, s);
v15 = Str1 + 0xFFFFFFE8;
if ( _InterlockedExchangeAdd((volatile signed __int32 *)Str1 + 0xFFFFFFFE, 0xFFFFFFFF) <= 1 )
(*(void (__fastcall **)(_QWORD))(**(_QWORD **)v15 + 8i64))(*(_QWORD *)v15);
}
else
{
if ( n0x1C == 0xD )
{
v12 = sub_140112038(a1, &map, &map._Right);
goto LABEL_74;
}
if ( n0x1C == 0xE )
{
sub_140113C64(a1, s);
v14 = Str1 + 0xFFFFFFE8;
if ( _InterlockedExchangeAdd((volatile signed __int32 *)Str1 + 0xFFFFFFFE, 0xFFFFFFFF) <= 1 )
(*(void (__fastcall **)(_QWORD))(**(_QWORD **)v14 + 8i64))(*(_QWORD *)v14);
}
else
{
if ( n0x1C == 0xF )
{
v12 = sub_140117AB8(a1, &map, &map._Right);
goto LABEL_74;
}
if ( n0x1C != 0x10 )
{
if ( n0x1C == 0x11 )
v12 = sub_14010D720(a1, &map);
else
v12 = sub_1401153BC(a1, &map);
goto LABEL_74;
}
CManager::GetRdpSharesList_140113454(a1, &map, s);
v13 = Str1 + 0xFFFFFFE8;
if ( _InterlockedExchangeAdd((volatile signed __int32 *)Str1 + 0xFFFFFFFE, 0xFFFFFFFF) <= 1 )
(*(void (__fastcall **)(_QWORD))(**(_QWORD **)v13 + 8i64))(*(_QWORD *)v13);
}
}
testing::ExpectationSet::~ExpectationSet((testing::ExpectationSet *)&map._Right);
testing::ExpectationSet::~ExpectationSet((testing::ExpectationSet *)&map);
return 1;
}
switch ( n0x1C )
{
case 0xB:
v12 = sub_140112774(a1, &map, &map._Right);
goto LABEL_74;
case 0:
v12 = sub_14010CC50(a1, &map, &map._Right);
goto LABEL_74;
case 1:
v12 = sub_14010EAF0(a1, &map, &map._Right);
goto LABEL_74;
case 2:
v12 = sub_140116980(a1, &map, &map._Right);
goto LABEL_74;
case 3:
v12 = sub_140116E98(a1, &map, &map._Right);
goto LABEL_74;
case 4:
v12 = sub_14010F668(a1, &map, &map._Right);
goto LABEL_74;
case 5:
v12 = sub_14010F088(a1, &map, &map._Right);
goto LABEL_74;
case 7:
v12 = sub_140113D04(a1, &map, &map._Right);
LABEL_74:
v8 = v12;
break;
}
}
v18 = Str1 + 0xFFFFFFE8;
if ( _InterlockedExchangeAdd((volatile signed __int32 *)Str1 + 0xFFFFFFFE, 0xFFFFFFFF) <= 1 )
(*(void (__fastcall **)(_QWORD))(**(_QWORD **)v18 + 8i64))(*(_QWORD *)v18);
s_1400C2C10_3 = (const unsigned __int8 **)cstring_get_s_1400C2C10(v30, (__int64)off_1403EB008[0]);// "ERR"
if ( !MAP_FIND_1400DB000((__int64 *)&map._Right, s_1400C2C10_3) )
{
_ERR_ = off_1403EB198[0]; // "ERR"
if ( v8 )
_ERR_ = ERR_; // "OK"
s_1400C2C10_4 = cstring_get_s_1400C2C10(v31, (__int64)_ERR_);
s_1400C2C10_5 = cstring_get_s_1400C2C10(v32, (__int64)off_1403EB008[0]);// "ERR"
map_insert_1400DA2A0((__int64)&map._Right, s_1400C2C10_5, s_1400C2C10_4);
}
if ( s != 0xFFFFFFFFFFFFFFFFui64 )
{
sub_1400DB1B0((_QWORD **)&map._Right, &map.KeyValue.key);
LOBYTE(v23) = 0xFF;
sub_1400DC660(&map.KeyValue.key, v23);
data_1 = ADJ(map.KeyValue.key)->data;
pStringMgr_high = HIDWORD(ADJ(map.KeyValue.key)->pStringMgr);
if ( ADJ(map.KeyValue.key)->nAllocLength > 1 )
{
sub_1400BD840(&map.KeyValue.key, pStringMgr_high);
data_1 = ADJ(map.KeyValue.key)->data;
}
send(s, data_1, pStringMgr_high, 0);
WSAGetLastError();
data_2 = ADJ(map.KeyValue.key)[0xFFFFFFFF].data;
if ( _InterlockedExchangeAdd(&ADJ(map.KeyValue.key)->nAllocLength, 0xFFFFFFFF) <= 1 )
(*(void (__fastcall **)(_QWORD))(**(_QWORD **)data_2 + 8i64))(*(_QWORD *)data_2);
}
testing::ExpectationSet::~ExpectationSet((testing::ExpectationSet *)&map._Right);
testing::ExpectationSet::~ExpectationSet((testing::ExpectationSet *)&map);
return v8;
}
parse_ACT_ANSWER_14010BF6C
char __fastcall parse_ACT_ANSWER_14010BF6C(__int64 a1, _Tree_node_k_v *map, _Tree_node_k_v **p__Right)
{
// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]
v50[1] = a1;
v5 = 0;
CMD = cstring_get_s_1400C2C10(v53, (__int64)off_1403EB180);// "ACT_ANSWER"
v48 = (const unsigned __int8 *)(CSTRING_1400D79C0((volatile signed __int32 *)(*CMD - 0x18i64)) + 6);
v6 = MAP_FIND_1400DB000((__int64 *)map, &v48);
v7 = (_QWORD *)(*CMD - 0x18i64);
if ( _InterlockedDecrement((volatile signed __int32 *)(*CMD - 8i64)) <= 0 )
(*(void (__fastcall **)(_QWORD))(*(_QWORD *)*v7 + 8i64))(*v7);
v8 = 1;
if ( v6 )
{
v5 = 1;
LABEL_5:
s_1400C2C10 = cstring_get_s_1400C2C10(v57, (__int64)&pass);
k = (const unsigned __int8 **)cstring_get_s_1400C2C10(v58, (__int64)off_1403EB170);// "ACT_KEY"
map_get_1400DAC40((__int64 **)map, &keycode, k, s_1400C2C10);
if ( v5 )
{
s_1400C2C10_3 = cstring_get_s_1400C2C10(v64, (__int64)&pass);
s_1400C2C10_4 = (const unsigned __int8 **)cstring_get_s_1400C2C10(v65, (__int64)off_1403EB010[0]);// "PARAM"
map_get_1400DAC40((__int64 **)map, &Str1_2, s_1400C2C10_4, s_1400C2C10_3);
memset(&vec, 0, sizeof(vec));
str.u._Ptr = 0i64;
str._Mysize = 0i64;
str._Myres = 0xFi64;
string_140093700(&str, Str1_2);
v32 = string2vector_1400EFD24(&str, &vec) == 0;
if ( str._Myres >= 0x10 )
{
Ptr = str.u._Ptr;
if ( str._Myres + 1 >= 0x1000 )
{
Ptr = (char *)*((_QWORD *)str.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(str.u._Ptr - Ptr - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(Ptr);
}
if ( v32 )
{
v8 = 0;
}
else
{
v34 = x_CAtlStringMgr_ins_1400B3330();
if ( !v34 )
ATL::AtlThrowImpl(0x80004005);
out_result_ = (*(__int64 (__fastcall **)(__int64 *))(*v34 + 0x18))(v34) + 0x18;
*(_OWORD *)v72 = xmmword_1403FAC18;
v35 = (volatile signed __int32 *)_mm_srli_si128((__m128i)xmmword_1403FAC18, 8).m128i_u64[0];
if ( v35 )
_InterlockedExchangeAdd(v35 + 2, 1u);
activated_ok = ActivateOffline_14010112C(v72[0], (__int64)&keycode, &vec, (void **)&out_result_);
if ( v35 )
{
if ( _InterlockedExchangeAdd(v35 + 2, 0xFFFFFFFF) == 1 )
{
(*(void (__fastcall **)(volatile signed __int32 *))(*(_QWORD *)v35 + 8i64))(v35);
if ( _InterlockedExchangeAdd(v35 + 3, 0xFFFFFFFF) == 1 )
(*(void (__fastcall **)(volatile signed __int32 *))(*(_QWORD *)v35 + 0x10i64))(v35);
}
}
if ( activated_ok )
{
x_log_14010D498((__int64)L"Activated successfully");
sub_140115998();
}
else
{
v51 = CSTRING_1400D79C0((volatile signed __int32 *)(out_result_ - 0x18)) + 6;
s_1400C2C10_5 = cstring_get_s_1400C2C10(v66, (__int64)off_1403EB008[0]);// "ERR"
map_insert_1400DA2A0((__int64)p__Right, s_1400C2C10_5, (__int64 *)&v51);
v8 = 0;
}
v38 = (_QWORD *)(out_result_ - 0x18);
if ( _InterlockedDecrement((volatile signed __int32 *)(out_result_ - 8)) <= 0 )
(*(void (__fastcall **)(_QWORD))(*(_QWORD *)*v38 + 8i64))(*v38);
}
_Myfirst = vec._Myfirst;
if ( vec._Myfirst )
{
if ( (char *)(vec._Myend - vec._Myfirst) >= (char *)0x1000 )
{
_Myfirst = (char *)*((_QWORD *)vec._Myfirst + 0xFFFFFFFF);
if ( (unsigned __int64)(vec._Myfirst - _Myfirst - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Myfirst);
memset(&vec, 0, sizeof(vec));
}
Str1_1 = (unsigned __int8 *)Str1_2;
}
else
{
v11 = x_CAtlStringMgr_ins_1400B3330();
if ( !v11 )
ATL::AtlThrowImpl(0x80004005);
Str1 = (unsigned __int8 *)((*(__int64 (__fastcall **)(__int64 *))(*v11 + 0x18))(v11) + 0x18);
*(_OWORD *)v70 = xmmword_1403FAC18;
v12 = (volatile signed __int32 *)_mm_srli_si128((__m128i)xmmword_1403FAC18, 8).m128i_u64[0];
if ( v12 )
_InterlockedExchangeAdd(v12 + 2, 1u);
v13 = ActivateOnline_140100EE4(v70[0], (const char **)&keycode, &Str1);
if ( v12 )
{
if ( _InterlockedExchangeAdd(v12 + 2, 0xFFFFFFFF) == 1 )
{
(*(void (__fastcall **)(volatile signed __int32 *))(*(_QWORD *)v12 + 8i64))(v12);
if ( _InterlockedExchangeAdd(v12 + 3, 0xFFFFFFFF) == 1 )
(*(void (__fastcall **)(volatile signed __int32 *))(*(_QWORD *)v12 + 0x10i64))(v12);
}
}
if ( v13 )
{
x_log_14010D498((__int64)L"Activated successfully");
sub_140115998();
}
else
{
if ( !Str2_0 ) // "OFFLINE"
ATL::AtlThrowImpl(0x80004005);
if ( mbscmp(Str1, Str2_0) ) // "OFFLINE"
{
v50[0] = (__int64)(CSTRING_1400D79C0((volatile signed __int32 *)Str1 + 0xFFFFFFFA) + 6);
s_1400C2C10_6 = cstring_get_s_1400C2C10(v63, (__int64)off_1403EB008[0]);// "ERR"
map_insert_1400DA2A0((__int64)p__Right, s_1400C2C10_6, v50);
}
else
{
s_1400C2C10_7 = cstring_get_s_1400C2C10(v59, (__int64)Str2_0);// "OFFLINE"
s_1400C2C10_8 = cstring_get_s_1400C2C10(v60, (__int64)off_1403EB008[0]);// "ERR"
map_insert_1400DA2A0((__int64)p__Right, s_1400C2C10_8, s_1400C2C10_7);
v67 = 0i64;
v68 = 0i64;
v71 = xmmword_1403FAC18;
v21 = (volatile signed __int32 *)_mm_srli_si128((__m128i)xmmword_1403FAC18, 8).m128i_u64[0];
if ( v21 )
_InterlockedExchangeAdd(v21 + 2, 1u);
v22 = sub_140101A00(v71, &keycode, (__int64)&v67);
if ( v21 )
{
if ( _InterlockedExchangeAdd(v21 + 2, 0xFFFFFFFF) == 1 )
{
(*(void (__fastcall **)(volatile signed __int32 *))(*(_QWORD *)v21 + 8i64))(v21);
if ( _InterlockedExchangeAdd(v21 + 3, 0xFFFFFFFF) == 1 )
(*(void (__fastcall **)(volatile signed __int32 *))(*(_QWORD *)v21 + 0x10i64))(v21);
}
}
if ( v22 )
{
std_string_.u._Ptr = 0i64;
std_string_._Mysize = 0i64;
std_string_._Myres = 0xFi64;
if ( b64dec_1400EFDA0(&v67, (void **)&std_string_) )
{
_Ptr = &std_string_;
if ( std_string_._Myres >= 0x10 )
_Ptr = (std_string *)std_string_.u._Ptr;
s_1400C2C10_9 = cstring_get_s_1400C2C10(v61, (__int64)_Ptr);
s_1400C2C10_10 = cstring_get_s_1400C2C10(v62, (__int64)off_1403EB010[0]);// "PARAM"
