看雪论坛
发新帖
31

[分享]一个开源的keygenme

happytown 2009-3-13 02:14 5353
看到大家对WinRAR的注册机讨论得很热烈,心一热,写了个2048位的RSA的keygenme,当然,it IS keygenable,所以,不要patch, 不要爆破。

附件内包含源码和可执行文件(抱歉,只有Linux版本)。

/*
 * coded by happytown/2009-03-13
 */
 
#include <stdio.h>
#include <openssl/sha.h>
#include <openssl/aes.h>
#include <openssl/bn.h>
#include <string.h>

#define MAXLEN 1024*8
#define MINLEN 128

const char fail_info[] = "wrong sn\n";
char success_info[MINLEN] = {
    0x31, 0x1B, 0x2F, 0x72, 0x80, 0xFD, 0x32, 0x48,
    0xF2, 0x86, 0xE8, 0x95, 0xEF, 0xA4, 0x59, 0x97,
    0xB6, 0x90, 0xA3, 0xD0, 0x8A, 0x78, 0x3A, 0x51,
    0xE9, 0x13, 0x30, 0x1B, 0x93, 0x20, 0xCF, 0xF2,
    0x6D, 0x0D, 0xE4, 0x4A, 0xE2, 0xF3, 0x59, 0x0F,
    0x51, 0xB7, 0x05, 0xA3, 0xEC, 0xDA, 0x11, 0x02,
    0xF7, 0xF0, 0x95, 0x83, 0x93, 0x96, 0xEC, 0xC5,
    0xF1, 0x01, 0xD7, 0xBA, 0x3D, 0xE1, 0x6E, 0xD5,
    0xDD, 0x2C, 0xA6, 0x4A, 0x2B, 0xE7, 0x81, 0xFD,
    0x28, 0x20, 0x0F, 0x75, 0xE1, 0x6A, 0x26, 0x19,
    0xEC, 0x5B, 0xE0, 0xEB, 0x06, 0xA7, 0x9F, 0xF9,
    0xD6, 0xCF, 0x82, 0xDE, 0x05, 0x7F, 0x47, 0xF4,
    0x3E, 0x36, 0x80, 0x85, 0x8D, 0x9C, 0x3B, 0xA4,
    0x9D, 0x14, 0x05, 0xB9, 0x28, 0xDA, 0x28, 0xEF,
    0x65, 0x37, 0xA3, 0x0D, 0xF5, 0xE4, 0xCF, 0x5D,
    0xC2, 0x0F, 0xD0, 0xD2, 0xC0, 0xC1, 0xDB, 0x00}; 
unsigned char success_info_temp[MINLEN] = {0};

int str2hex(unsigned char *in, int in_length, unsigned char *out)
{
    int i = 0;
    unsigned char c, k;
    char HexTable[17] ="0123456789abcdef";

    if ((in_length % 2) != 0)
    {
        return 0;
    }

    for (i=0; i<in_length; i++)
    {
        if (isxdigit(in[i]) == 0)
        {
            return 0;
        }
        in[i] = tolower(in[i]);
    }

    k = in_length / 2;
    for (i=0; i<k; i++)
    {
        out[i] = strchr((const char *)HexTable, (int)in[i*2]) - HexTable;
        c = (char)(strchr(HexTable, in[i*2+1]) - HexTable);
        out[i] = (out[i] << 4) | c;
    }

    return in_length / 2;
}

int verify_sn(const char *sn, int sn_length, const char *name, int name_length)
{
    char c[MAXLEN] = {0};
    char hash_result[0x14] = {0};

    SHA_CTX sha1;

    int ret;
    BIGNUM *b_n;
    BIGNUM *b_e;
    BIGNUM *b_c;
    BIGNUM *b_sn;
    BN_CTX *bn_ctx;

    b_n = BN_new();
    b_e = BN_new();
    b_c = BN_new();
    b_sn = BN_new();
    bn_ctx = BN_CTX_new();

    BN_hex2bn(&b_e, "10001");
    BN_hex2bn(&b_n, "9D4BB857A4BB605369762730749A59C8625ED8FFE83E726EBCB6AEB6A6BF75E0DC3E00C9FCC9B4BDBD0EDB47E04A0380EE6A54019CFD5E505B75E77BDB76DDEDAB19D3D9DB732BDD2E356701754B57BC16D285B9C39F8112A78A16AAE68D78A3F481332653E8313330AAD6F31382A4443B41607AD642E3858A8082585403FCD24334F0F7C363AB27EFB12CF08E6998B96302FD8930DAC99C0EFBEFEA77A38374A847BAF151FDD73557A49066F42068F54D427C5B1C9ED720DFC9CFAF5B9683F830A186BDE3981281E8DC779B207C2A8E47260EC8B23455AE368386D39DDDE83F5D6B5C26F9711ED3EBDE1D8C6ECE5E5EDE03B5C8C65E4525E0BF93F80D77FB29");
    BN_hex2bn(&b_sn, sn);
    ret = BN_mod_exp(b_c, b_sn, b_e, b_n, bn_ctx);
    ret = BN_bn2bin(b_c, (unsigned char *)c);

