vovsoft Text Edit Plus v14 离线激活

news/2024/12/26 2:25:49/文章来源:https://www.cnblogs.com/DirWang/p/18524004

vovsoft Text Edit Plus v14

目录
  • vovsoft Text Edit Plus v14
  • 程序信息text-edit
  • 定位按钮事件
    • NagScreen: TNagScreen
      • TNagScreen.BitBtn3Click
      • TNagScreen.TimerContinueTimer
      • TNagScreen.TimerActivatorTimer
  • 离线校验逻辑
    • TChecker 类
    • TChecker.Execute
    • check_9A6AEC
      • 网络请求失败时,校验Parity
      • 14.7 版本check函数的局部变量
  • other
    • xor_enc_9A6610
    • xor_dec sub_9A66E8
    • py

程序信息text-edit

Text Edit Plus https://vovsoft.com/software/text-edit-plus/

Version: 14.7

PE32操作系统: Windows(2000)[I386, 32 位, GUI]链接程序: Turbo Linker(2.25*,Delphi)[GUI32,signed]编译器: Embarcadero Delphi(10.3 Rio)[Professional]语言: Object Pascal(Delphi)签名工具: Windows Authenticode(2.0)[PKCS #7]附加: Binary证书: WinAuth(2.0)[PKCS #7]证书: WinAuth(2.0)[PKCS #7]

Delphi程序,IDR 启动!

程序联网会进行网络校验,联网一定不通过!包括离线注册的时侯

定位按钮事件

NagScreen: TNagScreen

image-20241103192505963

关注‘ok’ 按钮事件

TNagScreen.BitBtn3Click

      object BitBtn3: TSpeedButtonLeft = 1Top = 1Width = 198Height = 37Align = alClientCaption = 'OK'Flat = TrueFont.Charset = DEFAULT_CHARSETFont.Color = clWhiteFont.Height = -12Font.Name = 'Tahoma'Font.Style = [fsBold]ParentFont = FalseOnClick = BitBtn3ClickExplicitLeft = 2ExplicitTop = 17ExplicitWidth = 183ExplicitHeight = 39end

点击ok后激活计时器

int __fastcall TNagScreen_BitBtn3Click(int a1)
{// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]v15 = 0;v14 = 0;v13 = 0;v11 = &savedregs;v10 = &loc_9A2CC5;ExceptionList = NtCurrentTeb()->NtTib.ExceptionList;__writefsdword(0, (unsigned int)&ExceptionList);Mask::TCustomMaskEdit::GetText(*(Mask::TCustomMaskEdit **)(a1 + 0x428));if ( (unsigned __int8)Siteedit::TSiteActionsListEditorHelper::GetFieldsList(v17, L" ") ){sub_9A611C((int)L"Activation", (int)&v14);v8 = UStrToPWChar(v14);sub_9A611C((int)L"Please enter your license key!", (int)&v13);v6 = (const WCHAR *)UStrToPWChar(v13);TApplication_MessageBox(*Application, v6, v8, 0x10u);}else{LOWORD(v2) = 0xFFED;sub_67A55C(*Screen, v2, v3, v12, v11, v10, ExceptionList);TControl_SetColor(*(_DWORD *)(a1 + 0x42C), 0xFF00000F);// mov         eax,dword ptr [ebx+430];TNagScreen.BitBtn3:TSpeedButton// …………// call        dword ptr [ecx+94];TControl.SetEnabled(*(void (__fastcall **)(_DWORD, _DWORD))(**(_DWORD **)(a1 + 0x430) + 0x94))(*(_DWORD *)(a1 + 0x430), 0);// license keyMask::TCustomMaskEdit::GetText(*(Mask::TCustomMaskEdit **)(a1 + 0x428));Trim(v15, &v16);UStrAsg(license_key_BB2A20, v16, v4);ischecker_created_over_00BACF6C = 0;LOBYTE(v5) = 1;//  mov         eax,dword ptr [ebx+3EC];TNagScreen.TimerActivator:TTimerTTimer_SetEnabled_5F9D74(*(_DWORD *)(a1 + 0x3EC), v5);}__writefsdword(0, (unsigned int)ExceptionList);v11 = (int *)&loc_9A2CCC;UStrArrayClr(&v13, 2);UStrClr(&v15);UStrClr(&v16);return UStrClr(&v17);
}

TNagScreen.TimerContinueTimer

Continue

?网络校验时?

