DrawPad 离线注册
DrawPad 离线注册
目录
仅分析离线注册,联网时注册会有网络校验regcheck
reg_dialog_549414
定位注册对话框
char __stdcall reg_dialog_549414(HWND hWndParent, char a2)
{
// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]
sub_584660(dwInitParam);
v2 = 0;
v7 = a2;
v6 = 0;
dwInitParam[0] = (int)off_6FB4E0;
v5 = (void (__noreturn **)())&off_6FB524;
hWnd = 0;
ho = 0;
v10 = 0;
if ( (unsigned __int8)dialog_404977((LPARAM)dwInitParam, hWndParent, 0x2Au) )
{
sub_54D236(&off_6EFE38);
DeleteObject(ho);
if ( hWnd )
DestroyWindow(hWnd);
v2 = 1;
}
else
{
DeleteObject(ho);
if ( hWnd )
DestroyWindow(hWnd);
}
v5 = &off_6FAF84;
sub_50F2FE();
sub_59D540();
return v2;
}
parpms==>callback
.rdata:006FB4E0 off_6FB4E0 dd offset reg_5486C3 ; DATA XREF: reg_dialog_549414+29↑o
.rdata:006FB4E4 dd offset sub_45B683
.rdata:006FB4E8 dd offset nullsub_2
.rdata:006FB4EC dd offset do_reg_5489A4
.rdata:006FB4F0 dd offset sub_45158A
.rdata:006FB4F4 dd offset sub_548D84
.rdata:006FB4F8 dd offset nullsub_2
.rdata:006FB4FC dd offset sub_54827F
.rdata:006FB500 dd offset sub_4089B9
.rdata:006FB504 dd offset sub_421E3D
.rdata:006FB508 dd offset sub_58467B
.rdata:006FB50C dd offset sub_403538
.rdata:006FB510 dd offset sub_403731
.rdata:006FB514 dd offset GetMenu
.rdata:006FB518 dd offset sub_4C419B
.rdata:006FB51C dd offset sub_549372
.rdata:006FB520 dd offset sub_5493A9
reg_5486C3
UINT_PTR __thiscall reg_5486C3(HWND *this)
{
// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]
v17 = check_isreg_54A525();//can patch this ==> ret 1
sub_59FE66(
(int)this,
(int)(this + 0x32),
0x6C,
(int)L"Click this button if you have copied the registration code (e.g. with Ctrl+C)");
sub_402B95((HGDIOBJ *)this + 0x33, this[1], 0, 1, 0);
sub_4031BE(0x74, (int)(this + 0x33));
sub_59F57C((int)this, 0x77, (int)L"https://www.nch.com.au/support/reg.html");
sub_4031BE(0x7A, (int)(this + 0x33));
if ( v17 )
{
v14 = (int *)L"https://www.nch.com.au/upgrade/index.html";
}
else
{
v25 = v29;
v26 = 0;
v27 = 0x2001;
sub_547D30((int)&v25, 0);
*((_WORD *)v25 + v26) = 0;
v14 = v29;
}
sub_59F57C((int)this, 0x80, (int)v14);
wprintf_5459B0(0x104, (int)L"%s Registration Code:", L"DrawPad");
sub_59DC6A(0x6B, v28);
wprintf_5459B0(0x104, (int)L"Register %s");
sub_403269(v28, (int)this);
if ( v17 )
sub_59DC6A(0x80, L"Upgrade License Online");
v2 = sub_403BB6((int)this, 0x76, L"Visit our ");
sub_59DAD9(0x76, (int)&v22, (int)&Y, (int)&hWnd, (int)&cy);
sub_59DAD9(0x77, (int)&v23, (int)&v21, (int)&hWnd, (int)&cy);
v15 = cy;
v12 = v3;
v4 = sub_403B85((int)this, 0x77);
sub_59D9B4(v12, (int)this, 0x77, v2 + v22, Y, v4, v15);
sub_59DAD9(0x7D, (int)&v21, (int)&v24, (int)&Y, (int)&v22);
sub_59DAD9(0x7F, (int)&hWnd, (int)&v23, (int)&Y, (int)&cy);
v5 = v24 + v22;
sub_59D9B4((void *)v24, (int)this, 0x7F, (int)hWnd, v24 + v22, Y, cy);
sub_59DAD9(0x80, (int)&v21, (int)&v23, (int)&Y, (int)&cy);
v6 = sub_59D654((void *)4, this[1]);
v16 = cy;
v21 = v6;
v13 = Y;
v7 = sub_403B85((int)this, 0x7F);
sub_59D9B4(v8, (int)this, 0x80, (int)hWnd + v21 + v7, v5, v13, v16);
sub_5A0E9B(0x6A, 0x7B, 0x300);
if ( sub_548199 )
