class CBase32Decoder { public: CBase32Decoder(const char *Lookuptable) { } char IndexOf(const char AChar) { return 0;//未实现 } bool Decode(const char *In, int InLength, unsigned char *Out, int &OutLength) { return true;//未实现 } protected: private: const char *m_LookupTable; }; bool Encode1(unsigned char *InData, unsigned char *OutData) { return true;//未实现 } class CXxxxEncoder2 { public: CXxxxEncoder2(unsigned short key):m_key(key) { } unsigned char EncodeByte(unsigned char AByte) { return 0;//未实现 } protected: private: unsigned short m_key; }; void Encode2(unsigned char *Buffer, int Len) { CXxxxEncoder2 enc2(0x11B); for (int i = 0; i < Len; i++) { Buffer[i] = enc2.EncodeByte(Buffer[i]); } } bool Encode3(unsigned char *InBuffer, void *OutBuffer, unsigned char *InitVector) { //blowfish算法变种, CBC模式 return true;//未实现 } bool Encode4(void *Data, int Length, void *sig) { //ECDSA算法, 需要crypto库, unsigned char _qx[] = {0x29, 0x7A, 0x4A, 0x1E, 0x5B, 0x1F, 0xC9, 0x9B}; unsigned char _qy[] = {0x88, 0x01, 0x98, 0xE3, 0x72, 0x4F, 0x9F, 0xEE}; Integer a(-3); Integer b(Integer::Sign::POSITIVE, 0x22996B9C, 0x33AEEFDB); Integer p(Integer::Sign::POSITIVE, 0xC564EEF0, 0x70E69193); Integer n(Integer::Sign::POSITIVE, 0xC564EEF1, 0x9A080B07); Integer gx(Integer::Sign::POSITIVE, 0x2223A1D5, 0x95845FA2);//x Integer gy(Integer::Sign::POSITIVE, 0x1C4EEE92, 0x22DDDA62);//y Integer qx(_qx, 8);//x Integer qy(_qy, 8);//y ECP::Point G( gx, gy );//G ECP::Point Q( qx, qy );//Param2 ECP ec(p, a, b); ECDSA::Verifier pub(ec, G, n, Q); return pub.VerifyMessage((byte *)Data, Length, sig, 0x10); //return true; } HWND hDlg; HWND hWndName; HWND hWndCode; char TableMinsPos[] = {8, 17, 26}; void Check() { //00408270 char szName[32+1];//align //输入的Name char szCode[36];//32 + 3 + 1 //输入的Code char szCode2[32];//32 //去掉'-'的Code unsigned char Code[20+1];//32*5/8=20 // unsigned char EncBuf1[16]; unsigned int EncBuf2[4];// CBase32Decoder base32decoder("ABCDEFGHJKMNPQRSTVWXYZ1234567890"); int MaxLen = sizeof(Code); memset(szName, 0, sizeof(szName)); memset(szCode, 0, sizeof(szCode)); memset(szCode2, 0, sizeof(szCode2)); memset(Code, 0, sizeof(Code)); memset(EncBuf1, 0, sizeof(EncBuf1)); memset(EncBuf2, 0, sizeof(EncBuf2)); //004083C5//获取用户名 if (0 == SendMessageA(hWndName, WM_GETTEXT, sizeof(szName), (LPARAM)(&szName[0]))) return;//不合法 //0040841B//获取注册码 if ((sizeof(szCode) - 1) == SendMessageA(hWndName, WM_GETTEXT, sizeof(szCode), (LPARAM)(&szCode[0]))) return;//不合法 //00408438//检查注册码格式并去掉-号 int k = 0; for (int i = 0; i < sizeof(szCode) - 1; i++) { int j = 0; for (; j < 3; j++) { if (i == TableMinsPos[j]) { if (szCode[i] != '-') return;//不合法 } }; if (j == 3) { if (-1 == base32decoder.IndexOf(szCode[i])) return;//不是合法字符 szCode2[k] = szCode[i]; k++; }; }; //004084A0 //Base32解码注册码 if (!base32decoder.Decode(szCode2, 32, Code, MaxLen)) return ;// //004084C8//一个简单的算法, 名称未知, 很容易逆向 if (!Encode1(Code, EncBuf1)) return;// //004084E3//一个简单的算法, 名称未知, 很容易逆向 Encode2(EncBuf1, 16);// //00408511//一个简单的算法, 同上 Encode2(&Code[16], 4);// //00408541//CBC模式Blowfish算法变种 if (!Encode3(&EncBuf1[0], &EncBuf2[0], &Code[16])) return ;// //00408563//异或校验和检查----------------------------------------关键点1(不用分析) if (*((unsigned int *)&Code[16]) != (EncBuf2[0] ^ EncBuf2[1] ^ EncBuf2[2] ^ EncBuf2[3])) return;// //00408588//ECDSA数据签名检查-------------------------------------关键点2(见Encode4) if (Encode4(szName, strlen(szName), &EncBuf2)) { MessageBoxA(hDlg, "Congratulations! \n You will be the keygen machine!", "Success!", MB_OK); } //004085C5//结束 }