StartAllBack_3.3.5 记录
定位check函数:checklicense_5C6310
主要检验函数在StartAllBackX64.dll模块导出函数 102号
check主要调用rsa_180001F4C
char __fastcall rsa_180001F4C(PUCHAR pbInput, void *Buf2, _DWORD *a3) { // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] phKey = 0i64; v6 = BCryptImportKeyPair((BCRYPT_ALG_HANDLE)0xE1, 0i64, L"RSAPUBLICBLOB", &phKey, (PUCHAR)"RSA1", 0x9Bu, 8u); if ( v6 ) { OutputDebug_180001A9C("SIBActivation: BCryptImportKeyPair failed %x", v6); } else { pcbResult = 128; v7 = BCryptEncrypt(phKey, pbInput, 0x80u, 0i64, 0i64, 0, pbOutput, 0x80u, &pcbResult, 0); BCryptDestroyKey(phKey); if ( v7 ) { OutputDebug_180001A9C("SIBActivation: BCryptEncrypt failed %x", 0i64); } else { if ( a3 ) *a3 = 0; v8 = pcbResult; v9 = 0; v10 = pcbResult - 96; do { if ( !memcmp(&pbOutput[v9], Buf2, 0x20ui64) ) { if ( v9 <= 0x1A && a3 && *(_DWORD *)&pbOutput[v9 + 96] == 'ABAS' && *(_WORD *)&pbOutput[v9 + 100] == 'LL' ) *a3 = 1; if ( !memcmp(&pbOutput[v9 + 32], "4e9934f69c3fd8c3e8502a2fd1ab89c2e78671d38a9b97ba313f5eaba6fd420f", 0x40ui64) ) { if ( a3 ) *a3 = 1; return 1; } if ( !memcmp(&pbOutput[v9 + 32], (char *)Buf2 + 32, 0x20ui64) || !memcmp(&pbOutput[v9 + 64], (char *)Buf2 + 64, 0x20ui64) ) { return 1; } } ++v9; } while ( v9 <= v10 ); if ( (_DWORD)v8 ) { v11 = pbOutput; v12 = v8; do { if ( *v11 < 0x20u ) *v11 = 32; ++v11; --v12; } while ( v12 ); } pbOutput[128] = 0; OutputDebug_180001A9C( "SIBActivation: mismatch; expected '%s' decrypted '%s'", (const char *)Buf2, (const char *)pbOutput); } } return 0; }
patch StartAllBackX64.dll模块 StartAllBackX64_102