map_insert_1400DA2A0((__int64)p__Right, s_1400C2C10_10, s_1400C2C10_9);
}
if ( std_string_._Myres >= 0x10 )
{
_Ptr_1 = std_string_.u._Ptr;
if ( std_string_._Myres + 1 >= 0x1000 )
{
_Ptr_1 = (char *)*((_QWORD *)std_string_.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(std_string_.u._Ptr - _Ptr_1 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_1);
}
}
v27 = (void *)v67;
if ( (_QWORD)v67 )
{
if ( (unsigned __int64)(v68 - v67) >= 0x1000 )
{
v27 = *(void **)(v67 - 8);
if ( (unsigned __int64)(v67 - (_QWORD)v27 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(v27);
}
}
v8 = 0;
}
Str1_1 = Str1;
}
v40 = (volatile signed __int32 *)(Str1_1 + 0xFFFFFFE8);
if ( _InterlockedDecrement(v40 + 4) <= 0 )
(*(void (__fastcall **)(_QWORD))(**(_QWORD **)v40 + 8i64))(*(_QWORD *)v40);
v41 = (_QWORD *)(keycode - 0x18);
if ( _InterlockedDecrement((volatile signed __int32 *)(keycode - 8)) <= 0 )
(*(void (__fastcall **)(_QWORD))(*(_QWORD *)*v41 + 8i64))(*v41);
return v8;
}
s_1400C2C10_11 = cstring_get_s_1400C2C10(v55, (__int64)off_1403EB018[0]);// "TYPE"
v49 = (const unsigned __int8 *)(CSTRING_1400D79C0((volatile signed __int32 *)(*s_1400C2C10_11 - 0x18i64)) + 6);
v14 = MAP_FIND_1400DB000((__int64 *)map, &v49);
v15 = (_QWORD *)(*s_1400C2C10_11 - 0x18i64);
if ( _InterlockedDecrement((volatile signed __int32 *)(*s_1400C2C10_11 - 8i64)) <= 0 )
(*(void (__fastcall **)(_QWORD))(*(_QWORD *)*v15 + 8i64))(*v15);
if ( !v14 )
goto LABEL_5;
v69 = xmmword_1403FAC18;
v16 = (volatile signed __int32 *)_mm_srli_si128((__m128i)xmmword_1403FAC18, 8).m128i_u64[0];
v8 = 1;
if ( v16 )
_InterlockedExchangeAdd(v16 + 2, 1u);
s_1400C2C10_12 = cstring_get_s_1400C2C10(v56, (__int64)off_1403EB010[0]);// "PARAM"
app_type = __scrt_winmain_policy::get_app_type();
sub_1400DA450((__int64 **)p__Right, s_1400C2C10_12, app_type);
if ( !v16 )
return v8;
if ( _InterlockedExchangeAdd(v16 + 2, 0xFFFFFFFF) != 1 )
return v8;
(*(void (__fastcall **)(volatile signed __int32 *))(*(_QWORD *)v16 + 8i64))(v16);
if ( _InterlockedExchangeAdd(v16 + 3, 0xFFFFFFFF) == 1 )
(*(void (__fastcall **)(volatile signed __int32 *))(*(_QWORD *)v16 + 0x10i64))(v16);
return v8;
}
ActivateOffline_14010112C
char __fastcall ActivateOffline_14010112C(__int64 a1, __int64 keycode, std_vector_byte *bindata, void **out_result)
{
// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]
Myfirst = bindata->_Myfirst;
str.u._Ptr = 0i64;
str._Mysize = 0i64;
str._Myres = 0xFi64;
string_140100000(&str, Myfirst, bindata->_Mylast);
electronic::activator::CActivator::ActivateOffline_1400A2D70(*(CActivator **)(a1 + 0x10), &result, &str);
Size_1 = strlen(p_0_1403FB6F0.u._Ptr);
Buf1_1 = &result;
if ( result._Myres >= 0x10 )
Buf1_1 = (std_string *)result.u._Ptr;
if ( result._Mysize == Size_1 && !memcmp(Buf1_1, p_0_1403FB6F0.u._Ptr, result._Mysize) )
goto LABEL_9;
Size_2 = strlen(p_ALREADY_ACTIVATED_1403FB588);
Buf1_2 = &result;
if ( result._Myres >= 0x10 )
Buf1_2 = (std_string *)result.u._Ptr;
if ( result._Mysize == Size_2 && !memcmp(Buf1_2, p_ALREADY_ACTIVATED_1403FB588, result._Mysize) )
{
LABEL_9:
_ERR_ = ERR_; // "OK"
if ( ERR_ ) // "OK"
_OK_ = strlen(ERR_); // "OK"
else
_OK_ = 0;
v13 = 1;
LABEL_20:
cstring_1400C2DE0((char *__shifted(CStringData,0x18) *)out_result, _ERR_, _OK_);
goto LABEL_27;
}
Size_3 = strlen(p_DEMO_IS_OVER_1403FB678);
Buf1_3 = &result;
Buf1_5 = result.u._Ptr;
n0x10_1 = result._Myres;
if ( result._Myres >= 0x10 )
Buf1_3 = (std_string *)result.u._Ptr;
if ( result._Mysize == Size_3 )
{
_OK_ = memcmp(Buf1_3, p_DEMO_IS_OVER_1403FB678, result._Mysize);
if ( !_OK_ )
{
_ERR_ = ERR__0; // "DEMO_IS_OVER"
if ( ERR__0 ) // "DEMO_IS_OVER"
_OK_ = strlen(ERR__0); // "DEMO_IS_OVER"
v13 = 0;
goto LABEL_20;
}
n0x10_1 = result._Myres;
Buf1_5 = result.u._Ptr;
}
Buf1_4 = &result;
if ( n0x10_1 < 0x10 || (Buf1_4 = (std_string *)Buf1_5) != 0i64 )
Size_4 = strlen(Buf1_4->u._Buf);
else
Size_4 = 0;
cstring_1400C2DE0((char *__shifted(CStringData,0x18) *)out_result, Buf1_4, Size_4);
v13 = 0;
LABEL_27:
if ( result._Myres >= 0x10 )
{
Ptr = result.u._Ptr;
if ( result._Myres + 1 >= 0x1000 )
{
Ptr = (char *)*((_QWORD *)result.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(result.u._Ptr - Ptr - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(Ptr);
}
result._Mysize = 0i64;
result._Myres = 0xFi64;
result.u._Buf[0] = 0;
if ( str._Myres < 0x10 )
return v13;
_Ptr = str.u._Ptr;
if ( str._Myres + 1 >= 0x1000 )
{
_Ptr = (char *)*((_QWORD *)str.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(str.u._Ptr - _Ptr - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr);
return v13;
}
3、electronic::activator::CActivator::ActivateOffline_1400A2D70
rsa_DEC_1400B8F70使用内置rsa公钥进行解密
Ptr.u._Ptr = 0i64;
Ptr._Mysize = 0i64;
Ptr._Myres = 0xFi64;
_Ptr_15 = (char *)operator new(0x30ui64);
s__5.u._Ptr = _Ptr_15;
*(_OWORD *)_Ptr_15 = 0i64;
*((_DWORD *)_Ptr_15 + 2) = 1;
*((_DWORD *)_Ptr_15 + 3) = 1;
*(_QWORD *)_Ptr_15 = &std::_Ref_count_obj2<electronic::activator::innerparts::CActivatorDecoder>::`vftable';
string_1400B21A0((std_string *)(_Ptr_15 + 0x10), (const char **)&p_pubkey_140401230);
s__5.u._Ptr = _Ptr_15 + 0x10;
*((_QWORD *)&s__5.u._Ptr + 1) = _Ptr_15;
lpBuffer_2 = lpBuffer_1;
if ( lpBuffer_1->_Myres >= 0x10 )
lpBuffer_2 = (std_string *)lpBuffer_1->u._Ptr;
// rsa dec
rsa_DEC_1400B8F70((std_string *)(_Ptr_15 + 0x10), &out_, (__int64)lpBuffer_2, lpBuffer_1->_Mysize);
if ( Ptr._Myres >= 0x10 )
{
_Ptr_12 = Ptr.u._Ptr;
if ( Ptr._Myres + 1 >= 0x1000 )
{
_Ptr_12 = (char *)*((_QWORD *)Ptr.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(Ptr.u._Ptr - _Ptr_12 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_12);
}
rsa2048公钥
首先使用内存解密出来的p_pubkey_140401230(指向std_string pub_key_140401210的c_str,)、
解密失败后使用硬编码的公钥
int sub_140071ED0()
{
// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]
if ( byte_1403F20B6 )
{
n0xE = 0;
v1 = &unk_1403F20A8;
do
*v1++ ^= 0xE - (_BYTE)n0xE++;
while ( n0xE < 0xE );
byte_1403F20B6 = 0;
}
v18[0] = operator new(0xEui64);
v19 = (__int64)v18[0] + 0xE;
memmove(v18[0], &unk_1403F20A8, 0xEui64);
v18[1] = (char *)v18[0] + 0xE;
if ( byte_1403F21A1 )
{
n0xE1 = 0;
v3 = &unk_1403F20C0;
do
*v3++ ^= 0xE2 - (_BYTE)n0xE1++;
while ( n0xE1 < 0xE1 );
byte_1403F21A1 = 0;
}
*(_QWORD *)&v16 = operator new(0xE1ui64);
v17 = v16 + 0xE1;
memmove((void *)v16, &unk_1403F20C0, 0xE1ui64);
*((_QWORD *)&v16 + 1) = v16 + 0xE1;
if ( byte_1403F2291 )
{
n0xE1_1 = 0;
v5 = &byte_1403F21B0;
do
*v5++ ^= 0xC - n0xE1_1++;
while ( n0xE1_1 < 0xE1 );
byte_1403F2291 = 0;
}
*(_QWORD *)&v14 = operator new(0xE1ui64);
v15 = v14 + 0xE1;
memmove((void *)v14, &byte_1403F21B0, 0xE1ui64);
*((_QWORD *)&v14 + 1) = v14 + 0xE1;
v6 = sub_1400AFC30((std::vector<char> *)&v22, (__int64)&v14, &v16);
v7 = sub_1400AFC30((std::vector<char> *)&v20, (__int64)v6, v18);
// -----BEGIN PUBLIC KEY-----
// MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwknN5/81qIoM+k1WEc/5
// A+u3YzWeDNE5i5rpayiNWv4TvxX9udMz3uKF4tmDJfjuSCVUHQWAjJefwSv4ZBQ7
// egXHtGzh/HVY/Geei7A1TwOroHxxgUKVkXRoPGYIVNBhrqX0CsCgYCZv7Ij6CSy4
// Iamw0Gb/BnZ4Uw1AkOs6DfbGaVspeQGg7oTjSj+TKOWdK1dJ7ZoGyoVQLqxpaq41
// r893XqSK5mXlbE3pFSjS6Rn8unyt57EuIcFy+x2VqjOf3KiwiGCeIaQtAtF5Pqii
// KoEMoGgcDedO4C6h/LKy1oXJR7QeHQijUAn7JXE/i0I57BXyKylR6/YIV6hV+Ovm
// bQIDAQAB
// -----END PUBLIC KEY-----
aes_cbc_dec_1400B4290((std::string *)&pub_key_140401210, (__int64)v7);
v8 = v20;
if ( v20 )
{
if ( *((_QWORD *)&v21 + 1) - (_QWORD)v20 >= 0x1000ui64 )
{
v8 = (_BYTE *)*((_QWORD *)v20 + 0xFFFFFFFF);
if ( (unsigned __int64)(v20 - v8 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(v8);
v20 = 0i64;
v21 = 0i64;
}
v9 = v22;
if ( v22 )
{
if ( *((_QWORD *)&v23 + 1) - (_QWORD)v22 >= 0x1000ui64 )
{
v9 = (_BYTE *)*((_QWORD *)v22 + 0xFFFFFFFF);
if ( (unsigned __int64)(v22 - v9 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(v9);
v22 = 0i64;
v23 = 0i64;
}
v10 = (void *)v14;
if ( (_QWORD)v14 )
{
if ( (unsigned __int64)(v15 - v14) >= 0x1000 )
{
v10 = *(void **)(v14 - 8);
if ( (unsigned __int64)(v14 - (_QWORD)v10 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(v10);
v14 = 0i64;
v15 = 0i64;
}
v11 = (void *)v16;
if ( (_QWORD)v16 )
{
if ( (unsigned __int64)(v17 - v16) >= 0x1000 )
{
v11 = *(void **)(v16 - 8);
if ( (unsigned __int64)(v16 - (_QWORD)v11 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(v11);
v16 = 0i64;
v17 = 0i64;
}
v12 = v18[0];
if ( !v18[0] )
return atexit(sub_1402E8610);
if ( v19 - (unsigned __int64)v18[0] >= 0x1000 )
{
v12 = (void *)*((_QWORD *)v18[0] + 0xFFFFFFFF);
if ( (unsigned __int64)(v18[0] - v12 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(v12);
return atexit(sub_1402E8610);
}
rsa_DEC_1400B8F70
std_string *__fastcall rsa_DEC_1400B8F70(std_string *pubkey, std_string *out, __int64 indata, unsigned __int64 _Count)
{
unsigned __int64 index; // rbx
std_string *buf; // rax
bio_st *pub_key; // rax
