MP4 Downloader Pro Version: 3.29.6 验证算法描述
本帖最后由 wai1216 于 2019-12-18 00:19 编辑作者调用miracl大数据库完成了rsa的加密,通过lstrenA巧妙了的截断了密文数据,之后将0x3c长度的数据,分成0x1c(A)和0x20(B)两段做check
其中A段是段比较零散的验证
而B段是通过swprintf %s.{%s} 拼接 regedit的目录以及用户邮箱组成这样格式的 {500188E5-47D9-4d40-8738-C820081E87B0}.{nisy@chinapyg.com}的md5
先说加密:
sub_42C7CD(v8, v7, &v19, &String, 0x1001u, 60, 1180, aDh43ydl65izsin, aO2x)
sub_42C7CD(int a1, int a2, char *a3, void *a4, size_t a5, int a6, int a7, int a8, int a9)
LABEL_23:
v15 = _mirsys(100, 0);
*(v15 + 548) = 1; // ->ERCON
*(v15 + 564) = a6; // ->IOBASE = 60
v16 = __mirvar(0);
v21 = __mirvar(0);
v17 = __mirvar(0);
v22 = __mirvar(0);
__cinstr(v16, a3); // key
__cinstr(v17, a8); // DH43Ydl65IZsIncKnCukuUZgGk8lLSBiC9JlaO5pxiioSXtl5iLTQEU1tnJMBYYUrjePIG9E6J210QFgWwjuRdsc2aw53GqaZ8NZn1itpwvhl52sBgi1RnIdSZhoMh5HDsHKqfILDCZFv6v28cEprsePAMJDPZRYkcZfO67eOCB7Nl66mjqbMZxkieIbqO773J8Qt94n
__cinstr(v22, a9); // O2x --> 0x15233(16)
if ( _mr_compare(v16, v17) == -1 )
{
__powmod(v16, v16, v22, v17, v21);
_big_to_bytes(v23, v21, a4, 0);
}
_cleanup(v16);
_cleanup(v21);
_cleanup(v17);
_cleanup(v22);
_mirexit();
LABEL_27:
可以看到,这里使用powmod(key,n,e,c)完成了rsa加密算法,之后再将big_c转换成bytes_c,注意到mip->IOBASE=60,即作者将n/e/key转成60进制存储
另外mip->ERCON = 1,大概用于如果big_to_bytes没有转换成功,不退出程序 // v23 = 1180 / 8 - 1 = 146(0x92)
之后将check A段
int __thiscall sub_427100(void *this, wchar_t *lpString)
{
//
v2 = lpString;
v3 = this;
if ( wcslen(lpString) != 60 )
return -1;
sub_544B54(&v20, v2);
v5 = *v2;
v21 = 0;
sub_53D1A0(&lpString, v5, 1);
LOBYTE(v21) = 1;
sub_427752(lpString, v3);
if ( !(GetTickCount() % 3) && *v3 > 0xAu )
goto LABEL_75;
v7 = sub_53D559(&v20, &v19, 1, 2);
LOBYTE(v21) = 2;
sub_544C27(&lpString, v7);
LOBYTE(v21) = 1;
sub_544AE0(&v19);
v17 = (v3 + 4);
sub_427752(lpString, v3 + 4);
CString::operator=(v2);
sub_427752(lpString, v3 + 8);
if ( !(GetTickCount() & 3) && *(v3 + 8) > 0x64u )
goto LABEL_75;
v8 = sub_53D559(&v20, &v19, 4, 2);
LOBYTE(v21) = 3;
sub_544C27(&lpString, v8);
LOBYTE(v21) = 1;
sub_544AE0(&v19);
sub_427752(lpString, v3 + 12);
if ( !(GetTickCount() % 5) && *(v3 + 12) > 0x3E8u )
goto LABEL_75;
CString::operator=(v2);
sub_427752(lpString, v3 + 16);
if ( !(GetTickCount() % 3) && *(v3 + 16) > 0x64u )
goto LABEL_75;
CString::operator=(v2);
sub_427752(lpString, v3 + 20);
if ( !(GetTickCount() & 3) && *(v3 + 20) > 0x64u )
goto LABEL_75;
CString::operator=(v2);
sub_427752(lpString, v3 + 24);
if ( !(GetTickCount() % 5) && *(v3 + 24) > 0x64u )
goto LABEL_75;
v9 = sub_53D559(&v20, &v19, 9, 2);
LOBYTE(v21) = 4;
sub_544C27(&lpString, v9);
LOBYTE(v21) = 1;
sub_544AE0(&v19);
sub_427752(lpString, v3 + 28);
if ( !(GetTickCount() % 3) && *(v3 + 28) > 0x3E8u )
