首页 > 其他分享 >EmEditor 24.4.1 离线注册分析

EmEditor 24.4.1 离线注册分析

时间:2024-11-09 20:09:20浏览次数:1  
标签:__ EmEditor 0i64 24.4 离线 a1 int64 key sub

EmEditor Version 24.4.1 离线注册分析

目录

注册密钥需要以网络验证的方式进行注册,离线无法注册

故,不作分析,只保留本地对注册密钥格式的本地校验过程分析

如其官网所述,There are two online registration flows, depending on if a registration key is used (RegisterDevice()) or a Stripe subscription is used (RegisterDeviceSubscription()). The third registration flow is for offline registration (StoreOfflineLicenseAndValidate()).

在线注册分为:

RegisterDevice

RegisterDeviceSubscription

本文主要对StoreOfflineLicenseAndValidate 离线注册方案分析

官网离线注册说明:

EmEditor (Text Editor)新验证系统说明

0、注册密钥Regkey 格式本地验证流程

RegisterDevice对应选择注册密钥

RegisterDeviceSubscription对应 选择登录

image-20241109174254474

通过调用栈可回溯到emeddlgs.dll导出函数DoRegistDlg

image-20241024193830860

导出函数

image-20241109144526073

emeddlgs.dll==>DoRegistDlg

__int64 __fastcall DoRegistDlg(HWND a1, char a2)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  v10[1] = 0i64;
  lpMem = 0i64;
  v12 = 0i64;
  v13 = 0;
  v14 = 0;
  v10[0] = &CRegisterDlg::`vftable';
  sub_1803E4D60(v15, 0, 0x50ui64);
  v16 = 0i64;
  v17 = 0i64;
  v18 = 0i64;
  v19 = 0i64;
  v20 = 0;
  sub_1803E4D60(v21, 0, 0x208ui64);
  sub_1803E4D60(v22, 0, 0xA0ui64);
  v23 = 0i64;
  v24 = 0;
  v25 = 0;
  sub_1803E4D60(v26, 0, 0xC8ui64);
  sub_1803E4D60(v27, 0, 0x320ui64);
  sub_1803E4D60(v28, 0, 0xC8ui64);
  v29 = 0;
  v30 = 0;
  v31 = 0;
  v33 = 0;
  v34 = 0;
  v32 = a2;
  ActiveWindow = GetActiveWindow();
  v5 = sub_18039B8F8(v10, ActiveWindow);
  v6 = v5;
  while ( v5 == 6 )
  {
    // 354,    "您的授权将在 %d 天后到期。\n请更新您的授权,并输入新的注册密钥或登录。\n如果您没有输入新的注册密钥或登录,EmEditor 将降级为免费版。"
    LoadStringW(hLibModule, 353u, Buffer, 0x14A);
    x_sprintf__1802E3F78(v9, 0x28, L"%02d/%04d");
    x_sprintf__1802E3F78(v36, 0x14A, Buffer, v9);
    x_dialog_180374CC4(a1, v36, 0x30);
    v7 = GetActiveWindow();
    v5 = sub_18039B8F8(v10, v7);
    v6 = v5;
  }
  if ( lpMem )
    sub_1803AF8EC(lpMem);
  return v6;
}

资源信息

安装目录下mui\2052 存放简体中文相关资源

image-20241024202549275

注册产品

image-20241024202657459

’关于‘

image-20241024202721220

CRegisterDlg

关注其消息处理函数proc_18039905C

.rdata:000000018054CD68 ; class CRegisterDlg: CMyDialogImpl<CRegisterDlg,ATL::CWindow>, ATL::CDialogImpl<ATL::CWindow,ATL::CWindow>, ATL::CDialogImplBaseT<ATL::CWindow>, ATL::CWindowImplRoot<ATL::CWindow>, ATL::CWindow, ATL::CMessageMap;  [MI] (#classinformer)
.rdata:000000018054CD68                 dq offset const CRegisterDlg::`RTTI Complete Object Locator'
.rdata:000000018054CD70 const CRegisterDlg::`vftable' dq offset proc_18039905C
.rdata:000000018054CD70                                         ; DATA XREF: DoRegistDlg+36↑o
.rdata:000000018054CD78                 dq offset sub_18039B8B8
.rdata:000000018054CD80                 dq offset sub_1803191F4
.rdata:000000018054CD88                 dq offset _guard_check_icall_nop

proc_18039905C

__int64 __fastcall proc_18039905C(CRegisterDlg *a1, __int64 a2, int msg, __int64 id, __int64 a5, __int64 *a6, int a7)
{
  unsigned int v7; // edi
  CRegisterDlg *v10; // rbx
  __int64 v11; // rax
  const WCHAR *p_key_text_0_98; // r8
  __int64 qword30; // rax

  v7 = 0;
  v10 = a1;
  if ( a7 )
    return 0i64;
  switch ( msg )
  {
    case WM_INITDIALOG:
      *(a1->qword30 + 0x34i64) = 1;
      v11 = sub_180399964(a1);
LABEL_15:
      *a6 = v11;
      goto LABEL_30;
    case WM_HELP:
      *(a1->qword30 + 0x34i64) = 1;
      goto LABEL_8;
    case WM_SYSCOMMAND:
      *(a1->qword30 + 0x34i64) = 1;
      if ( id != 0xF180 )
      {
        *(a1->qword30 + 0x34i64) = 0;
        goto LABEL_29;
      }
LABEL_8:
      sub_180306994(a1->phwnd__8, 0x1B81);
LABEL_29:
      *a6 = 0i64;
LABEL_30:
      if ( *(v10->qword30 + 0x34i64) )
        return 1i64;
LABEL_31:
      LOBYTE(v7) = sub_18031905C(v10, a2, msg, id, a5, a6, 0) != 0;
      return v7;
    case WM_TIMER:
      *(a1->qword30 + 0x34i64) = 1;
      if ( id != 0x64 )
        goto LABEL_29;
      KillTimer(a1->phwnd__8, 0x64ui64);
      v10->gap2DE[0x566] = 0;
      goto LABEL_38;
    case WM_APP|WM_SYNCPAINT|WM_ACTIVATE:       // 808E
      *(a1->qword30 + 0x34i64) = 1;
      v11 = sub_18039B0B4(a1, a2, id, id);
      goto LABEL_15;
    case WM_COMMAND:
      if ( !WORD1(id) )
      {
        //    CONTROL "输入注册密钥(&K)", 2106, BUTTON, BS_AUTORADIOBUTTON | WS_CHILD | WS_VISIBLE | WS_GROUP, 16, 20, 296, 10 
        if ( id == 2106 )
        {
          *(a1->qword30 + 0x34i64) = 1;
          if ( a1->isLogin_848 != 1 )
            goto LABEL_29;
          GetDlgItemTextW(a1->phwnd__8, 0x643, &a1->key_text_1_2DC, 0x50);
          p_key_text_0_98 = &v10->key_text_0_98;
          v10->isLogin_848 = 0;
        }
        else
        {
          //    CONTROL "登录(&S)", 2107, BUTTON, BS_AUTORADIOBUTTON | WS_CHILD | WS_VISIBLE, 16, 34, 296, 10 
          if ( id != 2107 )
          {
            if ( id != 2185 )
            {
              if ( id == 1 )
              {
                // 确定
                *(a1->qword30 + 0x34i64) = 1;
                on_ok_180399C2C(a1);
              }
              else
              {
                if ( id != 2 )
                  goto LABEL_31;
                // 取消
                *(a1->qword30 + 0x34i64) = 1;
                EndDialog(a1->phwnd__8, 2i64);
              }
              goto LABEL_29;
            }
            *(a1->qword30 + 0x34i64) = 1;
            goto LABEL_39;
          }
          *(a1->qword30 + 0x34i64) = 1;
          if ( a1->isLogin_848 )
            goto LABEL_29;
          GetDlgItemTextW(a1->phwnd__8, 0x643, &a1->key_text_0_98, 0x1E);
          p_key_text_0_98 = &v10->key_text_1_2DC;
          v10->isLogin_848 = 1;
        }
        SetDlgItemTextW(v10->phwnd__8, 0x643, p_key_text_0_98);
LABEL_38:
        a1 = v10;
LABEL_39:
        sub_18039946C(a1);
        goto LABEL_29;
      }
      if ( WORD1(id) != 0x300 )
        goto LABEL_31;
      if ( id != 0x643 )
      {
        if ( id != 0x7EB && id != 0x3F3 )       // 7eb-->email_id
                                                // 3f3 -->name_id
                                                // 
          goto LABEL_31;
        qword30 = a1->qword30;
        goto LABEL_37;
      }
      *(a1->qword30 + 0x34i64) = 1;
      sub_18039946C(a1);
      *a6 = 0i64;
      qword30 = v10->qword30;
      if ( !*(qword30 + 0x34) )
      {
LABEL_37:
        *(qword30 + 0x34) = 1;
        goto LABEL_38;
      }
      break;
    case WM_NOTIFY:
      if ( *(a5 + 0x10) != 0xFFFFFFFE
        || *(a5 + 8) != 0x7EFi64
        || (*(a1->qword30 + 0x34i64) = 1, *a6 = sub_18039AFB8(a1), !*(v10->qword30 + 0x34i64)) )
      {
        if ( *(a5 + 0x10) != 0xFFFFFFFC )
          goto LABEL_31;
        if ( *(a5 + 8) != 0x7EFi64 )
          goto LABEL_31;
        *(v10->qword30 + 0x34i64) = 1;
        *a6 = sub_18039AFB8(v10);
        if ( !*(v10->qword30 + 0x34i64) )
          goto LABEL_31;
      }
      break;
    default:
      goto LABEL_31;
  }
  return 1i64;
}

按钮事件on_ok_180399C2C

UINT __fastcall on_ok_180399C2C(CRegisterDlg *a1)
{
  _DWORD *p_isLogin_848; // rbx
  HWND v3; // rcx
  _QWORD *v4; // rax
  UINT result; // eax
  __int64 v6[2]; // [rsp+30h] [rbp-28h] BYREF
  _Thrd_t v7; // [rsp+40h] [rbp-18h] BYREF

  p_isLogin_848 = &a1->isLogin_848;
  a1->isLogin_848 = IsDlgButtonChecked(a1->phwnd__8, 2107) == 1;
  // get email
  GetDlgItemTextW(a1->phwnd__8, 0x7EB, &a1->email_text_D4, 0x104);
  v3 = a1->phwnd__8;
  if ( *p_isLogin_848 == 1 )
  {
    GetDlgItemTextW(v3, 0x643, &a1->key_text_1_2DC, 0x50);
    a1->gap2DE[0x567] = 1;
    sub_18039946C(a1);
    v4 = sub_1803B0DB0(8i64);
    *v4 = a1;
    // net check  cb
    v6[0] = sub_1803CA080(0i64, 0i64, sub_18039BC58, v4, 0, &v6[1]);
    if ( !v6[0] )
    {
      LODWORD(v6[1]) = 0;
      sub_1803B0884(6);
    }
    if ( !LODWORD(v6[1]) || (v7 = *v6, (result = Thrd_detach(&v7)) != 0) )
      sub_1803B0884(1);
  }
  else
  {
    // 0x643 -->key id
    GetDlgItemTextW(v3, 0x643, &a1->key_text_0_98, 0x1E);
    result = GetDlgItemTextW(a1->phwnd__8, 0x3F3, &a1->field_48, 0x28);
    if ( a1->key_text_0_98 )
    {
      check_18039ACEC(a1);
      sub_180386890(L"Email");
      return sub_180386890(L"Token");
    }
  }
  return result;
}

check_18039ACEC

int __fastcall check_18039ACEC(CRegisterDlg *a1)
{
  WCHAR *p_key_text_0_98; // rdi
  unsigned int v3; // r14d
  int result; // eax
  __int64 *v5; // rdx
  __int64 v6; // rdx
  INT_PTR v7; // rdx
  const wchar_t *v8; // rdi
  int v9; // eax
  char v10; // r9
  unsigned __int16 v11; // dx
  _BYTE v12[40]; // [rsp+40h] [rbp-C8h] BYREF
  __int64 v13[4]; // [rsp+68h] [rbp-A0h] BYREF
  __int16 v14[336]; // [rsp+88h] [rbp-80h] BYREF
  WCHAR Buffer[304]; // [rsp+328h] [rbp+220h] BYREF

  p_key_text_0_98 = &a1->key_text_0_98;
  v3 = check_key_1803A1A60(&a1->key_text_0_98);
  // 0x4a  ==>1001010