bio_st *pub_key_1; // r15
char *Ptr; // r14
int v12; // eax
char pExceptionObject[48]; // [rsp+38h] [rbp-30h] BYREF
__int64 rsa; // [rsp+70h] [rbp+8h] BYREF
std_string *Ptr_2; // [rsp+78h] [rbp+10h]
Ptr_2 = out;
index = 0i64;
rsa = 0i64;
buf = pubkey;
if ( pubkey->_Myres >= 0x10 )
buf = (std_string *)pubkey->u._Ptr;
pub_key = (bio_st *)BIO_new_mem_buf(buf, LODWORD(pubkey->_Mysize));
pub_key_1 = pub_key;
if ( !pub_key )
{
error_1400B5D80(pExceptionObject, p_DECODE_MEMORY_ERROR_140402278);
CxxThrowException(pExceptionObject, (_ThrowInfo *)&_TI1_AVActivatorException_innerparts_activator_electronic__);
}
if ( !pem_read_bio_RSA_PUBKEY_1401A21E0(pub_key, (void **)&rsa, 0i64, 0i64) )
{
error_1400B5D80(pExceptionObject, p_DECODE_PUBKEY_ERROR_1404022A0);
CxxThrowException(pExceptionObject, (_ThrowInfo *)&_TI1_AVActivatorException_innerparts_activator_electronic__);
}
out->u._Ptr = 0i64;
out->_Mysize = 0i64;
out->_Myres = 0xFi64;
out->u._Buf[0] = 0;
std::string::assign((std::string *)out, _Count, 0);
Ptr = (char *)out;
if ( out->_Myres >= 0x10 )
Ptr = out->u._Ptr;
if ( (_BYTE)_Count )
{
error_1400B5D80(pExceptionObject, P_DECODE_SIZE_ERROR_1404022C8);
CxxThrowException(pExceptionObject, (_ThrowInfo *)&_TI1_AVActivatorException_innerparts_activator_electronic__);
}
for ( ; _Count; _Count -= 0x100i64 )
{
v12 = RSA_public_decrypt_1401A8810(0x100i64, indata, &Ptr[index], rsa);
if ( (unsigned int)(v12 + 1) <= 1 )
{//解密失败时触发异常
error_1400B5D80(pExceptionObject, p_DECODE_DECRYPT_ERROR_140402250);
CxxThrowException(pExceptionObject, (_ThrowInfo *)&_TI1_AVActivatorException_innerparts_activator_electronic__);
}
index += v12;
indata += 0x100i64;
}
std::string::resize((std::string *)out, index, 0);
RSA_free(rsa);
BIO_free_0(pub_key_1);
return out;
}
parse_and_validate_data_1400B5DA0验证解析数据
解析lic数据是否使用‘&’ 连接 ‘k=v’形式的字符串
std::string::assign((std::string *)&s__4, ": parse & validate data from server", 0x23ui64);
Activator_log_1400ACC30(Activator, "electronic::activator::CActivator::ActivateOffline", &s__4);
if ( s__4._Myres >= 0x10 )
{
_Ptr_16 = s__4.u._Ptr;
if ( s__4._Myres + 1 >= 0x1000 )
{
_Ptr_16 = (char *)*((_QWORD *)s__4.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(s__4.u._Ptr - _Ptr_16 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_16);
}
parse_and_validate_data_1400B5DA0((__int64)&share_ptr, &Ptr);
if ( !(_QWORD)share_ptr )
{
s_.u._Ptr = 0i64;
s_._Mysize = 0i64;
s_._Myres = 0xFi64;
std::string::assign((std::string *)&s_, ": can't parse data from server", 0x1Eui64);
Activator_log_1400ACDE0((__int64)Activator, "electronic::activator::CActivator::ActivateOffline", &s_);
if ( s_._Myres < 0x10 )
{
__int128* parse_and_validate_data(__int64 map, std_string* input) {
init_map(map);
size_t offset = 0;
string accum; // 累积非哈希键的值
while (true) {
// 提取下一个 '&' 分隔的子串
substr = extract_substring(input, offset, '&');
if (!substr) break;
// 分割键值对
key, value = split(substr, '=');
if (key == GLOBAL_HASH) {
// 保存哈希值到局部变量
saved_hash = value;
} else {
// 更新累积值: value + accum
accum = value + accum;
// 插入键值对 (key, accum) 到 map
map_insert(map, key, accum);
}
}
set_completion_flag(map);
free_resources();
return map;
}
electronic::activator::CActivator::ValidateActData_1400A9480
校验相关字段
electronic::activator::CActivator::ValidateActData_1400A9480(
(__int64)Activator,
&Buf1a,
(std_map_s_s *)&Activator_1,
2i64);
s_.u._Ptr = 0i64;
s_._Mysize = 0i64;
s_._Myres = 0xFi64;
std::string::assign((std::string *)&s_, ": ValidateActData result: ", 0x1Aui64);
ss_1400ACF90((__int64)Activator, "electronic::activator::CActivator::ActivateOffline", &s_, &Buf1a);
errorCode
find_errorCode_1400B6FF0(map_1->_Myhead, &Buf1);
if ( Buf1._Mysize != Size_12 || memcmp(Buf1_1, p_s_0_140401BB0, Buf1._Mysize) )
{
// 下面处理errorCode
Size_11 = 0xFFFFFFFFFFFFFFFFui64;
do
++Size_11;
while ( *((_BYTE *)p_ALREADY_ACTIVATED_140401A68 + Size_11) );
Buf1_2 = &Buf1;
if ( n0xF_1 >= 0x10 )
Buf1_2 = (std_string *)Buf1_3;
if ( Size_1 != Size_11 || memcmp(Buf1_2, p_ALREADY_ACTIVATED_140401A68, Size_1) )
{
Size_10 = 0xFFFFFFFFFFFFFFFFui64;
do
++Size_10;
while ( *((_BYTE *)p_DEMO_IS_OVER_140401B38 + Size_10) );
Buf1_4 = &Buf1;
if ( n0xF_1 >= 0x10 )
Buf1_4 = (std_string *)Buf1_3;
if ( Size_1 != Size_10 || memcmp(Buf1_4, p_DEMO_IS_OVER_140401B38, Size_1) )
{
Size_9 = 0xFFFFFFFFFFFFFFFFui64;
do
++Size_9;
while ( *((_BYTE *)p_NO_AVAILABLE_ACTIVATIONS_140401B88 + Size_9) );
Buf1_5 = &Buf1;
if ( n0xF_1 >= 0x10 )
Buf1_5 = (std_string *)Buf1_3;
if ( Size_1 != Size_9 || memcmp(Buf1_5, p_NO_AVAILABLE_ACTIVATIONS_140401B88, Size_1) )
{
Size_8 = 0xFFFFFFFFFFFFFFFFui64;
do
++Size_8;
while ( *((_BYTE *)p_KEY_BANNED_140401B60 + Size_8) );
Buf1_6 = &Buf1;
if ( n0xF_1 >= 0x10 )
Buf1_6 = (std_string *)Buf1_3;
if ( Size_1 != Size_8 || memcmp(Buf1_6, p_KEY_BANNED_140401B60, Size_1) )
{
Size_7 = 0xFFFFFFFFFFFFFFFFui64;
do
++Size_7;
while ( *((_BYTE *)p_add_REACTIVATE_1404013E0 + Size_7) );
Buf1_7 = &Buf1;
if ( n0xF_1 >= 0x10 )
Buf1_7 = (std_string *)Buf1_3;
if ( Size_1 != Size_7 || memcmp(Buf1_7, p_add_REACTIVATE_1404013E0, Size_1) )
{
Size_6 = 0xFFFFFFFFFFFFFFFFui64;
do
++Size_6;
while ( *((_BYTE *)p_add_STARTING_140401408 + Size_6) );
Buf1_8 = &Buf1;
if ( n0xF_1 >= 0x10 )
Buf1_8 = (std_string *)Buf1_3;
if ( Size_1 != Size_6 || memcmp(Buf1_8, p_add_STARTING_140401408, Size_1) || n2_1 != 3 )
{
:_bad_errorCode:_ = (char *)operator new(0x20ui64);
:_bad_errorCode:__1 = :_bad_errorCode:_;
s._Mysize = 0x11i64;
s._Myres = 0x1Fi64;
strcpy(:_bad_errorCode:_, ": bad errorCode: ");
// product_id
Buf1_19 = find_product_id_1400B6BA0((__int64 **)map_1->_Myhead, &s_);
// product_version
product_id = find_product_version_1400B6D10((__int64 **)map_1->_Myhead, &s);
// licenseName
if ( find_licenseName_1400B6E80((__int64 **)map->_Myhead, &s_)->_Mysize )
{
v55 |= 0x10u;
// license_key_code
if ( *(_QWORD *)(find_license_key_code_1400B7160((__int64 **)map->_Myhead, (__int64)&s) + 0x10) )
v56 = 0;
}
map_1 = map;
// key type
key_type = find_keyname_defaultvalue_1400B7440(
(__int64 **)map->_Myhead,
(const char *)p_key_type_140402520,
0xFFFFFFFF);
key_type_1 = key_type;
if ( key_type > 3 )
{
s.u._Ptr = 0i64;
s._Mysize = 0i64;
s._Myres = 0xFi64;
std::string::assign((std::string *)&s, ": wrong key type: ", 0x12ui64);
// hid
find_hid_1400B72D0((__int64 **)map->_Myhead, &Buf2a);
// key_options
key_options = find_keyname_defaultvalue_1400B7440(
(__int64 **)map->_Myhead,
(const char *)p_key_options_1404024F8,
0);
// license_options
license_options = find_keyname_defaultvalue_1400B7440(
(__int64 **)map->_Myhead,
(const char *)p_license_options_140402548,
0);
map_1 = map;
// serverDate %4d-%2d-%2d
if ( get_date_str_1400B7970((__int64 **)map->_Myhead, (const char *)p_serverDate_140401A18) > 0 )
// firstActivation
firstActivation = get_date_str_1400B7970((__int64 **)map->_Myhead, (const char *)p_firstActivation_1404017B0);
// nextActivation
nextActivation = get_date_str_1400B7970((__int64 **)map->_Myhead, (const char *)p_nextActivation_140401958);
// activationDate
activationDate = get_date_str_1400B7970((__int64 **)map->_Myhead, (const char *)p_activationDate_1404017F8);
if ( firstActivation > 0 && activationDate > 0 && nextActivation >= 0 )
serverTime验证本地时间
serverTime 时间戳要小于本地时间
electronic::activator::CActivator::ActivateOffline_1400A2D70
// serverTime
serverTime_1400B7620 = find_serverTime_1400B7620((__int64 **)share_ptr);
if ( serverTime_1400B7620 >= serverTime_1400B7620_2 )
{
if ( serverTime_1400B7620 > serverTime_1400B7620_1 )
{
s__2.u._Ptr = 0i64;
s__2._Mysize = 0i64;
s__2._Myres = 0xFi64;
std::string::assign((std::string *)&s__2, ": answer from future, probably local time is wrong?", 0x33ui64);
Activator_log_1400ACDE0((__int64)Activator, "electronic::activator::CActivator::ActivateOffline", &s__2);
if ( s__2._Myres >= 0x10 )
{
_Ptr_6 = s__2.u._Ptr;
if ( s__2._Myres + 1 >= 0x1000 )
{
_Ptr_6 = (char *)*((_QWORD *)s__2.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(s__2.u._Ptr - _Ptr_6 - 8) > 0x1F )
goto LABEL_137;
}
j_j_free(_Ptr_6);
}
HIDWORD(Activator->field_60) = 2;
}
(其他)electronic::activator::CActivator::CreateInitialData_1400AAAE0
CActivator::ReadActFile 会调用
__int128 *__fastcall electronic::activator::CActivator::CreateInitialData_1400AAAE0(__int64 a1, __int128 *ptr)
{
// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]
k_ttemp._Myres = 0xFi64;
k_ttemp._Mysize = 7i64;
qmemcpy(&k_ttemp, ": begi", 6);
HIWORD(k_ttemp.u._Ptr) = (unsigned __int8)aBegin_1[6];
ss_1400ACC30(a1, "electronic::activator::CActivator::CreateInitialData", &k_ttemp);
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_27 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_27 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_27 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_27);
}
CActivatorData_1400B9EF0((__int64)ptr);