    SHA1_Init(&sha1);
    SHA1_Update(&sha1, name, name_length);
    SHA1_Final((unsigned char *)hash_result, &sha1);

    BN_free(b_n); BN_free(b_e); BN_free(b_c); BN_free(b_sn);
    BN_CTX_free(bn_ctx);

    if (memcmp(hash_result, c, 0x14) != 0)
    {
        return -1;
    }

    return 1;
}

void decrypt_success_info(const char *key, int key_length)
{
    const char first_byte = 0xC8;
    AES_KEY aes_key;
    int num; 
    unsigned char IV[0x10] = {
        0xFD, 0x15, 0xB1, 0xA4, 0xAA, 0xF8, 0x6E, 0x13,
        0x75, 0xCF, 0x59, 0x49, 0xD6, 0x86, 0xE0, 0xB3};

    if (key[0] != first_byte)
    {
        return;
    }

    AES_set_encrypt_key((const unsigned char *)key, key_length*8, &aes_key);
    AES_cfb8_encrypt((const unsigned char *)success_info,
                    (unsigned char *)success_info_temp,
                     MINLEN-1, &aes_key, IV,  &num, AES_DECRYPT);

    return;
}

int main(int argc, char *argv[])
{
    int i = 0;
    char name[MINLEN] = {0};
    int name_length = 0;
    char szsn[MAXLEN] = {0};
    int szsn_length = 0;
    char sn[MAXLEN] = {0};
    char key[0x20] = {0};

    printf("\n\tInput name: ");
    scanf("%s", name);
    name_length = strlen(name);
    if ((name_length < 2) || (name_length > MINLEN-1))
    {
        printf("\t\twrong name length\n");
        return -1;
    }

    printf("\tInput sn: ");
    scanf("%s", szsn);
    if (strlen(szsn)!= 0x240)
    {
        printf("\n\t\t%s\n\n", fail_info);
        return -1;
    }

    for (i=0; i<0x240; i++)
    {
        if (isxdigit(szsn[i]) == 0)
        {
            return -1;
        }
        szsn[i] = tolower(szsn[i]);
    }

    memcpy(sn, szsn, 0x200);
    str2hex((unsigned char *)(szsn+0x200), 0x40, key); 

    if (verify_sn(sn, 0x200, name, name_length) == 1)
    {
        decrypt_success_info(key, 0x20);
        printf("\n\t\t%s\n\n", success_info_temp);
    }
    else
    {
        printf("\n\t\t%s\n\n", fail_info);
    }

    return 0;
}


上传的附件:
本主题帖已收到 0 次赞赏,累计¥0.00
最新回复 (11)
13
不问年少 2009-3-13 07:56
2
只开源了一部分呀
1
太虚伪了 2009-3-13 09:40
3
楼主怎么又出来了
是不是忘了用马甲啊
13
不问年少 2009-3-13 09:42
4
晕,用什么马甲,偶光明正大,从不用马甲
1
太虚伪了 2009-3-13 09:51
5
你回贴不看贴
tease 2009-3-13 09:57
6
请奥迪这样理解:
“不问少年”是楼主的马甲。
1
太虚伪了 2009-3-13 10:00
7
应该不是,一个在北京,一个在上海
1
findlakes 2009-3-13 10:05
8
太虚伪了 就是奥迪啊
13
不问年少 2009-3-13 10:11
9
  我就是太虚伪了,大家是不是太虚伪了,真的是太虚伪了呢
  我都不知道我在说什么,实在是太虚伪了。
4
sessiondiy 2009-3-13 10:29
10
你的头...
变帅了
5
nba2005 2009-3-13 11:49
11
不管时光流逝,
不论人事沉浮,
楼主对看雪的贡献有目共睹。
你始终是我心中尊敬的良师。

从楼主身上我学到了很多有用的东西,
真心谢谢楼主的无私奉献。
hustphoto 2009-3-13 14:02
12
  马甲贴,要up
传奇金商 2017-9-1 01:01
13
此楼层已删除
返回



©2000-2017 看雪学院 | Based on Xiuno BBS | 域名 加速乐 保护 | SSL证书 又拍云 提供 | 微信公众号:ikanxue
Time: 0.014, SQL: 10 / 京ICP备10040895号-17