A former netizen asked me to help crack a control. The string is also encrypted in this form, which is confused with Dotfuscator.
Il_2b19:ldstr ByteArray (9F FA 9A FC 9E FE 8B 6E)///... n.q.
Il_2b1e:call string a$pst06000001 (String)
The protection method of. NET software is simply limited to trial time, limited access to IP, with license key, the runtime display copyright prompts these several.
Limited or IP is the easiest to fix, regardless of whether there is no confusion, he will invoke the framework of things, and the framework of things can not be confused, so look for datetime, request, such as words, a few to fix.
If you use key, but also easy to track, at least he exposed a class to receive key. If the control throws an exception when it checks for illegal use, it is a much more foolish practice, because. NET provides a call stack when an error occurs, making it easier for me to track. Show copyright tips and the characters are confusing to the most difficult ( It's easy to be confused, just look for it because he never works like the official version.
The only control that stumped me was intersoft webgrid.net 3.5, because he handled it with Remotesoft protector. This protector is not a obfuscation, he is to make the. NET code into a Win32 image, Keep the metadata only. Breaking the controls he has handled and breaking the Win32 program is just as hard, I don't have the skills. Of course, there's very little software to use this stuff, because it's too expensive, thousands of dollars.
The break was a trial version of a chart control, and he left a faint statement of copyright watermark in the rendering of the chart. To break he had to start with the function of confusing the string, which was string a$pst06000001. function to write a inverse operation
Decompile This function with the reverse compiler:
private static string A (string a_0)
{
char[] CHS = new char[(UINT) a_0.length];
int i = 732379897;
for (int j = 0; J < (int) CHS. Length; J + +)
{
char ch = a_0.chars (j);
BYTE B1 = (byte) (Ch & ' u00ff ' ^ i++);
byte b2 = (byte) (ch >> ' ^ i++);
CHS[J] = (ushort) (B2 << 8 | b1);
}
return string. Intern (new string (CHS));
}
At first glance, it seems hard to start. The confusing process turns out to be an and a shift, an XOR, or, two intermediate variables, and then mix again ... But this algorithm must be reversible, or how he can be encrypted and decrypted. Sure enough, look carefully, there are a lot of places that scare people. The original and and or are fundamentally irreversible, and the associated operations are definitely obsolete:
First sentence byte B1 = (byte) (Ch & ' u00ff ' ^ i++); B1 is a 8-bit integer, so CH & FF does not change anything at all, so it can be simplified to (byte) (ch ^ i++)
Second sentence of byte b2 = (byte) (ch >> ' ^ i++); I don't see what's wrong, CH is 16-bit, 8-bit right move may affect
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.