TNagScreen.TimerActivatorTimer

负责创建TChecker校验线程和响应激活结果

int __fastcall TNagScreen_TimerActivatorTimer(Forms::TCustomForm *this)
{// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]v24[1] = (unsigned int)&loc_9A4322;v24[0] = (unsigned int)NtCurrentTeb()->NtTib.ExceptionList;__writefsdword(0, (unsigned int)v24);if ( ischecker_created_over_00BACF6C ){if ( *ptr_is_TRIAL_BB2B7C == 1 ){TTimer_SetEnabled_5F9D74(*((_DWORD *)this + 0xFB), 0);if ( *off_BB2698 == 1 ){gvar_00BACF70 = 1;sub_9A611C((int)L"Activation", (int)&v49);v23 = UStrToPWChar(v49);sub_9A611C((int)L"Thank you!", (int)&v47);v22 = v47;sub_9A611C((int)L"Product successfully activated.", (int)&v46);v17 = v46;UStrCatN(&v48, 4);v3 = (const WCHAR *)UStrToPWChar(v48);TApplication_MessageBox(*Application, v3, v17, (UINT)L"\r");if ( *off_BB2694[0] == 1 ){LOBYTE(v4) = 1;TMenuItem_SetVisible(*(_DWORD *)(*gvar_00BB20D4 + 0x694), v4);LOBYTE(v5) = 1;TMenuItem_SetEnabled(*(_DWORD *)(*gvar_00BB20D4 + 0x694), v5);if ( !*gvar_00BB1FC0 )TMenuItem_SetChecked(*(_DWORD *)(*gvar_00BB20D4 + 0x694), 0);}TCustomForm_Close(this);}else if ( !*ptr_Activation_success_00BB1CBC|| (*(unsigned __int8 (__fastcall **)(_DWORD))(**((_DWORD **)this + 0xFE) + 0x130))(*((_DWORD *)this + 0xFE)) ){if ( *ptr_Activation_success_00BB1CBC&& (*(unsigned __int8 (__fastcall **)(_DWORD))(**((_DWORD **)this + 0xFE) + 0x130))(*((_DWORD *)this + 0xFE)) == 1 ){sub_9A611C((int)L"Activation", (int)&v32);v23 = UStrToPWChar(v32);sub_9A611C((int)aActivationFail, (int)&v30);v22 = v30;sub_9A611C((int)L"License key is invalid!", (int)&v29);v19 = v29;UStrCatN(&v31, 4);v10 = (const WCHAR *)UStrToPWChar(v31);TApplication_MessageBox(*Application, v10, v19, (UINT)L"\r");}else{sub_9A611C((int)L"Activation", (int)&v28);v23 = UStrToPWChar(v28);sub_9A611C((int)aActivationFail, (int)&v26);v22 = v26;sub_9A611C((int)L"License key is invalid!", (int)&v25);v20 = v25;UStrCatN(&v27, 4);v11 = (const WCHAR *)UStrToPWChar(v27);TApplication_MessageBox(*Application, v11, v20, (UINT)L"\r");}}else if ( *ptr_RESPONSE_BB1E94 ){UStrEqual(*ptr_RESPONSE_BB1E94, L"INVALIDSERVERRESPONSE");if ( v7 ){sub_9A611C((int)L"Activation", (int)&v41);v23 = UStrToPWChar(v41);sub_9A611C((int)aActivationFail, (int)&v39);v22 = v39;sub_9A611C((int)L"The server returned an invalid response.", (int)&v38);v21 = v38;sub_9A611C((int)L"Please try again later!", (int)&v37);v16 = v37;UStrCatN(&v40, 6);v8 = (const WCHAR *)UStrToPWChar(v40);TApplication_MessageBox(*Application, v8, v16, (UINT)L"\r");}else{sub_9A611C((int)L"Activation", (int)&v36);v23 = UStrToPWChar(v36);sub_9A611C((int)aActivationFail, (int)&v34);v22 = v34;v21 = L"\r";sub_9A611C((int)L"Please check your internet connection!", (int)&v33);v15 = *ptr_RESPONSE_BB1E94;UStrCatN(&v35, 7);v9 = (const WCHAR *)UStrToPWChar(v35);TApplication_MessageBox(*Application, v9, v15, (UINT)L"\r");}}else{sub_9A611C((int)L"Activation", (int)&v45);v23 = UStrToPWChar(v45);sub_9A611C((int)aActivationFail, (int)&v43);v22 = v43;sub_9A611C((int)L"Please check your internet connection!", (int)&v42);v18 = v42;UStrCatN(&v44, 4);v6 = (const WCHAR *)UStrToPWChar(v44);TApplication_MessageBox(*Application, v6, v18, (UINT)L"\r");}TControl_SetColor(*((_DWORD *)this + 0x10B), &byte_54B70C);LOBYTE(v12) = 1;(*(void (__fastcall **)(_DWORD, int))(**((_DWORD **)this + 0x10C) + 0x94))(*((_DWORD *)this + 0x10C), v12);sub_67A55C(*Screen, 0, v13, v23, v22, L"\r", v21);}}else{ischecker_created_over_00BACF6C = 1;// call        TThread.Create;TChecker.Createv2 = TThread_Create(VMT_9A53C4_TChecker, 1);// mov         eax,dword ptr [ebx+3F8];TNagScreen.CheckBox1:TCheckBox// …………// call        dword ptr [edx+130];TCheckBox.GetCheckedif ( (*(unsigned __int8 (__fastcall **)(_DWORD))(**((_DWORD **)this + 0xFE) + 0x130))(*((_DWORD *)this + 0xFE)) ){// 离线激活时*(_BYTE *)(v2 + 0x31) = 1;// active codeTControl_GetText(*((Controls::TControl **)this + 0x102), (int)&v50);}*(_BYTE *)(v2 + 0x31) = 0;UStrClr(v2 + 0x34);*(_BYTE *)(v2 + 0x30) = 1;sub_48F8DC(v2, 1);}__writefsdword(0, v24[0]);v24[2] = (unsigned int)&loc_9A4329;UStrArrayClr(&v25, 0x19);return UStrClr(&v50);
}

