「ReverseMe」无壳 无混淆
文件: https://wwa.lanzouj.com/iADV6ozutyh 谢谢分享! using System;
using System.Text;
using System.Timers;
namespace CreackMe
{
internal class Program
{
private static void Main(string[] args)
{
Program.GetSeriarNumber(null, null);
Timer timer = new Timer(20000.0);
timer.Elapsed += Program.GetSeriarNumber;
timer.Start();
byte[] bytes = new byte[]
{
115,
101,
114,
105,
97,
108,
32,
110,
117,
109,
98,
101,
114,
239,
188,
154
};
byte[] bytes2 = new byte[]
{
233,
148,
153,
232,
175,
175,
231,
154,
132,
229,
186,
143,
229,
136,
151,
229,
143,
183
};
Console.WriteLine(Encoding.UTF8.GetString(bytes));
string s = Console.ReadLine();
try
{
Console.WriteLine("\r\n" + EncryptHelper.SymmetricDecrypt(Convert.FromBase64String(s), EncryptHelper.SymmetricFormat.AES, Program.key, Program.iv));
timer.Stop();
}
catch (Exception)
{
Console.WriteLine(Encoding.UTF8.GetString(bytes2));
}
Console.ReadKey();
}
private static void GetSeriarNumber(object sender, ElapsedEventArgs e)
{
byte[] desString = new byte[]
{
230,
173,
163,
231,
161,
174,
231,
154,
132,
229,
186,
143,
229,
136,
151,
229,
143,
183
};
Program.key = EncryptHelper.Hash(DateTime.Parse(DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")).ToTimestamp().ToString(), EncryptHelper.HashFormat.MD532);
Program.iv = EncryptHelper.Hash(DateTime.Parse(DateTime.Now.ToString("F")).ToTimestamp().ToString(), EncryptHelper.HashFormat.MD516);
Program.value = EncryptHelper.SymmetricEncrypt(desString, EncryptHelper.SymmetricFormat.AES, Program.key, Program.iv);
}
public static void CalcSeriarNumber(int length, string seriarNumber)
{
Program.current++;
if (Program.current >= length)
{
Program.CalcSeriarNumberResult = EncryptHelper.Hash(seriarNumber, EncryptHelper.HashFormat.MD516);
return;
}
seriarNumber = EncryptHelper.Hash(seriarNumber, EncryptHelper.HashFormat.MD532);
Program.CalcSeriarNumber(length, seriarNumber);
}
private static int current = 0;
private static string CalcSeriarNumberResult = "";
private static byte[] value = null;
private static string key = null;
private static string iv = null;
}
}
o3JPvDloRADSMwd6UdzxirWuMovBY2jaaGQzs/EapHg=
key = "ED9BC2AA62326C9B82B8256DDE21263F";
iv = "62326C9B82B8256D";
还是会变的 说实话,这么大体积的CM还是头一回见,觉得就是有干扰,尝试断 点GetCommandLineW和GetStdHandle无果{:1_909:},目录下DLL拖入工具未发现明显提示,期待大神驾到。{:1_904:} 楼主技术大佬 只要足够大,就cm不了我:lol
楼主这个体积这么大跟vmp一样,不是你说没壳,我一看体积直接拉回收站了。。。
好像只是纯体力活,留给楼下的兄弟练手吧,我懒。
这看起来是。net 然后打包成本地化的。 jy04468108 发表于 2021-5-11 08:51
这看起来是。net 然后打包成本地化的。
.net5的发布模式了解一下
页:
[1]