goto LABEL_75;
v10 = sub_53D559(&v20, &v19, 0xB, 2);
LOBYTE(v21) = 5;
sub_544C27(&lpString, v10);
LOBYTE(v21) = 1;
sub_544AE0(&v19);
v19 = (v3 + 32);
sub_427752(lpString, v3 + 32);
CString::operator=(v2);
sub_427717(lpString, v3 + 36);
if ( *(v3 + 36) < -1 || !(GetTickCount() & 3) && *(v3 + 36) > 0x64 )
goto LABEL_75;
CString::operator=(v2);
sub_427717(lpString, v3 + 40);
if ( *(v3 + 40) < -1 || !(GetTickCount() % 5) && *(v3 + 40) > 0x64 )
goto LABEL_75;
CString::operator=(v2);
sub_427717(lpString, v3 + 44);
if ( *(v3 + 44) < -1 || !(GetTickCount() % 3) && *(v3 + 44) > 0x64 )
goto LABEL_75;
CString::operator=(v2);
sub_427717(lpString, v3 + 48);
if ( *(v3 + 48) < -1 || !(GetTickCount() & 3) && *(v3 + 48) > 0x64 )
goto LABEL_75;
CString::operator=(v2);
sub_427717(lpString, v3 + 52);
if ( *(v3 + 52) < -1 || !(GetTickCount() % 5) && *(v3 + 52) > 0x64 )
goto LABEL_75;
CString::operator=(v2);
sub_427717(lpString, v3 + 56);
if ( *(v3 + 56) < -1 || !(GetTickCount() % 3) && *(v3 + 56) > 0x64 )
goto LABEL_75;
CString::operator=(v2);
sub_427717(lpString, v3 + 60);
v11 = *(v3 + 60);
if ( v11 < -1 )
goto LABEL_75;
if ( v11 != -1 )
*(v3 + 60) = v11 + 2000;
if ( !(GetTickCount() & 3) )
{
v12 = *(v3 + 60);
if ( v12 != -1 && v12 < 0x7D4 )
goto LABEL_75;
}
CString::operator=(v2);
sub_427717(lpString, v3 + 64);
if ( *(v3 + 64) < 0xFFFFFFFF || !(GetTickCount() % 5) && *(v3 + 64) > 0xC )
goto LABEL_75;
CString::operator=(v2);
sub_427717(lpString, v3 + 68);
if ( *(v3 + 68) < -1 || !(GetTickCount() % 3) && *(v3 + 68) > 0x1F )
goto LABEL_75;
CString::operator=(v2);
sub_427717(lpString, v3 + 72);
v13 = *(v3 + 72);
if ( v13 < -1 )
goto LABEL_75;
if ( v13 != -1 )
*(v3 + 72) = v13 + 0x7D0;
if ( !(GetTickCount() & 3) && *(v3 + 72) > 0x7E8 )
goto LABEL_75;
CString::operator=(v2);
sub_427717(lpString, v3 + 76);
if ( *(v3 + 76) < -1 || !(GetTickCount() % 5) && *(v3 + 76) > 0xC )
goto LABEL_75;
CString::operator=(v2);
sub_427717(lpString, v3 + 80);
if ( *(v3 + 80) < -1 || !(GetTickCount() % 3) && *(v3 + 80) > 0x1F )
goto LABEL_75;
if ( ((CString::operator=(v2), sub_427717(lpString, v3 + 84), GetTickCount() % 3) || !*(v3 + 84))
&& ((CString::operator=(v2), sub_427717(lpString, v3 + 88), GetTickCount() & 3) || !*(v3 + 88))
&& ((CString::operator=(v2), sub_427717(lpString, v3 + 92), GetTickCount() % 5) || !*(v3 + 92)) )
{
v14 = CString::Mid(&v20, &v18, 28);
LOBYTE(v21) = 6;
sub_544C27((v3 + 96), v14);
LOBYTE(v21) = 1;
sub_544AE0(&v18);
if ( *v3 == 1 )
{
v15 = v19;
v16 = *v17;
if ( *v17 & 1 )
*v19 |= 1u;
if ( v16 & 2 )
*v15 |= 2u;
*v17 = 0;
}
v6 = 0;
}
else
{
LABEL_75:
v6 = -1;
}
LOBYTE(v21) = 0;