sub_5A1A3A((_DWORD **)this + 0xA, 0x111, (int)sub_5A0C70, 0x6A, (int)sub_548199, 0);
hWnd = GetDlgItem(this[1], 0x6A);
if ( !GetPropW(hWnd, L"OldWndProcPaste") )
{
v9 = (void *)SetWindowLongW(hWnd, 0xFFFFFFFC, (LONG)sub_5484EF);
SetPropW(hWnd, L"OldWndProcPaste", v9);
}
DlgItem = GetDlgItem(this[1], 106);
sub_5328D5((int)this, DlgItem, (LPARAM)L"e.g., 123456-xdhfnekf");
sub_59DC28(L"Register", (int)this, 1);
sub_406DD3((int)this, (int)this + 0xBF);
return SetTimer(*(HWND *)((char *)this + 0xC3), 0x64u, 0, 0);
}
do_reg_5489A4
char __thiscall do_reg_5489A4(void *this)
{
// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]
v18 = (int)this;
// id-key
sub_59DB56(106, v34);//获取id-key
v17 = v34;
// '-' 分隔成2部分,id和key
sub_5D3613(v1, &v17, '-', (int)key); // 123456-xdhfnekf
wstr_copy_54596E(v17, key_1, 0x104);
id_ = j___wtol(key);
*(_DWORD *)id = id_;
_wcslwr(key_1);
if ( !key[0] || !id_ )
{
sub_5A02D2(
v18,
106,
(int)L"Enter the ID number as it appears on your registration.",
2,
(int)L"Incorrect Registration Details");
return 0;
}
if ( key_1[0] )
{
// > 0x2C06AB
// &7 !=1 !=2
ArgList = check_id_53C7FA(id_);
if ( (unsigned int)id_ > 100000000 && wcslen(key_1) == 8 && key_1[4] == 'e' && key_1[5] == 'n' )
v4 = id_ / 0x64;
else
v4 = id_;
// 0x6D2BD7 7154647d
// 0x711392 7410578d
if ( (unsigned int)(v4 - 1) <= 0x6D2BD7 && v4 < 0x711392 && (ArgList <= 0 || ArgList > 2) )
{
//新版本key不走此分支
//故:check_id 需要返回1 or 2
v5 = j__atol("11.53") - 1;
if ( v5 < 0 )
v5 = 0;
wprintf_5459B0(
0x104,
(int)L"The code you are attempting to use is not valid for version 11.53 of DrawPad (it was for version %d.xx or p"
"revious versions).",
v5);
v6 = *(_BYTE *)(v18 + 0xC7) == 0;
v21 = 0x1388;
v22 = L"View Upgrade Pricing Options";
v23 = L"Upgrade pricing is significantly lower than normal pricing.\r\n"
"Click here to see the discounted upgrade options.";
v24 = 0x1389;
v25 = L"Continue Without Registering";
if ( v6 )
v25 = L"Exit and Close DrawPad";
v13 = *(_DWORD *)(v18 + 4);
v26 = 0;
v27 = 0;
v28 = 0;
v29 = 0;
sub_58ED2E((int)v31, v13, (int)L"Upgrade Required", (int)L"Invalid Old Version Code", (int)File, (int)&v21, 0, 0);
v7 = sub_58F5A3((LPARAM)v31) - 0x1388;
if ( v7 )
{
if ( v7 == 1 )
sub_403194(v18);
goto LABEL_7;
}
wprintf_5459B0(
0x104,
(int)L"https://www.nch.com.au/upgrade/index.html?software=drawpad&upgradeid=%d&upgradekey=%s",
*(_DWORD *)id,
key_1);
v3 = (WCHAR *)&v35;
goto LABEL_6;
}
//新版本id、key校验
ArgList = 0xFFFFFFFF;
v17 = 0;
*(_DWORD *)v19 = 0;
v8 = check_key_547842(key_1, id_, &v17);
v9 = (HWND *)v18;
v16 = v8;
if ( !v17 )
{
HIDWORD(v14) = v19;
LODWORD(v14) = &ArgList;
// Validate Key;网络校验
if ( !Validate_Key_549234(v18, (_BYTE *)id_, v14) )
return 0;
}
if ( v16 )
{
dword_729260 = 0;
save_reg_401D49((int)L"Registration", L"SS", ArgList);
save_reg_401D49((int)L"Registration", L"SU", v19[0]);
if ( ArgList == 5 )
{
save_reg_401D49((int)L"Registration", L"ID", 0);
return 1;
}
save_reg_401D49((int)L"Registration", L"ID", id[0]);
set_reg_53F23B((int)L"Registration", L"Key", (BYTE *)key_1);
if ( !dword_729260 )
{
v11 = time(0);
save_reg_401D49((int)L"Registration", L"RGDT", v11);