_Val = (*(__int64 (__fastcall **)(_QWORD))(**(_QWORD **)(*(_QWORD *)(a1 + 0x70) + 0xB8i64) + 8i64))(*(_QWORD *)(*(_QWORD *)(a1 + 0x70) + 0xB8i64));
// 2001-04-01
xx_date_1400BA4A0(&_Ptr__1);
_Ptr_.u._Ptr = 0i64;
_Ptr_._Mysize = 0i64;
_Ptr_._Myres = 0xFi64;
_Count_15 = 0xFFFFFFFFFFFFFFFFui64;
_Count = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count;
while ( *((_BYTE *)p_add_STARTING_140401408 + _Count) );
std::string::assign((std::string *)&_Ptr_, (const char *const)p_add_STARTING_140401408, _Count);
v_temp.u._Ptr = 0i64;
v_temp._Mysize = 0i64;
v_temp._Myres = 0xFi64;
_Count_1 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_1;
while ( *(_BYTE *)(p_errorCode_140401820 + _Count_1) );
// errorCode
std::string::assign((std::string *)&v_temp, (const char *const)p_errorCode_140401820, _Count_1);
map_set_1400B6720(*(CActivatorData **)ptr, &v_temp, &_Ptr_);
if ( v_temp._Myres >= 0x10 )
{
_Ptr = v_temp.u._Ptr;
if ( v_temp._Myres + 1 >= 0x1000 )
{
_Ptr = (char *)*((_QWORD *)v_temp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(v_temp.u._Ptr - _Ptr - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr);
}
v_temp._Mysize = 0i64;
v_temp._Myres = 0xFi64;
v_temp.u._Buf[0] = 0;
key_name.u._Ptr = 0i64;
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
_Count_2 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_2;
while ( *(_BYTE *)(p_key_type_1404018B8 + _Count_2) );
// key_type
std::string::assign((std::string *)&key_name, (const char *const)p_key_type_1404018B8, _Count_2);
v11 = (std_string *)((char *)&v_temp._Mysize + 5);
n2 = 2;
do
{
v11 = (std_string *)((char *)v11 + 0xFFFFFFFF);
v11->u._Buf[0] = n2 % 0xA + 0x30;
n2 /= 0xAu;
}
while ( n2 );
k_ttemp.u._Ptr = 0i64;
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
if ( v11 != (std_string *)((char *)&v_temp._Mysize + 5) )
std::string::assign((std::string *)&k_ttemp, v11->u._Buf, (char *)&v_temp._Mysize + 5 - (char *)v11);
map_set_1400B6720(*(CActivatorData **)ptr, &key_name, &k_ttemp);
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_1 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_1 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_1 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_1);
}
if ( key_name._Myres >= 0x10 )
{
_Ptr_2 = key_name.u._Ptr;
if ( key_name._Myres + 1 >= 0x1000 )
{
_Ptr_2 = (char *)*((_QWORD *)key_name.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(key_name.u._Ptr - _Ptr_2 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_2);
}
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
key_name.u._Buf[0] = 0;
k_ttemp.u._Ptr = 0i64;
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
_Count_3 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_3;
while ( p_key_options_140401890[_Count_3] );
// key_options
std::string::assign((std::string *)&k_ttemp, p_key_options_140401890, _Count_3);
v16 = (std_string *)((char *)&v_temp._Mysize + 5);
v17 = 0;
do
{
v16 = (std_string *)((char *)v16 + 0xFFFFFFFF);
v16->u._Buf[0] = v17 % 0xA + 0x30;
v17 /= 0xAu;
}
while ( v17 );
key_name.u._Ptr = 0i64;
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
if ( v16 != (std_string *)((char *)&v_temp._Mysize + 5) )
std::string::assign((std::string *)&key_name, v16->u._Buf, (char *)&v_temp._Mysize + 5 - (char *)v16);
map_set_1400B6720(*(CActivatorData **)ptr, &k_ttemp, &key_name);
if ( key_name._Myres >= 0x10 )
{
_Ptr_3 = key_name.u._Ptr;
if ( key_name._Myres + 1 >= 0x1000 )
{
_Ptr_3 = (char *)*((_QWORD *)key_name.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(key_name.u._Ptr - _Ptr_3 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_3);
}
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_4 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_4 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_4 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_4);
}
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
k_ttemp.u._Buf[0] = 0;
v_temp.u._Ptr = (char *)0x31;
v_temp._Myres = 0xFi64;
v_temp._Mysize = 1i64;
key_name.u._Ptr = 0i64;
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
_Count_4 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_4;
while ( *(_BYTE *)(p_license_options_1404018E0 + _Count_4) );
// license_options
std::string::assign((std::string *)&key_name, (const char *const)p_license_options_1404018E0, _Count_4);
map_set_1400B6720(*(CActivatorData **)ptr, &key_name, &v_temp);
if ( key_name._Myres >= 0x10 )
{
_Ptr_5 = key_name.u._Ptr;
if ( key_name._Myres + 1 >= 0x1000 )
{
_Ptr_5 = (char *)*((_QWORD *)key_name.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(key_name.u._Ptr - _Ptr_5 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_5);
}
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
key_name.u._Buf[0] = 0;
if ( v_temp._Myres >= 0x10 )
{
_Ptr_6 = v_temp.u._Ptr;
if ( v_temp._Myres + 1 >= 0x1000 )
{
_Ptr_6 = (char *)*((_QWORD *)v_temp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(v_temp.u._Ptr - _Ptr_6 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_6);
}
v_temp._Myres = 0xFi64;
v_temp._Mysize = 4i64;
v_temp.u._Ptr = (char *)'OMED';
k_ttemp.u._Ptr = 0i64;
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
_Count_5 = 0xFFFFFFFFFFFFFFFFui64;
// registed_name
do
++_Count_5;
while ( *(_BYTE *)(p_registed_name_1404019F0 + _Count_5) );
std::string::assign((std::string *)&k_ttemp, (const char *const)p_registed_name_1404019F0, _Count_5);
map_set_1400B6720(*(CActivatorData **)ptr, &k_ttemp, &v_temp);
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_7 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_7 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_7 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_7);
}
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
k_ttemp.u._Buf[0] = 0;
if ( v_temp._Myres >= 0x10 )
{
_Ptr_8 = v_temp.u._Ptr;
if ( v_temp._Myres + 1 >= 0x1000 )
{
_Ptr_8 = (char *)*((_QWORD *)v_temp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(v_temp.u._Ptr - _Ptr_8 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_8);
}
key_name.u._Ptr = 0i64;
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
_Count_6 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_6;
while ( *(_BYTE *)(p_firstActivation_1404017B0 + _Count_6) );
// firstActivation
std::string::assign((std::string *)&key_name, (const char *const)p_firstActivation_1404017B0, _Count_6);
map_set_1400B6720(*(CActivatorData **)ptr, &key_name, &_Ptr__1);
if ( key_name._Myres >= 0x10 )
{
_Ptr_9 = key_name.u._Ptr;
if ( key_name._Myres + 1 >= 0x1000 )
{
_Ptr_9 = (char *)*((_QWORD *)key_name.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(key_name.u._Ptr - _Ptr_9 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_9);
}
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
key_name.u._Buf[0] = 0;
k_ttemp.u._Ptr = 0i64;
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
_Count_7 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_7;
while ( *(_BYTE *)(p_activationDate_1404017F8 + _Count_7) );
// activationDate
std::string::assign((std::string *)&k_ttemp, (const char *const)p_activationDate_1404017F8, _Count_7);
map_set_1400B6720(*(CActivatorData **)ptr, &k_ttemp, &_Ptr__1);
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_10 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_10 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_10 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_10);
}
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
k_ttemp.u._Buf[0] = 0;
key_name.u._Ptr = 0i64;
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
_Count_8 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_8;
while ( *(_BYTE *)(p_nextActivation_140401958 + _Count_8) );
// nextActivation
std::string::assign((std::string *)&key_name, (const char *const)p_nextActivation_140401958, _Count_8);
map_set_1400B6720(*(CActivatorData **)ptr, &key_name, &_Ptr__1);
if ( key_name._Myres >= 0x10 )
{
_Ptr_11 = key_name.u._Ptr;
if ( key_name._Myres + 1 >= 0x1000 )
{
_Ptr_11 = (char *)*((_QWORD *)key_name.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(key_name.u._Ptr - _Ptr_11 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_11);
}
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
key_name.u._Buf[0] = 0;
k_ttemp.u._Ptr = 0i64;
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
_Count_9 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_9;
while ( *(_BYTE *)(p_serverDate_140401A18 + _Count_9) );
// serverDate
std::string::assign((std::string *)&k_ttemp, (const char *const)p_serverDate_140401A18, _Count_9);
map_set_1400B6720(*(CActivatorData **)ptr, &k_ttemp, &_Ptr__1);
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_12 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_12 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_12 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_12);
