看到大家对WinRAR的注册机讨论得很热烈,心一热,写了个2048位的RSA的keygenme,当然,it IS keygenable,所以,不要patch, 不要爆破。
附件内包含源码和可执行文件(抱歉,只有Linux版本)。
/*
* coded by happytown/2009-03-13
*/
#include <stdio.h>
#include <openssl/sha.h>
#include <openssl/aes.h>
#include <openssl/bn.h>
#include <string.h>
#define MAXLEN 1024*8
#define MINLEN 128
const char fail_info[] = "wrong sn\n";
char success_info[MINLEN] = {
0x31, 0x1B, 0x2F, 0x72, 0x80, 0xFD, 0x32, 0x48,
0xF2, 0x86, 0xE8, 0x95, 0xEF, 0xA4, 0x59, 0x97,
0xB6, 0x90, 0xA3, 0xD0, 0x8A, 0x78, 0x3A, 0x51,
0xE9, 0x13, 0x30, 0x1B, 0x93, 0x20, 0xCF, 0xF2,
0x6D, 0x0D, 0xE4, 0x4A, 0xE2, 0xF3, 0x59, 0x0F,
0x51, 0xB7, 0x05, 0xA3, 0xEC, 0xDA, 0x11, 0x02,
0xF7, 0xF0, 0x95, 0x83, 0x93, 0x96, 0xEC, 0xC5,
0xF1, 0x01, 0xD7, 0xBA, 0x3D, 0xE1, 0x6E, 0xD5,
0xDD, 0x2C, 0xA6, 0x4A, 0x2B, 0xE7, 0x81, 0xFD,
0x28, 0x20, 0x0F, 0x75, 0xE1, 0x6A, 0x26, 0x19,
0xEC, 0x5B, 0xE0, 0xEB, 0x06, 0xA7, 0x9F, 0xF9,
0xD6, 0xCF, 0x82, 0xDE, 0x05, 0x7F, 0x47, 0xF4,
0x3E, 0x36, 0x80, 0x85, 0x8D, 0x9C, 0x3B, 0xA4,
0x9D, 0x14, 0x05, 0xB9, 0x28, 0xDA, 0x28, 0xEF,
0x65, 0x37, 0xA3, 0x0D, 0xF5, 0xE4, 0xCF, 0x5D,
0xC2, 0x0F, 0xD0, 0xD2, 0xC0, 0xC1, 0xDB, 0x00};
unsigned char success_info_temp[MINLEN] = {0};
int str2hex(unsigned char *in, int in_length, unsigned char *out)
{
int i = 0;
unsigned char c, k;
char HexTable[17] ="0123456789abcdef";
if ((in_length % 2) != 0)
{
return 0;
}
for (i=0; i<in_length; i++)
{
if (isxdigit(in[i]) == 0)
{
return 0;
}
in[i] = tolower(in[i]);
}
k = in_length / 2;
for (i=0; i<k; i++)
{
out[i] = strchr((const char *)HexTable, (int)in[i*2]) - HexTable;
c = (char)(strchr(HexTable, in[i*2+1]) - HexTable);
out[i] = (out[i] << 4) | c;
}
return in_length / 2;
}
int verify_sn(const char *sn, int sn_length, const char *name, int name_length)
{
char c[MAXLEN] = {0};
char hash_result[0x14] = {0};
SHA_CTX sha1;
int ret;
BIGNUM *b_n;
BIGNUM *b_e;
BIGNUM *b_c;
BIGNUM *b_sn;
BN_CTX *bn_ctx;
b_n = BN_new();
b_e = BN_new();
b_c = BN_new();
b_sn = BN_new();
bn_ctx = BN_CTX_new();
BN_hex2bn(&b_e, "10001");
BN_hex2bn(&b_n, "9D4BB857A4BB605369762730749A59C8625ED8FFE83E726EBCB6AEB6A6BF75E0DC3E00C9FCC9B4BDBD0EDB47E04A0380EE6A54019CFD5E505B75E77BDB76DDEDAB19D3D9DB732BDD2E356701754B57BC16D285B9C39F8112A78A16AAE68D78A3F481332653E8313330AAD6F31382A4443B41607AD642E3858A8082585403FCD24334F0F7C363AB27EFB12CF08E6998B96302FD8930DAC99C0EFBEFEA77A38374A847BAF151FDD73557A49066F42068F54D427C5B1C9ED720DFC9CFAF5B9683F830A186BDE3981281E8DC779B207C2A8E47260EC8B23455AE368386D39DDDE83F5D6B5C26F9711ED3EBDE1D8C6ECE5E5EDE03B5C8C65E4525E0BF93F80D77FB29");
BN_hex2bn(&b_sn, sn);
ret = BN_mod_exp(b_c, b_sn, b_e, b_n, bn_ctx);
ret = BN_bn2bin(b_c, (unsigned char *)c);
SHA1_Init(&sha1);
SHA1_Update(&sha1, name, name_length);
SHA1_Final((unsigned char *)hash_result, &sha1);
BN_free(b_n); BN_free(b_e); BN_free(b_c); BN_free(b_sn);
BN_CTX_free(bn_ctx);
if (memcmp(hash_result, c, 0x14) != 0)
{
return -1;
}
return 1;
}
void decrypt_success_info(const char *key, int key_length)
{
const char first_byte = 0xC8;
AES_KEY aes_key;
int num;
unsigned char IV[0x10] = {
0xFD, 0x15, 0xB1, 0xA4, 0xAA, 0xF8, 0x6E, 0x13,
0x75, 0xCF, 0x59, 0x49, 0xD6, 0x86, 0xE0, 0xB3};
if (key[0] != first_byte)
{
return;
}
AES_set_encrypt_key((const unsigned char *)key, key_length*8, &aes_key);
AES_cfb8_encrypt((const unsigned char *)success_info,
(unsigned char *)success_info_temp,
MINLEN-1, &aes_key, IV, &num, AES_DECRYPT);
return;
}
int main(int argc, char *argv[])
{
int i = 0;
char name[MINLEN] = {0};
int name_length = 0;
char szsn[MAXLEN] = {0};
int szsn_length = 0;
char sn[MAXLEN] = {0};
char key[0x20] = {0};
printf("\n\tInput name: ");
scanf("%s", name);
name_length = strlen(name);
if ((name_length < 2) || (name_length > MINLEN-1))
{
printf("\t\twrong name length\n");
return -1;
}
printf("\tInput sn: ");
scanf("%s", szsn);
if (strlen(szsn)!= 0x240)
{
printf("\n\t\t%s\n\n", fail_info);
return -1;
}
for (i=0; i<0x240; i++)
{
if (isxdigit(szsn[i]) == 0)
{
return -1;
}
szsn[i] = tolower(szsn[i]);
}
memcpy(sn, szsn, 0x200);
str2hex((unsigned char *)(szsn+0x200), 0x40, key);
if (verify_sn(sn, 0x200, name, name_length) == 1)
{
decrypt_success_info(key, 0x20);
printf("\n\t\t%s\n\n", success_info_temp);
}
else
{
printf("\n\t\t%s\n\n", fail_info);
}
return 0;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课