这是一个.Net程序,使用 dotfuscator进行了混淆。虽然混淆了,但是不影响调试,可以直接使用dnspy进行调试。Help>License Information可以作为调试的入口点。
通过实时调试可以很轻松的找到校验授权的代码,在CppDepend.Core.dll中。可以将其修改为总是返回true。你可以通过搜索下面这个字符串快速的抵达目标位置:
<RSAKeyValue><Modulus>js+lphb91jLdPAiud7BvAgtTU2KIiLSrt/UitlMEEdxUQpDD4/+TxoO9XimXrcknJAVrXU8uWaBnbgA/tJt/0R2p2MzAGRn5KOUZWtNDk8xtYm0muj9J+JxUqf2xcpmSPfeehmxhI8cnk7X8vJYVbbjEjgx7BEcJMyBWYz4E00s=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
internal static bool a(string A_0, out aiq A_1) { A_1 = null; a9a a9a; if (!l4.a(A_0, out a9a)) { a9a = null; } bool flag; try { using (StringReader stringReader = new StringReader(A_0)) { using (XmlReader xmlReader = new XmlTextReader(stringReader)) { if (!bgz.a(xmlReader, a9a, out A_1)) { flag = false; } else { string text = A_1.a(); string text2 = "<RSAKeyValue><Modulus>js+lphb91jLdPAiud7BvAgtTU2KIiLSrt/UitlMEEdxUQpDD4/+TxoO9XimXrcknJAVrXU8uWaBnbgA/tJt/0R2p2MzAGRn5KOUZWtNDk8xtYm0muj9J+JxUqf2xcpmSPfeehmxhI8cnk7X8vJYVbbjEjgx7BEcJMyBWYz4E00s=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"; bool flag2 = ms.a(text2, A_0, text); // 这就是我们要修改的函数... flag = flag2; } } } } catch { flag = false; } return flag; }
修改
internal static class ms { // Token: 0x0600417D RID: 16765 RVA: 0x0012BFD8 File Offset: 0x0012A1D8 internal static bool a(string A_0, string A_1, string A_2) { byte[] array; return ms.a(A_1, out array) == aye.a && ms.a(A_0, A_2, array); } }
为:
internal static class ms { // Token: 0x0600417D RID: 16765 RVA: 0x00004DD4 File Offset: 0x00002FD4 internal static bool a(string A_0, string A_1, string A_2) { return true; } }
这可以使得不管什么license文件都是有效的license文件,然后找到license保存的函数,这个函数跟前面搜索的字符串使用处是挨着的,将有效期改得特别长,即可:
// Token: 0x060035E1 RID: 13793 RVA: 0x00102968 File Offset: 0x00100B68 private static bool a(XmlReader A_0, a9a A_1, out bga A_2) { bool flag = A_1 != null; A_2 = null; string text = "EvaluationResponse"; string text2 = "DateRegister"; string text3 = "DateExpire"; string text4 = "MoreEvalAlreadyAsked"; string text5 = "HardwareID"; string text6 = "HardwareIDUnhashed"; string text7 = "EvalNbDaysLeftToShowActivationForm"; string text8 = "EvalNbDaysLeftToShowAskForMoreEvalButton"; string text9 = "CanReEvalNbDaysAfterEvalExpiration"; string text10 = "EvalRegisteredWithProductVersion"; A_0.ReadToDescendant(text); string text11; string text12; if (flag) { text11 = A_1.b(); text12 = A_1.c(); A_0.ReadToDescendant(text2); } else { A_0.ReadToDescendant(text5); text11 = A_0.ReadString(); if (!text11.b(36)) { return false; } a46.b(A_0); if (A_0.Name != text6) { return false; } text12 = A_0.ReadString(); if (!text12.b(289)) { return false; } a46.b(A_0); } if (A_0.Name != text2) { return false; } aaf aaf; if (!aaf.a(A_0.ReadString(), out aaf)) { return false; } a46.b(A_0); if (A_0.Name != text3) { return false; } string text13 = A_0.ReadString(); text13 = text13.Substring(0, text13.Length - 4) + "2050"; // 这可以让你的试用时长变得特别长 aaf aaf2; if (!aaf.a(text13, out aaf2)) { return false; } if (aaf2.d() <= aaf.d()) { return false; } a46.b(A_0); if (A_0.Name != text4) { return false; } bool flag2; if (!bool.TryParse(A_0.ReadString(), out flag2)) { return false; } int num; if (!ao3.a(A_0, text7, out num)) { return false; } int num2; if (!ao3.a(A_0, text8, out num2)) { return false; } int num3; if (!ao3.a(A_0, text9, out num3)) { return false; } if (num < num2) { return false; } if (flag) { a46.b(A_0); if (A_0.Name != text10) { return false; } Version version; if (!Version.TryParse(A_0.ReadString(), out version)) { return false; } A_2 = new ayi(aaf, aaf2, flag2, num, num2, num3, version, A_1); } else { A_2 = new bga(aaf, aaf2, flag2, text11, text12, num, num2, num3); } return true; }
如果你觉得evaluate remain days这种字符串很碍眼的话,也可以直接把它改成其它的。保存的时候,需要勾选"MD写入选项”的所有参数以确保不会破坏dll本身。
原版下载:
链接: https://pan.baidu.com/s/1pUuc49bvtiOIyvFJ-nAjcw?pwd=jnx7 提取码: jnx7
标签:分析,CppDepend2023.1,false,string,flag,bool,return,out From: https://www.cnblogs.com/bodong/p/17320104.html