Anfy(http://anfyteam.com)和CoolFocus的类似,也已经有注册机了。对应的HTML代码如下(以anfy3d.class为例),其中的regcode就是注册码:
<applet archive="anfy3d.jar" code="anfy3d.class" width=320 height=200>
<param name=credits value="Applet by Andrea Fasce (www.anfyteam.com)">
<param name=regcode value="123456987654">
<param name=reglink value="http://www.site.com">
<param name=regnewframe value="YES">
<param name=regframename value="_blank">
<param name=statusmsg value="Anfy 3d applet">
</APPLET>
不同的是,这个applet包对字符串进行了简单编码,所以反编译后查找getParameter( )看到的是一些乱码,如下:
cI = getParameter(c("va:BMvx(Q"));
String s1 = null;
s1 = getParameter(c("fg>RQqf"));
if(s1 != null)
{
if(!s1.startsWith(c("De+Z]q59O\030D{?D]d5\035WKfp{\036OrbuWVc")))
c();
} else
{
c();
}
看看解码函数c(String)是什么样的(重载的函数不用管):
private static String c(String s1)
{
char ac[] = s1.toCharArray();
int i1 = ac.length;
int j1 = 0;
label0:
do
{
int k1 = 0;
ac[j1] ^= '\005';
do
{
j1++;
k1++;
if(i1 != j1)
switch(k1)
{
case
1: // '\001'
ac[j1] ^= '\025';
break;
case
2: // '\002'
ac[j1] ^= '[';
break;
case
3: // '\003'
ac[j1] ^= '6';
break;
case
4: // '\004'
ac[j1] ^= '8';
break;
case
5: // '\005'
continue label0;
}
else
return
new String(ac);
} while(true);
} while(true);
}
很简单,可以将其拷贝下来改造成一个解码程序,用它把反编译后的文件中的字符串密文全部解码成明文。再查找“regcode”直接到关键的地方。显然下面的变量cf是个全局标志,表示注册与否。
public void init()
{
setLayout(null);
addNotify();
cS = getToolkit();
cI = getParameter("statusmsg");
String s1 = null;
s1 = getParameter("credits");
if(s1 != null)
{
if(!s1.startsWith("Applet by Andrea
Fasce (www.anf"))
c();
} else
{
c();
}
String s2 = null;
String s3 = null;
try
{
s2 = getDocumentBase().getProtocol();
}
catch(SecurityException _ex)
{
s2 = "file";
}
try
{
s3 = getDocumentBase().getHost();
}
catch(SecurityException _ex)
{
s3 = "";
}
if(s2.equalsIgnoreCase("file") || s3.length()
== 0 || s3.equalsIgnoreCase("localhost") || s3.equals("127.0.0.1"))
{
cf = true; //本地运行则视为注册版
} else
{
if(s3.startsWith("www."))
s3 = s3.substring(4);
String s4 = null;
s4 = getParameter("regcode");
//取得注册码
if(s4 != null && !s4.equals("NO")
&& s4.length() > 10)
{
int i1 = 1;
try
{
for(int
j1 = 0; j1 < s4.length(); j1++)
if(s4.charAt(j1) == '+')
i1++;
}
catch(StringIndexOutOfBoundsException
_ex) { }
int ai[] = new int[i1];
if(i1 == 1)
{
ai[0]
= s4.length();
} else
{
int
k1 = 0;
try
{
for(int l1 = 0; l1 < s4.length(); l1++)
if(s4.charAt(l1) == '+')
{
ai[k1] = l1;
k1++;
}
}
catch(StringIndexOutOfBoundsException
_ex) { }
ai[k1]
= s4.length();
}
String as[] = new
String[i1];
int i2 = 0;
for(int k2 = 0; k2
< i1; k2++)
{
try
{
as[k2] = s4.substring(i2, ai[k2]);
}
catch(StringIndexOutOfBoundsException
_ex) { }
i2 =
ai[k2] + 1;
}
for(int l2 = 0; l2
< i1; l2++)
{
int
i3 = as[l2].length() - 8;
byte
abyte0[] = new byte[i3];
byte
abyte1[] = new byte[8];
as[l2].getBytes(0,
i3, abyte0, 0);
as[l2].getBytes(i3,
i3 + 8, abyte1, 0);
int
j3 = i3 % 7;
int
k3 = i3 % 3;
for(int
l3 = 0; l3 < i3; l3++)
{
byte byte0 = abyte0[l3];
if(byte0 >= 48 && byte0 <= 57)
abyte0[l3] = a(byte0, j3, 48, 57);
else
if(byte0 >= 65 && byte0 <= 90)
abyte0[l3] = a(byte0, j3, 65, 90);
else
if(byte0 >= 97 && byte0 <= 122)
abyte0[l3] = a(byte0, j3, 97, 122);
else
if(byte0 == 45)
abyte0[l3] = 46;
else
if(byte0 == 46)
abyte0[l3] = 45;
if((j3 = j3 + k3) > 7)
j3 = 1;
}
int
i4 = 0;
int
j4 = 0;
for(int
k4 = 0; k4 < 4; k4++)
abyte1[k4] -= 52;
for(int
l4 = 4; l4 < 8; l4++)
abyte1[l4] -= 55;
for(int
i5 = 0; i5 < i3; i5 += 2)
i4 = i4 + abyte0[i5];
for(int
j5 = 1; j5 < i3; j5 += 2)
j4 += abyte0[j5];
String
s12 = String.valueOf(i4);
String
s13 = String.valueOf(j4);
for(;
s12.length() < 4; s12 = "0" + s12);
for(;
s13.length() < 4; s13 = "0" + s13);
byte
abyte2[] = new byte[8];
s12.getBytes(0,
4, abyte2, 0);
s13.getBytes(0,
4, abyte2, 4);
String
s14 = new String(abyte2, 0);
if(s14.equals(new
String(abyte1, 0)))
{
String s15 = new String(abyte0, 0);
String s16 = null;
if(s15.startsWith(c("www.")))
s16 = s15.substring(4);
else
s16 = s15;
if(s3.equalsIgnoreCase(s16))
cf = true; //注册码正确!
}
}
}
}
........
}
- 标 题:Anfy Java applet v1.45 (7千字)
- 作 者:blowfish
- 时 间:2001-2-19 15:14:00
- 链 接:http://bbs.pediy.com