#include <stdio.h>
#include <stdlib.h>
#include "windows.h"
typedef void (* fn_init)(long a, long dir, void * seed, int c, int d, void * seed_buff);
typedef void (* fn_blockDecrypt)(void * srcbuff, int bitslen, void * dstbuff, void * seed_buff);
typedef void (* fn_blockEncrypt)(void * srcbuff, int bitslen, void * dstbuff, void * seed_buff);
fn_init init = NULL;
fn_blockDecrypt blockDecrypt = NULL;
fn_blockEncrypt blockEncrypt = NULL;
HMODULE hDLL = NULL;
unsigned long XorDatas[] =
{
0xa93276??,
0xb832c5??,
0xe28a93??,
0x74ca89??
};
unsigned char Characters[] =
{
0x7E, 0x8E, 0xC3, 0x97,
0x95, 0x66, 0x82, 0x6C,
0x86, 0xB8, 0x70, 0xB9,
0xD5, 0x77, 0x05, 0x48
};
unsigned char * searchBinary(unsigned char * src, int srclen, unsigned char * search, int searchlen)
{
int i, j;
if(!src || srclen==0 || !search || searchlen==0 || srclen<searchlen)
return NULL;
for(i=0;i<srclen-searchlen;i++) {
for(j=0;j<searchlen;j++) {
if(src[i+j]!=search[j]) {
break;
}
}
if(j==searchlen)
return src+i;
}
return NULL;
}
int main(int argc, char* argv[])
{
int i, len;
unsigned char init_buff[276],temp[256];
unsigned char decode_buff[0x70];
unsigned char * buff, * p;
FILE * fp;
unsigned long sn, key[4];
unsigned short * k;
if(argc<2) {
printf("Usage:\n%s binary_file\n", argv[0]);
return 1;
}
hDLL = LoadLibrary("RevealTool.dll");
if(hDLL==NULL)
return 1;
init = (fn_init)((DWORD)hDLL+0xA??2);
blockDecrypt = (fn_blockDecrypt)((DWORD)hDLL+0xB??B);
blockEncrypt = (fn_blockEncrypt)((DWORD)hDLL+0xA??0);
fp = fopen(argv[1], "rb");
if(fp==NULL) {
printf("Can't load file:%s\n", argv[1]);
return 1;
}
fseek(fp, 0, SEEK_END);
len = ftell(fp);
buff = (unsigned char*)calloc(1, len);
fseek(fp, 0, SEEK_SET);
fread(buff, 1, len, fp);
fclose(fp);
p = searchBinary(buff, len, Characters, 16);
if(p==NULL||len<0x80) {
printf("Search Characters failure!\n");
free(buff);
return 1;
}
printf("MyDataPool:\n");
for(i=0;i<0x70;i++) {
printf("%02X ", (p-0x70)[i]);
if((i+1)%16==0)
printf("\n");
}
init(0, 1, p-0x10, 0, 0, init_buff);
printf("\n_init_buff_:\n");
for(i=0;i<0xd0;i++) {
printf("%02X ", init_buff[i]);
if((i+1)%16==0)
printf("\n");
}
blockDecrypt(p-0x70,0x300,decode_buff,init_buff);
printf("\nDecode data:\n");
for(i=0;i<0x60;i++) {
printf("%02X ", decode_buff[i]);
if((i+1)%16==0)
printf("\n");
}
memcpy(&sn, decode_buff+26, sizeof(unsigned long));
memcpy(&key[0], decode_buff+38, sizeof(unsigned long));
memcpy(&key[1], decode_buff+44, sizeof(unsigned long));
memcpy(&key[2], decode_buff+51, sizeof(unsigned long));
memcpy(&key[3], decode_buff+62, sizeof(unsigned long));
printf("\nRaw info:");
printf("\nserial: 0x%08X", sn);
printf("\nkey[0]: 0x%08X", key[0]);
printf("\nkey[1]: 0x%08X", key[1]);
printf("\nkey[2]: 0x%08X", key[2]);
printf("\nkey[3]: 0x%08X", key[3]);
for(i=0;i<4;i++)
key[i] = key[i] ^ XorDatas[i];
k = (unsigned short *)key;
printf("\n\n>>> Number.dog");
printf("\nSerial Number is: %d\n", sn);
sprintf(temp, "%04X%04X%04X%04X%04X%04X%04X%04X???%05X\n",
k[0], k[1], k[2], k[3],
k[4], k[5], k[6], k[7],
sn);
for(i=0;i<40;i++) {
if(i>0 && (i%5)==0)
printf(",");
printf("%c", temp[i]);
}
printf("\n-Or-\n");
printf("%04X,%04X,%04X,%04X,%04X,%04X,%04X,%04X,%04X,%04X\n",
k[0], k[1], k[2], k[3], k[0]^k[1]^k[2]^k[3],
k[4], k[5], k[6], k[7], k[4]^k[5]^k[6]^k[7]);
free(buff);
return 0;
}
//注:??地方模糊处理了,免得把厂家逼急了。下载从速,很可能被和谐掉。
getNumberDog.rar
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)