离线校验逻辑

TChecker 类

image-20241103195141955

TChecker.Execute

_Unit180.TChecker.Execute
009A8BC4        mov         byte ptr ds:[0BACF80],0;gvar_00BACF80
009A8BCB        mov         byte ptr ds:[0BACF81],0;gvar_00BACF81
009A8BD2        call        009A6AEC		;关键函数
009A8BD7        ret

check_9A6AEC

由于ida对Delphi 的异常处理未能正确分析,未能完整反编译(如mov fs:[eax], edx 设置SEH就给干傻了)

首先计算“VOVSOFT - Text Edit Plus” 的md5hex (C20297BE5DC4403AA4913F7587535516),作为注册表key

其相关配置将存到

\HKEY_CURRENT_USER\Software\Microsoft\VS\ServiceModules\C20297BE5DC4403AA4913F7587535516\Settings

009A6B5D    | 33C0             | xor eax,eax                                 |
009A6B5F    | 55               | push ebp                                    |
009A6B60    | 68 846B9A00      | push text.9A6B84                            |
009A6B65    | 64:FF30          | push dword ptr fs:[eax]                     |
009A6B68    | 64:8920          | mov dword ptr fs:[eax],esp                  |
009A6B6B    | 8D55 E0          | lea edx,dword ptr ss:[ebp-20]               |
009A6B6E    | A1 6C2ABB00      | mov eax,dword ptr ds:[BB2A6C]               |
009A6B73    | 8B00             | mov eax,dword ptr ds:[eax]                  |
009A6B75    | E8 06EBFFFF      | call <text.calc_md5hex>                     |
009A6B7A    | 33C0             | xor eax,eax                                 |
009A6B7C    | 5A               | pop edx                                     |
009A6B7D    | 59               | pop ecx                                     |
009A6B7E    | 59               | pop ecx                                     |
009A6B7F    | 64:8910          | mov dword ptr fs:[eax],edx                  |
009A6B82    | EB 1C            | jmp text.9A6BA0                             |
009A6B84    | E9 A349A6FF      | jmp text.40B52C                             |
;SEH 异常处理
009A6B89    | 8D45 E0          | lea eax,dword ptr ss:[ebp-20]               |
009A6B8C    | E8 7357A6FF      | call text.40C304                            |
009A6B91    | B8 EC839A00      | mov eax,text.9A83EC                         | 9A83EC:L"Error: MD5 generate problem!"
009A6B96    | E8 25EAFFFF      | call text.9A55C0                            |
009A6B9B    | E8 A84EA6FF      | call text.40BA48                            |