}
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
k_ttemp.u._Buf[0] = 0;
key_name.u._Ptr = 0i64;
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
_Count_10 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_10;
while ( *(_BYTE *)(p_serverTime_140401A40 + _Count_10) );
// serverTime
std::string::assign((std::string *)&key_name, (const char *const)p_serverTime_140401A40, _Count_10);
_Ptr_13 = (std_string *)std::to_string((std::string *)&v_temp, _Val);
map_set_1400B6720(*(CActivatorData **)ptr, &key_name, _Ptr_13);
if ( v_temp._Myres >= 0x10 )
{
_Ptr_14 = v_temp.u._Ptr;
if ( v_temp._Myres + 1 >= 0x1000 )
{
_Ptr_14 = (char *)*((_QWORD *)v_temp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(v_temp.u._Ptr - _Ptr_14 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_14);
}
v_temp._Mysize = 0i64;
v_temp._Myres = 0xFi64;
v_temp.u._Buf[0] = 0;
if ( key_name._Myres >= 0x10 )
{
_Ptr_15 = key_name.u._Ptr;
if ( key_name._Myres + 1 >= 0x1000 )
{
_Ptr_15 = (char *)*((_QWORD *)key_name.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(key_name.u._Ptr - _Ptr_15 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_15);
}
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
key_name.u._Buf[0] = 0;
k_ttemp.u._Ptr = 0i64;
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
_Count_11 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_11;
while ( *(_BYTE *)(p_license_key_code_140401908 + _Count_11) );
// license_key_code
std::string::assign((std::string *)&k_ttemp, (const char *const)p_license_key_code_140401908, _Count_11);
map_set_1400B6720(*(CActivatorData **)ptr, &k_ttemp, (std_string *)(*(_QWORD *)(a1 + 0x70) + 0x48i64));
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_16 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_16 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_16 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_16);
}
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
k_ttemp.u._Buf[0] = 0;
key_name.u._Ptr = 0i64;
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
_Count_12 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_12;
while ( *(_BYTE *)(p_hid_140401868 + _Count_12) );
// hid
std::string::assign((std::string *)&key_name, (const char *const)p_hid_140401868, _Count_12);
v41 = *(_QWORD *)(a1 + 0x70);
v42 = *(std::string **)(v41 + 0xA8);
n0x10 = *((_QWORD *)v42 + 2);
if ( !n0x10 )
{
hid_1400BBED0 = get_hid_1400BBED0(*(_QWORD *)(v41 + 0xA8), (std::string *)&k_ttemp);
std::string::operator=(v42, hid_1400BBED0);
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_17 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_17 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_17 - 8) > 0x1F )
goto LABEL_183;
}
j_j_free(_Ptr_17);
}
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
k_ttemp.u._Buf[0] = 0;
n0x10 = *((_QWORD *)v42 + 2);
}
v_temp.u._Ptr = 0i64;
v_temp._Mysize = 0i64;
v_temp._Myres = 0i64;
if ( *((_QWORD *)v42 + 3) >= 0x10ui64 )
v42 = *(std::string **)v42;
if ( n0x10 < 0x10 )
{
v_temp.u = *(union std_string_union *)v42;
v_temp._Myres = 0xFi64;
goto LABEL_123;
}
_Myres = n0x10 | 0xF;
if ( (n0x10 | 0xF) > 0x7FFFFFFFFFFFFFFFi64 )
_Myres = 0x7FFFFFFFFFFFFFFFi64;
if ( (unsigned __int64)(_Myres + 1) < 0x1000 )
{
if ( _Myres == 0xFFFFFFFFFFFFFFFFui64 )
_Ptr_18 = 0i64;
else
_Ptr_18 = (char *)operator new(_Myres + 1);
goto LABEL_122;
}
if ( _Myres + 0x28 <= (unsigned __int64)(_Myres + 1) )
error_140088E10();
v47 = operator new(_Myres + 0x28);
v48 = v47;
if ( !v47 )
LABEL_183:
invalid_parameter_noinfo_noreturn();
_Ptr_18 = (char *)(((unsigned __int64)v47 + 0x27) & 0xFFFFFFFFFFFFFFE0ui64);
*((_QWORD *)_Ptr_18 + 0xFFFFFFFF) = v48;
LABEL_122:
v_temp.u._Ptr = _Ptr_18;
memmove(_Ptr_18, v42, n0x10 + 1);
v_temp._Myres = _Myres;
LABEL_123:
v_temp._Mysize = n0x10;
map_set_1400B6720(*(CActivatorData **)ptr, &key_name, &v_temp);
if ( v_temp._Myres >= 0x10 )
{
_Ptr_19 = v_temp.u._Ptr;
if ( v_temp._Myres + 1 >= 0x1000 )
{
_Ptr_19 = (char *)*((_QWORD *)v_temp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(v_temp.u._Ptr - _Ptr_19 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_19);
}
if ( key_name._Myres >= 0x10 )
{
_Ptr_20 = key_name.u._Ptr;
if ( key_name._Myres + 1 >= 0x1000 )
{
_Ptr_20 = (char *)*((_QWORD *)key_name.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(key_name.u._Ptr - _Ptr_20 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_20);
}
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
key_name.u._Buf[0] = 0;
v_temp._Myres = 0xFi64;
v_temp._Mysize = 4i64;
v_temp.u._Ptr = (char *)'OMED';
k_ttemp.u._Ptr = 0i64;
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
_Count_13 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_13;
while ( *(_BYTE *)(p_licenseName_140401930 + _Count_13) );
// licenseName
std::string::assign((std::string *)&k_ttemp, (const char *const)p_licenseName_140401930, _Count_13);
map_set_1400B6720(*(CActivatorData **)ptr, &k_ttemp, &v_temp);
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_21 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_21 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_21 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_21);
}
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
k_ttemp.u._Buf[0] = 0;
if ( v_temp._Myres >= 0x10 )
{
_Ptr_22 = v_temp.u._Ptr;
if ( v_temp._Myres + 1 >= 0x1000 )
{
_Ptr_22 = (char *)*((_QWORD *)v_temp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(v_temp.u._Ptr - _Ptr_22 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_22);
}
key_name.u._Ptr = 0i64;
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
_Count_14 = 0xFFFFFFFFFFFFFFFFui64;
do
++_Count_14;
while ( *(_BYTE *)(p_product_id_140401980 + _Count_14) );
// product_id
std::string::assign((std::string *)&key_name, (const char *const)p_product_id_140401980, _Count_14);
map_set_1400B6720(*(CActivatorData **)ptr, &key_name, (std_string *)(*(_QWORD *)(a1 + 0x70) + 8i64));
if ( key_name._Myres >= 0x10 )
{
_Ptr_23 = key_name.u._Ptr;
if ( key_name._Myres + 1 >= 0x1000 )
{
_Ptr_23 = (char *)*((_QWORD *)key_name.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(key_name.u._Ptr - _Ptr_23 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_23);
}
key_name._Mysize = 0i64;
key_name._Myres = 0xFi64;
key_name.u._Buf[0] = 0;
k_ttemp.u._Ptr = 0i64;
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
do
++_Count_15;
while ( *(_BYTE *)(p_product_version_1404019C8 + _Count_15) );
// product_version
std::string::assign((std::string *)&k_ttemp, (const char *const)p_product_version_1404019C8, _Count_15);
map_set_1400B6720(*(CActivatorData **)ptr, &k_ttemp, (std_string *)(*(_QWORD *)(a1 + 0x70) + 0x28i64));
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_24 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_24 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_24 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_24);
}
k_ttemp.u._Ptr = 0i64;
k_ttemp._Mysize = 0i64;
k_ttemp._Myres = 0xFi64;
std::string::assign((std::string *)&k_ttemp, ": end", 5ui64);
ss_1400ACC30(a1, "electronic::activator::CActivator::CreateInitialData", &k_ttemp);
if ( k_ttemp._Myres >= 0x10 )
{
_Ptr_25 = k_ttemp.u._Ptr;
if ( k_ttemp._Myres + 1 >= 0x1000 )
{
_Ptr_25 = (char *)*((_QWORD *)k_ttemp.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(k_ttemp.u._Ptr - _Ptr_25 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_25);
}
if ( _Ptr_._Myres >= 0x10 )
{
_Ptr_26 = _Ptr_.u._Ptr;
if ( _Ptr_._Myres + 1 >= 0x1000 )
{
_Ptr_26 = (char *)*((_QWORD *)_Ptr_.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(_Ptr_.u._Ptr - _Ptr_26 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(_Ptr_26);
}
if ( _Ptr__1._Myres >= 0x10 )
std::allocator<char>::deallocate(&_Ptr__1, _Ptr__1.u._Ptr, _Ptr__1._Myres + 1);
return ptr;
}
ValidateActData 所需字段
'&' 进行连接,key=value 形式字符串
函数parse_and_validate_data_1400B5DA0 负责解析字符串
hash
未找到验证处
//加密字符串所在位置
.data:00000001403F3030 enc_hash_1403F3030 db 3Eh, 50h, 0F1h, 16h, 78h, 0CCh, 0C5h, 59h, 29h, 3Ah
.data:00000001403F3030 ; DATA XREF: sub_14007A810+1A↑o
.data:00000001403F3030 ; sub_14007A810+70↑o
.data:00000001403F3030 db 0C1h, 86h, 65h, 0E4h, 2Dh, 0BBh
errorCode
0
ALREADY_ACTIVATED
DEMO_IS_OVER
NO_AVAILABLE_ACTIVATIONS
KEY_BANNED
+REACTIVATE
+STARTING
product_id
123
product_version
11
licenseName
//unknow
license_key_code
//格式:88888-88888-88888-88888-88888
key_type
0,1,2,3
0==>SingleAllDevice
1==>Single1Device
2==>TimeLimited
3==>oem
other==>Demo
__int64 __fastcall lic_type_str_1401018EC(__int64 a1, __int64 a2)
{
int v3; // eax
int v4; // eax
int v5; // eax
__int64 v6; // rcx
wchar_t *_SingleAllDevice_; // rdx
v3 = get_key_type_1400A5D10(*(_QWORD *)(a1 + 0x10));
if ( !v3 )
{
_SingleAllDevice_ = off_1403EB258[0]; // "SingleAllDevice"
goto LABEL_10;