  // 6 3 1


  if ( v3 <= 6 && (result = 0x4A, _bittest(&result, v3)) )
  {
    // 1,3,6 时
    if ( *p_key_text_0_98 && LOWORD(a1->field_48) && LOWORD(a1->email_text_D4) )
    {
      sub_18039ABD8(a1, v13);
      memset(&v12[8], 0, 0x20);
      v5 = v13;
      if ( v13[3] > 7ui64 )
        v5 = v13[0];
      sub_1802EAA2C(&v12[8], v5, v13[2]);
      sub_180316CB0(a1->phwnd__8, v6, p_key_text_0_98, &a1->field_48, &a1->email_text_D4, byte_1805DDB28 != 0, &v12[8]);
      v7 = 1i64;
      if ( v3 == 6 )
        v7 = 6i64;
      EndDialog(a1->phwnd__8, v7);
      return sub_1802E9990(v13);
    }
  }
  else if ( v3 == 5 )
  {
    //  227,   "本程序没有被正确安装。请卸载后重新安装本程序。"
    dialog_180374C98(a1->phwnd__8, 227u, 0x10);
    return EndDialog(a1->phwnd__8, 2i64);
  }
  else
  {
    // 2,4,
    if ( StrCmpNW(p_key_text_0_98, L"17", 2) )
    {
      if ( StrCmpNW(p_key_text_0_98, L"18", 2) )
      {
        if ( StrCmpNW(p_key_text_0_98, L"v9", 2) )
        {
          if ( StrCmpNW(p_key_text_0_98, L"A", 1) )
          {
            if ( StrCmpNW(p_key_text_0_98, L"B", 1) )
            {
              v9 = StrCmpNW(p_key_text_0_98, L"C", 1);
              v8 = L"EmEditor Professional v13";
              if ( v9 )
                v8 = 0i64;
            }
            else
            {
              v8 = L"EmEditor Professional v12";
            }
          }
          else
          {
            v8 = L"EmEditor Professional v10/11";
          }
        }
        else
        {
          v8 = L"EmEditor Professional v9";
        }
      }
      else
      {
        v8 = L"EmEditor Professional v8";
      }
    }
    else
    {
      v8 = L"EmEditor Standard";
    }
    if ( v8 )
    {
      //  1136,  "您输入的注册密钥仅用于%s。请重新输入以字母 D 开头的 EmEditor 专业版 v14/v15/v16/v17 的注册密钥。请问您是否需要打开网络浏览器并查看升级或购买信息?"
      LoadStringW(hLibModule, 1136u, Buffer, 0x12C);
      x_sprintf__1802E3F78(v14, 330i64, Buffer, v8);
      result = x_dialog_180374CC4(a1->phwnd__8, v14, 0x34);
      if ( result == 6 )
      {
        // purchase
        sub_18030603C(v14, 330u, 0x1772);
        return sub_180380778(a1->phwnd__8, v14, 0i64, v10);
      }
    }
    else
    {
      //   1137,     "使用该注册密钥注册程序时出现一个错误。"
      v11 = 1137;
      // 1108,   "您输入了一个错误的注册密钥。请重新输入以字母 D 开头的 EmEditor 专业版 v14/v15/v16/v17 的注册密钥。"
      if ( v3 == 2 )
        v11 = 1108;
      return dialog_180374C98(a1->phwnd__8, v11, 0x30);
    }
  }
  return result;
}

check_key_1803A1A60

// local variable allocation has failed, the output may be wrong!
__int64 __fastcall check_key_1803A1A60(wchar_t *key)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  v55[4] = 0;
  // .rdata:000000018054CFE0 dword_18054CFE0 dd 9                    ; DATA XREF: check_key_1803A1A60+26↑r
  // .rdata:000000018054CFE4                 dd 3
  // .rdata:000000018054CFE8                 dd 0
  // .rdata:000000018054CFEC                 dd 4
  *table = _mm_load_si128(&xmmword_18054CFE0);
  v2 = 1;
  table[0xC] = 0xB;
  // .rdata:000000018054D020 dword_18054D020 dd 2                    ; DATA XREF: check_key_1803A1A60+5A↑r
  // .rdata:000000018054D024                 dd 8
  // .rdata:000000018054D028                 dd 7
  // .rdata:000000018054D02C                 dd 10h
  *&table[8] = _mm_load_si128(&xmmword_18054D020);
  table[0xD] = 0xF;
  // .rdata:000000018054D040 dword_18054D040 dd 3                    ; DATA XREF: check_key_1803A1A60+74↑r
  // .rdata:000000018054D044                 dd 0Ah
  // .rdata:000000018054D048                 dd 1
  // .rdata:000000018054D04C                 dd 15h
  *v50 = _mm_load_si128(&xmmword_18054D040);
  table[0xE] = 0xE;
  // .rdata:000000018054D030 dword_18054D030 dd 8                    ; DATA XREF: check_key_1803A1A60+8B↑r
  // .rdata:000000018054D034                 dd 2
  // .rdata:000000018054D038                 dd 1Eh
  // .rdata:000000018054D03C                 dd 12h
  *v51 = _mm_load_si128(&xmmword_18054D030);
  v50[4] = 6;
  // .rdata:000000018054D050 dword_18054D050 dd 17h                  ; DATA XREF: check_key_1803A1A60+9F↑r
  // .rdata:000000018054D054                 dd 0Eh
  // .rdata:000000018054D058                 dd 5
  // .rdata:000000018054D05C                 dd 19h
  *v52 = _mm_load_si128(&xmmword_18054D050);
  v50[5] = 0x1F;
  // .rdata:000000018054CF70 dword_18054CF70 dd 3                    ; DATA XREF: check_key_1803A1A60+B3↑r
  // .rdata:000000018054CF74                 dd 1
  // .rdata:000000018054CF78                 dd 4
  // .rdata:000000018054CF7C                 dd 0
  *v54 = _mm_load_si128(&xmmword_18054CF70);
  v50[6] = 0x1C;
  // .rdata:000000018054CFD0 dword_18054CFD0 dd 1                    ; DATA XREF: check_key_1803A1A60+CA↑r
  // .rdata:000000018054CFD4                 dd 4
  // .rdata:000000018054CFD8                 dd 2
  // .rdata:000000018054CFDC                 dd 3
  *v55 = _mm_load_si128(&xmmword_18054CFD0);
  v51[4] = 0x1D;
  // .rdata:000000018054CFC0 dword_18054CFC0 dd 4                    ; DATA XREF: check_key_1803A1A60+E1↑r
  // .rdata:000000018054CFC4                 dd 0
  // .rdata:000000018054CFC8                 dd 2
  // .rdata:000000018054CFCC                 dd 3
  *v56 = _mm_load_si128(&xmmword_18054CFC0);
  v51[5] = 9;
  // .rdata:000000018054D000 dword_18054D000 dd 0Ah                  ; DATA XREF: check_key_1803A1A60+33↑r
  // .rdata:000000018054D004                 dd 5
  // .rdata:000000018054D008                 dd 1
  // .rdata:000000018054D00C                 dd 6
  *&table[4] = _mm_load_si128(&xmmword_18054D000);
  v51[6] = 0x1A;
  v52[4] = 0x14;
  v52[5] = 7;
  v52[6] = 0x16;
  v54[4] = 2;
  v56[4] = 1;
  wmemcpy(
    v49[0],
    L"2T3YKWEPXB8FQJLU5HZS4V7NDG9AC6RM36DRSQPXJCLAU5HZM74GBTKE9WVN2Y8FMAK7D5T3Y8NFQJLUCVHZ6RG942XBWEPS",
    0x60);
  if ( lstrlenW(key) != 29 )
    return 2i64;
  v3 = 0i64;
  v4 = 1;
  do
  {
    v5 = key[v3];
    if ( v4 == 6 * (v4 / 6) )
    {
      if ( v5 != '-' )
        return 2i64;
    }
    // 不含O 和I
    else if ( (v5 - 'A') > 25u && (v5 - '2') > 7u || v5 == 'O' || v5 == 'I' )
    {
      return 2i64;
    }
    ++v4;
    ++v3;
  }
  while ( v3 < 0x1D );
  if ( *key != 'D' )
    return 2i64;
  v7 = 0i64;
  memset(temp1, 0, sizeof(temp1));
  do
  {
    // {
    // 0x00000009, 0x00000003, 0x00000000, 0x00000004, 0x0000000A, 0x00000005, 0x00000001, 0x00000006,
    //  0x00000002, 0x00000008, 0x00000007, 0x00000010, 0x0000000B, 0x0000000F, 0x0000000E
    // };
    temp1[v7] = key[table[v7]];
    ++v7;
  }
  while ( v7 < 15 );
  temp1[0xF] = 0;
  // 15个字符
  md5_1803A1760(md5_hexstr, temp1);
  if ( lstrlenW(md5_hexstr) != 32 )
    return 2i64;
  *temp2 = 0i64;
  *&SystemTime = 0i64;
  v8 = 0i64;
  *(&SystemTime + 2) = 0;
  *out1_ = 0i64;
  v47 = 0;
  do
  {
    //   // .rdata:000000018054D040 dword_18054D040 dd 3                    ; DATA XREF: check_key_1803A1A60+74↑r
    //   // .rdata:000000018054D044                 dd 0Ah
    //   // .rdata:000000018054D048                 dd 1
    //   // .rdata:000000018054D04C                 dd 15h
    temp2[v8] = md5_hexstr[v50[v8]];
    ++v8;
  }
  while ( v8 < 7 );
  temp2[7] = 0;
  v9 = wcstoul_1803CDBE8(temp2, 0i64, 0x10i64);
  v10 = 0;
  for ( i = 0i64; i < 5; out1[i++] = v49[0][v15] )
  {
    v12 = 4 - v10;
    if ( v10 == 4 )
    {
      v13 = 1;
    }
    else
    {
      v13 = 32;
      if ( v12 > 1 )
      {
        v14 = v12 - 1;
        do
        {
          v13 *= 0x20;
          --v14;
        }
        while ( v14 );
      }
    }
    ++v10;
    v15 = (v9 / v13) & 31;
    v9 %= v13;
  }
  v16 = 0i64;
  out1[v10] = 0;
  do
  {
    // 3,1,4,0,2
    out1_[v16] = out1[v54[v16]];
    ++v16;
  }
  while ( v16 < 2 );
  out1_[2] = 0;
  if ( wstr_cmp_1803D1D0C(key + 12, out1_, 2i64) )
    return 2i64;
  for ( j = 0i64; j < 7; ++j )
    // dd 8                
    // dd 2
    // dd 1Eh
    // dd 12h
    // 0x1d
    // 0x9
    // 0x1a
    temp2[j] = md5_hexstr[v51[j]];
  temp2[7] = 0;
  v18 = wcstoul_1803CDBE8(temp2, 0i64, 0x10i64);
  v19 = 0;
  for ( k = 0i64; k < 5; out1[k++] = v49[1][v24] )
  {
    v21 = 4 - v19;
    if ( v19 == 4 )
    {
      v22 = 1;
    }
    else
    {
      v22 = 32;
      if ( v21 > 1 )
      {
        v23 = v21 - 1;
        do
        {
          v22 *= 32;
          --v23;
        }
        while ( v23 );
      }
    }
    ++v19;
    v24 = (v18 / v22) & 0x1F;
    v18 %= v22;
  }
  v25 = 0i64;
  out1[v19] = 0;
  do
  {
    // 1,4,2,3,0
    out1_[v25] = out1[v55[v25]];
    ++v25;
  }
  while ( v25 < 5 );
  HIWORD(v47) = 0;
  if ( wstr_cmp_1803D1D0C(key + 0x12, out1_, 5i64) )
    return 2i64;
  for ( m = 0i64; m < 7; ++m )
    // dd 17h
    // dd 0Eh
    // dd 5
    // dd 19h
    // 0x14
    // 7
    // 0x16
    temp2[m] = md5_hexstr[v52[m]];
  temp2[7] = 0;
  v27 = wcstoul_1803CDBE8(temp2, 0i64, 0x10i64);
  v28 = 0;
  for ( n = 0i64; n < 5; out1[n++] = v49[2][v33] )
  {
    v30 = 4 - v28;
    if ( v28 == 4 )
    {
      v31 = 1;
    }
    else
    {
      v31 = 32;
      if ( v30 > 1 )
      {
        v32 = v30 - 1;
        do
        {
          v31 *= 0x20;
          --v32;
        }
        while ( v32 );
      }
    }
    ++v28;
    v33 = (v27 / v31) & 0x1F;
    v27 %= v31;
  }
  v34 = 0i64;
  out1[v28] = 0;
  do
  {
    // 4,0,2,3,1
    out1_[v34] = out1[v56[v34]];
    ++v34;
  }
  while ( v34 < 5 );
  HIWORD(v47) = 0;
  if ( wstr_cmp_1803D1D0C(key + 0x18, out1_, 5i64) )
    return 2i64;
  if ( key[3] != 'Z' )
    return 3i64;
  v35 = key[1];
  v36 = key[2];
  if ( (v35 != 'E' || v36 != 'M')
    && (v35 != 'V' || v36 != 'E')
    && (v35 != 'S' || v36 != 'H')
    && (v35 != 'R' || v36 != 'N')
    && (v35 != 'P' || v36 != 'A')
    && (v35 != 'S' || v36 != 'B')
    && (v35 != 'M' || v36 != 'A')
    && (v35 != 'T' || v36 != 'H')
    && (v35 != 'V' || v36 != 'A') )
  {
    return 3i64;
  }
  v37 = key + 6;
  v38 = L"ZWT";
  if ( key[6] == 'Z' )
  {
    while ( *++v38 )
    {
      if ( *++v37 != *v38 )
        goto LABEL_82;
    }
  }
  else
  {
    v39 = L"WHY52";
    if ( *v37 != 'W' )
    {
      v40 = L"292ZX";
      v41 = '2';
      while ( *v37 == v41 )
      {
        v41 = *++v40;
        if ( !*v40 )
          return 3i64;
        ++v37;
      }
LABEL_82:
      v42 = sub_1803A1934(key);
      if ( v42 <= 0 )
        return v2;
      if ( v42 < sub_1803A186C(2024u, 10u, 20u) )
        return 6i64;
      v45 = 0i64;
      GetSystemTime(&v45);
      if ( v42 < sub_1803A186C(v45.wYear, v45.wMonth, v45.wDay) )
        return 6;
      return v2;
    }
    while ( *++v39 )
    {
      if ( *++v37 != *v39 )
        goto LABEL_82;
    }
  }
  return 3i64;
}

