. NET dongle program hack (i)

I divided the software into open source software and commercial software, open source software function is relatively weak, open source, you can see the bottom-level implementation, suitable for learning research; Commercial software is just the opposite. But if we can see the source of commercial software or at least free to use, this is my understanding of the hack.

Since this software is commercial software, so can not be involved in the specific name, here is only demonstration of the use, prohibit this for commercial use!

1. Installation and use

Anyway, install the program to use, even if the card in a step, when used or stuck, it may be the key to crack, after running the main program, the need for network lock (to insert the dongle)

2. Shell and Shell investigation

This should be the first step to crack, check what shell I now only know. NET how broken, and now basically is the tool party, IL language will not, do not laughed at, novice are so come over, the following is check shell, found there is no shell, stealing XI:

3. Loading Program

After using. NET Reflector 8.3 To load the EXE, the "index is out of data bounds" appears, in my love, out of a similar problem, some say code obfuscation

Baidu Encyclopedia: The names of various elements in the code, such as variables, functions, and classes, are rewritten into meaningless names. For example, a single letter, or a short, meaningless combination of letters, or even a symbol such as "__", makes it impossible for a reader to guess its use by name. Rewrite some of the logic in the code, turning it into a functionally equivalent, but more difficult form to understand. For example, the For loop is rewritten as a while loop, the loop is rewritten as recursive, the intermediate variable is streamlined, and so on. Disrupts the formatting of the code. For example, delete a space, squeeze multiple lines of code into one line, or break a line of code into multiple lines, and so on. The confusing code is difficult to understand, so debugging is harder to debug than wrong. Developers often need to keep the original, non-confusing code for debugging.

So, it has to be anti-confusing.

4. Anti-aliasing

Anti-aliasing artifact of course number De4dot, directly drag and drop it, I used to be in the cmd operation innocently. The anti-aliasing result will be reborn as a file with the same name as the suffix-cleaned.

5. Loading Program x2

Once again using. NET Reflector 8.3 To load the anti-aliasing EXE, there is no problem.

6. Find key points

Find the key to crack this requires experience, and now I'm looking for landing forms, main forms, main functions, load functions, permission functions, and so on. Fortunately, I found the Form1_Load function in MainFrm and a Checkdog () function.

7. Digging deeper

In the Load function function, we see a condition to judge that Checkdog () returns a bool value, if f, then it is finished, must call Projectdata.endapp (); function, Endapp is the end program? It's over, what's the break? Look at the Endapp function again, do it absolutely, close all.

8. Cannot end

Open the Reflexil plug-in, look at its IL code, actually call the Checkdog method (callvirt), push a 0 (ldc.i4.0), compare 0 with the value returned by Checkdog (CEQ), or return 1 if equal, or 0 if unequal. Here: If the dongle is checked for failure, Checkdog will return flase,flase to reverse (! ), actually compares it to 0 (flase), and the Jump calls Endapp ().

There are many ways to modify this so that it does not call the Endapp function.

(1) Modify the return value of the Checkdog, this method is said later;

(2) The return value of Checkdog is compared with 0 and compared with 1, that is, ldc.i4.0 is ldc.i4.1;

(3) Change the comparison symbol, will ceq change to CGT;

(4) Modify the jump conditions, will be changed to BRFALSE.S BRTRUE.S;

(5) Delete the call statement after the jump, that is, delete 037 rows;

(6) Modify the Endapp function, the best way to remove the code.

Of course, choose one of them, do not do two, may cause negative negative positive situation.

9. Modify the Save

We use the third method of modification, choose EXE Right-click Save.

10. Test the problem

After testing the modified results, I found that although it is possible to go to the main program, it is still going to pop up this window, not good-looking, I am a bit obsessive-compulsive. Use the anti-aliasing exe again (EXE with no 9th-step modification).

11. Once again in depth

So, let's look at the Checkdog function, not long, to parse: conditional judgment if the dongle check succeeds, we return to true, otherwise, the error window (Gusbdogclient.mdogform) pops up and returns to false.

Here our method of modification is obviously:

(1) can delete all, only one true can be returned;

(2) The condition is judged = = modified so that it can execute the conditional statement;

(3) Delete the ShowDialog statement and modify the value of the last return (if not modified, you can modify the if judgment of the load function).

If we press (2), do we need to change = = > or <? Look at the enumeration type Udbsoftkeystatus, it is enumerated constant, different value, represents a different type, where the success of the value is 2012 (16 is 0X7E0), I found that the other values are greater than 2012, it is the smallest, so I know how to modify.

After the modification, sure enough, there was no problem in the program initialization process, as smooth as a dongle.

12. Not perfect

can use several functions in the software after the click or pop up "Please connect the server First" alert, and the corresponding function can not be used.

We have not found the root cause, we have to find the software to check the function of the dog to modify the line.

13. Finding the root point

Checkdog function, we may be looking for a function in gusbdogclient, and it in another DLL (not in EXE), open the function of this DLL, found that the inside is empty, you have to take off the shell bar.

The post-shelling function has content, and if we return it to Success (2012), it is a stopgap method.

(not yet finished ... etc...) ）

. NET dongle program hack (i)