sub_544AE0(&lpString);
v21 = -1;
sub_544AE0(&v20);
return v6;
}
除掉GetTickCount(),把其当作每个check都要满足,即不goto LABEL_75
通过如下数据进行举例
将得到密文
0343F76825 00 00 00 74 F7 43 03 00 00 00 00 41 41 41 41%...t÷C.....AAAA
0343F77841 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41AAAAAAAAAAAAAAAA
0343F78841 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41AAAAAAAAAAAAAAAA
0343F79841 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41AAAAAAAAAAAAAAAA
0343F7A841 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41AAAAAAAAAAAAAAAA
0343F7B841 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41AAAAAAAAAAAAAAAA
0343F7C841 00 64 35 36 35 65 63 35 35 65 66 63 61 66 32A.d565ec55efcaf2
0343F7D864 32 38 61 64 30 62 38 31 34 37 35 33 30 62 32d28ad0b8147530b2
0343F7E861 65 21 21 21 33 2D 34 23 23 38 28 3F 25 25 25ae!!!3-4##8(?%%%
0343F7F823 23 22 22 22 22 22 22 22 22 22 22 22 23 00 00##"""""""""""#..
转换后
0018D89023 22 22 22 22 22 22 22 22 22 22 22 23 23 25 25#"""""""""""##%%
0018D8A025 3F 28 38 23 23 34 2D 33 21 21 21 65 61 32 62%?(8##4-3!!!ea2b
0018D8B030 33 35 37 34 31 38 62 30 64 61 38 32 64 32 660357418b0da82d2f
0018D8C061 63 66 65 35 35 63 65 35 36 35 64 00 41 41 41acfe55ce565d.AAA
0018D8D041 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41AAAAAAAAAAAAAAAA
0018D8E041 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41AAAAAAAAAAAAAAAA
0018D8F041 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41AAAAAAAAAAAAAAAA
0018D90041 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41AAAAAAAAAAAAAAAA
0018D91041 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41AAAAAAAAAAAAAAAA
0018D92041 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00AA..............
后面的AAAAAAAAAAA可以看作padding,没有细看具体之后有啥作用
作者在过程中使用的大小0x5e字符串表,从0x21开始 // 这里使用的wchat_t
0018CB5421 00 22 00 23 00 24 00 25 00 26 00 27 00 28 00!.".#.$.%.&.'.(.
0018CB6429 00 2A 00 2B 00 2C 00 2D 00 2E 00 2F 00 30 00).*.+.,.-.../.0.
0018CB7431 00 32 00 33 00 34 00 35 00 36 00 37 00 38 001.2.3.4.5.6.7.8.
0018CB8439 00 3A 00 3B 00 3C 00 3D 00 3E 00 3F 00 40 009.:.;.<.=.>.?.@.
0018CB9441 00 42 00 43 00 44 00 45 00 46 00 47 00 48 00A.B.C.D.E.F.G.H.
0018CBA449 00 4A 00 4B 00 4C 00 4D 00 4E 00 4F 00 50 00I.J.K.L.M.N.O.P.
0018CBB451 00 52 00 53 00 54 00 55 00 56 00 57 00 58 00Q.R.S.T.U.V.W.X.
0018CBC459 00 5A 00 5B 00 5C 00 5D 00 5E 00 5F 00 60 00Y.Z.[.\.].^._.`.
0018CBD461 00 62 00 63 00 64 00 65 00 66 00 67 00 68 00a.b.c.d.e.f.g.h.
0018CBE469 00 6A 00 6B 00 6C 00 6D 00 6E 00 6F 00 70 00i.j.k.l.m.n.o.p.
0018CBF471 00 72 00 73 00 74 00 75 00 76 00 77 00 78 00q.r.s.t.u.v.w.x.
0018CC0479 00 7A 00 7B 00 7C 00 7D 00 7E 00 00 00 00 00y.z.{.|.}.~.....