检验计算过程可参考如下python代码

格式xxxxx-xxxxx-xxxxx-xxxxx-xxxxx,5*5=25 加上4个’-‘,一共29个字符,2-9 A-Z 不能有'O' 和'I', 
只需关注前17个字符(前3组)
可固定位:
···
  if ( key[3] != 'Z' )
    return 3i64;
  v35 = key[1];
  v36 = key[2];
  if ( (v35 != 'E' || v36 != 'M')
    && (v35 != 'V' || v36 != 'E')
    && (v35 != 'S' || v36 != 'H')
    && (v35 != 'R' || v36 != 'N')
    && (v35 != 'P' || v36 != 'A')
    && (v35 != 'S' || v36 != 'B')
    && (v35 != 'M' || v36 != 'A')
    && (v35 != 'T' || v36 != 'H')
    && (v35 != 'V' || v36 != 'A') )
  {
    return 3i64;
  }
  v37 = key + 6;
  v38 = L"ZWT";
  if ( key[6] == 'Z' )
  {
    while ( *++v38 )
    {
      if ( *++v37 != *v38 )
        goto LABEL_82;
    }
  }
  else
  {
    v39 = L"WHY52";
    if ( *v37 != 'W' )
    {
      v40 = L"292ZX";
···
可固定的位如下:
DMAZ{}-WHY52-{}{}222
当然还有其它组合
import hashlib

tables="2T3YKWEPXB8FQJLU5HZS4V7NDG9AC6RM36DRSQPXJCLAU5HZM74GBTKE9WVN2Y8FMAK7D5T3Y8NFQJLUCVHZ6RG942XBWEPS"
table0=tables[:32]
table1=tables[32:32+32]
table2=tables[64:]

from datetime import datetime

def sub_1803A186C(year, month, day):
    try:
        # 基准日期 (1601-01-01)
        base_date = datetime(1601, 1, 1)
        # 目标日期
        target_date = datetime(year, month, day)
        # 计算两个日期的天数差异
        days_difference = (target_date - base_date).days
        return days_difference 
    except ValueError:
        # 日期无效时返回最大值
        return 0x7FFFFFFF
    
def sub_1803A1934(part:list[str]) :
    v3=0
    for i in range(3):
        v5=ord(part[i])
        v6=0x20*i
        if (v5 - 0x32) > 7:
            if  (v5 - 0x41) > 7 :
                if  (v5 - 0x4A) > 4:
                    if  (v5 - 0x50) > 0xA:
                        return -1
                    v7 = v6 - 0x3B
                else:
                    v7 = v6 - 0x3A
            else:
            
                v7 = v6 - 0x39
        else:
        
            v7 = v6 - 0x32
        
        v3 = v5 + v7; 
    return v3
def calc_number_str(number_hexstr:str,count:int,table:list):

    if isinstance(number_hexstr,str):
        num=int(number_hexstr,16)
    elif isinstance(number_hexstr,int):
        num=number_hexstr
    else:
        raise TypeError('number_hexstr error!')
    # v18 = wcstoul_1803CDBE8(v48, 0i64, 0x10i64);
    out=[0]*count
    for i in range(count):
        r_n = 4 - i
        if  i == 4 :
            div_x = 1
        else:
            div_x = 32
            if r_n > 1 :
                for _ in range(r_n-1):
                    div_x*=32

        index = (num // div_x) & 0x1F
        num %= div_x
        out[i] = table[index]
    print("calc_number_str:",''.join(out))
    return out

'''
"DMAZM-WHY52-AX222-ZQJXN-79JXH"
'''
def check(key:str):
    temp1 = [0] * 15
    temp1[0] = key[9]
    temp1[1] = key[3]
    temp1[2] = key[0]
    temp1[3] = key[4]

    temp1[4] = key[10]
    temp1[5] = key[5]
    temp1[6] = key[1]
    temp1[7] = key[6]

    temp1[8] = key[2]
    temp1[9] = key[8]
    temp1[0xa] = key[7]
    temp1[0xb] = key[0x10]

    temp1[0xc] = key[0xb]
    temp1[0xd] = key[0xf]
    temp1[0xe] = key[0xe]
    # 计算 MD5
    md5_hexstr = hashlib.md5(''.join(temp1).encode()).hexdigest()

    if len(md5_hexstr) != 32:
        return 2
    temp2=[0]*7
    temp2[0]=md5_hexstr[3]
    temp2[1]=md5_hexstr[0xa]
    temp2[2]=md5_hexstr[1]
    temp2[3]=md5_hexstr[0x15]
    temp2[4]=md5_hexstr[6]
    temp2[5]=md5_hexstr[0x1f]
    temp2[6]=md5_hexstr[0x1c]
    n=int(''.join(temp2),16)
    print('n0:%08x'%n)
    out1=calc_number_str(n,5,table0)
    '''
    error :need SXFA4
    '''
    out1_=[0]*5
    out1_[0]=out1[3]
    out1_[1]=out1[1]
    out1_[2]=out1[4]
    out1_[3]=out1[0]
    out1_[4]=out1[2]
    s_out1_=''.join(out1_)
    print('out1:',s_out1_)
    print('key1:',key[12:12+2])
    print('check key[12:+2]==out1_[:2]:',key[12:12+2]==s_out1_[:2])


    temp2[0]=md5_hexstr[0x8]
    temp2[1]=md5_hexstr[0x2]
    temp2[2]=md5_hexstr[0x1e]
    temp2[3]=md5_hexstr[0x12]
    temp2[4]=md5_hexstr[0x1d]
    temp2[5]=md5_hexstr[0x9]
    temp2[6]=md5_hexstr[0x1a]
    n=int(''.join(temp2),16)
    print('n1:%08x'%n)
    out1=calc_number_str(n,5,table1)
    out1_[0]=out1[1]
    out1_[1]=out1[4]
    out1_[2]=out1[2]
    out1_[3]=out1[3]
    out1_[4]=out1[0]
    s_out1_=''.join(out1_)
    print('out2:',s_out1_)
    print('key2:',key[0x12:0x12+5])
    print('check key[0x12:+5]==out2_[:5]:',key[0x12:0x12+5]==s_out1_[:5])

    temp2[0]=md5_hexstr[0x17]
    temp2[1]=md5_hexstr[0xe]
    temp2[2]=md5_hexstr[5]
    temp2[3]=md5_hexstr[0x19]
    temp2[4]=md5_hexstr[0x14]
    temp2[5]=md5_hexstr[0x7]
    temp2[6]=md5_hexstr[0x16]
    n=int(''.join(temp2),16)
    print('n1:%08x'%n)
    out1=calc_number_str(n,5,table2)
    out1_[0]=out1[4]
    out1_[1]=out1[0]
    out1_[2]=out1[2]
    out1_[3]=out1[3]
    out1_[4]=out1[1]
    s_out1_=''.join(out1_)
    print('out3:',s_out1_)
    print('key3:',key[0x18:0x18+5])
    print('check key[0x18:+5]==out3_[:5]:',key[0x18:0x18+5]==s_out1_[:5])

    v42=sub_1803A1934(key[0xe:])
    print(v42)
    days=sub_1803A186C(2024,10,20)
    print('days:',days)

