DrawPad 离线注册

DrawPad 离线注册

仅分析离线注册,联网时注册会有网络校验regcheck

reg_dialog_549414

定位注册对话框

char __stdcall reg_dialog_549414(HWND hWndParent, char a2)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  sub_584660(dwInitParam);
  v2 = 0;
  v7 = a2;
  v6 = 0;
  dwInitParam[0] = (int)off_6FB4E0;
  v5 = (void (__noreturn **)())&off_6FB524;
  hWnd = 0;
  ho = 0;
  v10 = 0;
  if ( (unsigned __int8)dialog_404977((LPARAM)dwInitParam, hWndParent, 0x2Au) )
  {
    sub_54D236(&off_6EFE38);
    DeleteObject(ho);
    if ( hWnd )
      DestroyWindow(hWnd);
    v2 = 1;
  }
  else
  {
    DeleteObject(ho);
    if ( hWnd )
      DestroyWindow(hWnd);
  }
  v5 = &off_6FAF84;
  sub_50F2FE();
  sub_59D540();
  return v2;
}

parpms==>callback

.rdata:006FB4E0 off_6FB4E0      dd offset reg_5486C3    ; DATA XREF: reg_dialog_549414+29↑o
.rdata:006FB4E4                 dd offset sub_45B683
.rdata:006FB4E8                 dd offset nullsub_2
.rdata:006FB4EC                 dd offset do_reg_5489A4
.rdata:006FB4F0                 dd offset sub_45158A
.rdata:006FB4F4                 dd offset sub_548D84
.rdata:006FB4F8                 dd offset nullsub_2
.rdata:006FB4FC                 dd offset sub_54827F
.rdata:006FB500                 dd offset sub_4089B9
.rdata:006FB504                 dd offset sub_421E3D
.rdata:006FB508                 dd offset sub_58467B
.rdata:006FB50C                 dd offset sub_403538
.rdata:006FB510                 dd offset sub_403731
.rdata:006FB514                 dd offset GetMenu
.rdata:006FB518                 dd offset sub_4C419B
.rdata:006FB51C                 dd offset sub_549372
.rdata:006FB520                 dd offset sub_5493A9

