用IDA反汇编.NET追码经历。

ashiw · 发表于 2008-3-9 02:01:30

应一个网友的请求破解一个.net编写的数据同步软件。第一接触.net软件的追码。所以不是很懂。就大致写一下吧。
第一；
IDA反汇编后浏览汇编后代码很容易就看明白计算码过程。如下代码：
.method private hidebysig void button1_Click(class System.Object sender, class [mscorlib]System.EventArgs e)
                                    // DATA XREF: sub_1440+52Br
  {
.locals init (class System.String V0,
               class System.String V1,
               class DataSynchronous.IniFile V2,
               class System.String[] V3,
               class System.String[] V4)
ldarg.0
ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox DataSynchronous.RegSoft::txtIDE
callvirt class System.String [System.Windows.Forms]System.Windows.Forms.Control::get_Text()  //读取机器码
callvirt class System.String [mscorlib]System.String::Trim()
ldstr "fjjozxh" //固定字符串
call class System.String [mscorlib]System.String::Concat(class System.String, class System.String)//机器码和固定字符串连接
ldstr "MD5"
call class System.String [System.Web]System.Web.Security.FormsAuthentication::HashPasswordForStoringInConfigFile(class System.String, class System.String)
//计算MD5得出32位MD5码
stloc.0
ldc.i4.7
newarr [mscorlib]System.String
stloc.3
ldloc.3
ldc.i4.0
ldloc.0
ldc.i4.1 //第1位，注意不是第0位。
ldc.i4.5 //取5位
callvirt class System.String [mscorlib]System.String::Substring(int32, int32)取码
stelem.ref
ldloc.3
ldc.i4.1
ldstr "-" //连接字符串
stelem.ref
ldloc.3
ldc.i4.2
ldloc.0
ldc.i4.6 //第6位
ldc.i4.5 //取5位
callvirt class System.String [mscorlib]System.String::Substring(int32, int32)
stelem.ref
ldloc.3
ldc.i4.3
ldstr "-"//连接字符串
stelem.ref
ldloc.3
ldc.i4.4
ldloc.0
ldc.i4.s 0xB  //第11位开始
ldc.i4.5  //取5位
callvirt class System.String [mscorlib]System.String::Substring(int32, int32)
stelem.ref
ldloc.3
ldc.i4.5
ldstr "-" //连接字符串
stelem.ref
ldloc.3
ldc.i4.6
ldloc.0
ldc.i4.s 0x10  //第16位开始
ldc.i4.5  //取5位
callvirt class System.String [mscorlib]System.String::Substring(int32, int32)
stelem.ref
ldloc.3
call class System.String [mscorlib]System.String::Concat(class System.String[])  //全部连接起来
stloc.0
ldloc.0
ldc.i4.7
newarr [mscorlib]System.String
stloc.s 4
ldloc.s 4
ldc.i4.0
ldarg.0
ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox DataSynchronous.RegSoft::txtRegCode1

//下面的代码是读取输入的注册码。
callvirt class System.String [System.Windows.Forms]System.Windows.Forms.Control::get_Text()//读取
callvirt class System.String [mscorlib]System.String::Trim()
stelem.ref
ldloc.s 4
ldc.i4.1
ldstr "-"
stelem.ref
ldloc.s 4
ldc.i4.2
ldarg.0
ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox DataSynchronous.RegSoft::txtRegCode2
callvirt class System.String [System.Windows.Forms]System.Windows.Forms.Control::get_Text()//读取
callvirt class System.String [mscorlib]System.String::Trim()
stelem.ref
ldloc.s 4
ldc.i4.3
ldstr "-"
stelem.ref
ldloc.s 4
ldc.i4.4
ldarg.0
ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox DataSynchronous.RegSoft::txtRegCode3
callvirt class System.String [System.Windows.Forms]System.Windows.Forms.Control::get_Text()//读取
callvirt class System.String [mscorlib]System.String::Trim()
stelem.ref
ldloc.s 4
ldc.i4.5
ldstr "-"
stelem.ref
ldloc.s 4
ldc.i4.6
ldarg.0
ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox DataSynchronous.RegSoft::txtRegCode4
callvirt class System.String [System.Windows.Forms]System.Windows.Forms.Control::get_Text()  //读取
callvirt class System.String [mscorlib]System.String::Trim()
stelem.ref
ldloc.s 4
call class System.String [mscorlib]System.String::Concat(class System.String[])
call bool [mscorlib]System.String::op_Equality(class System.String, class System.String)  //比较返回是否一样。

说实话如果比汇编容易看明白多了。
大家别笑话我。呵呵。

woainioo7 · 发表于 2008-3-9 02:05:49

顶百度一下谢谢你的帮忙呵呵。

温柔 · 发表于 2008-3-9 02:52:43

学习耍训 .net慕坛炭

sglclm · 发表于 2008-4-6 01:40:39

谢谢了~~收藏了

明媚安生 · 发表于 2014-6-12 14:26:30

感谢分享，学习了

		自动登录	找回密码
密码			加入我们

[原创] 用IDA反汇编.NET追码经历。

相关帖子