1、离线注册

StoreOfflineLicenseAndValidate

通过CommandLineToArgvW定位到函数get_cmd_140EA8FB0,交叉引用定位到sub_140EA83F0内

再通过文件读取相关api 可定位StoreOfflineLicenseAndValidate_140E5CD80

StoreOfflineLicenseAndValidate_140E5CD80

void __fastcall StoreOfflineLicenseAndValidate_140E5CD80(__int64 a1, wchar_t *filepath, char a3)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  if ( !a3 && byte_141C3C28A )
    return;
  v10 = *(_OWORD *)filepath;
  do_StoreOfflineLicenseAndValidate_14175E1F0(&v14, (wchar_t *)&v10, a3);
  v13 = 0;
  if ( !v14.unknow_28 )
  {
    u = v14.wstr.u;
    v14.wstr.u._Buf[0] = 0;
    *(union std_wstring_union *)lpText = u;
    v12 = *(_OWORD *)&v14.wstr._Mysize;
    *(__m128i *)&v14.wstr._Mysize = _mm_load_si128((const __m128i *)&xmmword_141AB85A0);
LABEL_7:
    v13 = 1;
    sub_140337920(lpText, (__int64)L"\r\n", 2ui64);
    v6 = lpText;
    if ( *((_QWORD *)&v12 + 1) > 7ui64 )
      v6 = (LPCWSTR *)lpText[0];
    if ( Console_write_140E96360(v6) < 0 )
    {
      v7 = (const WCHAR *)lpText;
      if ( *((_QWORD *)&v12 + 1) > 7ui64 )
        v7 = lpText[0];
      MessageBoxW(0i64, v7, L"EmEditor", 0x10u);
    }
    v8 = (const WCHAR *)lpText;
    if ( *((_QWORD *)&v12 + 1) > 7ui64 )
      v8 = lpText[0];
    OutputDebugStringW(v8);
    goto LABEL_17;
  }
  if ( v14.wstr.u._Buf[0] != 1 )
  {
    v4 = *(__int128 *)((char *)&v14.wstr.u + 8);
    v5 = *(_OWORD *)&v14.wstr._Myres;
    v14.wstr.u._Buf[4] = 0;
    *(_OWORD *)lpText = v4;
    *(__m128i *)&v14.wstr._Myres = _mm_load_si128((const __m128i *)&xmmword_141AB85A0);
    v12 = v5;
    goto LABEL_7;
  }
  Console_write_140E96360(L"Offline registration successful.\r\n");
LABEL_17:
  if ( v13 )
    free_140337EE0((__int64)lpText);
  v9 = (ParseRet *)(&v14.wstr.u._Ptr + 1);
  if ( !v14.unknow_28 )
    v9 = &v14;
  free_140337EE0((__int64)v9);
}

do_StoreOfflineLicenseAndValidate_14175E1F0

调用rust库接口,一言难尽

ParseRet *__fastcall do_StoreOfflineLicenseAndValidate_14175E1F0(ParseRet *a1, wchar_t *filepath, char a3)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  // 1、从注册表中删除注册密钥、本地设备令牌和脱机许可证令牌。
  // 清理注册表
  clean_reg_140F04C50(0i64, (__int64)filepath);
  v22.u._Ptr = 0i64;
  xx_init_1418560C0((__int64)(&v22.u._Ptr + 1));
  v23 = 0i64;
  xx_init_1418560C0((__int64)v24);
  xx_init_1418560C0((__int64)v25);
  v26 = 0;
  xx_init_141855FC0((__int64)v27, (_QWORD *)&v22.u._Ptr + 1);
  v28 = v23;
  xx_init_141855FC0((__int64)v29, v24);
  xx_init_141855FC0((__int64)v30, v25);
  sub_14033BEE0((__int64)&v31, (__int64)&v26);
  free_1418560E0((__int64)v25);
  free_1418560E0((__int64)v24);
  free_1418560E0((__int64)(&v22.u._Ptr + 1));
  v6 = sub_14033C6D0((__int64)&v31);
  if ( (unsigned __int8)j_unknown_libname_3(v6) )
  {
    v7 = sub_14033C6D0((__int64)&v31);
    v8 = api::ffi::ResultAPI::value_141856E20(v7);
    v9 = sub_14033C6D0(v8);
    // 清除本地设备令牌
    clean_LocalDeviceToken_140F04CA0(v9);
  }
  v21.u = *(union std_wstring_union *)filepath;
  // 2、读取许可证文件并将其保存到注册表中。
  load_and_save_OfflineLicense_14175DC50((__int64)&v18, (__int64)&v21, a3);
  if ( v20 )
  {
    *((_QWORD *)&v21.u._Ptr + 1) = 0i64;
    v21.u._Ptr = (wchar_t *)byte_1419A9DB0;
    // 3、run ValidateDevice()
    ValidateDevice_14175F1D0((__int64)a1, 0, &v21);
    if ( !v20 )
    {
      if ( si128.m128i_i64[1] > 7ui64 )
      {
        Ptr = (char *)v18._Ptr;
        if ( (unsigned __int64)(2 * si128.m128i_i64[1] + 2) >= 0x1000 )
        {
          Ptr = (char *)*((_QWORD *)v18._Ptr + 0xFFFFFFFF);
          if ( (unsigned __int64)((char *)v18._Ptr - Ptr - 8) > 0x1F )
            invalid_parameter_noinfo_noreturn();
        }
        j_j_free(Ptr);
      }
      si128 = _mm_load_si128((const __m128i *)&xmmword_141AB85A0);
      v18._Buf[0] = 0;
    }
  }
  else
  {
    v11 = v18;
    v18._Buf[0] = 0;
    LOBYTE(v23) = 0;
    v12 = _mm_load_si128((const __m128i *)&xmmword_141AB85A0);
    v22.u = v11;
    *(__m128i *)&v22._Mysize = si128;
    si128 = v12;
    wstring_140337AF0(&v21, &v22, v10);
    v13 = *(_OWORD *)&v21._Mysize;
    a1->wstr.u = v21.u;
    *(_OWORD *)&a1->wstr._Mysize = v13;
    a1->unknow_28 = 0;
    if ( !(_BYTE)v23 )
    {
      if ( v22._Myres > 7 )
      {
        v14 = v22.u._Ptr;
        if ( 2 * v22._Myres + 2 >= 0x1000 )
        {
          v14 = (wchar_t *)*((_QWORD *)v22.u._Ptr + 0xFFFFFFFF);
          if ( (unsigned __int64)((char *)v22.u._Ptr - (char *)v14 - 8) > 0x1F )
            goto LABEL_25;
        }
        j_j_free(v14);
        v12 = _mm_load_si128((const __m128i *)&xmmword_141AB85A0);
      }
      *(__m128i *)&v22._Mysize = v12;
      v22.u._Buf[0] = 0;
    }
    if ( !v20 )
    {
      if ( si128.m128i_i64[1] <= 7ui64 )
      {
LABEL_15:
        si128 = v12;
        v18._Buf[0] = 0;
        goto LABEL_16;
      }
      v15 = v18._Ptr;
      if ( (unsigned __int64)(2 * si128.m128i_i64[1] + 2) < 0x1000
        || (v15 = (wchar_t *)*((_QWORD *)v18._Ptr + 0xFFFFFFFF),
            (unsigned __int64)((char *)v18._Ptr - (char *)v15 - 8) <= 0x1F) )
      {
        j_j_free(v15);
        v12 = _mm_load_si128((const __m128i *)&xmmword_141AB85A0);
        goto LABEL_15;
      }
LABEL_25:
      invalid_parameter_noinfo_noreturn();
    }
  }
LABEL_16:
  drop_api::ffi::ResultAPI_14033C6F0(&v31);
  return a1;
}