reg_5486C3

UINT_PTR __thiscall reg_5486C3(HWND *this)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  v17 = check_isreg_54A525();//can patch this ==> ret 1
  sub_59FE66(
    (int)this,
    (int)(this + 0x32),
    0x6C,
    (int)L"Click this button if you have copied the registration code (e.g. with Ctrl+C)");
  sub_402B95((HGDIOBJ *)this + 0x33, this[1], 0, 1, 0);
  sub_4031BE(0x74, (int)(this + 0x33));
  sub_59F57C((int)this, 0x77, (int)L"https://www.nch.com.au/support/reg.html");
  sub_4031BE(0x7A, (int)(this + 0x33));
  if ( v17 )
  {
    v14 = (int *)L"https://www.nch.com.au/upgrade/index.html";
  }
  else
  {
    v25 = v29;
    v26 = 0;
    v27 = 0x2001;
    sub_547D30((int)&v25, 0);
    *((_WORD *)v25 + v26) = 0;
    v14 = v29;
  }
  sub_59F57C((int)this, 0x80, (int)v14);
  wprintf_5459B0(0x104, (int)L"%s Registration Code:", L"DrawPad");
  sub_59DC6A(0x6B, v28);
  wprintf_5459B0(0x104, (int)L"Register %s");
  sub_403269(v28, (int)this);
  if ( v17 )
    sub_59DC6A(0x80, L"Upgrade License Online");
  v2 = sub_403BB6((int)this, 0x76, L"Visit our ");
  sub_59DAD9(0x76, (int)&v22, (int)&Y, (int)&hWnd, (int)&cy);
  sub_59DAD9(0x77, (int)&v23, (int)&v21, (int)&hWnd, (int)&cy);
  v15 = cy;
  v12 = v3;
  v4 = sub_403B85((int)this, 0x77);
  sub_59D9B4(v12, (int)this, 0x77, v2 + v22, Y, v4, v15);
  sub_59DAD9(0x7D, (int)&v21, (int)&v24, (int)&Y, (int)&v22);
  sub_59DAD9(0x7F, (int)&hWnd, (int)&v23, (int)&Y, (int)&cy);
  v5 = v24 + v22;
  sub_59D9B4((void *)v24, (int)this, 0x7F, (int)hWnd, v24 + v22, Y, cy);
  sub_59DAD9(0x80, (int)&v21, (int)&v23, (int)&Y, (int)&cy);
  v6 = sub_59D654((void *)4, this[1]);
  v16 = cy;
  v21 = v6;
  v13 = Y;
  v7 = sub_403B85((int)this, 0x7F);
  sub_59D9B4(v8, (int)this, 0x80, (int)hWnd + v21 + v7, v5, v13, v16);
  sub_5A0E9B(0x6A, 0x7B, 0x300);
  if ( sub_548199 )
    sub_5A1A3A((_DWORD **)this + 0xA, 0x111, (int)sub_5A0C70, 0x6A, (int)sub_548199, 0);
  hWnd = GetDlgItem(this[1], 0x6A);
  if ( !GetPropW(hWnd, L"OldWndProcPaste") )
  {
    v9 = (void *)SetWindowLongW(hWnd, 0xFFFFFFFC, (LONG)sub_5484EF);
    SetPropW(hWnd, L"OldWndProcPaste", v9);
  }
  DlgItem = GetDlgItem(this[1], 106);
  sub_5328D5((int)this, DlgItem, (LPARAM)L"e.g., 123456-xdhfnekf");
  sub_59DC28(L"Register", (int)this, 1);
  sub_406DD3((int)this, (int)this + 0xBF);
  return SetTimer(*(HWND *)((char *)this + 0xC3), 0x64u, 0, 0);
}