reg_del_53F2C1((int)L"Registration", L"Downgraded");
sub_547FB8();
sub_582D95(
L"Continue",
v9[1],
L"Registration successful.\r\nThank you for registering DrawPad.",
L"Registration Accepted",
0xFFFD,
0x40u);
if ( v17 != (wchar_t *)2 )
sub_548D8E((int)v9, (int)v9[1]);
return 1;
}
}
sub_5A02D2(
(UINT_PTR)v9,
106,
(int)L"Please check:\r\n"
"- They are exactly identical to the details provided in your registration email.\r\n"
"- You are using the correct ID and key for the correct product. Only the ID and key for DrawPad will be accepted.",
2,
(int)L"Incorrect Registration Details");
return 0;
}
v12 = *(_DWORD *)(v18 + 4);
v21 = 0x1388;
v22 = (void **)L"Activate serial number online now";
v23 = (void **)L"Click here if you have not activated your 12-digit serial number online and have not received an ID-Key.";
v24 = 0x1389;
v25 = L"Already activated serial number";
v26 = L"If you have already activated your serial number online, check your email for the ID-key. Then, click here to en"
"ter your ID-Key.";
v27 = 0;
v28 = 0;
v29 = 0;
sub_58ED2E(
(int)v31,
v12,
(int)L"Online Activation is Required",
(int)L"ID-Key is required to complete the registration.",
(int)L"The code that you have entered is a license serial number. You must activate your serial number online to recei"
"ve the ID-Key needed to register DrawPad.",
(int)&v21,
0,
0);
if ( sub_58F5A3((LPARAM)v31) == 0x1388 )
{
wprintf_5459B0(0x104, (int)L"https://www.nch.com.au/activate/index.html?code=%s", key);
v3 = File;
LABEL_6:
sub_4010B4(v3);
}
LABEL_7:
sub_4088D2((int)v31);
return 0;
}
check_key_547842
char __userpurge check_key_547842@<al>(wchar_t *key@<eax>, unsigned int id, _DWORD *out)
{
if ( calc_idkey_54AB37(key, 0, id, out) )
return 1;
else
return calc_idkey_54AB37(key, 1u, id, out);
}
calc_idkey_54AB37
char __userpurge calc_idkey_54AB37@<al>(wchar_t *key@<edi>, unsigned __int16 flag, unsigned int id, _DWORD *out)
{
unsigned __int16 v5; // [esp+8h] [ebp-208h] BYREF
__int16 v6; // [esp+Ah] [ebp-206h]
__int16 v7; // [esp+Ch] [ebp-204h]
__int16 v8; // [esp+Eh] [ebp-202h]
calc_54A9A5(&v5, id / 100, flag);
if ( v5 == *key && v6 == key[1] && v7 == key[2] && v8 == key[3] && key[4] == 'e' && key[5] == 'n' )
{
*out = 0;
if ( wcslen(key) != 8 )
goto LABEL_16;
if ( id > 100000000 )
return 1;
}
if ( wcslen(key) == 8 )
{
calc_54A9A5(&v5, id, flag);
if ( v5 == *key && v6 == key[1] && v7 == key[2] && v8 == key[3] )
{
*out = 0;
return 1;
}
}
LABEL_16:
*out = 1;
return 0;
}
calc_54A9A5
int __userpurge calc_54A9A5@<eax>(unsigned __int16 *target@<esi>, unsigned int id, unsigned __int16 a3)
{
wchar_t *v3; // ecx
wchar_t *v4; // ecx
int v6[9]; // [esp+8h] [ebp-44h]
int v7[7]; // [esp+2Ch] [ebp-20h]
unsigned int v8; // [esp+48h] [ebp-4h]
unsigned int ida; // [esp+54h] [ebp+8h]
str_copy_40106E(L"abcdef", target);
v6[0] = (int)L"mnbvaq";
v6[1] = (int)L"cxzlbr";
v6[2] = (int)L"kjhgct";
v6[3] = (int)L"fdsady";
v6[4] = (int)L"poiueu";
v6[5] = (int)L"ytrefo";
v6[6] = (int)L"wqalgx";
v6[7] = (int)L"ksjdhv";
v6[8] = (int)L"hfgbif";
v7[0] = (int)L"qazwja";
v7[1] = (int)L"sxedkf";
v7[2] = (int)L"crfvlg";