ValidateDevice_14175F1D0

__int64 __fastcall ValidateDevice_14175F1D0(__int64 a1, int a2, _QWORD *a3)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  v126 = a2;
  v114 = 0i64;
  xx_init_1418560C0((__int64)v115);
  v116 = 0i64;
  xx_init_1418560C0((__int64)v117);
  xx_init_1418560C0((__int64)v118);
  v120 = 0;
  xx_init_141855FC0((__int64)v121, v115);
  v122 = v116;
  xx_init_141855FC0((__int64)v123, v117);
  xx_init_141855FC0((__int64)v124, v118);
  sub_14033BEE0((__int64)v100, (__int64)&v120);
  free_1418560E0((__int64)v118);
  free_1418560E0((__int64)v117);
  free_1418560E0((__int64)v115);
  v5 = sub_14033C6D0((__int64)v100);
  j_unknown_libname_3(v5);
  v6 = sub_14033C6D0((__int64)v100);
  if ( !v7 )
  {
    v8 = (__FrameHandler3::TryBlockMap *)sub_141856840(v6, (__int64)&cbMultiByte);
    v9 = sub_1418562A0(v8);
    v108.m128i_i64[0] = (__int64)v9;
    v10 = 0xFFFFFFFFFFFFFFFFui64;
    do
      ++v10;
    while ( *((_BYTE *)&v9->ControlPc + v10) );
    v108.m128i_i64[1] = v10;
    *(_QWORD *)&v99 = L"new_api()";
    *((_QWORD *)&v99 + 1) = 9i64;
    v11 = s2w_140F04370(&v125, &v99, &v108);
    u = v11->u;
    v13 = *(_OWORD *)&v11->_Mysize;
    v11->_Mysize = 0i64;
    v11->_Myres = 7i64;
    v11->u._Buf[0] = 0;
    *(union std_wstring_union *)a1 = u;
    *(_OWORD *)(a1 + 0x10) = v13;
    *(_BYTE *)(a1 + 0x28) = 0;
    free_140337EE0((__int64)&v125);
    free_1418560E0((__int64)&cbMultiByte);
    drop_api::ffi::ResultAPI_14033C6F0(v100);
    return a1;
  }
  v14 = api::ffi::ResultAPI::value_141856E20(v6);
  v15 = sub_14033C6D0(v14);
  // 在线注册通过或存储LocalDeviceToken,
  // 所以跳过下面对LocalDeviceToken的处理,
  // 关注后面的ValidateOfflineLicense
  get_LocalDeviceToken_140F04610((__int64)lpWideCharStr);
  if ( v113 )
  {
    // 对LocalDeviceToken 进行验证
    v19 = (const WCHAR *)lpWideCharStr;
    v20 = cchWideChar[0];
    if ( v112 > 7 )
      v19 = lpWideCharStr[0];
    v21 = WideCharToMultiByte(0xFDE9u, 0, v19, cchWideChar[0], 0i64, 0, 0i64, 0i64);
    string_14033C5A0(&cbMultiByte, v21, 0);
    lpMultiByteStr = &cbMultiByte;
    if ( cbMultiByte._Myres > 0xF )
      lpMultiByteStr = (std_string *)cbMultiByte.u._Ptr;
    WideCharToMultiByte(0xFDE9u, 0, v19, v20, lpMultiByteStr->u._Buf, cbMultiByte._Mysize, 0i64, 0i64);
    parse_LocalDeviceClaims_141856660(&v127, (__int64)&cbMultiByte);
    if ( cbMultiByte._Myres > 0xF )
    {
      Ptr = cbMultiByte.u._Ptr;
      if ( cbMultiByte._Myres + 1 >= 0x1000 )
      {
        Ptr = (char *)*((_QWORD *)cbMultiByte.u._Ptr + 0xFFFFFFFF);
        if ( (unsigned __int64)(cbMultiByte.u._Ptr - Ptr - 8) > 0x1F )
          invalid_parameter_noinfo_noreturn();
      }
      j_j_free(Ptr);
    }
    v24 = sub_14033C6D0((__int64)&v127);
    sub_141856B80(v24);
    v25 = sub_14033C6D0((__int64)&v127);
    if ( !v26 )
    {
      if ( !(unsigned __int8)sub_141856BB0() )
      {
        reg_get_or_del_LocalDeviceToken_OfflineLicense__140F04C20();
        WideCharStr = 6;
        v30 = sub_14033C6D0((__int64)&v127);
        v31 = (__FrameHandler3::TryBlockMap *)sub_1418569D0(v30, (__int64)&cbMultiByte);
        v32 = sub_1418562A0(v31);
        v33 = (const CHAR *)v32;
        v34 = 0xFFFFFFFFFFFFFFFFui64;
        do
          ++v34;
        while ( *((_BYTE *)&v32->ControlPc + v34) );
        *(_OWORD *)v102 = 0i64;
        LOWORD(v102[0]) = 0;
        *(_QWORD *)v103 = 0i64;
        *(_QWORD *)&v103[2] = 7i64;
        v35 = MultiByteToWideChar(0xFDE9u, 0, (LPCCH)v32, v34, 0i64, 0);
        v36 = *(_QWORD *)v103;
        v37 = v35;
        if ( (unsigned __int64)v35 > *(_QWORD *)v103 )
        {
          v39 = v35 - *(_QWORD *)v103;
          if ( v39 > *(_QWORD *)&v103[2] - *(_QWORD *)v103 )
          {
            sub_140355020((__m128i *)v102, v39, (unsigned __int8)v127, v39, 0);
          }
          else
          {
            *(_QWORD *)v103 = v35;
            v40 = v102;
            if ( *(_QWORD *)&v103[2] > 7ui64 )
              v40 = (LPWSTR *)v102[0];
            v41 = (_WORD *)v40 + v36;
            if ( v39 )
            {
              for ( i = v35 - v36; i; --i )
                *v41++ = 0;
            }
            *((_WORD *)v40 + v39 + v36) = 0;
          }
        }
        else
        {
          v38 = v102;
          *(_QWORD *)v103 = v37;
          if ( *(_QWORD *)&v103[2] > 7ui64 )
            v38 = (LPWSTR *)v102[0];
          *((_WORD *)v38 + v37) = 0;
        }
        v43 = (WCHAR *)v102;
        if ( *(_QWORD *)&v103[2] > 7ui64 )
          v43 = v102[0];
        MultiByteToWideChar(0xFDE9u, 0, v33, v34, v43, v103[0]);
        *((_QWORD *)&v99 + 1) = 0x1Di64;
        *(_QWORD *)&v99 = L"decode local device token: {}";
        wstr_format_140F08780((__int64)&v106, (__int64)&v99, (__int64)v102);
        v44 = v106;
        v45 = v107;
        v46 = *(_QWORD *)&v103[2];
        *(_WORD *)a1 = WideCharStr;
        LOWORD(v106) = 0;
        *(_OWORD *)(a1 + 8) = v44;
        si128 = _mm_load_si128((const __m128i *)&xmmword_141AB85A0);
        *(_OWORD *)(a1 + 0x18) = v45;
        *(_BYTE *)(a1 + 0x28) = 1;
        v107 = (__int128)si128;
        if ( v46 > 7 )
        {
          v48 = v102[0];
          if ( 2 * v46 + 2 >= 0x1000 )
          {
            v48 = (LPWSTR)*((_QWORD *)v102[0] + 0xFFFFFFFF);
            if ( (unsigned __int64)((char *)v102[0] - (char *)v48 - 8) > 0x1F )
              invalid_parameter_noinfo_noreturn();
          }
          j_j_free(v48);
        }
        *(_QWORD *)v103 = 0i64;
        *(_QWORD *)&v103[2] = 7i64;
        LOWORD(v102[0]) = 0;
        free_1418560E0((__int64)&cbMultiByte);
        goto LABEL_76;
      }
      v27 = 0x16;
      goto LABEL_18;
    }
    v49 = sub_141856E60(v25);
    if ( !isUsb_140F04E10() )
    {
      sub_140F04A30(v102);
      sub_141856010(&cbMultiByte, v102);
      v50 = sub_1418561D0(v49 + 0x28, (__int64)&cbMultiByte);
      free_1418560E0((__int64)&cbMultiByte);
      if ( v50 )
      {
        reg_get_or_del_LocalDeviceToken_OfflineLicense__140F04C20();
        WideCharStr = 6;
        v106 = 0i64;
        v107 = 0i64;
        sub_140338AF0(&v106, (__int64)L"machine ID mismatched", 0x15ui64);
        v51 = v106;
        v52 = v107;
        *(_WORD *)a1 = WideCharStr;
        *(_OWORD *)(a1 + 8) = v51;
        *(_OWORD *)(a1 + 0x18) = v52;
        *(_BYTE *)(a1 + 0x28) = 1;
        sub_140337F70(v102);
        goto LABEL_76;
      }
      sub_140337F70(v102);
    }
    if ( !sub_14175DB30() )
    {
      v27 = 1;
LABEL_18:
      WideCharStr = v27;
      v106 = 0i64;
      v107 = 0i64;
      sub_140338AF0(&v106, (__int64)&Data, 0i64);
      v28 = v106;
      v29 = v107;
      *(_WORD *)a1 = WideCharStr;
      *(_OWORD *)(a1 + 8) = v28;
      *(_OWORD *)(a1 + 0x18) = v29;
      *(_BYTE *)(a1 + 0x28) = 1;
LABEL_76:
      sub_140F059A0(&v127);
      v18 = v113 == 0;
      goto LABEL_77;
    }
    sub_141761610(&v126);
    v53 = sub_1418562A0((__FrameHandler3::TryBlockMap *)(v49 + 0x10));
    v54 = 0xFFFFFFFFFFFFFFFFui64;
    memset(&cbMultiByte, 0, sizeof(cbMultiByte));
    v55 = 0xFFFFFFFFFFFFFFFFui64;
    do
      ++v55;
    while ( *((_BYTE *)&v53->ControlPc + v55) );
    sub_140338C00((__m128i *)&cbMultiByte, (const __m128i *)v53, v55);
    sub_1418566A0(v15, v104, &cbMultiByte);
    if ( cbMultiByte._Myres > 0xF )
      sub_1403382A0((__int64)&cbMultiByte, cbMultiByte.u._Ptr, cbMultiByte._Myres);
    v56 = sub_14033C6D0((__int64)v104);
    sub_141856B70(v56);
    v57 = sub_14033C6D0((__int64)v104);
    if ( !v58 )
    {
      v59 = (__FrameHandler3::TryBlockMap *)sub_1418568E0(v57, (__int64)&cbMultiByte);
      v60 = sub_1418562A0(v59);
      *(_QWORD *)&v99 = v60;
      do
        ++v54;
      while ( *((_BYTE *)&v60->ControlPc + v54) );
      *((_QWORD *)&v99 + 1) = v54;
      s2w_140E6BCB0((LPWSTR)v102, (__m128i *)&v99);
      v61 = *(_OWORD *)v102;
      LOWORD(v102[0]) = 0;
      v62 = *(_OWORD *)v103;
      *(_OWORD *)a1 = v61;
      v63 = _mm_load_si128((const __m128i *)&xmmword_141AB85A0);
      *(_OWORD *)(a1 + 0x10) = v62;
      *(_BYTE *)(a1 + 0x28) = 0;
      *(__m128i *)v103 = v63;
      free_1418560E0((__int64)&cbMultiByte);
      goto LABEL_75;
    }
    v67 = sub_141856E40(v57);
    v68 = (__FrameHandler3::TryBlockMap *)(v49 + 0x10);
    if ( *(_BYTE *)(v67 + 0x48) )
    {
      v69 = sub_1418562A0(v68);
      memset(&cbMultiByte, 0, sizeof(cbMultiByte));
      v70 = 0xFFFFFFFFFFFFFFFFui64;
      do
        ++v70;
      while ( *((_BYTE *)&v69->ControlPc + v70) );
      sub_140338C00((__m128i *)&cbMultiByte, (const __m128i *)v69, v70);
      sub_1418566C0(v15, &v108, &cbMultiByte);
      if ( cbMultiByte._Myres > 0xF )
        sub_1403382A0((__int64)&cbMultiByte, cbMultiByte.u._Ptr, cbMultiByte._Myres);
      v71 = sub_14033C6D0((__int64)&v108);
      sub_141856BA0(v71);
      v72 = sub_14033C6D0((__int64)&v108);
      if ( v73 )
      {
        WideCharStr = *(_WORD *)sub_141856EA0(v72);
        sub_140337A80(&v106, (__int64)L"change unregistered device to registered");
        sub_1417615D0(a1, &WideCharStr);
        free_140337EE0((__int64)&v106);
        sub_1417612D0(&v108);
      }
      else
      {
        v74 = (__FrameHandler3::TryBlockMap *)sub_141856AC0(v72, (__int64)&cbMultiByte);
        v75 = sub_1418562A0(v74);
        *(_QWORD *)&v99 = v75;
        do
          ++v54;
        while ( *((_BYTE *)&v75->ControlPc + v54) );
        *((_QWORD *)&v99 + 1) = v54;
        s2w_140E6BCB0((LPWSTR)v102, (__m128i *)&v99);
        v76 = *(_OWORD *)v102;
        LOWORD(v102[0]) = 0;
        v77 = *(_OWORD *)v103;
        v78 = _mm_load_si128((const __m128i *)&xmmword_141AB85A0);
        *(_OWORD *)a1 = v76;
        *(_OWORD *)(a1 + 0x10) = v77;
        *(_BYTE *)(a1 + 0x28) = 0;
        *(__m128i *)v103 = v78;
        free_140337EE0((__int64)v102);
        free_1418560E0((__int64)&cbMultiByte);
        sub_1417612D0(&v108);
      }
      goto LABEL_75;
    }
    v79 = sub_1418562A0(v68);
    memset(&cbMultiByte, 0, sizeof(cbMultiByte));
    do
      ++v54;
    while ( *((_BYTE *)&v79->ControlPc + v54) );
    sub_140338C00((__m128i *)&cbMultiByte, (const __m128i *)v79, v54);
    sub_141856730(v15, v109, &cbMultiByte);
    sub_140337F70(&cbMultiByte);
    v80 = sub_14033C6D0((__int64)v109);
    if ( !(unsigned __int8)j_unknown_libname_3(v80) )
    {
      v81 = sub_14033C6D0((__int64)v109);
      v82 = (__FrameHandler3::TryBlockMap *)sub_141856930(v81, (__int64)v102);
      v83 = sub_1418562A0(v82);
      v99 = *(_OWORD *)sub_14033BEB0(&v108, (__int64)v83);
      v84 = sub_14175DB00(&WideCharStr, &v99);
      v85 = std::wstring::wstring(v119, v84);
      *(_OWORD *)a1 = 0i64;
      *(_QWORD *)(a1 + 0x10) = 0i64;
      *(_QWORD *)(a1 + 0x18) = 0i64;
      *(_OWORD *)a1 = *(_OWORD *)v85;
      *(_OWORD *)(a1 + 0x10) = *(_OWORD *)(v85 + 0x10);
      *(_QWORD *)(v85 + 0x10) = 0i64;
      *(_QWORD *)(v85 + 0x18) = 7i64;
      *(_WORD *)v85 = 0;
      *(_BYTE *)(a1 + 0x28) = 0;
      free_140337EE0((__int64)v119);
      free_140337EE0((__int64)&WideCharStr);
      free_1418560E0((__int64)v102);
LABEL_74:
      sub_14033C6E0(v109);
LABEL_75:
      sub_140EA01E0((LPVOID **)v104, v64, v65, v66);
      goto LABEL_76;
    }
    if ( sub_141746670(*(_QWORD *)(v49 + 8)) )
    {
      v86 = sub_1418562A0((__FrameHandler3::TryBlockMap *)(v49 + 0x10));
      sub_140337C30(&cbMultiByte, v86);
      v87 = sub_14033DC20((__int64)&WideCharStr, a3);
      sub_1418566E0(v15, &v108, v87, (__int64)&cbMultiByte);
      sub_140337F70(&WideCharStr);
      sub_140337F70(&cbMultiByte);
      v88 = sub_14033C6D0((__int64)&v108);
      sub_141856B70(v88);
      v89 = sub_14033C6D0((__int64)&v108);
      if ( !v90 )
      {
        v91 = (__FrameHandler3::TryBlockMap *)sub_141856B10(v89, &cbMultiByte);
        v92 = sub_1418562A0(v91);
        v99 = *(_OWORD *)sub_14033BEB0(v102, (__int64)v92);
        v93 = sub_14175DB00(v119, &v99);
        v94 = std::wstring::wstring(&WideCharStr, v93);
        sub_1417616C0(a1, v94);
        free_140337EE0((__int64)&WideCharStr);
        free_140337EE0((__int64)v119);
        free_1418560E0((__int64)&cbMultiByte);
        sub_140EE3A60(&v108);
        goto LABEL_74;
      }
      v95 = (__FrameHandler3::TryBlockMap *)sub_141856EB0();
      v96 = sub_1418562A0(v95);
      v99 = *(_OWORD *)sub_14033BEB0(v102, (__int64)v96);
      v97 = s2w_140E6BCB0(&WideCharStr, (__m128i *)&v99);
      v99 = *(_OWORD *)sub_140356140(v97, &cbMultiByte);
      save_LocalDeviceToken_140F045F0((BYTE **)&v99);
      free_140337EE0((__int64)&WideCharStr);
      sub_140EE3A60(&v108);
    }
    WideCharStr = 1;
    sub_140337A80(&v106, (__int64)&Data);
    sub_1417615D0(a1, &WideCharStr);
    free_140337EE0((__int64)&v106);
    goto LABEL_74;
  }
  ValidateOfflineLicense_14175EA60(a1, v16, v17);
  v18 = v113 == 0;
LABEL_77:
  if ( !v18 )
    free_140337EE0((__int64)lpWideCharStr);
  drop_api::ffi::ResultAPI_14033C6F0(v100);
  return a1;
}