do_reg_5489A4

char __thiscall do_reg_5489A4(void *this)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  v18 = (int)this;
  // id-key
  sub_59DB56(106, v34);//获取id-key
  v17 = v34;
  // '-' 分隔成2部分,id和key
  sub_5D3613(v1, &v17, '-', (int)key);          // 123456-xdhfnekf
  wstr_copy_54596E(v17, key_1, 0x104);
  id_ = j___wtol(key);
  *(_DWORD *)id = id_;
  _wcslwr(key_1);
  if ( !key[0] || !id_ )
  {
    sub_5A02D2(
      v18,
      106,
      (int)L"Enter the ID number as it appears on your registration.",
      2,
      (int)L"Incorrect Registration Details");
    return 0;
  }
  if ( key_1[0] )
  {
    // > 0x2C06AB
    // &7  !=1 !=2
    ArgList = check_id_53C7FA(id_);
    if ( (unsigned int)id_ > 100000000 && wcslen(key_1) == 8 && key_1[4] == 'e' && key_1[5] == 'n' )
      v4 = id_ / 0x64;
    else
      v4 = id_;
    // 0x6D2BD7  7154647d
    // 0x711392  7410578d
    if ( (unsigned int)(v4 - 1) <= 0x6D2BD7 && v4 < 0x711392 && (ArgList <= 0 || ArgList > 2) )
    {
        //新版本key不走此分支
        //故:check_id 需要返回1 or 2
      v5 = j__atol("11.53") - 1;
      if ( v5 < 0 )
        v5 = 0;
      wprintf_5459B0(
        0x104,
        (int)L"The code you are attempting to use is not valid for version 11.53 of DrawPad (it was for version %d.xx or p"
              "revious versions).",
        v5);
      v6 = *(_BYTE *)(v18 + 0xC7) == 0;
      v21 = 0x1388;
      v22 = L"View Upgrade Pricing Options";
      v23 = L"Upgrade pricing is significantly lower than normal pricing.\r\n"
             "Click here to see the discounted upgrade options.";
      v24 = 0x1389;
      v25 = L"Continue Without Registering";
      if ( v6 )
        v25 = L"Exit and Close DrawPad";
      v13 = *(_DWORD *)(v18 + 4);
      v26 = 0;
      v27 = 0;
      v28 = 0;
      v29 = 0;
      sub_58ED2E((int)v31, v13, (int)L"Upgrade Required", (int)L"Invalid Old Version Code", (int)File, (int)&v21, 0, 0);
      v7 = sub_58F5A3((LPARAM)v31) - 0x1388;
      if ( v7 )
      {
        if ( v7 == 1 )
          sub_403194(v18);
        goto LABEL_7;
      }
      wprintf_5459B0(
        0x104,
        (int)L"https://www.nch.com.au/upgrade/index.html?software=drawpad&upgradeid=%d&upgradekey=%s",
        *(_DWORD *)id,
        key_1);
      v3 = (WCHAR *)&v35;
      goto LABEL_6;
    }
      //新版本id、key校验
    ArgList = 0xFFFFFFFF;
    v17 = 0;
    *(_DWORD *)v19 = 0;
    v8 = check_key_547842(key_1, id_, &v17);
    v9 = (HWND *)v18;
    v16 = v8;
    if ( !v17 )
    {
      HIDWORD(v14) = v19;
      LODWORD(v14) = &ArgList;
      // Validate Key;网络校验
      if ( !Validate_Key_549234(v18, (_BYTE *)id_, v14) )
        return 0;
    }
    if ( v16 )
    {
      dword_729260 = 0;
      save_reg_401D49((int)L"Registration", L"SS", ArgList);
      save_reg_401D49((int)L"Registration", L"SU", v19[0]);
      if ( ArgList == 5 )
      {
        save_reg_401D49((int)L"Registration", L"ID", 0);
        return 1;
      }
      save_reg_401D49((int)L"Registration", L"ID", id[0]);
      set_reg_53F23B((int)L"Registration", L"Key", (BYTE *)key_1);
      if ( !dword_729260 )
      {
        v11 = time(0);
        save_reg_401D49((int)L"Registration", L"RGDT", v11);
        reg_del_53F2C1((int)L"Registration", L"Downgraded");
        sub_547FB8();
        sub_582D95(
          L"Continue",
          v9[1],
          L"Registration successful.\r\nThank you for registering DrawPad.",
          L"Registration Accepted",
          0xFFFD,
          0x40u);
        if ( v17 != (wchar_t *)2 )
          sub_548D8E((int)v9, (int)v9[1]);
        return 1;
      }
    }
    sub_5A02D2(
      (UINT_PTR)v9,
      106,
      (int)L"Please check:\r\n"
            "- They are exactly identical to the details provided in your registration email.\r\n"
            "- You are using the correct ID and key for the correct product. Only the ID and key for DrawPad will be accepted.",
      2,
      (int)L"Incorrect Registration Details");
    return 0;
  }
  v12 = *(_DWORD *)(v18 + 4);
  v21 = 0x1388;
  v22 = (void **)L"Activate serial number online now";
  v23 = (void **)L"Click here if you have not activated your 12-digit serial number online and have not received an ID-Key.";
  v24 = 0x1389;
  v25 = L"Already activated serial number";
  v26 = L"If you have already activated your serial number online, check your email for the ID-key. Then, click here to en"
         "ter your ID-Key.";
  v27 = 0;
  v28 = 0;
  v29 = 0;
  sub_58ED2E(
    (int)v31,
    v12,
    (int)L"Online Activation is Required",
    (int)L"ID-Key is required to complete the registration.",
    (int)L"The code that you have entered is a license serial number. You must activate your serial number online to recei"
          "ve the ID-Key needed to register DrawPad.",
    (int)&v21,
    0,
    0);
  if ( sub_58F5A3((LPARAM)v31) == 0x1388 )
  {
    wprintf_5459B0(0x104, (int)L"https://www.nch.com.au/activate/index.html?code=%s", key);
    v3 = File;
LABEL_6:
    sub_4010B4(v3);
  }
LABEL_7:
  sub_4088D2((int)v31);
  return 0;
}

