Teach you step-by-step encryption and decryption technology--software protection Technology (1) (1)

Source: Internet
Author: User
Keywords Decryption crack.
6th chapter of software Protection techniques common Protection skills 1, serial number mode (1) Serial number protection mechanism mathematical algorithm is the core of password encryption, but in general software encryption, it does not seem to be very concerned about, because most of the time the software encryption itself to achieve a programming skill. But in recent years with the popularity of serial number encryption programs, the proportion of mathematical algorithms in software encryption seems to be getting bigger. Let's take a look at the way the serial number encryption works on the network. When a user downloads a shareware--share software from the network, there is usually a time limit, and after the trial period of shareware, you have to register with the software company to continue using it. The registration process is generally the user to their personal information (generally referred to as the name) with the credit card number to the software company, the software company will be based on the user's information to calculate a sequence code, after the user gets this sequence code, in accordance with the steps required to register the software to enter the registration information and The legality of its registration information by software verification, the software will cancel out its own restrictions, this encryption to achieve a relatively simple, do not require additional costs, user purchase is also very convenient, the software on the Internet 80% are in this way to protect. We notice that the software verifies the legality of the serial number, which is the process of verifying that the conversion relationship between the username and serial number is correct. There are two basic types of verification, one is to generate the registration code by the name entered by the user, compared with the registration code entered by the user, the formula is as follows: Serial number = F (user name) but this method is equivalent to reproducing the software company generated registration code in the user software, in fact, is very unsafe, no matter how complicated the conversion process , a decryption person can compile a generic registration procedure by simply extracting your conversion process from the program. The other is through the registration code to verify the correctness of the user name, the formula is as follows: User name = f Inverse (serial number) (such as ACDSee, small building note) This is actually the software company registration code calculation process of the inverse algorithm, if the forward algorithm and reverse algorithm is not symmetric algorithm, for the decryption, it is indeed a bit difficult, But this algorithm is rather bad design. So someone thought about the algorithm: F1 (user name) = F2 (serial number) F1, F2 are two completely different algorithms, but the user name through the F1 algorithm to calculate the characteristic word is equal to the serial number through the F2 algorithm to calculate the character, this algorithm in the design is relatively simple, Confidentiality is much better than the above two algorithms. If the F1, F2 algorithm can be designed as an irreversible algorithm, confidentiality is very good, but once the decryption person to find one of the inverse algorithm, this algorithm is not safe. The design of one-element algorithm it seems hard to make a breakthrough, then two dollars? Specific value = F (username, serial number) This algorithm looks pretty good, user name and orderThe relationship between the number of columns is no longer so clear, but also lost the user name in the serial number of the one by one correspondence, the software developers must maintain their own user name and serial number of uniqueness between, but this does not seem to be difficult to do, to build a database is good. Of course, you can also according to this idea of the user name and serial number into several parts to construct a multivariate algorithm. Specific value = F (user name 1, username 2, ...) Serial number 1, serial number 2 ... The existing serial number encryption algorithms are mostly designed by software developers, and most of them are quite simple. And some algorithms, although the author of a great effort, the effect is often not get the results it wants. In fact, there are many existing encryption algorithms can be used, such as RSADES,MD4,MD5, but these algorithms are for encryption text or password used in the serial number of encryption is somewhat different. I am here to try to cite an example, hope to have the effect: 1, in the software program has a section of encrypted ciphertext s 2, key = F (username, serial number) with the above two-yuan algorithm to get key 3, clear text D = f-des (ciphertext s, key) using the resulting key to decrypt the text get clear D 4, CRC = F-CR C (Clear-text D) apply various CRC statistics 5 to the obtained plaintext and check the CRC for correctness. It is best to design several CRC algorithms to check whether multiple CRC results are correctly used in this way, in the absence of a known correct serial number is always the correct sequence of numbers can not be calculated. (2) How to attack serial number protection to find the serial number, or to modify the decision after the sequence number of the jump instructions, the most important thing is to use a variety of tools to locate the code segment to determine the serial number. These commonly used APIs include Getdlgitemint, Getdlgitemtexta, Gettabbedtextextenta, Getwindowtexta, hmemcpy (Windows 9x only), LSTRCMP, Lstrlen, memcpy (limited to nt/2000). 1 The secret of data binding this concept is proposed by +ORC, and is limited to the type of protection that is used to compare registration codes in clear text. In most sequence number protection programs, the true, correct registration code or password (Password) will appear in memory at some point in time, of course it appears in a variable position, but in most cases it will be within a range, that is, the memory address of the user input serial number ±0x90 bytes. This is determined by the constraints of a Windows data transfer within the tool used by the cryptographic user. 2 hmemcpy function (commonly known as Universal breakpoint) function hmemcpy is the internal function of windows9x system, located in KERNEL32.DLL, its function is to copy a piece of data in memory to another place. Due to the frequent windows9x systemUse this function to handle various strings, so use it as a breakpoint is very practical, it is the Windows9x platform most common breakpoint. This breakpoint is not in Windows nt/2k because its kernel and windows9x are completely different. 3 S command because the s command ignores pages that are not in memory, you can use the 32-bit planar address data segment descriptor 30h in the entire 4GB (0~FFFFFFFFH) space to find, generally used under windows9x. The specific steps are: first enter the name or false serial number (such as: 78787878), press CTRL switch to SoftICE under the search command: s 30:0 L ffffffff ' 78787878 ' will search out the address: ss:ssssssss (these addresses may be more than one), and then use a BPM breakpoint to monitor the search for fake registration code, tracking how the program processing the input serial number, it is possible to find the correct serial number. 4 using message breakpoints can use message breakpoints Wm_gettext and wm_command in processing strings. The former is used to read the text in a control, such as the serial number in the Copy edit window to a buffer provided by the program, and the latter is used to notify the parent window of a control, such as clicking the OK button when the serial number is entered, and the parent window of the button will receive a WM_COMMAND message To indicate that the button is clicked. bmsg xxxx wm_gettext (intercept serial number) bmsg xxxx wm_command (intercept OK button) can use the HWND command provided by SoftICE to get the window handle information, also can take advantage of Spy + + in Visual Studio The utility gets the handle value of the corresponding window and then uses BMSG to set the breakpoint to intercept. Example: Bmsg 0129 wm_command 1 2 3 4 next page >> content navigation to force (0 votes) (0 Votes) nonsense (0 Votes) The professional (0 votes) The title party (0 Votes) passed (0 Votes) The original text: teach you step-by-step encryption and decryption technology--software protection Technology (1) (1) Return to network Ann All Home
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.