Crack a. NET Program for Network Authentication

BY the devil.

It has not been cracked for a long time. Recently, I hacked a. NET commercial program and used it for myself. Because it is network verification. I tried to crack it. Because it is an internal program, it is not difficult to crack. It's big. Neither can I. As a technical exchange. Master pass. First check the shell, you can see the no shell,. NET program.

Since it is a network verification program, you need to enable the Sniffer class program to capture data packets. Here I use HTTP Analyzer. run the program and check her verification. Enter the email address and password, and the system prompts "Sorry, wrong username, password or computer ID"

Let's take a look at the data obtained by HTTP Analyzer.

 

 

POST/verify_license.php? Email = fuck@you.com & password = ST4GBVNE & mid = BFEBFBFF00010676 HTTP/1.1

We submitted the $ email, $ password, $ mid variables to the verify_license.php file.

$ Email is the email number we entered, $ password is the password we entered, and $ mid is the program to get your machine code.

Verify_license.php according to the calculation, the verification code we submitted is incorrect, so the returned value is "NOT ".

The weak one analyzes the verification mechanism. Next, let's analyze the program and check the code of its verification code module.

Use ildasm to load programs.

Select "DUMP" for the "FILE" option ".

Her verification is verify_license.php, so we can search "verify_license.php ". As you can see, it is only once.

Let's take a look at the code.

// HEX: 00 00 00 00 17 00 00 00 A4 00 00 00 BB 00 00 00 00 03 00 00 0E 00 00 01

IL_00be:/* 1C | */ldc. i4.6

IL_00bf:/* 8D | (01) Running 1f */newarr [mscorlib/* 23000001 */] System. String/* 01_1f */

IL_00c4:/* 13 | 0D */stloc. s V_13

IL_00c6:/* 11 | 0D */ldloc. s V_13

IL_00c8:/* 16 | */ldc. i4.0

IL_00c9:/* 72 | (70) 0070A3 */ldstr http://26836659.blgocn.com/verify_license.php? // Here is the verification URL. I changed it to my BLOG.

+ "Email ="/* 700070A3 */

IL_00ce:/* A2 | */stelem. ref

IL_00cf:/* 11 | 0D */ldloc. s V_13

IL_00d1:/* 17 | */ldc. i4.1

IL_00d2:/* 02 | */ldarg.0

IL_00d3:/* 7B | (04) 00010E */ld1_class [System. windows. forms/* 23000002 */] System. windows. forms. textBox/* 01000055 */de/* 02000049 */: e/* 0400010E */

IL_00d8:/* 6F | (0A) 000076 */callvirt instance string [System. windows. forms/* 23000002 */] System. windows. forms. control/* 01000039 */: get_Text ()/* 0A000076 */get the text content, which should be our mailbox

IL_00dd:/* A2 | */stelem. ref

IL_00de:/* 11 | 0D */ldloc. s V_13

IL_00e0:/* 18 | */ldc. i4.2

IL_00e1:/* 72 | (70) 007115 */ldstr "& password ="/* 70007115 */Entered password

IL_00e6:/* A2 | */stelem. ref

IL_00e7:/* 11 | 0D */ldloc. s V_13

IL_00e9:/* 19 | */ldc. i4.3

IL_00ea:/* 02 | */ldarg.0

IL_00eb:/* 7B | (04) 00010C */ld1_class [System. windows. forms/* 23000002 */] System. windows. forms. textBox/* 01000055 */de/* 02000049 */: c/* 0400010C */

IL_00f0:/* 6F | (0A) 000076 */callvirt instance string [System. windows. forms/* 23000002 */] System. windows. forms. control/* 01000039 */: get_Text ()/* 0A000076 */

IL_00f5:/* A2 | */stelem. ref

IL_00f6:/* 11 | 0D */ldloc. s V_13

IL_00f8:/* 1A | */ldc. i4.4

IL_00f9:/* 72 | (70) 00712B */ldstr "& mid ="/* 7000712B */machine code

IL_00fe:/* A2 | */stelem. ref

IL_00ff:/* 11 | 0D */ldloc. s V_13

& Nbs