}
v4 = v3 - 1;
if ( !v4 )
{
_SingleAllDevice_ = off_1403EB240[0]; // "Single1Device"
goto LABEL_10;
}
v5 = v4 - 1;
if ( !v5 )
{
_SingleAllDevice_ = SingleAllDevice_; // "TimeLimited"
LABEL_10:
v6 = a2;
goto LABEL_11;
}
v6 = a2;
if ( v5 == 1 )
_SingleAllDevice_ = off_1403EB278[0]; // "oem"
else
_SingleAllDevice_ = off_1403EB290[0]; // "Demo"
LABEL_11:
sub_1400B9C40(v6, _SingleAllDevice_);
return a2;
}
// key type
n3_1 = find_key_type_1400B7440(map->_Myhead, p_key_type_140402520, 0xFFFFFFFFi64);
n2_2 = n3_1;
if ( n3_1 > 3 )
{
s.u._Ptr = 0i64;
s._Mysize = 0i64;
s._Myres = 0xFi64;
std::string::assign((std::string *)&s, ": wrong key type: ", 0x12ui64);
sub_1400AD920(stringstream, v94, &s, n2_2);
key_type==3时 报错+STARTING
if ( isType3 )
{
std::string::assign((std::string *)&s, ": OEM key - first time reactivation", 0x23ui64);
ss_1400ACDE0(stringstream, "electronic::activator::CActivator::ValidateActData", &s);
if ( s._Myres >= 0x10 )
{
_Ptr_19 = s.u._Ptr;
if ( s._Myres + 1 >= 0x1000 )
{
_Ptr_19 = (char *)*((_QWORD *)s.u._Ptr + 0xFFFFFFFF);
if ( (unsigned __int64)(s.u._Ptr - _Ptr_19 - 8) > 0x1F )
goto LABEL_295;
}
j_j_free(_Ptr_19);
}
Buf2_5 = (const char *)p_add_STARTING_140401408;
do
++_Count;
while ( *((_BYTE *)p_add_STARTING_140401408 + _Count) );
goto LABEL_222;
}
hid校验失败时 +WRONG_HID
key_options
find_keyname_defaultvalue_1400B7440(map->_Myhead, p_key_options_1404024F8, 0i64);
license_options
find_keyname_defaultvalue_1400B7440(map->_Myhead, p_license_options_140402548, 0i64);
serverDate
%4d-%2d-%2d
firstActivation
%4d-%2d-%2d
nextActivation
%4d-%2d-%2d
activationDate
%4d-%2d-%2d
registed_name
(unknow)
其他
CActivator
根据字符串可定位关键函数
.rdata:00000001403ABE70 00000031 C CActivatorFacade::SetLogger - new logger was set
.rdata:00000001403ABEB0 00000028 C electronic::activator::CActivator::Init
.rdata:00000001403ABF58 00000039 C electronic::activator::CActivator::DetermineUpdateAction
.rdata:00000001403AC250 00000030 C electronic::activator::CActivator::UpdateStatus
.rdata:00000001403AC3C0 0000002D C electronic::activator::CActivator::RunAutoma
.rdata:00000001403AC418 0000002C C electronic::activator::CActivator::DoAutoma
.rdata:00000001403AC480 0000002E C electronic::activator::CActivator::StartGrace
.rdata:00000001403AC640 00000032 C electronic::activator::CActivator::ActivateOnline
.rdata:00000001403ACAD8 00000032 C electronic::activator::CActivator::OfflineRequest
.rdata:00000001403ACB70 00000033 C electronic::activator::CActivator::ActivateOffline
.rdata:00000001403ACCE0 00000030 C electronic::activator::CActivator::ActivateDemo
.rdata:00000001403ACF40 0000002E C electronic::activator::CActivator::Reactivate
.rdata:00000001403AD178 0000002B C electronic::activator::CActivator::Install
.rdata:00000001403AD208 0000002D C electronic::activator::CActivator::DaysLimit
.rdata:00000001403AD2E8 0000002D C electronic::activator::CActivator::IsExpired
.rdata:00000001403AD330 0000002F C electronic::activator::CActivator::ReadActFile
.rdata:00000001403AD580 00000033 C electronic::activator::CActivator::ValidateActData
.rdata:00000001403AD840 00000035 C electronic::activator::CActivator::CreateInitialData
.rdata:00000001403AD888 0000003E C electronic::activator::CActivator::CreateDemoTrialDefaultData
内置公钥
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwknN5/81qIoM+k1WEc/5
A+u3YzWeDNE5i5rpayiNWv4TvxX9udMz3uKF4tmDJfjuSCVUHQWAjJefwSv4ZBQ7
egXHtGzh/HVY/Geei7A1TwOroHxxgUKVkXRoPGYIVNBhrqX0CsCgYCZv7Ij6CSy4
Iamw0Gb/BnZ4Uw1AkOs6DfbGaVspeQGg7oTjSj+TKOWdK1dJ7ZoGyoVQLqxpaq41
r893XqSK5mXlbE3pFSjS6Rn8unyt57EuIcFy+x2VqjOf3KiwiGCeIaQtAtF5Pqii
KoEMoGgcDedO4C6h/LKy1oXJR7QeHQijUAn7JXE/i0I57BXyKylR6/YIV6hV+Ovm
bQIDAQAB
-----END PUBLIC KEY-----
日志记录
C:\Program Files\Electronic Team\USB Network Gate\act.log
字符串加密(AES_256_CBC)
全局字符串被加密,(可调试时直接dump相应数据)
例如:firstActivation
//UsbService64.exe
int sub_140074990()
{
unsigned int n0x10; // edx
char *v1; // rax
void *v2; // rcx
void *v4[2]; // [rsp+20h] [rbp-28h] BYREF
__int64 v5; // [rsp+30h] [rbp-18h]
if ( byte_1403F1A60 )
{
n0x10 = 0;
v1 = byte_1403F1A50;
do
*v1++ ^= 0x33 - n0x10++;
while ( n0x10 < 0x10 );
byte_1403F1A60 = 0;
}
v4[0] = operator new(0x10ui64);
v5 = (__int64)v4[0] + 0x10;
memmove(v4[0], byte_1403F1A50, 0x10ui64);
v4[1] = (char *)v4[0] + 0x10;
aes_cbc_dec_1400B4290((std::string *)&firstActivation_1404017B0, (__int64)v4);
v2 = v4[0];
if ( !v4[0] )
return atexit(sub_1402E9800);
if ( v5 - (unsigned __int64)v4[0] >= 0x1000 )
{
v2 = (void *)*((_QWORD *)v4[0] + 0xFFFFFFFF);
if ( (unsigned __int64)(v4[0] - v2 - 8) > 0x1F )
invalid_parameter_noinfo_noreturn();
}
j_j_free(v2);
return atexit(sub_1402E9800);
}
解密:
from Crypto.Cipher import AES
def xor_bs(data:bytes,k:int):
out=[]
for i,x in enumerate(data) :
out.append(x^(k-i))
return bytes(out)
iv=bytes.fromhex('DEEDFDFB0D0C97A3BD590C4E42E75570')
key=bytes.fromhex('37C1E8C647684E9A441D5547F0975F2F7CDC16732BD53BD545005D3995F6B034')
def test():
cipher=AES.new(key=key,iv=iv,mode=AES.MODE_CBC)
data=xor_bs(bytes.fromhex('94AFF81DC68E2D1B8D77D235B0120173'),0x33)
x=cipher.decrypt(data)
print(x)
pass
if __name__=='__main__':
test()
pass
'''
b'firstActivation\x01'
'''
字符串资源
zh_CN.tkv
UsbConfig.exe .rdata:007C10B8 off_7C10B8
0,0==>IDSM_SHARE_DEV
1,1==>IDSM_SHARE_SHARE
2,2==>IDSM_CHANGE_SHARING
3,3==>IDSM_SHARE_DISC
4,4==>IDSM_UNSHARE
5,5==>IDSM_UNSHARE_ALL
6,6==>IDSM_EDIT_NICK
7,7==>IDS_ENCRYPTION
8,8==>IDS_COMPRESSION
9,9==>IDS_AUTHORIZATION
10,a==>IDSM_SHARE_EDIT
11,b==>IDS_COMPRESSION_TYPE_NONE
12,c==>IDS_COMPRESSION_TYPE_ZLIB
13,d==>IDS_COMPRESSION_TYPE_LZ4
14,e==>IDSM_CON_DEV
15,f==>IDSM_ADD_SERVER
16,10==>IDSM_ADD_DEVICE
17,11==>IDSM_REMOVE_DEVICE
18,12==>IDSM_CONNECT
19,13==>IDSM_CONNECT_ONCE
20,14==>IDSM_CONNECT_SESSION
21,15==>IDSM_CONNECT_USER
22,16==>IDSM_CONNECT_WITH_PASS
23,17==>IDSM_DISCONNECT
24,18==>IDSM_DISCON_ALL
25,19==>IDSM_RDISCONNECT
26,1a==>IDSM_RDP_AUTO
27,1b==>IDSM_VIEW
28,1c==>IDSM_REAL_DEVS
29,1d==>IDSM_ALL_PORTS
30,1e==>IDSM_ONLY_SHARED
31,1f==>IDSM_SHOW_HID
32,20==>IDSM_ONLY_CONN
33,21==>IDSM_SHOW_DISCONNECTED_HUBS
34,22==>IDSM_DONT_SHOW_EMPTY_SHARED_PORT
35,23==>IDSM_SHOW_USB_LOC
36,24==>IDSM_VIEW_LOG
37,25==>IDSM_VIEW_LIMIT_BANNER
38,26==>IDSM_VIEW_LANG
39,27==>IDSM_VIEW_TRAFFIC
40,28==>IDSM_VIEW_TRAF_NONE
41,29==>IDSM_VIEW_TRAF_SIZE_RAW
42,2a==>IDSM_VIEW_TRAF_SIZE_ZIP
43,2b==>IDSM_VIEW_TRAF_SPEED_RAW
44,2c==>IDSM_VIEW_TRAF_SPEED_ZIP
45,2d==>IDSM_VIEW_BITS_PER_SEC
46,2e==>IDSM_VIEW_BYTES_PER_SEC
47,2f==>IDSM_HELP
48,30==>IDSM_ONLINE_HELP
49,31==>IDSM_EXTEND_TRIAL
50,32==>IDSM_BUY_FULL
51,33==>IDSM_ENTER_REG_INFO
52,34==>IDSM_CHK_UPDATE
53,35==>IDSM_HELP_ABOUT
54,36==>IDSM_LOG_CLEAR
55,37==>IDSM_LOG_SAVE
56,38==>IDSM_LOG_COPY
57,39==>IDSM_LOG_SELECT_ALL
58,3a==>IDS_TAB_LOCAL
59,3b==>IDS_TAB_REMOTE
60,3c==>IDS_OPT_DEVICES
61,3d==>IDS_OPT_ALL_PORTS
62,3e==>IDS_OPT_VIEW_SHARED
63,3f==>IDS_OPT_ADD_SERVER
64,40==>IDS_OPT_ENABLE_RDP
65,41==>IDS_OPT_ADVANCED_OPT
66,42==>IDS_OPT_AO_HID
67,43==>IDS_OPT_AO_USB3HUB
68,44==>ID_OPT_AO_ONLY_USB3HUB
69,45==>IDS_BTN_SHARE
70,46==>IDS_ERR_BAD_PASSWORD
71,47==>IDS_ERR_EMPTY_PASS
72,48==>IDS_ERR_BAD_HOSTNAME
73,49==>IDS_ERR_HOSTNAME_EMPTY
74,4a==>IDS_ERR_INVALID_HOSTNAME
75,4b==>IDS_ERR_TCP_PORT_OUT_RANGE
76,4c==>IDS_ERR_THATS_MY_IP
77,4d==>IDS_ERR_CANT_OPEN_LOG
78,4e==>IDS_ERR_CANT_SHARE_PORT
79,4f==>IDS_ERR_CANT_SHARE_DEV
80,50==>IDS_TIP_AUTH_ENABLED
81,51==>IDS_TIP_CRYPT_ENABLED
82,52==>IDS_TIP_COMPR_ENABLED
83,53==>IDS_TIP_ISOLATE_NONE
84,54==>IDS_TIP_ISOLATE_SESSION
85,55==>IDS_TIP_ISOLATE_USER
86,56==>IDS_STATUS_TEMPLATE
87,57==>IDS_ST_SHARED_AT_PORT
88,58==>IDS_ST_SHARED_AS_CALLBACK
89,59==>IDS_ST_CONNECTED_TO_CLIENT
90,5a==>IDS_ST_CONNECTED_AS_CALLBACK
91,5b==>IDS_ACT_SHARING
92,5c==>IDS_ACT_UNSHARING
93,5d==>IDS_ACT_DISCONNECTING
94,5e==>IDS_ACT_CHANGING
95,5f==>IDS_ACT_CONNECTING
96,60==>IDS_ACT_REMOVING
97,61==>IDS_ST_DEVICE_OFF
98,62==>IDS_ST_DISCONNECTED
99,63==>IDS_ST_CONNECTED
100,64==>IDS_ST_CONNECTED_SESSION
101,65==>IDS_ST_CONNECTED_USER
102,66==>IDS_ST_CLIENT_WAITING
103,67==>IDS_ST_OCCUPIED
104,68==>IDS_ST_CALLBACK_PORT
105,69==>IDS_INF_UNKNOWN_DEV
106,6a==>IDS_INF_NOT_AVAILABLE
107,6b==>IDS_HINT_ENTER_NICK
108,6c==>IDS_MSG_NOTHING_SHOW
109,6d==>IDS_MSG_DEMO_BANNER
110,6e==>IDS_MSG_REGISTERED_VERSION
111,6f==>IDS_MSG_REGVER_WITH_LIMIT
112,70==>IDS_MSG_UNLIM_SHARE
113,71==>IDS_MSG_ONLY_1_SHARE
114,72==>IDS_MSG_ONLY_N_SHARE
115,73==>IDS_MSG_MAX_SHARED
116,74==>IDS_MSG_CAN_1_MORE
117,75==>IDS_MSG_CAN_N_MORE
118,76==>IDS_ERR_CANT_SHARE_LIMIT
119,77==>IDS_ERR_CANT_SHARE_TCP
120,78==>IDS_ERR_CANT_SHARE_OTHER
121,79==>IDS_ERR_SETTINGS_EQ
122,7a==>IDS_ERR_CANT_ADD_DEVICE
123,7b==>IDS_ERR_CANT_ADD_CALLBACK
124,7c==>IDS_NOT_ENABLE_RDISCON
125,7d==>IDS_USB_LOC_NICK_TEMPLATE
126,7e==>IDSD_demo_1dev
127,7f==>IDSD_demo_Ndev
128,80==>IDSD_demo_unlim
129,81==>IDSD_click_demo
