某软件爆破之后反编译源码分析
本帖最后由 lovejgx 于 2012-5-24 12:10 编辑有个老软件,有天突然不能用了报错.. 估计是过期了,有N年了 作者也找不到了 没办法 直有自己动下手了 我来52好久了 但自己动手的少 所以还是菜鸟一个
凭着强大的工具包和狗屎运找到了两处爆破点 修改后程序可以了
但是想分析一下原因 程序是VB的 找了反编绎工具 竟然反出来了源代码.. 没学过VB 但看着好像不是纯代码 下边是代码和分析
【文章标题】: 某软件爆破之后反编译源码分析
【软件名称】: XXXX软件
【加壳方式】: 无
【保护方式】:日期,重启动验证
【编写语言】: VB
【使用工具】: od
【操作平台】: xp
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
验证的主要部分代码:
程序没加密,错误是弹框出来的 我直接用插件下了对话框断点..没插件我都不知道怎么下断 工具包真强大,接着慢慢找 让我找到一个
第一处
0068F6A3 .52 push edx
0068F6A4 .50 push eax
0068F6A5 .6A 02 push 0x2
0068F6A7 .FF15 30104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVarList
0068F6AD .83C4 20 add esp,0x20
0068F6B0 .66:83BD D4FEF>cmp word ptr ss:,0x0 ;查找这个
0068F6B8 .0F84 D5000000 je HYGL.0068F793 ;这里跳过error2000
0068F6BE .8D4D B4 lea ecx,dword ptr ss:
0068F6C1 .6A 0D push 0xD
0068F6C3 .51 push ecx
0068F6C4 .FF15 80114000 call dword ptr ds:[<&MSVBVM60.#608>] ;MSVBVM60.rtcVarBstrFromAnsi
改了第一个又出个错.. 然后又找 连修改标志改跳转都不会 一个一个标志试出来的 接着重新运行过了第一处向下找找到了
第二处
0068FB3B .50 push eax
0068FB3C .51 push ecx
0068FB3D .6A 02 push 0x2
0068FB3F .FF15 30104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVarList
0068FB45 .83C4 0C add esp,0xC
0068FB48 .66:83BD ECFEF>cmp word ptr ss:,0x0 ;查找这个
0068FB50 .0F84 4C0E0000 je HYGL.006909A2 ;这里跳过error2003
0068FB56 .8D55 B4 lea edx,dword ptr ss:
0068FB59 .52 push edx
0068FB5A .FF15 F0114000 call dword ptr ds:[<&MSVBVM60.#610>] ;MSVBVM60.rtcGetDateVar
然后直接反汇编改死保存..。 以后就不验证这两个地方了,今天上班没事儿想分析一下程序的验证原理,用了跟踪软件没发现啥注册信息,然后就看反汇编的关键跳关键CALL,结果看不懂没办法搜了一下VB反汇编,竟然让我找到个能用的反出源码了,下边是源码,不知道是不是和写的VB一样
//这儿是 确定 的方法名
Begin VB.CommandButton cmdOK
Caption = "确定"
Default =-1
Height = 390
Left = 1215
TabIndex = 2
Top = 1635
Width = 1140
End
//这儿是方法的具体代码
Sub cmdOK_Click()
'N* ref: __vbaExceptHandler
'N* ref: __vbaObjSet
'N* ref: __vbaHresultCheckObj
'N* ref: Trim$(
'N* ref: UCase(
'N* ref: __vbaStrVarMove
'N* ref: __vbaStrMove
'N* ref: __vbaStrCopy
'N* ref: __vbaFreeStrList
'N* ref: __vbaFreeObj
'N* ref: __vbaFreeVarList
'N* ref: __vbaHresultCheckObj
'N* ref: Trim$(
'N* ref: __vbaStrMove
'N* ref: __vbaStrCopy
'N* ref: __vbaFreeStrList
'N* ref: __vbaFreeObj
'N* ref: "select * from forminfo where 使用=True" //找了数据库,发现有三列可能有用 分别是日期 标志 使用
'N* ref: __vbaLateIdSt
'N* ref: __vbaLateIdCall
'N* ref: __vbaLateIdCallLd
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: "标志"
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaVarTstEq //好像是比较标志 ,不知道和啥比
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVarList
'N* ref: Chr(
'N* ref: __vbaVarDup
'N* ref: __vbaVarCat
'N* ref: "Event ID : 2000"
'N* ref: "Description : Error 2000 Programe is close"
'N* ref: MsgBox
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: "日期"
'N* ref: __vbaHresultCheckObj
'N* ref: Year(
'N* ref: __vbaI2Var
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVarList
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: "日期"
'N* ref: __vbaHresultCheckObj
'N* ref: Month(
'N* ref: __vbaI2Var
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVarList
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: "日期"
'N* ref: __vbaHresultCheckObj
'N* ref: Day(