将0x1c数据 // char_t
0018D89023 22 22 22 22 22 22 22 22 22 22 22 23 23 25 25#"""""""""""##%%
0018D8A025 3F 28 38 23 23 34 2D 33 21 21 21 65 61
转化成 // TABLE_AFTER_CONVERT
0018EDA002 00 00 00 5F 00 00 00 01 00 00 00 5F 00 00 00...._......._...
0018EDB001 00 00 00 01 00 00 00 01 00 00 00 5F 00 00 00............_...
0018EDC060 00 00 00 02 00 00 00 04 00 00 00 04 00 00 00`...............
0018EDD004 00 00 00 1E 00 00 00 07 00 00 00 E7 07 00 00............ç...
0018EDE002 00 00 00 02 00 00 00 E3 07 00 00 0C 00 00 00........ã.......
0018EDF012 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00................
算法描述
signed int __cdecl sub_426B4A(_WORD *a1, __int16 a2)
{
//
v2 = a1;
result = 0;
while ( *v2 != a2 )
{
++result;
++v2;
if ( result >= 0x5E )
return 0;
}
return result;
}
-->
v12 = 1;
*a2 = 1;
v6 = wcslen(a1) - 1;
if ( v6 >= 0 )
{
v7 = &a1;
v8 = v6 + 1;
do
{
*a2 += v12 * sub_426B4A(&v10, *v7); // 找到对应字符的位置
--v7;
--v8;
v12 *= 94;
}
while ( v8 );
}
第一次:
0x23
获得对应表中的位置为 2,故TABLE_AFTER_CONVERT = 1 * 2 = 2 // index 从0开始算
第二次:
通过
v7 = sub_53D559(&v20, &v19, 1, 2);
sub_544C27(&lpString, v7);
v17 = (v3 + 4);
sub_427752(lpString, v3 + 4);
构成
wchat_t(0x22 0x22)
TABLE_AFTER_CONVERT = 1 * 1 + 94 * 1 = 0x5f
第三次:
TABLE_AFTER_CONVERT = 1
后面根据代码即可推断出,然后对应到相应的验证
TABLE_AFTER_CONVERT <= 0xA
TABLE_AFTER_CONVERT <= 0x64
...
TABLE_AFTER_CONVERT + 0x7D0 >= 0x7d4
注意到,后面的处理日期,还有一些需要满足的check
int __thiscall sub_429A90(void *this)
{
//
v1 = this;
sub_42B19D(&v42);
v41 = *(v1 + 136);
v36 = sub_53DD4E(&v42, 0)->tm_year + 1900;
v37 = sub_53DD4E(&v42, 0)->tm_mon + 1;
v38 = sub_53DD4E(&v42, 0)->tm_mday;
v33 = sub_53DD4E(&v41, 0)->tm_year + 1900;
v2 = sub_53DD4E(&v41, 0)->tm_mon + 1;
v35 = sub_53DD4E(&v41, 0)->tm_mday;
if ( !*(v1 + 120) )
{
.........
.........
.........
if ( *(v1 + 122) )
return 0;
if ( *(*(v1 + 124) - 8) )
{
if ( sub_42790B(*(v1 + 124)) ) // check name
{
v4 = *(v1 + 128);
if ( *(v4 - 2) ) // check regcode
{
if ( sub_427A50(v4, 60) )
{
v33 = -1;
v34 = -1;
v35 = -1;
sub_4266B3(*(v1 + 148), &v33);
v6 = v5;
if ( !(*(v1 + 44) & 2) || (*(*v1 + 8))(v1, &v33, v1 + 60) )
{
if ( !(*(v1 + 44) & 1) || (*(*v1 + 4))(v1, &v33, v1 + 48) )
{
if ( !(*(v1 + 44) & 8) || (*(*v1 + 16))(v1, &v36, v1 + 0x54) )
{
if ( !(*(v1 + 44) & 4) )
return 0;
v10 = *v1;
v11 = v6;
unknown_libname_490(&v42);
if ( (*(v10 + 12))(v1, v11, v1 + 0x48) )
return 0;
v12 = GetTickCount();
if ( v12 % 3 != 1 )
{
if ( v12 % 3 != 2 )
{
v24 = 20;
goto LABEL_20;
}
v25 = 29;
v20 = 20;
goto LABEL_22;
}
v26 = 20;
v21 = 118;
}
else
{