130,82==>IDSD_trial_Ndays
131,83==>IDSD_trial_1day
132,84==>IDSD_exhausted
133,85==>IDSD_time_backward
134,86==>IDSD_trial_blocked
135,87==>IDSD_badlocaltime
136,88==>IDSD_setdatetime
137,89==>IDSD_wrong_hid
138,8a==>IDSD_failed_reactivate
139,8b==>IDSD_max_hids
140,8c==>IDSD_max_hids_todo
141,8d==>IDSD_key_banned
142,8e==>IDSD_other_error
143,8f==>IDSD_need_activate
144,90==>IDSD_error_details
145,91==>IDSD_btn_entercode
146,92==>IDS_btn_ordernow
147,93==>IDSD_btn_trial
148,94==>IDS_btn_activate
149,95==>IDS_btn_tryagain
150,96==>IDS_btn_act_offline
151,97==>IDSD_btn_remind
152,98==>IDS_btn_upd_info
153,99==>IDS_btn_enter_code
154,9a==>IDS_btn_cancel
155,9b==>IDSD_splash
156,9c==>IDSA_dialog_title
157,9d==>IDSA_please_enter_code
158,9e==>IDSA_enter_todo
159,9f==>IDSA_lost_code
160,a0==>IDSA_hint_enter_code
161,a1==>IDSA_msg_wrong_key
162,a2==>IDSA_title_success
163,a3==>IDSA_msg_success
164,a4==>IDSA_title_failed
165,a5==>IDSA_msg_nolink
166,a6==>IDSA_msg_nolink_offline
167,a7==>IDSA_btn_activate_later
168,a8==>IDSA_btn_manually
169,a9==>IDSA_msg_maxhids_1
170,aa==>IDSA_title_manually
171,ab==>IDSA_btn_load
172,ac==>IDSA_btn_save
173,ad==>IDSA_load_filter
174,ae==>IDSA_filt_all_files
175,af==>IDSA_save_filter
176,b0==>IDSA_save_success
177,b1==>IDSA_title_error
178,b2==>IDSA_cant_load
179,b3==>IDSA_cant_save
180,b4==>IDSA_title_activation
181,b5==>IDSA_err_badlocaltime
182,b6==>IDSA_err_banned
183,b7==>IDSA_err_wrong_code
184,b8==>IDSA_err_wrong_version
185,b9==>IDSA_err_file_expired
186,ba==>IDSA_err_file_mistarget
187,bb==>IDSA_err_file_corrupted
188,bc==>IDSA_cant_activate_ask_us
189,bd==>IDSA_generic_cant_activate
190,be==>IDSI_install_title
191,bf==>IDSI_session_install_msg
192,c0==>IDSI_user_install_msg
193,c1==>IDSI_need_restart_msg
194,c2==>IDSI_button_restart
195,c3==>IDSI_button_not_now
196,c4==>IDS_USBCLASS_0x01_AUDIO
197,c5==>IDS_USBCLASS_0x02_COMMUNICATIONS
198,c6==>IDS_USBCLASS_0x03_HID_KEYBOARD
199,c7==>IDS_USBCLASS_0x03_HID_MOUSE
200,c8==>IDS_USBCLASS_0x03_HID
201,c9==>IDS_USBCLASS_0x05_PHYSICAL
202,ca==>IDS_USBCLASS_0x06_IMAGING
203,cb==>IDS_USBCLASS_0x07_PRINTER
204,cc==>IDS_USBCLASS_0x08_MASSSTORAGE
205,cd==>IDS_USBCLASS_0x09_HUB
206,ce==>IDS_USBCLASS_0x0A_COMMUNICATIONS
207,cf==>IDS_USBCLASS_0x0B_SMARTCARD
208,d0==>IDS_USBCALSS_0x0D_SECURITY
209,d1==>IDS_USBCLASS_0x0E_VIDEO
210,d2==>IDS_USBCLASS_0x0F_HEALTHCARE
211,d3==>IDS_USBCLASS_0x10_AUDIOVIDEO
212,d4==>IDS_USBCLASS_0xDC_DIAGNOSTIC
213,d5==>IDS_USBCLASS_0xE0_WIRELESS
214,d6==>IDS_RESTART_CHANGE_LANG
215,d7==>IDS_ERROR_NOLANGUAGE
216,d8==>IDS_NO_SERVICE_TEXT
217,d9==>IDS_ALREADY_USE_TCPPORT
218,da==>IDS_UPDATE_CHECKERROR
219,db==>IDS_UPDATE_NOUPDATES
220,dc==>IDS_BTN_CANCEL
221,dd==>IDS_CONFIRM_ACTION
222,de==>IDS_ARE_YOU_SURE
223,df==>IDS_HID_WARNING
224,e0==>IDS_TCP_GROUP
225,e1==>IDS_LISTEN_ON_PORT
226,e2==>IDS_SHARE_AS_CALLBACK
227,e3==>IDS_HINT_HOSTNAME
228,e4==>IDS_CONN_GROUP
229,e5==>IDS_PASSWORD_
230,e6==>IDS_RETYPE_
231,e7==>IDS_ALLOW_RDISCON
232,e8==>IDS_DONT_RESET_DEV
233,e9==>IDS_NICK
234,ea==>IDS_CHANGE_NICK_TITLE
235,eb==>IDS_BTN_OK
236,ec==>IDS_LOG_TITLE
237,ed==>IDS_ADD_CLIENT_TITLE
238,ee==>IDS_RADIO_SHARED_DEVICE
239,ef==>IDS_RADIO_CALLBACK
240,f0==>IDS_VER_TEMPLATE
241,f1==>IDS_LOGFILE
242,f2==>IDS_TT_USB_PORT
243,f3==>IDS_TT_SHARED_USB
244,f4==>IDS_TT_DEV_NAME
245,f5==>IDS_TT_NICK
246,f6==>IDS_TT_REMOTE_DEV
247,f7==>IDS_TT_REMOTE_PORT
248,f8==>IDS_TT_SHARED_AT
249,f9==>IDS_TT_STATUS
250,fa==>IDS_TT_REMOTE_OFFLINE
251,fb==>IDS_RDP_HUB
252,fc==>IDS_CALLBACK_HUB
253,fd==>IDS_MY_COMPUTER
254,fe==>IDS_MY_COMPUTER_NAME
255,ff==>IDS_COMP_IP_TEMPLATE
256,100==>IDS_GUI_TITLE
257,101==>IDS_CLIENT_MODE_GUI_TITLE
258,102==>IDS_ALREADY_RUNNING
259,103==>IDS_DLG_CONNECT_TITLE
260,104==>IDS_DLG_CONNECT_REQUIRE_PASSWD
261,105==>IDS_DLG_CONNECT_MAYBE_PASSWD
262,106==>IDS_DLG_SET_PASSWD_TITLE
263,107==>IDS_DLG_SET_PASSWD_PROMPT
264,108==>IDS_BTN_SET
265,109==>IDS_CANT_SHARE_TITLE
266,10a==>IDS_CANT_SHARE_DEMO_N
267,10b==>IDS_CANT_SHARE_LIMIT_N
268,10c==>IDS_SET_NICK_PROMPT
269,10d==>IDS_ADD_SERVER_PROMPT
270,10e==>IDS_BTN_ADD
271,10f==>IDSA_manually_todo_e
272,110==>IDS_HOST_LABEL
273,111==>IDS_PORT_LABEL
274,112==>IDS_COMPRESSION_
275,113==>IDS_MISC_GROUP
276,114==>IDS_TIMEOUT_CHECKBOX
277,115==>IDS_TIMEOUT_CUSTOM
278,116==>IDS_TIMEOUT_30_SECONDS
279,117==>IDS_TIMEOUT_1_MINUTE
280,118==>IDS_TIMEOUT_5_MINUTES
281,119==>IDS_TIMEOUT_10_MINUTES
282,11a==>IDS_TIMEOUT_20_MINUTES
283,11b==>IDS_TIMEOUT_30_MINUTES
284,11c==>IDS_TIMEOUT_45_MINUTES
285,11d==>IDS_TIMEOUT_1_HOUR
286,11e==>IDS_TIMEOUT_2_HOURS
287,11f==>IDS_TIMEOUT_3_HOURS
288,120==>IDS_TIMEOUT_4_HOURS
289,121==>IDS_TIMEOUT_6_HOURS
290,122==>IDS_TIMEOUT_12_HOURS
291,123==>IDS_TIMEOUT_24_HOURS
292,124==>IDS_SUPPORT_EMAIL_TEMPLATE
293,125==>IDS_NOTE_FREE_CLIENT
294,126==>IDS_CANT_REACTIVATE_ANYMORE
295,127==>IDS_TEXT_LINK_MAX_HIDS
296,128==>IDS_REACTIVATION_REQUIRED
297,129==>IDS_GRACE_OVER_REV
298,12a==>IDS_GRACE_N_DAYS_MANY
299,12b==>IDS_GRACE_1_DAY_ONLY
300,12c==>IDS_GRACE_TODO_REV
301,12d==>IDS_FREE_TRIAL_TITLE
302,12e==>IDS_FREE_TRIAL_OVER_TITLE
303,12f==>IDS_FREE_TRIAL_OVER_TEXT
304,130==>IDS_FREE_TRIAL_EXTERNSION_LINK
305,131==>IDS_CRACKED_TITLE
306,132==>IDS_CRACKED_TEXT
307,133==>IDS_CRACKED_LINK_PURCHASE
308,134==>IDS_CRACKED_LINK_INFO
309,135==>IDS_TRIAL_DEMO_TITLE
310,136==>IDS_TRIAL_DEMO_TEXT
311,137==>IDS_TRIAL_OVER_TITLE
312,138==>IDS_TRIAL_OVER_TEXT
313,139==>IDS_TRIAL_LABEL_BENEFITS
314,13a==>IDS_TRIAL_LABEL_BENEFIT_1
315,13b==>IDS_TRIAL_LABEL_BENEFIT_2
316,13c==>IDS_TRIAL_LABEL_BENEFIT_3
317,13d==>IDS_TRIAL_LABEL_BENEFIT_4
318,13e==>IDS_TRIAL_LABEL_BENEFIT_5
319,13f==>IDS_REQUEST_TRIAL_URL_TEMPLATE
320,140==>IDS_REQUEST_TRIAL_LINK
321,141==>IDS_REQUEST_TRIAL_LINK_OEM
322,142==>IDS_TRIAL_ACTIVATE_TITLE
323,143==>IDS_TRIAL_ACTIVATE_TEXT
324,144==>IDS_TRIAL_LABEL_ENTER_CODE
325,145==>IDS_TRIAL_NOTE_CODE_IN_EMAIL
326,146==>IDS_RECOVER_CODE_URL_TEMPLATE
327,147==>IDS_RECOVER_CODE_LINK
328,148==>IDS_ABOUT_CAPTION
329,149==>IDS_ABOUT_REGISTERED_TO
330,14a==>IDS_ABOUT_LICENSE_TYPE
331,14b==>IDS_ABOUT_LICENSE_DEMO
332,14c==>IDS_ABOUT_REGCODE
333,14d==>IDS_ABOUT_SUPPORT_EMAIL
334,14e==>IDS_ABOUT_COPYRIGHT
335,14f==>IDS_DEV_STATUS_TRAFFIC
336,150==>IDS_SIZE_KBYTE
337,151==>IDS_SIZE_MBYTE
338,152==>IDS_SIZE_GBYTE
339,153==>IDS_SIZE_TBYTE
340,154==>IDS_SIZE_PBYTE
341,155==>IDS_SIZE_EBYTE
342,156==>IDS_SPEED_KBYTE
343,157==>IDS_SPEED_MBYTE
344,158==>IDS_SPEED_GBYTE
345,159==>IDS_SPEED_TBYTE
346,15a==>IDS_SPEED_PBYTE
347,15b==>IDS_SPEED_EBYTE
348,15c==>IDS_SPEED_KBIT
349,15d==>IDS_SPEED_MBIT
350,15e==>IDS_SPEED_GBIT
351,15f==>IDS_SPEED_TBIT
352,160==>IDS_SPEED_PBIT
353,161==>IDS_SPEED_EBIT
354,162==>IDS_OEM_AD_TEXT1
355,163==>IDS_OEM_AD_TEXT2
356,164==>IDS_OEM_AD_LINK_MORE
357,165==>IDS_OEM_AD_LINK_CLOSE
358,166==>IDSM_HELP_ABOUT_OEM_INTEGRATION
359,167==>IDSM_SDK
360,168==>IDSM_SDK_MANUAL
361,169==>IDSM_SDK_EXAMPLE
362,16a==>IDSM_SDK_ACT
363,16b==>IDS_MESSAGE_NEED_SDK_KEY
364,16c==>IDS_MESSAGE_NEED_SDK_KEY_T
365,16d==>IDSA_msg_success_act_OK
366,16e==>IDSA_msg_success_act_SDK
UsbConfig.exe off_7C1678 字符串数组
0==>&Share devices
1==>Share...
2==>Sharing options
3==>Disable current connection
4==>Unshare
5==>Unshare all
6==>Edit description...
7==>Encryption
8==>Compression
9==>Authorization
10==>Edit all sharing options
11==>No compression
12==>Best size compression
13==>Best speed compression
14==>&Connect devices
15==>Add server...
16==>Add device...
17==>Remove device
18==>Connect
19==>Connect once
20==>Connect for this session
21==>Connect for this user
22==>Connect with password
23==>Disconnect
24==>Disconnect all
25==>Disconnect remote user
26==>RDP auto-connect
27==>&View
28==>Real devices
29==>All ports
30==>Only shared devices
31==>Show HID devices
32==>Only connected devices
33==>Show disconnected hubs
34==>Don't show empty shared ports
35==>Show USB Port location
36==>Show activity log
37==>Show sharing limitations
38==>Select &language
39==>Traffic for connected device
40==>Don't show traffic
41==>Amount of raw IRP data
42==>Amount of compressed IRP data
43==>Speed of raw IRP data
44==>Speed of compressed IRP data
45==>Speed in bits per second
46==>Speed in bytes per second
47==>&Help
48==>Online User &Manual
49==>Extend &trial period
50==>&Buy full version now
51==>Enter ®istration info
52==>&Check for updates
53==>&About USB Network Gate
54==>Clear log
55==>Save to file
56==>Copy selected
57==>Select All
58==>Local USB devices
59==>Remote USB devices
60==>Devices
61==>All ports
62==>Show only shared devices
63==>Add server
64==>Enable RDP autoconnect
65==>Advanced options
66==>Optimize HID device responsiveness
67==>Always connect USB 3.0 devices via advanced virtual hub
68==>Connect all USB devices via advanced virtual hub
69==>Share
70==>Password and Retype values mismatch.