获取 MachineGuid

计算机\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography

MachineGuid

009A6BA2    | 55               | push ebp                                    |
009A6BA3    | 68 C06B9A00      | push text.9A6BC0                            |
009A6BA8    | 64:FF30          | push dword ptr fs:[eax]                     |
009A6BAB    | 64:8920          | mov dword ptr fs:[eax],esp                  |
009A6BAE    | 8D45 E4          | lea eax,dword ptr ss:[ebp-1C]               |
009A6BB1    | E8 FAFCFFFF      | call <text.get__MachineGuid>                |
009A6BB6    | 33C0             | xor eax,eax                                 |
009A6BB8    | 5A               | pop edx                                     |
009A6BB9    | 59               | pop ecx                                     |
009A6BBA    | 59               | pop ecx                                     |
009A6BBB    | 64:8910          | mov dword ptr fs:[eax],edx                  |
009A6BBE    | EB 1C            | jmp text.9A6BDC                             |
009A6BC0    | E9 6749A6FF      | jmp text.40B52C                             |
009A6BC5    | 8D45 E4          | lea eax,dword ptr ss:[ebp-1C]               |
009A6BC8    | E8 3757A6FF      | call text.40C304                            |
009A6BCD    | B8 34849A00      | mov eax,text.9A8434                         | 9A8434:L"Error: GUID generate problem!"
009A6BD2    | E8 E9E9FFFF      | call text.9A55C0                            |
009A6BD7    | E8 6C4EA6FF      | call text.40BA48                            |

判断是否存在key.txt,存在时读取并保存到注册表\HKEY_CURRENT_USER\Software\Microsoft\VS\ServiceModules\C20297BE5DC4403AA4913F7587535516\Settings

LicenseKey

image-20241103200849419

后面初始化某些配置

未联网、未激活时

image-20241103205621006

联网校验过、未激活时有如下配置

image-20241103201340503

该程序会进行网络校验,发送的相关字符:

image-20241103201854819

image-20241103202014692

网络请求失败时,校验Parity

009A80DE    | 8B85 78FFFFFF    | mov eax,dword ptr ss:[ebp-88]                   |
009A80E4    | 83E8 04          | sub eax,4                                       |
009A80E7    | 8B00             | mov eax,dword ptr ds:[eax]                      |
009A80E9    | 8985 78FFFFFF    | mov dword ptr ss:[ebp-88],eax                   |
009A80EF    | 8B85 78FFFFFF    | mov eax,dword ptr ss:[ebp-88]                   |
009A80F5    | 85C0             | test eax,eax                                    |
009A80F7    | 7E 16            | jle text.9A810F                                 |
009A80F9    | BA 01000000      | mov edx,1                                       |
009A80FE    | 8B0D A4CFBA00    | mov ecx,dword ptr ds:[<LicenseKey_BACFA4>]      |
009A8104    | 0FB74C51 FE      | movzx ecx,word ptr ds:[ecx+edx*2-2]             |
009A8109    | 03D9             | add ebx,ecx                                     |
009A810B    | 42               | inc edx                                         |
009A810C    | 48               | dec eax                                         |
009A810D    | 75 EF            | jne text.9A80FE                                 |
009A810F    | 33F6             | xor esi,esi                                     |
009A8111    | 8B45 E4          | mov eax,dword ptr ss:[ebp-1C]                   |
009A8114    | 8985 74FFFFFF    | mov dword ptr ss:[ebp-8C],eax                   |
009A811A    | 83BD 74FFFFFF 00 | cmp dword ptr ss:[ebp-8C],0                     |
009A8121    | 74 11            | je text.9A8134                                  |
009A8123    | 8B85 74FFFFFF    | mov eax,dword ptr ss:[ebp-8C]                   |
009A8129    | 83E8 04          | sub eax,4                                       |
009A812C    | 8B00             | mov eax,dword ptr ds:[eax]                      |
009A812E    | 8985 74FFFFFF    | mov dword ptr ss:[ebp-8C],eax                   |
009A8134    | 8B85 74FFFFFF    | mov eax,dword ptr ss:[ebp-8C]                   |
009A813A    | 85C0             | test eax,eax                                    |
009A813C    | 7E 13            | jle text.9A8151                                 |
009A813E    | BA 01000000      | mov edx,1                                       | get key checksum
009A8143    | 8B4D E4          | mov ecx,dword ptr ss:[ebp-1C]                   |
009A8146    | 0FB74C51 FE      | movzx ecx,word ptr ds:[ecx+edx*2-2]             |
009A814B    | 03F1             | add esi,ecx                                     |
009A814D    | 42               | inc edx                                         |
009A814E    | 48               | dec eax                                         |
009A814F    | 75 F2            | jne text.9A8143                                 |
009A8151    | 8B45 C4          | mov eax,dword ptr ss:[ebp-3C]                   | esi==> MachineGuid checksum
009A8154    | 83C0 34          | add eax,34                                      | eax+34h Activate code
009A8157    | B9 14000000      | mov ecx,14                                      |
009A815C    | BA 01000000      | mov edx,1                                       |
009A8161    | E8 9255A6FF      | call <text.@UStrDelete>                         | 删除长度14h
009A8166    | 8B45 C4          | mov eax,dword ptr ss:[ebp-3C]                   |
009A8169    | 8B40 34          | mov eax,dword ptr ds:[eax+34]                   |
009A816C    | E8 3F5DA8FF      | call <text.StrToInt>                            | 即激活码[20:] 为int_str
009A8171    | 2BF3             | sub esi,ebx                                     |
009A8173    | 3BC6             | cmp eax,esi                                     | int_str == MachineGuid_checksum - key_checksum
009A8175    | 0F85 CE000000    | jne text.9A8249                                 |
009A817B    | 8B45 C4          | mov eax,dword ptr ss:[ebp-3C]                   | int_str 存储到 注册表Parity
009A817E    | 8B40 34          | mov eax,dword ptr ds:[eax+34]                   |
009A8181    | 50               | push eax                                        |
009A8182    | B9 CC869A00      | mov ecx,text.9A86CC                             | 9A86CC:L"Parity"
009A8187    | BA 5C859A00      | mov edx,text.9A855C                             | 9A855C:L"Settings"
009A818C    | A1 20EBBC00      | mov eax,dword ptr ds:[BCEB20]                   |
009A8191    | E8 7AA5B9FF      | call <text.reg_set_>                            |
009A8196    | B8 24EBBC00      | mov eax,<text.LicenseOwner>                     |
009A819B    | BA B48B9A00      | mov edx,text.9A8BB4                             | 9A8BB4:L"Offline"
009A81A0    | E8 3F45A6FF      | call <text.@UStrAsg>                            |
009A81A5    | 8D85 5CFEFFFF    | lea eax,dword ptr ss:[ebp-1A4]                  |
009A81AB    | 8B15 24EBBC00    | mov edx,dword ptr ds:[<LicenseOwner>]           |
009A81B1    | E8 CA51A6FF      | call <text.@WStrFromUStr>                       |
009A81B6    | 8B85 5CFEFFFF    | mov eax,dword ptr ss:[ebp-1A4]                  |
009A81BC    | 8D8D 60FEFFFF    | lea ecx,dword ptr ss:[ebp-1A0]                  |
009A81C2    | 66:BA BA00       | mov dx,BA                                       |
009A81C6    | E8 45E4FFFF      | call <text.xor_enc>                             |
009A81CB    | 8B85 60FEFFFF    | mov eax,dword ptr ss:[ebp-1A0]                  | 设置注册表LicenseOwner 值为Offline xor加密的hexstr
009A81D1    | 50               | push eax                                        |
009A81D2    | B9 A4869A00      | mov ecx,text.9A86A4                             | 9A86A4:L"LicenseOwner"
009A81D7    | BA 5C859A00      | mov edx,text.9A855C                             | 9A855C:L"Settings"
009A81DC    | A1 20EBBC00      | mov eax,dword ptr ds:[BCEB20]                   |
009A81E1    | E8 2AA5B9FF      | call <text.reg_set_>                            |

