这是一个.Net程序,使用 dotfuscator进行了混淆。虽然混淆了,但是不影响调试,可以直接使用dnspy进行调试。Help>License Information可以作为调试的入口点。
通过实时调试可以很轻松的找到校验授权的代码,在CppDepend.Core.dll中。可以将其修改为总是返回true。你可以通过搜索下面这个字符串快速的抵达目标位置:
<RSAKeyValue><Modulus>js+lphb91jLdPAiud7BvAgtTU2KIiLSrt/UitlMEEdxUQpDD4/+TxoO9XimXrcknJAVrXU8uWaBnbgA/tJt/0R2p2MzAGRn5KOUZWtNDk8xtYm0muj9J+JxUqf2xcpmSPfeehmxhI8cnk7X8vJYVbbjEjgx7BEcJMyBWYz4E00s=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
internal static bool a(string A_0, out aiq A_1)
{
A_1 = null;
a9a a9a;
if (!l4.a(A_0, out a9a))
{
a9a = null;
}
bool flag;
try
{
using (StringReader stringReader = new StringReader(A_0))
{
using (XmlReader xmlReader = new XmlTextReader(stringReader))
{
if (!bgz.a(xmlReader, a9a, out A_1))
{
flag = false;
}
else
{
string text = A_1.a();
string text2 = "<RSAKeyValue><Modulus>js+lphb91jLdPAiud7BvAgtTU2KIiLSrt/UitlMEEdxUQpDD4/+TxoO9XimXrcknJAVrXU8uWaBnbgA/tJt/0R2p2MzAGRn5KOUZWtNDk8xtYm0muj9J+JxUqf2xcpmSPfeehmxhI8cnk7X8vJYVbbjEjgx7BEcJMyBWYz4E00s=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
bool flag2 = ms.a(text2, A_0, text); // 这就是我们要修改的函数...
flag = flag2;
}
}
}
}
catch
{
flag = false;
}
return flag;
}
修改
internal static class ms
{
// Token: 0x0600417D RID: 16765 RVA: 0x0012BFD8 File Offset: 0x0012A1D8
internal static bool a(string A_0, string A_1, string A_2)
{
byte[] array;
return ms.a(A_1, out array) == aye.a && ms.a(A_0, A_2, array);
}
}
为:
internal static class ms
{
// Token: 0x0600417D RID: 16765 RVA: 0x00004DD4 File Offset: 0x00002FD4
internal static bool a(string A_0, string A_1, string A_2)
{
return true;
}
}
这可以使得不管什么license文件都是有效的license文件,然后找到license保存的函数,这个函数跟前面搜索的字符串使用处是挨着的,将有效期改得特别长,即可:
// Token: 0x060035E1 RID: 13793 RVA: 0x00102968 File Offset: 0x00100B68
private static bool a(XmlReader A_0, a9a A_1, out bga A_2)
{
bool flag = A_1 != null;
A_2 = null;
string text = "EvaluationResponse";
string text2 = "DateRegister";
string text3 = "DateExpire";
string text4 = "MoreEvalAlreadyAsked";
string text5 = "HardwareID";
string text6 = "HardwareIDUnhashed";
string text7 = "EvalNbDaysLeftToShowActivationForm";
string text8 = "EvalNbDaysLeftToShowAskForMoreEvalButton";
string text9 = "CanReEvalNbDaysAfterEvalExpiration";
string text10 = "EvalRegisteredWithProductVersion";
A_0.ReadToDescendant(text);
string text11;
string text12;
if (flag)
{
text11 = A_1.b();
text12 = A_1.c();
A_0.ReadToDescendant(text2);
}
else
{
A_0.ReadToDescendant(text5);
text11 = A_0.ReadString();
if (!text11.b(36))
{
return false;
}
a46.b(A_0);
if (A_0.Name != text6)
{
return false;
}
text12 = A_0.ReadString();
if (!text12.b(289))
{
return false;
}
a46.b(A_0);
}
if (A_0.Name != text2)
{
return false;
}
aaf aaf;
if (!aaf.a(A_0.ReadString(), out aaf))
{
return false;
}
a46.b(A_0);
if (A_0.Name != text3)
{
return false;
}
string text13 = A_0.ReadString();
text13 = text13.Substring(0, text13.Length - 4) + "2050"; // 这可以让你的试用时长变得特别长
aaf aaf2;
if (!aaf.a(text13, out aaf2))
{
return false;
}
if (aaf2.d() <= aaf.d())
{
return false;
}
a46.b(A_0);
if (A_0.Name != text4)
{
return false;
}
bool flag2;
if (!bool.TryParse(A_0.ReadString(), out flag2))
{
return false;
}
int num;
if (!ao3.a(A_0, text7, out num))
{
return false;
}
int num2;
if (!ao3.a(A_0, text8, out num2))
{
return false;
}
int num3;
if (!ao3.a(A_0, text9, out num3))
{
return false;
}
if (num < num2)
{
return false;
}
if (flag)
{
a46.b(A_0);
if (A_0.Name != text10)
{
return false;
}
Version version;
if (!Version.TryParse(A_0.ReadString(), out version))
{
return false;
}
A_2 = new ayi(aaf, aaf2, flag2, num, num2, num3, version, A_1);
}
else
{
A_2 = new bga(aaf, aaf2, flag2, text11, text12, num, num2, num3);
}
return true;
}
如果你觉得evaluate remain days这种字符串很碍眼的话,也可以直接把它改成其它的。保存的时候,需要勾选"MD写入选项”的所有参数以确保不会破坏dll本身。
原版下载:
链接: https://pan.baidu.com/s/1pUuc49bvtiOIyvFJ-nAjcw?pwd=jnx7 提取码: jnx7
标签:分析,CppDepend2023.1,false,string,flag,bool,return,out From: https://www.cnblogs.com/bodong/p/17320104.html