Proxifier 分析

Proxifier Portable Edition v4.07

注册事件定位到register_43BA20

 

 检验key格式：XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

检验key[2]     

‘Y’-->The registration key from Proxifier v2 doesn't work with Proxifier v4. Please upgrade your license.

 

 

key关键检验函数checkkey_402360，

检验key长度29   --》 5*5+4

 

key[2]==key[14]

 

 后面将key拆分4部分，

#include <algorithm>
#include <iostream>
#include <string.h>
using namespace std;
int  tohash(wstring& a1)
{
    int v1;
    int i = 0; // edx
    int v3 = 0; // esi
    unsigned __int16 v5 = 0; // ax
    int v6 = 0; // esi

    v1 = 0;
    for (i = a1.length() - 1; i >= 0; --i)
    {
        v3 = 32 * v1;
        v5 = a1[i];
        if (v5 == L'W')
        {
            v5 = '0';
            v6 = v3 - '0';
        }
        else
        {
            switch (v5)
            {
            case 'X':
                v5 = 'O';
                break;

            case 'Y':
                v5 = '1';
                v6 = v3 - '0';
                goto LABEL_9;
                /* v1 = v5 + v6;
                 continue;*/

            case 'Z':
                v5 = 'I';
                break;

            default:
                if ((unsigned __int16)(v5 - '0') <= 9u)
                {
                    v6 = v3 - '0';
                    goto LABEL_9;
                }

                break;
            }

            v6 = v3 - '7';
        }

    LABEL_9:
        v1 = v5 + v6;
    }
    return v1;
}
uint32_t crc32_formula_normal_noreverse(size_t len, const void* data, const uint32_t POLY = 0x04C11DB7)
{
    const unsigned char* buffer = (const unsigned char*)data;
    uint32_t crc = -1;

    while (len--)
    {
        crc = crc ^ (*buffer++ << 24);
        for (int bit = 0; bit < 8; bit++)
        {
            if (crc & (1L << 31)) crc = (crc << 1) ^ POLY;
            else                  crc = (crc << 1);
        }
    }
    return ~crc;
}
/*
    cstring_402A90(&v28, v13 + 20, v12);        // 最后一部分
    temp = tohash(v28);
    part_1_ = temp ^ (temp << 7);

    cstring_402A90((wstring *)&v28.length, v15 + 15, v11);// 倒数第2部分
    retarray[7] = tohash(*(wstring *)&v28.length);
    v16 = 7;
    length = 7;
    temp = 0;


    cstring_402A90((wstring *)&v30, v18, v29);  // [0]-7个数
    part_2_ = tohash(*(wstring *)&v30);
    p_temp = &temp;

    cstring_402A90((wstring *)&temp, v19 + 7, v16);// [7]-7个数
    part_3_ = part_1_ ^ tohash(*(wstring *)&temp) ^ 0x87654321;
    part_2_ ^= part_1_ ^ 0x12345678;
    temp_8 = (char *)part_2_;
    temp_16 = retarray[7];
    v21 = -1;
    temp_12 = part_3_;
    for ( i = 0; i < 0xC; ++i )                 // crc32

ret[0]  0'Proxifier Standard Edition'
        1'Proxifier Portable Edition'
        2'Proxifier for Mac',0
ret[1]  version1
ret[2]  version2==>wstring
ret[3]
ret[4]  year
ret[5]  mon
ret[6]
ret[7]
*/
#include <Windows.h>
#define HIWORD(l)           ((WORD)((((DWORD_PTR)(l)) >> 16) & 0xffff))
//keywstr = L"11111-22222-33333-44444-55555";
//int retarray[8] = { 0 };
int check(int* const& retarray, wstring& keywstr) {
    //wstrrepl[2] -->keyversion flag if=='Y' The registration key from Proxifier v2 doesn't work with Proxifier v4
    keywstr.erase(remove(keywstr.begin(), keywstr.end(), L'-'), keywstr.end());
    wstring wstrrepl(keywstr);
    wstrrepl[2] = wstrrepl[14];
    wstring s1 = wstrrepl.substr(20, 5);
    wstring s2 = wstrrepl.substr(15, 5);
    wstring s3 = wstrrepl.substr(0, 7);
    wstring s4 = wstrrepl.substr(7, 7);


    int ret = 0;
    int part1, part2, part3;
    int crc32_target = tohash(s1);
    part1 = crc32_target ^ (crc32_target << 7);
    printf("part1= crc32_target ^ (crc32_target << 7) -->%#x %S:", part1, s1.c_str());
    std::cout << std::hex << crc32_target << endl;

    retarray[7] = tohash(s2);
    printf("retarray[7] = tohash(s) %S:", s2.c_str());
    std::cout << std::hex << retarray[7] << endl;

    part2 = tohash(s3);
    printf("part2 %S:", s3.c_str());
    std::cout << std::hex << part2 << endl;

    printf("%S:", s4.c_str());
    int x = tohash(s4);
    std::cout << std::hex << x << endl;
    part3 = part1 ^ x ^ 0x87654321;
    part2 ^= part1 ^ 0x12345678;
    printf("part3:%#x part2:%#x\n", part3, part2);

    int crccheck[3] = { 0 };
    crccheck[0] = part2;
    crccheck[1] = part3;
    crccheck[2] = retarray[7];
    printf("\n\n\n\ncrccheck data:%#x %#x %#x \n", part2, part3, retarray[7]);
    //part2、part3、part1
    ret = crc32_formula_normal_noreverse(0xc, crccheck);
    //printf("crc32:%#x\n", ret);
    printf("crc32:%#x\n", (~ret) & 0x1ffffff);
    if (part1 == ret)            // prat1
    {
        unsigned __int16 v24 = (unsigned __int16)part2;
        int v25 = HIWORD(part2) & 0x1F;
        retarray[0] = part2 >> 21;
        retarray[1] = v25;
        retarray[2] = v24 >> 5;
        int v26 = HIWORD(part3);
        retarray[3] = v24 & 0x1F;
        retarray[6] = (unsigned __int16)part3;
        if (HIWORD(part3))
        {
            retarray[4] = v26 / 0xC + 2000;
            v26 %= 0xCu;
        }
        else
        {
            retarray[4] = v26;
        }

        retarray[5] = v26;
        ret = 1;
    }
    else
    {
        printf("Incorrect key\n");
        ret = 0;
    }
    return ret;
}
int main()
{
    wstring keywstr = L"11111-22222-33333-44444-55555";
    int retarray[8] = { 0 };
    int ret = check(retarray, keywstr);
    if (ret) {
        printf("\n\n\n\n");
        for (int i = 0; i < 4; ++i) {
            printf("ret[%d]:%#x\n", i, retarray[i]);
        }
    }
}

检验check函数的参数1