14.7 版本check函数的局部变量

## check函数的局部变量[ebp-18h] string==> LastUpdateCheck[ebp-4Ch]  int==》 LastUpdateCheckCount[ebp-0BCh] string==>InstalledVersion​					[ebp-3ch]  ==>obj  ​					[+30h] 判断是否设置InstalledVersion​					obj+34h==>Activate code[ebp-0C0h] string==> CurrentVersion[ebp-0C4h] string==>CurrentURLBACF90:&L"http://vovsoft.com/software/text-edit-plus/"BACF90:&L"6810A868ADD9651ABAB1AC6CD56621708492E4E0605911074FDF754F05F4B503A6DADFF038CCB31C72640C"[ebp-0CCh] string ==>CurrentPrice[ebp-0D4h]  ==> license_key (原始)[ebp-0D8h]  string ==> LicenseKey (xor_enc_license_key)[ebp-0DCh] ==》LicenseKey  xor dec  -->原始[ebp-0E0h] string==> LicenseOwner[ebp-8] string ==>Parity[ebp-1Ch]  machineGuid

other

某些配置项通过xor加密存储,如 CurrentURL、LicenseKey、LicenseOwner

xor_enc_9A6610

// bad sp value at call has been detected, the output may be wrong!
void __fastcall xor_enc_9A6610(int a1, __int16 a2, int a3)
{// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]v20 = 0;v18 = 0;v19 = a3;v14 = &savedregs;v13 = &loc_9A66D8;ExceptionList = NtCurrentTeb()->NtTib.ExceptionList;__writefsdword(0, (unsigned int)&ExceptionList);UStrClr(a3);UTF8Encode(a1, &v20, v5, v17, v16, v15, v14, v13, ExceptionList);v6 = (int)v20;if ( v20 )v6 = *((_DWORD *)v20 + 0xFFFFFFFF);if ( v6 - 1 >= 0 ){v7 = v6;v8 = 0;do{v20[v8] ^= HIBYTE(a2);a2 = 0xD201 * ((unsigned __int8)v20[v8++] + a2) + 0x7F6A;--v7;}while ( v7 );}v9 = (int)v20;if ( v20 )v9 = *((_DWORD *)v20 + 0xFFFFFFFF);if ( v9 - 1 >= 0 ){v10 = v9;v11 = 0;do{IntToHex((unsigned __int8)v20[v11], 2, &v18);UStrCat(v19, v18);++v11;--v10;}while ( v10 );}__writefsdword(0, v19);savedregs = &dword_9A66DF;UStrClr(&v18);((void (__fastcall *)(char **))LStrClr)(&v20);JUMPOUT(0x9A66DF);
}