ValidateOfflineLicense_14175EA60

__int64 __fastcall ValidateOfflineLicense_14175EA60(__int64 a1, __int64 a2, __int64 a3)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  get_OfflineLicense_14175E4F0((__int64)&lpWideCharStr, a2, a3);
  if ( !v54 )
  {
    // If the offline license token does not exist, validation succeeds. One case where this may happen is if registration previously failed due to a network error but the registration key was valid. This allows EmEditor to be used in such case.
    *(_WORD *)v48 = 1;
    *(_OWORD *)&v48[8] = 0i64;
    v49 = 0i64;
    sub_140338AF0(&v48[8], (__int64)&Data, 0i64);
    v4 = *(_OWORD *)&v48[8];
    v5 = v49;
    // ?? 未验证
    // 如果离线许可证令牌不存在,则验证成功。
    // 可能发生这种情况的一种情况是,如果以前由于网络错误而注册失败,但注册密钥有效。这允许在这种情况下使用 EmEditor。
    *(_WORD *)a1 = 1;
    *(_OWORD *)(a1 + 8) = v4;
    *(_OWORD *)(a1 + 0x18) = v5;
    *(_BYTE *)(a1 + 0x28) = 1;
    goto LABEL_42;
  }
  p_lpWideCharStr = &lpWideCharStr;
  v7 = 0xFFFFFFFFFFFFFFFFui64;
  if ( lpWideCharStr._Myres > 7 )
    p_lpWideCharStr = (std_wstring *)lpWideCharStr.u._Ptr;
  v8 = 0xFFFFFFFFFFFFFFFFui64;
  do
    ++v8;
  while ( p_lpWideCharStr->u._Buf[v8] );
  v9 = WideCharToMultiByte(0xFDE9u, 0, p_lpWideCharStr->u._Buf, v8, 0i64, 0, 0i64, 0i64);
  string_14033C5A0(&cbMultiByte, v9, 0);
  lpMultiByteStr = &cbMultiByte;
  if ( cbMultiByte._Myres > 0xF )
    lpMultiByteStr = (std_string *)cbMultiByte.u._Ptr;
  WideCharToMultiByte(0xFDE9u, 0, p_lpWideCharStr->u._Buf, v8, lpMultiByteStr->u._Buf, cbMultiByte._Mysize, 0i64, 0i64);
  decode_LicenseFileClaims_141856680(&v71, (__int64)&cbMultiByte);
  v11 = sub_14033C6D0((__int64)&v71);
  if ( (unsigned __int8)sub_141856B70(v11) )
  {
    v58 = 0i64;
    xx_init_1418560C0((__int64)v59);
    v60 = 0i64;
    xx_init_1418560C0((__int64)v61);
    xx_init_1418560C0((__int64)v62);
    v66 = v58;
    xx_init_141855FC0((__int64)v67, v59);
    v68 = v60;
    xx_init_141855FC0((__int64)v69, v61);
    xx_init_141855FC0((__int64)v70, v62);
    sub_14033BEE0((__int64)&v72, (__int64)&v66);
    free_1418560E0((__int64)v62);
    free_1418560E0((__int64)v61);
    free_1418560E0((__int64)v59);
    v31 = sub_14033C6D0((__int64)&v72);
    if ( (unsigned __int8)j_unknown_libname_3(v31) )
    {
      v35 = sub_14033C6D0((__int64)&v72);
      v36 = api::ffi::ResultAPI::value_141856E20(v35);
      v37 = sub_14033C6D0(v36);
      sub_140F04A30(v55);
      sub_141856010(v63, &cbMultiByte);
      sub_141856010(v64, v55);
      sub_141856E00(v37, &v73, v63);
      v38 = sub_14033C6D0((__int64)&v73);
      if ( (unsigned __int8)sub_141856BA0(v38) )
      {
        v42 = sub_14033C6D0((__int64)&v73);
        v43 = (__int16 *)sub_141856EA0(v42);
        v51 = 0i64;
        v50 = *v43;
        v52 = 0i64;
        sub_140338AF0(&v51, (__int64)L"validate offline license", 0x18ui64);
        v44 = v51;
        v45 = v52;
        *(_WORD *)a1 = v50;
        *(_OWORD *)(a1 + 8) = v44;
        *(_OWORD *)(a1 + 0x18) = v45;
        *(_BYTE *)(a1 + 0x28) = 1;
        sub_1417612D0(&v73);
        free_1418560E0((__int64)v64);
        free_1418560E0((__int64)v63);
        if ( si128.m128i_i64[1] > 0xFui64 )
        {
          v46 = (void *)v55[0];
          if ( (unsigned __int64)(si128.m128i_i64[1] + 1) >= 0x1000 )
          {
            v46 = *(void **)(v55[0] - 8);
            if ( (unsigned __int64)(v55[0] - (_QWORD)v46 - 8) > 0x1F )
              goto LABEL_58;
          }
          j_j_free(v46);
        }
        si128 = _mm_load_si128((const __m128i *)&xmmword_141AB85E0);
        LOBYTE(v55[0]) = 0;
        drop_api::ffi::ResultAPI_14033C6F0(&v72);
        sub_1417612E0(&v71);
        if ( cbMultiByte._Myres <= 0xF )
          goto LABEL_41;
        Ptr = cbMultiByte.u._Ptr;
        if ( cbMultiByte._Myres + 1 < 0x1000 )
          goto LABEL_40;
        Ptr = (char *)*((_QWORD *)cbMultiByte.u._Ptr + 0xFFFFFFFF);
        if ( (unsigned __int64)(cbMultiByte.u._Ptr - Ptr - 8) <= 0x1F )
          goto LABEL_40;
LABEL_58:
        invalid_parameter_noinfo_noreturn();
      }
      v50 = 1;
      v51 = 0i64;
      v52 = 0i64;
      sub_140338AF0(&v51, (__int64)&Data, 0i64);
      v39 = v51;
      v40 = v52;
      *(_WORD *)a1 = v50;
      *(_OWORD *)(a1 + 8) = v39;
      *(_OWORD *)(a1 + 0x18) = v40;
      *(_BYTE *)(a1 + 0x28) = 1;
      sub_1417612D0(&v73);
      free_1418560E0((__int64)v64);
      free_1418560E0((__int64)v63);
      if ( si128.m128i_i64[1] > 0xFui64 )
      {
        v41 = (void *)v55[0];
        if ( (unsigned __int64)(si128.m128i_i64[1] + 1) >= 0x1000 )
        {
          v41 = *(void **)(v55[0] - 8);
          if ( (unsigned __int64)(v55[0] - (_QWORD)v41 - 8) > 0x1F )
            goto LABEL_58;
        }
        j_j_free(v41);
      }
      si128 = _mm_load_si128((const __m128i *)&xmmword_141AB85E0);
      LOBYTE(v55[0]) = 0;
    }
    else
    {
      v50 = 1;
      v51 = 0i64;
      v52 = 0i64;
      sub_140338AF0(&v51, (__int64)&Data, 0i64);
      v32 = v51;
      v33 = v52;
      *(_WORD *)a1 = v50;
      *(_OWORD *)(a1 + 8) = v32;
      *(_OWORD *)(a1 + 0x18) = v33;
      *(_BYTE *)(a1 + 0x28) = 1;
    }
    drop_api::ffi::ResultAPI_14033C6F0(&v72);
    sub_1417612E0(&v71);
    if ( cbMultiByte._Myres <= 0xF )
      goto LABEL_41;
    Ptr = cbMultiByte.u._Ptr;
    if ( cbMultiByte._Myres + 1 < 0x1000 )
      goto LABEL_40;
    Ptr = (char *)*((_QWORD *)cbMultiByte.u._Ptr + 0xFFFFFFFF);
    if ( (unsigned __int64)(cbMultiByte.u._Ptr - Ptr - 8) <= 0x1F )
      goto LABEL_40;
    goto LABEL_58;
  }
  v50 = 6;
  v12 = sub_14033C6D0((__int64)&v71);
  v13 = (__FrameHandler3::TryBlockMap *)sub_141856980(v12, (__int64)v65);
  // 校验失败
  // ex:
  // InvalidToken
  // Invalid xxxx
  v14 = sub_1418562A0(v13);
  v15 = (const CHAR *)v14;
  do
    ++v7;
  while ( *((_BYTE *)&v14->ControlPc + v7) );
  memset(v48, 0, sizeof(v48));
  *(_WORD *)v48 = 0;
  *(_QWORD *)&v49 = 7i64;
  v16 = MultiByteToWideChar(0xFDE9u, 0, (LPCCH)v14, v7, 0i64, 0);
  v17 = *(_QWORD *)&v48[0x10];
  v18 = v16;
  if ( (unsigned __int64)v16 > *(_QWORD *)&v48[0x10] )
  {
    v20 = v16 - *(_QWORD *)&v48[0x10];
    if ( v20 > (_QWORD)v49 - *(_QWORD *)&v48[0x10] )
    {
      sub_140355020((__m128i *)v48, v20, (unsigned __int8)v71, v20, 0);
    }
    else
    {
      *(_QWORD *)&v48[0x10] = v16;
      v21 = v48;
      if ( (unsigned __int64)v49 > 7 )
        v21 = *(_BYTE **)v48;
      v22 = &v21[2 * v17];
      if ( v20 )
      {
        for ( i = v16 - v17; i; --i )
          *v22++ = 0;
      }
      *(_WORD *)&v21[2 * v17 + 2 * v20] = 0;
    }
  }
  else
  {
    v19 = v48;
    *(_QWORD *)&v48[0x10] = v18;
    if ( (unsigned __int64)v49 > 7 )
      v19 = *(_BYTE **)v48;
    *(_WORD *)&v19[2 * v18] = 0;
  }
  v24 = (WCHAR *)v48;
  if ( (unsigned __int64)v49 > 7 )
    v24 = *(WCHAR **)v48;
  MultiByteToWideChar(0xFDE9u, 0, v15, v7, v24, *(int *)&v48[0x10]);
  v57[1] = 0x1Ai64;
  v57[0] = (__int64)L"decode offline license: {}";
  wstr_format_140F08780((__int64)&v51, (__int64)v57, (__int64)v48);
  v25 = v51;
  v26 = v52;
  v27 = v49;
  *(_WORD *)a1 = v50;
  LOWORD(v51) = 0;
  *(_OWORD *)(a1 + 8) = v25;
  v28 = _mm_load_si128((const __m128i *)&xmmword_141AB85A0);
  *(_OWORD *)(a1 + 0x18) = v26;
  *(_BYTE *)(a1 + 0x28) = 1;
  v52 = (__int128)v28;
  if ( v27 > 7 )
  {
    v29 = *(void **)v48;
    if ( 2 * v27 + 2 >= 0x1000 )
    {
      v29 = *(void **)(*(_QWORD *)v48 - 8i64);
      if ( (unsigned __int64)(*(_QWORD *)v48 - (_QWORD)v29 - 8i64) > 0x1F )
        goto LABEL_59;
    }
    j_j_free(v29);
  }
  *(_QWORD *)&v48[0x10] = 0i64;
  *(_QWORD *)&v49 = 7i64;
  *(_WORD *)v48 = 0;
  free_1418560E0((__int64)v65);
  sub_1417612E0(&v71);
  if ( cbMultiByte._Myres > 0xF )
  {
    Ptr = cbMultiByte.u._Ptr;
    if ( cbMultiByte._Myres + 1 < 0x1000
      || (Ptr = (char *)*((_QWORD *)cbMultiByte.u._Ptr + 0xFFFFFFFF),
          (unsigned __int64)(cbMultiByte.u._Ptr - Ptr - 8) <= 0x1F) )
    {
LABEL_40:
      j_j_free(Ptr);
      goto LABEL_41;
    }
LABEL_59:
    invalid_parameter_noinfo_noreturn();
  }
LABEL_41:
  cbMultiByte.u._Buf[0] = 0;
  cbMultiByte._Myres = 0xFi64;
  cbMultiByte._Mysize = 0i64;
LABEL_42:
  if ( v54 )
    free_140337EE0((__int64)&lpWideCharStr);
  return a1;
}