v7[3] = (int)L"tgbymh";
v7[4] = (int)L"hnujni";
v7[5] = (int)L"miklop";
v7[6] = (int)L"plokpc";
v8 = id / 9;
transform_54A8FF((wchar_t *)v6[id % 9], target);
transform_54A8FF((wchar_t *)v7[v8 % 7], target);
ida = id / 0x3F;
v8 = ida / 9;
transform_54A8FF((wchar_t *)v6[ida % 9], target);
transform_54A8FF((wchar_t *)v7[v8 % 7], target);
ida /= 0x3Fu;
v8 = ida / 9;
transform_54A8FF((wchar_t *)v6[ida % 9], target);
transform_54A8FF((wchar_t *)v7[v8 % 7], target);
transform_54A8FF((wchar_t *)v6[ida / 0x3F % 9], target);
transform_54A8FF((wchar_t *)v7[ida / 0x3F / 9 % 7], target);
transform_54A8FF(L"hfgbif", v3); // target
transform_54A8FF(L"qazwja", v4); // target
transform_54A8FF((wchar_t *)v6[a3 % 9], target);// 0
return transform_54A8FF((wchar_t *)v7[a3 / 9 % 7], target);// 9
}
transform_54A8FF
int __usercall transform_54A8FF@<eax>(wchar_t *a1@<eax>, wchar_t *a2@<ecx>)
{
int result; // eax
int v3; // et2
*a2 = (*a2 + *a1 - 0xC2) % 0x1A + 0x61;
a2[1] = (a1[1] + a2[1] - 0xC2) % 0x1A + 0x61;
a2[2] = (a1[2] + a2[2] - 0xC2) % 0x1A + 0x61;
a2[3] = (a1[3] + a2[3] - 0xC2) % 0x1A + 0x61;
a2[4] = (a1[4] + a2[4] - 0xC2) % 0x1A + 0x61;
v3 = (a1[5] + a2[5] - 0xC2) % 0x1A;
result = (a1[5] + a2[5] - 0xC2) / 0x1A;
a2[6] = 0;
a2[5] = v3 + 0x61;
return result;
}
py
断网注册
import random
import string
def _check_id(id:int):
# if id<0x2C06AB:
# return False
x=id&7
return True if (x==1 or x==2) else False
def generate_id(upper_bound=0x7fffffff,condition_callback=_check_id ):
while True:
# 生成随机数
rand_num = random.randint(0x2C06AB+1, upper_bound)
# 如果随机数满足条件,返回该随机数
if condition_callback(rand_num):
return rand_num
def transform(a1:str, buffer:list):
assert len(a1) >= 6 and len(buffer) >= 6, "长度必须至少为6"
# a2 = list(a2)
for i in range(6):
buffer[i] = chr(((ord(a1[i]) + ord(buffer[i]) - 0xC2) % 0x1A) + 0x61)
return ''.join(buffer)
def calc_idkey(id:int):
a3=0
v6=['' for i in range(9)]
v7=['' for i in range(7)]
v6[0] = "mnbvaq"
v6[1] = "cxzlbr"
v6[2] = "kjhgct"
v6[3] = "fdsady"
v6[4] = "poiueu"
v6[5] = "ytrefo"
v6[6] = "wqalgx"
v6[7] = "ksjdhv"
v6[8] = "hfgbif"
v7[0] = "qazwja"
v7[1] = "sxedkf"
v7[2] = "crfvlg"
v7[3] = "tgbymh"
v7[4] = "hnujni"
v7[5] = "miklop"
v7[6] = "plokpc"
buffer=list('abcdef')
transform(v6[id%9],buffer)
v8 = id // 9
transform(v7[v8 % 7], buffer)
ida = id // 0x3F
v8 = ida // 9
transform(v6[ida % 9], buffer)
transform(v7[v8 % 7], buffer)
ida //= 0x3F
v8 = ida // 9
transform(v6[ida % 9], buffer)
transform(v7[v8 % 7], buffer)
transform(v6[ida // 0x3F % 9], buffer)
transform(v7[ida // 0x3F // 9 % 7], buffer)
transform(v6[8], buffer) # transform("hfgbif", target) #// target
transform(v7[0] , buffer) # transform("qazwja", target) # // target
transform(v6[a3 % 9], buffer) #// 0
transform(v7[a3 // 9 % 7], buffer) #// 9
return ''.join(buffer)
def gen():
id=generate_id()
print('[-]id:',id)
key=calc_idkey(id)
print('[-]calc key:',key)
s=string.ascii_letters+string.digits
pad=''.join(random.choices(s, k=2))
id_key='-'.join((str(id),key+pad))
print('\n\nid_key:\n',id_key,sep='')
if __name__=="__main__":
gen()
pass
断网使用
v11.47
v11.53
name 通过注册表添加