破解某英语学习系统

某英语软件,功能很强大,听,说,读,词都有。软件的保护也很强大,是由序列号 机器码 激活码 在线网络验证组成。

序列号是由16位数字组成,机器码是根据硬件信息组成,激活码是由9位数字组成。网络验证是通过webservice 验证。
还好,软件是由.net编写,大部份代码都没有加密,只重要代码才使用工具混淆过了。开是拿出.net反编工具Reflector查看代码组构,经过一翻查找,终于找到了相关加密函数。他的序列号算法:
private int checkcode()
虽然代码经过混淆,但主要部份还是能看得清楚。算法基本为:
int[] code = new int[16];
            for (int i = 0; i < code.Length; i )
            {
                code[i] = 0;
            }
            int num = GetFormatedNumeric();
            if (num >= 0 && num <= 3)
            {
                code[3] = 2;
                code[11] = 6;
            }
            else if (num > 3 && num <= 6)
            {
                code[3] = 5;
                code[11] = 2;
            }
            else
            {
                code[3] = 7;
                code[11] = 4;
            }
            code[14] = GetFormatedNumeric();
            code[10] = GetFormatedNumeric();
            code[6] = GetFormatedNumeric();
            code[7] = GetFormatedNumeric();
            code[12] = GetFormatedNumeric();
            code[13] = GetFormatedNumeric();
            code[0] = ((code[14] * code[10] * code[6]) 3) % 10;
            code[1] = (code[10] (code[13] * code[14]) 8) % 10;
            code[2] = (((code[14] code[6] code[12]) * 3) 2) % 10;
            code[4] = ((((code[7] * code[6]) code[10]) * 6) 7) % 10;
            code[5] = ((code[14] (code[10] * code[13])) 3) % 10;
            code[8] = ((code[7] (code[12] * code[6])) * 4) % 10;
            code[9] = (((code[10] code[13] code[7]) * 2) 3) % 10;
            code[15] = ((code[7] code[14]) * 4) % 10;
激活码部份算法更为复杂,激活码是通过序列号和机器码计算出来的。
最终破解算法为:
        public string Getcode(string regstr, string Mcode)
        {
            int[] numArray3 = new int[(Strings.Len(Strings.Trim(regstr)) - 1) 1];
            int num3 = Strings.Len(Strings.Trim(regstr)) - 1;
            for (int num2 = 0; num2 <= num3; num2 )
            {
                numArray3[num2] = Conversions.ToInteger(Strings.Mid(Strings.Trim(regstr), num2 1, 1));
            }
            int[] numArray2 = new int[(Strings.Len(Strings.Trim(Mcode)) - 1) 1];
            int num4 = Strings.Len(Strings.Trim(Mcode)) - 1;
            for (int num2 = 0; num2 <= num4; num2 )
            {
                numArray2[num2] = Conversions.ToInteger(Strings.Mid(Strings.Trim(Mcode), num2 1, 1));
            }
            int[] numArray4 = new int[8];
            numArray4[0] = (((numArray2[0] numArray2[1]) (numArray3[4] * 3)) % 10);
            numArray4[1] = (((numArray2[2] * numArray3[15]) numArray3[14]) % 10);
            numArray4[2] = (((numArray2[3] * numArray3[9]) (numArray3[7] * 3)) % 10);
            numArray4[3] = (((numArray2[2] numArray2[7]) (numArray3[12] * numArray3[13])) % 10);
            numArray4[4] = (((numArray2[5] * numArray2[8]) (numArray3[6] * numArray3[11])) % 10);
            numArray4[5] = (((numArray2[3] numArray3[8]) (numArray3[5] * 3)) % 10);
            numArray4[6] = (((numArray2[4] (numArray3[0] * numArray3[1])) numArray3[10]) % 10);
            numArray4[7] = (((numArray2[6] * numArray3[2]) numArray3[3]) % 10);
            string str = string.Empty;
            foreach (int i in numArray4)
            {
                str = i.ToString();
            }
            return str;
        }
于是写了一个注册机,如下:
然后再用ildasm 和 ilasm 重成生成,并去掉网络验证部份代码。
破解完成。
posted on 2010-01-29 14:19  jannock  阅读(958)  评论(2编辑  收藏  举报