decode_LicenseFileClaims_141856680

__m128i **__fastcall decode_LicenseFileClaims_141856680(__m128i **a1, _QWORD *a2)
{
  *a1 = decode_offline_licenseapi_14009A390(a2);
  return a1;
}

decode_offline_licenseapi_14009A390

__m128i *__fastcall decode_offline_licenseapi_14009A390(_QWORD *a1)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  v225 = 0xFFFFFFFFFFFFFFFEui64;
  // decode_offline_licenseapi
  v162 = aApiFfiDecodeOf;
  v163 = 0x20i64;
  if ( qword_141C2AE60 != 3 )
    get_es384pub_key_141893580();
  v3 = sub_141856330(a1);
  jumpbuf_sp = _except_get_jumpbuf_sp(a1);
  sub_1400B41F0((__int64)&v156, (__int64)v3, jumpbuf_sp);
  v5 = *(_OWORD *)&v156.m256i_u64[1];
  if ( v156.m256i_i64[0] )
  {
    *(_OWORD *)v156.m256i_i8 = *(_OWORD *)&v156.m256i_u64[1];
    v6 = sub_141894540((__int64)&v156);
    goto LABEL_271;
  }
  sub_14011D160((__int64)&v164);
  sub_140109470(&v149, v5, *((__int64 *)&v5 + 1), (__int64)&v164);
  v7 = (void *)0x8000000000000001i64;
  if ( v149.m128i_i64[0] == 0x8000000000000001ui64 )
  {
    v8 = v149.m128i_i64[1];
    goto LABEL_233;
  }
  sub_141891EC0(v146, &v149, 0x1B0ui64);
  // ??rust jsonwebtoken::decode
  jwt_decode_1400158A0(&ret_dec, v154, v155);

get_es384pub_key_141893580

runonce
get_pub_key_140017B10==>load_public_key_140107710
==>
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdFXkM+nFOhoI8bjAsThl/59LXkYK7f2F
1baTcak6GyFecRF0CXvvF2UzIozW1LZ/8bxd1XnBUvry5X6zchitsQ80ZppPrCBv
7SqnMf/A2QscH1uA5kf1iPPezfOONKla
-----END PUBLIC KEY-----

公钥解析,python

from Crypto.PublicKey import ECC
der_public_key='''-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdFXkM+nFOhoI8bjAsThl/59LXkYK7f2F
1baTcak6GyFecRF0CXvvF2UzIozW1LZ/8bxd1XnBUvry5X6zchitsQ80ZppPrCBv
7SqnMf/A2QscH1uA5kf1iPPezfOONKla
-----END PUBLIC KEY-----'''
def import_ecc_der_pubkey(data,passphrase=None):
    try:
        # 从二进制数据中导入RSA密钥
        ecc_key = ECC.import_key(data,passphrase=passphrase)
        print("ECC密钥导入成功!")
        # 打印公钥的详细信息
        print("公钥曲线:", ecc_key.curve)
        print("公钥点 (x):", ecc_key.pointQ.x)
        print("公钥点 (y):", ecc_key.pointQ.y)
        return ecc_key
    except ValueError as e:
        print(f"导入ECC密钥失败: {e}")
        
        
pk=import_ecc_der_pubkey(der_public_key)
print(pk)
ECC密钥导入成功!
公钥曲线: NIST P-384
公钥点 (x): 17905674288302374126776080839605784295157890434552731362080489556256033570736476112228381427146711389417315199399551
公钥点 (y): 37206545926132456148029572453066132337942826421428526502333949665964583459207627949305093577493904048380634710976858
EccKey(curve='NIST P-384', point_x=17905674288302374126776080839605784295157890434552731362080489556256033570736476112228381427146711389417315199399551, point_y=37206545926132456148029572453066132337942826421428526502333949665964583459207627949305093577493904048380634710976858)

3、验证

jwt的验证调用rust接口,使用jsonwebtoken库

Keats/jsonwebtoken: JWT lib in rust

/*
#[derive(Debug, Serialize, Deserialize)]
struct Claims {
    aud: String,         // Optional. Audience
    exp: usize,          // Required (validate_exp defaults to true in validation). Expiration time (as UTC timestamp)
    iat: usize,          // Optional. Issued at (as UTC timestamp)
    iss: String,         // Optional. Issuer
    nbf: usize,          // Optional. Not Before (as UTC timestamp)
    sub: String,         // Optional. Subject (whom token refers to)
}
*/
#[derive(Debug, Serialize, Deserialize)]
struct LicenseFileClaims {
    exp: u64,
    //LicenseFile
    LicenseID: String,
    FullName: String,
    Email: String,
    StripeSubscriptionID: String
}
/*
struct LocalDeviceClaims {
    exp:u64,
    iat:u64,
    //LocalDevice
    DeviceID:String,
    MachineID:String,//m_id
    StripeSubscriptionID:String,
}
*/

生成OfflineLicense jwt

rust 不熟,让ai生成了一段验证代码

use jsonwebtoken::{decode, encode, errors::Error, Algorithm, DecodingKey, EncodingKey, Header, TokenData, Validation};
use serde::{Serialize, Deserialize};