v9 = GetTickCount();
if ( v9 % 3 != 1 )
{
if ( v9 % 3 != 2 )
{
v24 = 21;
goto LABEL_20;
}
v25 = 30;
v20 = 21;
goto LABEL_22;
}
v26 = 21;
v21 = 119;
}
}
else
{
v8 = GetTickCount();
if ( v8 % 3 != 1 )
{
if ( v8 % 3 != 2 )
{
v24 = 10;
goto LABEL_20;
}
v25 = 19;
v20 = 10;
LABEL_22:
sub_42AED9(v1, 2u, v20, 0xCu, v25);
return 0;
}
v26 = 10;
v21 = 108;
}
}
else
{
v7 = GetTickCount();
if ( v7 % 3 != 1 )
{
if ( v7 % 3 != 2 )
{
v24 = 11;
LABEL_20:
sub_43DFD0(v1, 2u, v24);
return 0;
}
v25 = 20;
v20 = 11;
goto LABEL_22;
}
v26 = 11;
v21 = 109;
}
sub_427DC5(v1, 0x66u, v21, 2u, v26);
return 0;
}
}
}
}
LABEL_74:
v17 = GetTickCount();
if ( v17 % 3 == 1 )
{
sub_427DC5(v1, 0x68u, 0x6Cu, 4u, 0xAu);
}
else if ( v17 % 3 == 2 )
{
sub_42AED9(v1, 4u, 0xAu, 0xEu, 0x13u);
}
else
{
sub_43DFD0(v1, 4u, 0xAu);
}
return 0;
}
if ( *(v1 + 122) )
return 0;
if ( *(*(v1 + 124) - 8) || *(*(v1 + 128) - 8) )
goto LABEL_74;
v30 = -1;
v31 = -1;
v32 = -1;
sub_4266B3(*(v1 + 148), &v30);
v13 = *(v1 + 140);
v14 = v13 == 0;
if ( v13 <= 0 )
{
LABEL_66:
if ( !v14 )
goto LABEL_74;
v16 = GetTickCount();
if ( v16 % 3 != 1 )
{
if ( v16 % 3 != 2 )
{
v27 = 1;
LABEL_84:
sub_43DFD0(v1, 1u, v27);
return 0;
}
v28 = 10;
v22 = 1;
goto LABEL_86;
}
v29 = 1;
v23 = 99;
goto LABEL_88;
}
if ( v13 > *(v1 + 8) )
{
v14 = v13 == 0;
goto LABEL_66;
}
if ( *(v1 + 4) == 10 )
{
if ( !dword_689074 )
{
sub_429EF4(v1, v13 - 1);
dword_689074 = 1;
}
}
else if ( *(v1 + 4) == 20 )
{
if ( v36 != v33 || v37 != v2 || v38 != v35 )
{
sub_41F003(&v42, &v40, v41);
v15 = *(v1 + 140) - abs(v40 / 86400);
sub_429EF4(v1, v15);
}
}
else if ( *(v1 + 4) == 21 && (v36 != v33 || v37 != v2 || v38 != v35) )
{
sub_429EF4(v1, v13 - 1);
}
return 0;
}
还有没有其他check就不知道了
B段就是衔接然后判断md5了
{
if ( sub_427100(v39 + 3, v36) )
{
v31 = -2;
_CxxThrowException(&v31, &_TI1H);
}
lpWideCharStr = off_68360C;
v13 = v12;
LOBYTE(v42) = 3;
sub_53DA79(&lpWideCharStr, aS_S, v12);
LOBYTE(v27) = HIBYTE(a2);
std::basic_string<char,std::char_traits<char>,std::allocator<char>>::_Tidy(0);
LOBYTE(v42) = 4;
sub_425CF9(lpWideCharStr);
sub_42B579(&v33);
memset(&v23, 0, 0x41u);
v14 = v28;
if ( !v28 )
v14 = MultiByteStr;
v15 = *(a2 + 4);
v16 = *a2;
v11 = (*a2)-- < 1u;
v17 = v29;
*(a2 + 4) = v15 - v11;
if ( _md5(v14, v16, v15, v14, v17, &v23) )
{
v30 = -2;
_CxxThrowException(&v30, &_TI1H);
}
sub_544BA9(&v38, &v23);
LOBYTE(v42) = 5;
if ( wcscmp(v39, v38) )
{
v34 = -1;
_CxxThrowException(&v34, &_TI1H);
}
v37 = 0;
_CxxThrowException(&v37, &_TI1H);
}
v37=0的话,走到像catch的这种地方
.text:0042996E loc_42996E: ; DATA XREF: .rdata:stru_5929A0↓o