check_key_547842

char __userpurge check_key_547842@<al>(wchar_t *key@<eax>, unsigned int id, _DWORD *out)
{
  if ( calc_idkey_54AB37(key, 0, id, out) )
    return 1;
  else
    return calc_idkey_54AB37(key, 1u, id, out);
}

calc_idkey_54AB37

char __userpurge calc_idkey_54AB37@<al>(wchar_t *key@<edi>, unsigned __int16 flag, unsigned int id, _DWORD *out)
{
  unsigned __int16 v5; // [esp+8h] [ebp-208h] BYREF
  __int16 v6; // [esp+Ah] [ebp-206h]
  __int16 v7; // [esp+Ch] [ebp-204h]
  __int16 v8; // [esp+Eh] [ebp-202h]

  calc_54A9A5(&v5, id / 100, flag);
  if ( v5 == *key && v6 == key[1] && v7 == key[2] && v8 == key[3] && key[4] == 'e' && key[5] == 'n' )
  {
    *out = 0;
    if ( wcslen(key) != 8 )
      goto LABEL_16;
    if ( id > 100000000 )
      return 1;
  }
  if ( wcslen(key) == 8 )
  {
    calc_54A9A5(&v5, id, flag);
    if ( v5 == *key && v6 == key[1] && v7 == key[2] && v8 == key[3] )
    {
      *out = 0;
      return 1;
    }
  }
LABEL_16:
  *out = 1;
  return 0;
}

calc_54A9A5

int __userpurge calc_54A9A5@<eax>(unsigned __int16 *target@<esi>, unsigned int id, unsigned __int16 a3)
{
  wchar_t *v3; // ecx
  wchar_t *v4; // ecx
  int v6[9]; // [esp+8h] [ebp-44h]
  int v7[7]; // [esp+2Ch] [ebp-20h]
  unsigned int v8; // [esp+48h] [ebp-4h]
  unsigned int ida; // [esp+54h] [ebp+8h]

  str_copy_40106E(L"abcdef", target);
  v6[0] = (int)L"mnbvaq";
  v6[1] = (int)L"cxzlbr";
  v6[2] = (int)L"kjhgct";
  v6[3] = (int)L"fdsady";
  v6[4] = (int)L"poiueu";
  v6[5] = (int)L"ytrefo";
  v6[6] = (int)L"wqalgx";
  v6[7] = (int)L"ksjdhv";
  v6[8] = (int)L"hfgbif";
  v7[0] = (int)L"qazwja";
  v7[1] = (int)L"sxedkf";
  v7[2] = (int)L"crfvlg";
  v7[3] = (int)L"tgbymh";
  v7[4] = (int)L"hnujni";
  v7[5] = (int)L"miklop";
  v7[6] = (int)L"plokpc";
  v8 = id / 9;
  transform_54A8FF((wchar_t *)v6[id % 9], target);
  transform_54A8FF((wchar_t *)v7[v8 % 7], target);
  ida = id / 0x3F;
  v8 = ida / 9;
  transform_54A8FF((wchar_t *)v6[ida % 9], target);
  transform_54A8FF((wchar_t *)v7[v8 % 7], target);
  ida /= 0x3Fu;
  v8 = ida / 9;
  transform_54A8FF((wchar_t *)v6[ida % 9], target);
  transform_54A8FF((wchar_t *)v7[v8 % 7], target);
  transform_54A8FF((wchar_t *)v6[ida / 0x3F % 9], target);
  transform_54A8FF((wchar_t *)v7[ida / 0x3F / 9 % 7], target);
  transform_54A8FF(L"hfgbif", v3);              // target
  transform_54A8FF(L"qazwja", v4);              // target
  transform_54A8FF((wchar_t *)v6[a3 % 9], target);// 0
  return transform_54A8FF((wchar_t *)v7[a3 / 9 % 7], target);// 9
}

transform_54A8FF

int __usercall transform_54A8FF@<eax>(wchar_t *a1@<eax>, wchar_t *a2@<ecx>)
{
  int result; // eax
  int v3; // et2

