StartAllBack_3.3.5 记录

定位check函数：checklicense_5C6310

主要检验函数在StartAllBackX64.dll模块导出函数 102号

check主要调用rsa_180001F4C

char __fastcall rsa_180001F4C(PUCHAR pbInput, void *Buf2, _DWORD *a3)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  phKey = 0i64;
  v6 = BCryptImportKeyPair((BCRYPT_ALG_HANDLE)0xE1, 0i64, L"RSAPUBLICBLOB", &phKey, (PUCHAR)"RSA1", 0x9Bu, 8u);
  if ( v6 )
  {
    OutputDebug_180001A9C("SIBActivation: BCryptImportKeyPair failed %x", v6);
  }
  else
  {
    pcbResult = 128;
    v7 = BCryptEncrypt(phKey, pbInput, 0x80u, 0i64, 0i64, 0, pbOutput, 0x80u, &pcbResult, 0);
    BCryptDestroyKey(phKey);
    if ( v7 )
    {
      OutputDebug_180001A9C("SIBActivation: BCryptEncrypt failed %x", 0i64);
    }
    else
    {
      if ( a3 )
        *a3 = 0;

      v8 = pcbResult;
      v9 = 0;
      v10 = pcbResult - 96;
      do
      {
        if ( !memcmp(&pbOutput[v9], Buf2, 0x20ui64) )
        {
          if ( v9 <= 0x1A && a3 && *(_DWORD *)&pbOutput[v9 + 96] == 'ABAS' && *(_WORD *)&pbOutput[v9 + 100] == 'LL' )
            *a3 = 1;

          if ( !memcmp(&pbOutput[v9 + 32], "4e9934f69c3fd8c3e8502a2fd1ab89c2e78671d38a9b97ba313f5eaba6fd420f", 0x40ui64) )
          {
            if ( a3 )
              *a3 = 1;

            return 1;
          }

          if ( !memcmp(&pbOutput[v9 + 32], (char *)Buf2 + 32, 0x20ui64)
            || !memcmp(&pbOutput[v9 + 64], (char *)Buf2 + 64, 0x20ui64) )
          {
            return 1;
          }
        }

        ++v9;
      }
      while ( v9 <= v10 );

      if ( (_DWORD)v8 )
      {
        v11 = pbOutput;
        v12 = v8;
        do
        {
          if ( *v11 < 0x20u )
            *v11 = 32;

          ++v11;
          --v12;
        }
        while ( v12 );
      }

      pbOutput[128] = 0;
      OutputDebug_180001A9C(
        "SIBActivation: mismatch; expected '%s' decrypted '%s'",
        (const char *)Buf2,
        (const char *)pbOutput);
    }
  }

  return 0;
}

 

patch StartAllBackX64.dll模块 StartAllBackX64_102