xor_dec sub_9A66E8

// bad sp value at call has been detected, the output may be wrong!
int __usercall sub_9A66E8@<eax>(int a1@<eax>,__int16 value@<dx>,int a3@<ecx>,int a4@<ebx>,int a5@<edi>,int a6@<esi>)
{// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]cchWideChar = 0;v26 = 0;v25 = 0;temp = 0;v22[1] = 0;v22[0] = 0;v21 = 0;v20[5] = a4;v20[4] = a6;v20[3] = a5;v24 = a3;v20[2] = &savedregs;v20[1] = System::__linkproc__ HandleFinally;v20[0] = NtCurrentTeb()->NtTib.ExceptionList;__writefsdword(0, (unsigned int)v20);UpperCase(a1, &v26);v7 = (int)v26;if ( v26 )v7 = *((_DWORD *)v26 + 0xFFFFFFFF);LStrSetLength((int)&cchWideChar, v7 / 2);v19 = &savedregs;v18 = (int (__cdecl *)(int, int))&loc_9A67BC;ExceptionList = NtCurrentTeb()->NtTib.ExceptionList;__writefsdword(0, (unsigned int)&ExceptionList);v9 = (int)v26;if ( v26 )v9 = *((_DWORD *)v26 + 0xFFFFFFFF);if ( v9 > 1 )UStrFromPWCharLen_3512(v22, *v26, v8, ExceptionList, &byte_9A68AC);__writefsdword(0, (unsigned int)ExceptionList);v10 = cchWideChar;if ( cchWideChar )v10 = (char *)*((_DWORD *)cchWideChar + 0xFFFFFFFF);v11 = (int)(v10 + 0xFFFFFFFF);if ( v11 >= 0 ){size = v11 + 1;index = 0;do{temp = (unsigned __int8)cchWideChar[index];cchWideChar[index] ^= HIBYTE(value);value = 0xD201 * (temp + value) + 0x7F6A;++index;--size;}while ( size );}v19 = &savedregs;v18 = System::__linkproc__ HandleFinally;ExceptionList = NtCurrentTeb()->NtTib.ExceptionList;__writefsdword(0, (unsigned int)&ExceptionList);UStrClr(&v25);UTF8ToUnicodeString((int)cchWideChar);UStrAsg(v24, v25, v14);__writefsdword(0, (unsigned int)ExceptionList);v19 = (int (__fastcall **)(_DWORD))&loc_9A685F;UStrClr(&v25);__writefsdword(0, (unsigned int)v26);savedregs = sub_9A6896;UStrArrayClr(&v21, 3);UStrArrayClr(&v25, 2);v15 = ((int (__fastcall *)(char **))LStrClr)(&cchWideChar);return sub_9A6896(v15);
}

py

import random
import string# xor_dec
def xor_dec_9A66E8(data:bytes,value:int=0xba):out=bytearray(data)for i in range(len(data)):temp = data[i]  out[i] ^= (value >> 8) & 0xFF value =0xD201 * (temp + value) + 0x7F6Areturn out# xor_enc
def xor_enc_9A6610(data:bytes,value:int=0xba):out=bytearray(data)for i in range(len(data)):out[i] ^= (value >> 8) & 0xFF  value =0xD201 * (out[i] + value) + 0x7F6Areturn outdef checksum32(data:bytes):n=0for x in data:n+=xreturn n&0xffffffffdef gen(machineGuid:bytes,key:bytes=b'AAAAA-AAAAA-AAAAA'):if isinstance(machineGuid,str):machineGuid=machineGuid.encode()if isinstance(key,str):key=key.encode()machineGuid=machineGuid.lower()key=key.upper()licensekey_checksum=checksum32(key)# print('licensekey_checksum:%08x'%licensekey_checksum)mid_checksum=checksum32(machineGuid)# print('mid_checksum:%08x'%mid_checksum)Parity=mid_checksum-licensekey_checksumprint('Parity:',Parity)stub=''.join(random.choices(string.ascii_uppercase,k=20))code=stub+str(Parity)print(f'Activate code:\n{code}')return code

image-20241103205213207

14.7、14.8 离线测试可用,程序联网便会进行网络校验,联网一定不通过!

image-20241103205236963

如果想修改名字可手动修改注册表项:

image-20241103210347976

如ikun 经过xor_enc_9A6610 加密后hexstr为 695DDF6E

image-20241103210329499

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.hqwc.cn/news/826342.html

如若内容造成侵权/违法违规/事实不符,请联系编程知识网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

指针、引用

内存 1.什么是内存?内存也叫主存储器,用于临时存储数据和程序指令,便于CPU(也就是处理器)快速访问读写非常快,对比硬盘等外存,一秒一般 \(10^8\) 次读写,下面是一个输出一秒大致多少次运算的程序 int main() {//clock_t 是一个用来表示CPU时钟的变量 clock()函数是获取…

javaweb基础总结

截至目前还差最后一个案例 最后再重写一遍所有功能即可 但也包括一些新的功能 学习笔记如下图 一大半代码还是自己敲得 摸样的话大部分都是这样的

【牛客训练记录】牛客周赛 Round 66

训练情况赛后反思 目测 D、E是什么神秘线段树数据结构题吧,没有做出来,还得加练。 A题 先三个数排序,要么那最大的,要么拿两个较小的和,答案取大值即可。 #include <bits/stdc++.h> #define int long longusing namespace std;void solve(){int a[3];cin>>a[0…