.text:0042996E ; catch(int) // owned by 429423
.text:0042996E 83 7D 0C 00 cmp , 0
.text:00429972 0F 85 E6 00 00 00 jnz loc_429A5E
.text:00429978 8D 45 B0 lea eax,
.text:0042997B 50 push eax
.text:0042997C E8 1C 18 00 00 call sub_42B19D
.text:00429981 8B 7D B4 mov edi,
.text:00429984 8B 00 mov eax,
.text:00429986 8B 1D 88 12 57 00 mov ebx, ds:GetTickCount
.text:0042998C 59 pop ecx
.text:0042998D 89 87 84 00 00 00 mov , eax
.text:00429993 89 87 88 00 00 00 mov , eax
.text:00429999 FF D3 call ebx ; GetTickCount
.text:0042999B 6A 03 push 3
.text:0042999D 33 D2 xor edx, edx
.text:0042999F 59 pop ecx
.text:004299A0 F7 F1 div ecx
.text:004299A2 4A dec edx
.text:004299A3 74 21 jz short loc_4299C6
.text:004299A5 4A dec edx
.text:004299A6 74 0D jz short loc_4299B5
.text:004299A8 6A 00 push 0
.text:004299AA 6A 02 push 2
.text:004299AC 8B CF mov ecx, edi
.text:004299AE E8 1D 46 01 00 call sub_43DFD0
.text:004299B3 EB 20 jmp short loc_4299D5
.text:004299B5 ; ---------------------------------------------------------------------------
.text:004299B5
.text:004299B5 loc_4299B5: ; CODE XREF: sub_429389+61D↑j
.text:004299B5 6A 09 push 9
.text:004299B7 6A 0C push 0Ch
.text:004299B9 6A 00 push 0
.text:004299BB 6A 02 push 2
.text:004299BD 8B CF mov ecx, edi
.text:004299BF E8 15 15 00 00 call sub_42AED9
.text:004299C4 EB 0F jmp short loc_4299D5
.text:004299C6 ; ---------------------------------------------------------------------------
.text:004299C6
.text:004299C6 loc_4299C6: ; CODE XREF: sub_429389+61A↑j
.text:004299C6 6A 00 push 0
.text:004299C8 6A 02 push 2
.text:004299CA 6A 62 push 62h
.text:004299CC 6A 66 push 66h
.text:004299CE 8B CF mov ecx, edi
.text:004299D0 E8 F0 E3 FF FF call sub_427DC5
.text:004299D5
.text:004299D5 loc_4299D5: ; CODE XREF: sub_429389+62A↑j
.text:004299D5 ; sub_429389+63B↑j
.text:004299D5 8B CF mov ecx, edi
.text:004299D7 E8 B4 00 00 00 call sub_429A90
.text:004299DC 66 83 7F 78 02 cmp word ptr , 2
.text:004299E1 75 07 jnz short loc_4299EA
.text:004299E3 66 83 7F 7A 00 cmp word ptr , 0
.text:004299E8 74 0E jz short loc_4299F8
如上述所说,注意到sub_429A90还有一些check
最后手工构造了下(上面的密文),显示成功,但可能有些check没处理完,看了下注册表解密生成的这样的
L"1\n2\nnisy@chinapyg.com\nttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt\n5DF8F0F7\n5DF8F0F7\n0\n"
keygen的话,生成一组rsa数据,其中模数长度为0x1180,指数为0x15233,然后得到明文,模数转成60进制,前者用于输入,后者用于patch 膜拜下大神! 膜拜大神 我就看了一下 没敢看算法 对我来说太复杂了 感谢分享 学习了 精彩的分析,收藏学习 这个一定要顶一下 表哥静态能力好强大,先Mark,坐等表哥Python算法学习 成品在哪? 太过精彩,小白们亚历山大 虽然看不懂,但这么多人加分,应该很难牛逼。 虽然看不懂,但是后期应该会看懂。谢谢大神分享