#[derive(Debug, Serialize, Deserialize)]
struct LicenseFileClaims {
    exp: u64,
    /*
    LicenseFile
    */
    LicenseID: String,
    FullName: String,
    Email: String,
    StripeSubscriptionID: String//Option<String>, // 使用 Option 类型来处理可选字段
}
struct LocalDeviceClaims {
    exp:u64,
    iat:u64,
    //LocalDevice
    DeviceID:String,
    MachineID:String,//m_id
    StripeSubscriptionID:String,
}
impl LicenseFileClaims {
    fn new(exp: u64,licenseID: String, full_name: String, email: String, stripe_subscription_id: String) -> Self {
        Self {
            exp,
            LicenseID:licenseID,
            FullName: full_name,
            Email: email,
            StripeSubscriptionID: stripe_subscription_id,
        }
    }
}
fn encode_license(claims: &LicenseFileClaims, private_key_pem: &str) -> Result<String, jsonwebtoken::errors::Error> {
    // 使用 ES256 算法
    let mut header: Header = Header::new(Algorithm::ES384);
    let encoding_key = EncodingKey::from_ec_pem(private_key_pem.as_bytes())?;
    encode(&header, claims, &encoding_key)
}

fn decode_license(token: &str, public_key_pem: &str) -> Result<TokenData<LicenseFileClaims>, jsonwebtoken::errors::Error> {
    let decoding_key = DecodingKey::from_ec_pem(public_key_pem.as_bytes())?;
    decode::<LicenseFileClaims>(token, &decoding_key, &Validation::new(Algorithm::ES384))
}
pub fn jwt_main() -> Result<(), Error> {
    let claims: LicenseFileClaims = LicenseFileClaims::new(
        10000000000,
        "licikun".to_string(),
        "ikun".to_string(),
        "[email protected]".to_string(),
        "".to_string(),
    );
/*
生成ecc 公私密钥
openssl ecparam -genkey -name prime256v1 -noout -out ec_private_key.pem && openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem

转pkcs#8
openssl pkcs8 -topk8 -nocrypt -in ec_private_key.pem -out ec_private_key_pkcs8.pem
*/
    // ECC 私钥
    let private_key_pem = r#"
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAfmvhFWjbrNUXGGXcx
6m1XXlDldGtnHEVJSFI6Xa+KUc0h3gfvMPgl5s3C+4kfT3qhZANiAAQ8Kcx2uErL
iF7TY9E3v3Iv8RoCMfjQwzYFPDYbISV1zfMXVhbY9Q1muSNKqMje80iIrvRgs1mW
EqSwdoTTy1xMwjlBEiZffLDaynhKHVlfXfKmh9kw6j1+/A2qCnoDvoU=
-----END PRIVATE KEY-----
    "#;

    // ECC 公钥
    let public_key_pem = r#"
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPCnMdrhKy4he02PRN79yL/EaAjH40MM2
BTw2GyEldc3zF1YW2PUNZrkjSqjI3vNIiK70YLNZlhKksHaE08tcTMI5QRImX3yw
2sp4Sh1ZX13ypofZMOo9fvwNqgp6A76F
-----END PUBLIC KEY-----

    "#;
    // let encoding_key = EncodingKey::from_ec_pem(private_key_pem.as_bytes())?;
    // 编码为 JWT token
    match encode_license(&claims, private_key_pem) {
        Ok(token) => {
            println!("Encoded token: {}", token);

            // 解码 JWT token
            let var_name = match decode_license(&token, public_key_pem) {
                Ok(decoded_data) => {
                    println!("Decoded claims: {:?}", decoded_data.claims);
                    Ok(())
                }
                Err(e) => {
                    println!("Failed to decode token: {:?}", e);
                    Ok(())
                }
            };
            var_name
        }
        Err(e) => {
            println!("Failed to encode claims: {:?}", e);
            Ok(())
        }
    }
}

将Encoded token 输出的内用保存到文件中,在patch后(或者内存补丁)

便可以通过 /ol 离线注册,

或者在eeCommon.ini中[Common]下添加OfflineLicense=xxxxxxxxxxx

image-20241109194204299

patch公钥

公钥位置:

image-20241109192612415

使用自己的ES384公钥进行替换

patch完整性校验(可选)

内存修补公钥则无需patch

image-20241109192953876

sub_141767690

__int64 __fastcall sub_141767690(__int64 a1)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  if ( byte_141C3C28A )
    return 1i64;
  v2 = byte_141BE02DF;
  if ( byte_141BE02DF == (char)0xFF )
  {
    v2 = get_common_Edition_140E99B80(L"SDS", 0) == 0x78C19A68;
    byte_141BE02DF = v2;
  }
  if ( v2 == 1 )
    return 1i64;
  result = sub_140E9A6D0(a1, 0xFFFFFFFFi64);
  if ( !(_DWORD)result )
    return result;
  v10[0] = 0x20i64;
  v10[1] = a1;
  v18 = 0i64;
  v14 = 1i64;
  pWVTData = 0i64;
  v13 = 0i64;
  v15 = v10;
  v4 = 0;
  v17 = 0i64;
  LODWORD(pWVTData) = 0x58;
  v11 = 0i64;
  DWORD2(v13) = 2;
  v16 = 0i64;
  DWORD2(v17) = 0x10;
  pgActionID.Data1 = 0xAAC56B;
  *(_DWORD *)&pgActionID.Data2 = 0x11D0CD44;
  *(_DWORD *)pgActionID.Data4 = 0xC000C28C;
  *(_DWORD *)&pgActionID.Data4[4] = 0xEE95C24F;
  v5 = WinVerifyTrust(0i64, &pgActionID, &pWVTData);
  if ( !v5 )//mark
    return 1i64; 
  sub_141892560(Buffer, 0, 0x640ui64);
  // 130,    "一个程序文件的数字签名无法验证或已损坏。请再次卸载,下载并安装此产品。如果您的计算机未连接到网络,请连接网络,或参阅我们网站上的“常见问题解答”以安装中间证书。"
  v6 = 130;
  // 222,    "一个程序文件的数字签名无法验证。如果您的计算机未连接到网络,请连接网络,或参阅我们网站上的“常见问题解答”以安装 Sectigo 安装中间证书。"
  if ( v5 == 0x800B010A )
    v6 = 222;
  LoadStringW(hInstance, v6, (LPWSTR)Buffer, 0x320);
  if ( v5 != 0x800B010A )
  {
    sub_14032DEA0(v19, 0x50i64, (__int64)L" (0x%x)", v5);
    sub_14032DDE0(Buffer, 0x320i64, v19);
  }
  v21 = 0;
  ActiveWindow = (unsigned int)GetActiveWindow();
  v8 = sub_140ED9080(ActiveWindow, (int)Buffer, a1, (__int64)&v21, 2, 0xFFFEi64);
  if ( v21 )
  {
    if ( v8 == 1 )
      byte_141BE02DF = 1;
  }
  LOBYTE(v4) = v8 == 1;
  return v4;
}

离线注册

通过 /ol "licenseFilePath" 离线注册

Offline Registration — EmEditor Help

  1. Use the command line option /ol "licenseFilePath" where licenseFilePath is the path to the license file. The following is an example of the command.
EmEditor.exe /ol "C:\Users\Example\emeditorLicenseFile-a7PT7Au3TOelfK1w.txt"

ps

联网不可用,必须禁用程序网络!

在patch ec384 公钥和完整性校验,离线注册之后

注册信息

image-20241109172840892

关于页面仍显示未注册!(注册意味着要在线验证,那必然过不了验证0.0)

image-20241109172909516

标签:__,EmEditor,0i64,24.4,离线,a1,int64,key,sub
From: https://www.cnblogs.com/DirWang/p/18537207

相关文章

  • 科大讯飞离线lunix tts demo使用
    项目中需要用到后台服务端用文本生成语音,网上大部分都是通过ai大模型推理出来的,还有写其他方式的,效果和生成时间都比较不理想,但是讯飞生成的只需要零点几秒,不愧是行业NO1,下面说下怎么使用。1、下载官方demo。2、在官方demo目录下,执行source 32bit_make.sh或64bit_make.sh,根据......
  • Linux离线安装gcc4.8
    Linux离线安装gcc4.8https://pan.baidu.com/s/1J-wVsAoTmfn_iiOnYSrmZApwd:beeelinux离线安装gcc4.8.5(简单易懂,已成功安装)联网的情况下直接使用命令yum-yinstallgcc安装。不能联网就需要离线安装了。步骤如下:获取离线安装包:可以使用我已经下载好的包,链接:https://p......
  • IP地址归属地-ip离线库
    近期大家应该不难发现,很多平台(小红书、微博、抖音等)已经陆续的开启了用户的ip归属地显示功能,而且这个归属地展示是不允许被关闭或者隐藏的。那什么是ip地址归属地呢?ip离线库又是什么?ip地址归属地及ip地址离线库介绍:https://www.wapi.cn/ip_offline.htmlIP归属地是将网络空......
  • conda虚拟环境迁移至离线电脑中(window10)
    需求将conda创建的虚拟环境迁移到离线的电脑中(均为win10系统)解决方法一、先离线下载python离线下载anaconda,注意和原环境相同版本anaconda,然后相同的cuda和cuDNN(为了方便gpu版本的第三方库运行)二、开始迁移环境①Conda的方法:1)联网机打开cmd将要迁移的虚拟环境my_e......
  • [转]创建Visual Studio 2019离线安装包
    可以在不同的网络环境和不同的计算机上在线安装微软VisualStudio2019。微软提供的在线安装工具(VisualStudiowebinstaller)可以让用户在线下载最新版本VisualStudio安装包、补丁程序等。但是在许多场景中,用户并不能连接到互联网,或者由于防火墙的安全策略导致用户不能连接微软......
  • .NET Framework 3.5/4.0/4.5/4.6版本离线版安装包下载
    1、安装包资源下载.NETFramework各版本:链接:https://pan.quark.cn/s/c68076e7865a提取码:tiN7  2、安装教程(.NETFramework4.7为例)1)       安装包双击打开 2)       勾选我同意,点击安装 3)       安装成功,点击关闭,查看系统设置,应用......
  • Cesium + geoserver (wmts) 实现离线地图服务和展示
    急用前端代码的靓仔直接抄这个h5文件后端geoserverwmts服务搭建参考链接  快速搭建一个geoserver和wmts服务-CSDN博客'<!DOCTYPEhtml><htmllang="en"><head><metacharset="UTF-8"><metaname="viewport"content="width=devic......
  • docker部署手册(离线)
    文章目录一、下载地址二、部署环境三、安装部署3.1上传安装包3.2解压3.3创建docker.service3.4创建daemon.json文件3.5授权3.6启动3.7查看信息3.8设置开机启动3.9允许远程连接到docker方法一:修改docker.service方法二:修改daemon.json3.10处理报错docker.ser......
  • 免费可离线的AI抠图工具(鲜艺AI抠图 )免费下载
    鲜艺AI抠图是一款使用Tauri2和RMBG-1.4开发并免费提供的AI抠图工具,它能够快速去除图片背景,并支持本地和在线图片处理。:极速AI抠图:基于最新的AI技术,能够精准识别图像中的前景和背景,实现快速抠图,处理时间以毫秒计。完全免费:鲜艺AI抠图承诺永久免费,用户无需支付任何费用......
  • ARM架构鲲鹏主机BClinux离线安装docker步骤
    简介: 下载并安装适用于ARM架构的DockerCE二进制文件,解压后移动至/usr/bin目录。创建docker组,配置systemd服务脚本(docker.service、docker.socket、containerd.service),重载systemd配置,启动并启用docker服务。编辑daemon.json配置存储驱动、镜像加速地址等,最后拉取所需镜像。■......