【通用简历模板】简洁清爽通用求职简历模板下载

【通用简历模板】简洁清爽通用求职免费简历模板下载,Word【可编辑】,个人简历,免费简历​通用简历模板下载 ​ 简洁清爽通用求职简历免费下载,可编辑WORD格式简历模板免费下载直接修改,高效-便捷-实用,满足求职者的简历制作需求,简历编辑制作不求人,有效提升求职效率!…

一款开源简洁高颜值的酷狗第三方客户端V1.0.0 Beta

MoeKoe Music前言 早在10年前后的样子,那会在用网页版QQ的时候我就已经开始使用酷狗音乐了(也是十来年的老粉了),所以这些年收藏的歌曲全部都在上面.后来我也尝试开始使用网易云或QQ音乐,也尝试把酷狗的歌单导入进去,但是效果都不尽人意.我听的大多是日漫OP,好多歌曲都没办法找…

计量经济学(十六)——工具变量法

img { display: block; margin-left: auto; margin-right: auto } table { margin-left: auto; margin-right: auto } 在经济学和其他社会科学的研究中,研究人员经常希望通过观察数据来推断因果关系,以理解变量之间的影响机制。然而,实际数据往往受到多种因素的干扰,使得自…

『模拟赛』NOIP2024模拟1(更新 T2 T4)

『模拟赛记录』NOIP2024模拟1Rank 有点可惜,A. 玩游戏 绝妙贪心题。感觉这种能产生很多假做法且都可 hack 的贪心都是好题。 赛时不知道为什么犯唐没交一开始的暴力贪心。 考虑双指针,设左右指针分别为 \(l,r\)。主要思路是实时维护当前两个指针向两边最近的一个区间和不为正…

西电校园网基于 PPPoE+DHCP 方式实现带宽叠加

前言 由于个人对宿舍内局域网有一定需求,于是考虑在宿舍内配置一台路由器来搭建局域网。 而又因为西电的校园网有如下一些性质:一个免费账号可以同时在线 3 台设备,每台设备限速 100M。 校园无线网通过深澜 Portal 认证方式在设备连接到校园网 AP 且在网页端登录后以 DHCP 方…

博客园美化-Awescnb主题

本文主要记录安装Awescnb皮肤的安装过程,以及我做的配置,作为备份。一、安装皮肤 安装超级简单,根据官方文档,一分钟就搞定。首页HTML: <div id="loading"><div class="loader-inner"></div></div>页面定制CSS: #loading{bo…

数据库实验三:创建和管理数据表

数据库实验三:创建和管理数据表 惠州学院 《数据库应用》课程实验报告 实验题目: 实验三:创建与管理数据库 姓名: 曹锐旋 学号: 230703030 班级: 23 电子信息工程(3)班 指导教师: 黄冲 ‍ 一、实验目的掌握 SQL Server 中使用 T-SQL 语句创建…

【vjudge训练记录】11月个人训练赛1

训练情况赛后反思 被小数据背刺了,吃了几发RE,不过还是调出来了 A题 我们先考虑将连续的 v 先换成 w,之后就是统计子序列 wow 的个数,我们只需要找每个 o 前面有多少个 w,之后有多少个 w,根据乘法原理可知,这个 o 对答案的贡献就是两个相乘,维护前面和后面的 w 我们可以…

数据采集和融合技术作业3

作业①: 1)指定一个网站,爬取这个网站中的所有的所有图片,例如:中国气象网(http://www.weather.com.cn)。使用scrapy框架分别实现单线程和多线程的方式爬取。 代码解析 weather_spiders.py文件 解析起始页面 def parse(self, response):urls = response.xpath(//div[@cla…