Type your password again
71==>Password can not be empty
72==>Bad host name
73==>Hostname or IP address box is empty
74==>Invalid IP address or hostname
75==>TCP port value should be in range of 1000...65535
76==>You're trying to add IP address of your computer.
It's already on the list
77==>Could not open log window
78==>Unable to share port:
{usbport}
79==>Unable to share device:
{usbdev}
80==>Authorization enabled
81==>Encryption enabled
82==>Compression enabled
83==>No isolation
84==>Per-session isolation
85==>Per-user isolation
86==>{status} - {action}
87==>Shared on port {tcpport}
88==>Shared as callback to {host_port}
89==>Connected to {client}
90==>Connected as callback to {host_port}
91==>sharing...
92==>unsharing...
93==>disconnecting...
94==>changing settings...
95==>connecting...
96==>removing...
97==>Device is not shared or computer is off
98==>disconnected
99==>connected
100==>Connected for session #{session}
101==>Connected for user '{username}'
102==>waiting for connection
103==>{status} (is in use by {client})
104==>{status} (callback to TCP port {tcpport})
105==>Unknown disconnected device
106==>Information about disconnected device is not available
107==>Enter device description here
RSA 单字节patch
修改N为素数,当N为素数时,RSA采用下面的公式计算私钥:
φ(N)=N-1
D = 1/E mod (φ(N))
py
kg && RSA N单字节修改
from Crypto.PublicKey import RSA
from Crypto.Util.number import bytes_to_long, long_to_bytes
import gmpy2
import time
newN=24526625430652694554465972267551985130408265967319107171651145135511099057267553595142281896649135923023812735290525437975465714169523377290244220610022049948152544912343554533062843572819891979867546605975009896768613639596087208832563850510220997929006473937095691499426300832024654937960436218188283088867037825521351386870990994481271084577127427841532860633751199989440503234081659099395847141259157142089683600932114665561302754963471426628318867366583194208509238891592532462741038899475803859836664375486238912901880499328294838182383249510547246714419595600730104418379895702915827840799833311217418928645741
d=1336788471219180385866799715270697329536266933720857695914336793323552280888043417334455817856031150602576545927609699321732205182012260306098117948929593396322701533895222191923653466623627174757570173742202654245044599548914712451743565833384338688106125164461385324869169271892092519315725134982811956504464029674264417869343726937258347408479167069746179687562129581187443391551942968140774920862683816951406836176961313233516539370577230204561621591367245521046050342871485206172253703235234621470872410229898307778590981332692512046439003421756790290429937218453818956962524794403395594051253560395938483804913
pubkey = '''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwknN5/81qIoM+k1WEc/5
A+u3YzWeDNE5i5rpayiNWv4TvxX9udMz3uKF4tmDJfjuSCVUHQWAjJefwSv4ZBQ7
egXHtGzh/HVY/Geei7A1TwOroHxxgUKVkXRoPGYIVNBhrqX0CsCgYCZv7Ij6CSy4
Iamw0Gb/BnZ4Uw1AkOs6DfbGaVspeQGg7oTjSj+TKOWdK1dJ7ZoGyoVQLqxpaq41
r893XqSK5mXlbE3pFSjS6Rn8unyt57EuIcFy+x2VqjOf3KiwiGCeIaQtAtF5Pqii
KoEMoGgcDedO4C6h/LKy1oXJR7QeHQijUAn7JXE/i0I57BXyKylR6/YIV6hV+Ovm
bQIDAQAB
-----END PUBLIC KEY-----'''
new_pubkey='''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwknN5/81qIoM+k1WEc/5
A+u3YzWeDNE5i5rpayiNWv4TvxX9udMz3uKF4tmDJfjuSCVUHQWAjJefwSv4ZBQ7
egXHtGzh/HVY/Geei7A1TwOroHxxgUKVkXRoPGYIVNBhrqX0CsCgYCZv7Ij6CSy4
Iamw0Gb/BnZ4Uw1AkOs6DfbGaVspeQGg7oTjSj+TKOWdK1dJ7ZoGyoVQLqxpaq41
r893XqSK5mXlbE3pFSjS6Rn8unyt57EuIcFy+x2VqjOf3KiwiGCeIaQtAtF5Pqii
KoEMoGgcDedO4C6h/LKy1oXJR7QeHQijUAn7JXE/40I57BXyKylR6/YIV6hV+Ovm
bQIDAQAB
-----END PUBLIC KEY-----'''
def load_pubkey(pub_key=pubkey):
k = RSA.import_key(pub_key)
print('n:', k.n)
print('e:', k.e)
return k
def modify_byte(data, position, new_byte):
"""修改字节序列中指定位置的字节"""
data_list = bytearray(data)
if position < len(data_list):
data_list[position] = new_byte
return bytes(data_list)
def find_prime_N(N_bytes, E, StartPos=-1, OnlyOne=True):
"""
高效查找素数N'(使用gmpy2优化)
参数:
N_bytes: 原始模数的字节表示
E: 公钥指数
StartPos(option): 小端序字节起始位置
OnlyOne(option): 是否单个
返回:
(N_prime, D, pos, byte_val) 或 None
"""
if isinstance(N_bytes, int):
N_bytes = long_to_bytes(N_bytes)
n_len = len(N_bytes)
total_positions = n_len
byte_range = range(256)
# 预计算一些值以优化性能
E_mpz = gmpy2.mpz(E)
start=total_positions
if StartPos < 0:
assert StartPos >= -total_positions, '- StartPos error!'
start+=StartPos
# rg = range(total_positions+StartPos, -1, -1)
else:
assert StartPos < total_positions, '- StartPos error!'
start+=-1-StartPos
# rg = range(total_positions-1-StartPos, -1, -1)
for pos in range(start, -1, -1):
original_byte = N_bytes[pos]
# 尝试修改该位置的所有可能字节值
for byte_val in byte_range:
if byte_val == original_byte:
continue
# 修改字节并创建mpz对象
modified_bytes = bytearray(N_bytes)
modified_bytes[pos] = byte_val
N_prime = gmpy2.mpz(bytes_to_long(modified_bytes))
# 跳过小数字和偶数
if N_prime < 100 or N_prime % 2 == 0:
continue
# 快速素性测试
if gmpy2.is_prime(N_prime, 16): # 使用15轮Miller-Rabin测试
phi = N_prime - 1
# 检查gcd(E, phi) == 1
if gmpy2.gcd(E_mpz, phi) != 1:
continue
try:
# 计算模逆
D = gmpy2.invert(E_mpz, phi)
# print('[-]modify N at pos:', pos)
if OnlyOne:
yield int(N_prime), int(D), pos, byte_val
return
else:
yield int(N_prime), int(D), pos, byte_val
continue
except ZeroDivisionError:
continue
return
def pkcs1_v1_5_pad(data, key_length):
# 计算最大数据长度(字节)
max_data_len = key_length - 11 # 填充头占11字节
# 检查数据长度
if len(data) > max_data_len:
raise ValueError("Data too long for RSA key size")
# 构建填充结构:0x00 + 0x02 + 随机非零字节 + 0x00 + 原始数据
padding_length = key_length - len(data) - 3
# padding = b'\x00\x02' + os.urandom(padding_length).replace(b'\x00', b'\xff') + b'\x00'
padding = b'\x00\x01' + b'\xff'*padding_length + b'\x00'
return padding + data
def pkcs1_v1_5_unpad(data:bytes, key_length):
out=b''
# 检查数据长度
if len(data) < 11:
raise ValueError("Data too small")
if data[0]!=1:
raise ValueError("not pkcs1_v1_5 sig")
pos=data.find(b'\x00',9)
out=data[pos+1:key_length]
return out
def rsa_enc_PKCS1_v1_5(msg:bytes,D:int,N:int,thunk_sz=0x80):
if isinstance(msg,str):
msg=msg.encode()
out=b''
K_SZ=len(long_to_bytes(N))
for i in range(0,len(msg),thunk_sz):
x=msg[i:i+thunk_sz]
x=pkcs1_v1_5_pad(x,K_SZ)
# imsg=int.from_bytes(x,'big')
imsg=bytes_to_long(x)
enc=pow(imsg, D, N)
out+=long_to_bytes(enc)
return out
def rsa_dec_PKCS1_v1_5(msg:bytes,E:int,N:int):
rsa_sz=len(long_to_bytes(N))
out=b''
for i in range(0,len(msg),rsa_sz):
x=msg[i:i+rsa_sz]
x_numb=bytes_to_long(x)
i_dec=pow(x_numb, E, N)
dec=long_to_bytes(i_dec)
out+=pkcs1_v1_5_unpad(dec,rsa_sz)
return out
def count_byte_differences(bytes1, bytes2):
return sum(b1 != b2 for b1, b2 in zip(bytes1, bytes2))
def str_to_timeStamp(s:str= "2025-08-15"):
# 先转换为时间数组
timeArray = time.strptime(s, "%Y-%m-%d")
# 转换为时间戳
timeStamp = int(time.mktime(timeArray))
print(timeStamp)
return timeStamp
def mk_lic_info(hid:str,license_key_code='88888-88888-88888-88888-88888',product_id='123',product_version='11',licenseName='Single License [Unlimited USB devices]',s_date="2025-08-15",nextActivation='2066-01-01',registed_name='ikun'):
s_time=str_to_timeStamp(s_date)
lic={
'errorCode':'0',
'product_id':product_id,
'product_version':product_version,
'licenseName':licenseName,#unknow
'license_key_code':license_key_code,
'key_type':'0',
'hid':hid,
# 'key_options':'0',
# 'license_options':'0',
'serverDate':s_date,
'activationDate':s_date,
'nextActivation':nextActivation,
'firstActivation':s_date,
'registed_name ':registed_name,
'serverTime':s_time,#unknow
}
items=[]
for k,v in lic.items():
items.append(f'{k}={v}')
ret='&'.join(items)
return ret
def test_gen_new_n():
# 使用gmpy2优化性能
gmpy2.set_context(gmpy2.context())
bs_pubkey=pubkey.encode()
pubk = load_pubkey()
print('n_bytes:', long_to_bytes(pubk.n).hex())
# x = find_prime_N(pubk.n, pubk.e, False)
# for i, t in enumerate(find_prime_N(pubk.n, pubk.e, False)):
# n, d, pos, bval = t
# print(f'{i} [{pos}] {hex(bval)}==>n:{n}')
gen=find_prime_N(pubk.n,pubk.e)
for i,ret in enumerate(gen):
# ret=next(gen)
if ret:
newN,d,pos,_val=ret
# print('newN:',newN)
# print('d:',d)
# print('newN_bytes:',long_to_bytes(newN).hex())
rk=RSA.construct((newN,pubk.e))
x=rk.export_key()
# base64 bytes
c=count_byte_differences(bs_pubkey,x)
if c==1:
print('newN:',newN)
print('d:',d)
print(f'patch n_pos:{pos},orinal_n_val:{hex(bs_pubkey[pos])},new_n_val:{hex(_val)}')
print('[#]new PUBKEY==>')
print(x.decode())
print()
break
else:
print('[%d]b64 not 1 bytes diff,%d'%(i,c))
else:
print("未找到合适的素数N',请增加尝试次数或尝试其他方法")
break
def test_kg():
lic_path='out_lic.bin'
print('please input you hid,like:xxxxxxxx_xxxxxxxx_xxxxxxxx_x_xxxxxxxx')
print('you can get it from "UNG-activation-info.activate"')
hid=input()
msg=mk_lic_info(hid,s_date='2025-08-15')
# print(len(msg))
# print(msg)
enc=rsa_enc_PKCS1_v1_5(msg,d,newN)
with open(lic_path,'wb') as f:
f.write(enc)
# print('enc:',enc.hex())
# dec=rsa_dec_PKCS1_v1_5(enc,0x10001,newN)
# print(dec)
print('ok,save to==>',lic_path)
pass
def test_dec_act(fname='ung.act'):
enc=b''
# fname='my_usb_lic.bin'
with open(fname,'rb') as f:
enc=f.read()
dec=rsa_dec_PKCS1_v1_5(enc,0x10001,newN)
print(dec)
if __name__ == '__main__':
test_kg()
# test_dec_act()
pass
ps
看日志应该是有问题,不继续分析了,
Status_1400AE1E0
x_External_Status_1400A7800
参考链接
PKCS1_v1_5
浙公网安备 33010602011771号