  *a2 = (*a2 + *a1 - 0xC2) % 0x1A + 0x61;
  a2[1] = (a1[1] + a2[1] - 0xC2) % 0x1A + 0x61;
  a2[2] = (a1[2] + a2[2] - 0xC2) % 0x1A + 0x61;
  a2[3] = (a1[3] + a2[3] - 0xC2) % 0x1A + 0x61;
  a2[4] = (a1[4] + a2[4] - 0xC2) % 0x1A + 0x61;
  v3 = (a1[5] + a2[5] - 0xC2) % 0x1A;
  result = (a1[5] + a2[5] - 0xC2) / 0x1A;
  a2[6] = 0;
  a2[5] = v3 + 0x61;
  return result;
}

py

断网注册

import random
import string

def _check_id(id:int):
    # if id<0x2C06AB:
    #     return False
    x=id&7
    return True if (x==1 or x==2) else False

def generate_id(upper_bound=0x7fffffff,condition_callback=_check_id ):
    while True:
        # 生成随机数
        rand_num = random.randint(0x2C06AB+1, upper_bound)
        
        # 如果随机数满足条件,返回该随机数
        if condition_callback(rand_num):
            return rand_num

def transform(a1:str, buffer:list):

    assert len(a1) >= 6 and len(buffer) >= 6, "长度必须至少为6"

    # a2 = list(a2)

    for i in range(6):
        buffer[i] = chr(((ord(a1[i]) + ord(buffer[i]) - 0xC2) % 0x1A) + 0x61)
    

    return ''.join(buffer)  

def calc_idkey(id:int):
    a3=0
    v6=['' for i in range(9)]
    v7=['' for i in range(7)]
    v6[0] = "mnbvaq"
    v6[1] = "cxzlbr"
    v6[2] = "kjhgct"
    v6[3] = "fdsady"
    v6[4] = "poiueu"
    v6[5] = "ytrefo"
    v6[6] = "wqalgx"
    v6[7] = "ksjdhv"
    v6[8] = "hfgbif"
    v7[0] = "qazwja"
    v7[1] = "sxedkf"
    v7[2] = "crfvlg"
    v7[3] = "tgbymh"
    v7[4] = "hnujni"
    v7[5] = "miklop"
    v7[6] = "plokpc"
    buffer=list('abcdef')
    transform(v6[id%9],buffer)
    v8 = id // 9
    transform(v7[v8 % 7], buffer)
    ida = id // 0x3F
    v8 = ida // 9
    transform(v6[ida % 9], buffer)
    transform(v7[v8 % 7], buffer)
    ida //= 0x3F
    v8 = ida // 9
    transform(v6[ida % 9], buffer)
    transform(v7[v8 % 7], buffer)
    transform(v6[ida // 0x3F % 9], buffer)
    transform(v7[ida // 0x3F // 9 % 7], buffer)

    
    
    transform(v6[8], buffer)              # transform("hfgbif", target)              #// target
    transform(v7[0] , buffer)             # transform("qazwja", target)             # // target

    transform(v6[a3 % 9], buffer)        #// 0
    transform(v7[a3 // 9 % 7], buffer) #// 9

    return ''.join(buffer)
    


def gen():
    id=generate_id()
    print('[-]id:',id)
    key=calc_idkey(id)
    print('[-]calc key:',key)
    
    s=string.ascii_letters+string.digits
    pad=''.join(random.choices(s, k=2))
    id_key='-'.join((str(id),key+pad))
    print('\n\nid_key:\n',id_key,sep='')


if __name__=="__main__":
    gen()
    pass

断网使用

image-20241013185819642

v11.47

image-20241013185857198

v11.53

image-20241013191121190

name 通过注册表添加

image-20241013190056158

posted @ 2024-10-13 19:28  DirWangK  阅读(35)  评论(0编辑  收藏  举报