'N* ref: __vbaI2Var
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVarList
'N* ref: Date
'N* ref: Year(
'N* ref: __vbaVarTstGe
'N* ref: __vbaFreeVarList
'N* ref: Date
'N* ref: Month(
'N* ref: __vbaVarTstLe
'N* ref: __vbaFreeVarList
'N* ref: Date
'N* ref: Day(
'N* ref: Date
'N* ref: Month(
'N* ref: __vbaVarSub
'N* ref: __vbaVarCmpGe
'N* ref: __vbaVarCmpEq //应当是比日期
'N* ref: __vbaVarAnd
'N* ref: __vbaBoolVarNull
'N* ref: __vbaFreeVarList
'N* ref: __vbaCastObjVar
'N* ref: "标志"
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObjList//这些都啥东西呢不明白
'N* ref: __vbaFreeVar
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVar
'N* ref: Chr(
'N* ref: __vbaVarDup
'N* ref: "Event ID : 2001"
'N* ref: "Description : Error 2001 Programe is close"
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVar
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVar
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: "用户名"
'N* ref: __vbaHresultCheckObj
'N* ref: UCase(
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: "密码"
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaVarCmpEq
'N* ref: __vbaVarCmpEq
'N* ref: __vbaVarAnd
'N* ref: __vbaBoolVarNull
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVarList
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVar
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVar
'N* ref: __vbaVarDup
'N* ref: "登录"
'N* ref: "无效的密码,请重试!"
'N* ref: MsgBox
'N* ref: __vbaFreeVarList
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObj
'N* ref: "{Home}+{End}"
'N* ref: SendKeys
'N* ref: __vbaFreeVar
'N* ref: __vbaLateIdCallLd
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: "用户名"
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaStrVarMove
'N* ref: __vbaStrMove
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVarList
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: "权限"
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaStrVarMove
'N* ref: __vbaStrMove
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVarList
'N* ref: __vbaNew2
'N* ref: __vbaObjSetAddref
'N* ref: __vbaFreeObj
'N* ref: __vbaCastObjVar
'N* ref: "标志"
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVar
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVar
'N* ref: Chr(
'N* ref: __vbaVarDup
'N* ref: "Event ID : 2002"
'N* ref: "Description : Error 2002 Programe is close"
'N* ref: __vbaCastObjVar
'N* ref: "标志"
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVar
'N* ref: __vbaCastObjVar
'N* ref: __vbaHresultCheckObj
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVar
'N* ref: Chr(
'N* ref: __vbaVarDup
'N* ref: "Event ID : 2003"
'N* ref: "Description : Error 2003 Programe is close"
'N* ref: __vbaVarCat
'N* ref: MsgBox
'N* ref: __vbaFreeVarList
'N* ref: __vbaFreeStrList
'N* ref: __vbaFreeObjList
'N* ref: __vbaFreeVarList
End Sub
后来猜着是 日期 标志 使用 这些影响的,分别改了一下 然后发现程序是先看标志 标志为true就说明过期了,然后看时间超过了说明过期了,并修改标志
又一篇适合新手看的..算是第二次破解 高手莫笑
完了 这是第一次 http://www.52pojie.cn/thread-71027-1-1.html
反编译、、编译出了源码....这话好吓人的 亲
刚才我把代码放在代码块... 发布后直有一行。。重新编辑了 自己还要好好学习哦 汇编好难学的感觉。那玩意就像跟CPU搞语言 帮看下,我这软件能反编议不http://dl.vmall.com/c0k5875fug
页:
[1]