立即注册 找回密码
查看: 2109|回复: 0

Source insight 4.x大白破解补丁图文破解教程

[复制链接]

1万

主题

265

回帖

4万

积分

版主

Rank: 7Rank: 7Rank: 7

积分
44413
金刚石
0

新人风采活跃会员热心会员优秀建议资源达人优秀版主

发表于 2018-11-3 05:28:36 | 显示全部楼层 |阅读模式

马上注册,享受更多版本,享用更多工具,让你轻松架设传奇网游。

您需要 登录 才可以下载或查看,没有账号?立即注册

x
软件官网: kTW[)  
http://www.sourceinsight.com/ "Wb>y*S   
破解过程: XLgp.w;  
1、 IDA加载sourceinsight4.exe,shift+F12查找所有字符串,并搜索字符串“BEGIN PUBLIC KEY”,定位到pszString (y^svXU}a  

Source insight 4.x大白破解补丁图文破解教程

Source insight 4.x大白破解补丁图文破解教程
描述:Source insight 4.x大白补丁图文破解教程
图片:0.png



.)g7s? K  

Source insight 4.x大白破解补丁图文破解教程

Source insight 4.x大白破解补丁图文破解教程
描述:Source insight 4.x大白补丁图文破解教程
图片:0.png



r`\6+Ntb.  
2、 右键Jump to xref to operand, ]as+gZ8  
点击OK定位到int __cdecl sub_507B70(BYTE *pbData, DWORD dwDataLen, BYTE *pbSignature, DWORD dwSigLen) s~NJy'Y  

Source insight 4.x大白破解补丁图文破解教程

Source insight 4.x大白破解补丁图文破解教程
描述:Source insight 4.x大白补丁图文破解教程
图片:0.png



D[v2#2          
  3、sub_507B70汇编代码以及使用F5反编译成的C代码如下所示。 :^En\YcU  
复制代码

  • .text:00507B70                               ; =============== S U B R O U T I N E =======================================
  • .text:00507B70
  • .text:00507B70
  • .text:00507B70                               ; int __cdecl sub_507B70(BYTE *pbData, DWORD dwDataLen, BYTE *pbSignature, DWORD dwSigLen)
  • .text:00507B70                               sub_507B70      proc near               ; CODE XREF: sub_508790+108p
  • .text:00507B70
  • .text:00507B70                               hHash           = dword ptr -818h
  • .text:00507B70                               phProv          = dword ptr -814h
  • .text:00507B70                               pvStructInfo    = dword ptr -810h
  • .text:00507B70                               phKey           = dword ptr -80Ch
  • .text:00507B70                               pcbBinary       = dword ptr -808h
  • .text:00507B70                               pcbStructInfo   = dword ptr -804h
  • .text:00507B70                               pbBinary        = byte ptr -800h
  • .text:00507B70                               pbData          = dword ptr  4
  • .text:00507B70                               dwDataLen       = dword ptr  8
  • .text:00507B70                               pbSignature     = dword ptr  0Ch
  • .text:00507B70                               dwSigLen        = dword ptr  10h
  • .text:00507B70
  • .text:00507B70 81 EC 18 08 00 00                             sub     esp, 818h
  • .text:00507B76 6A 00                                         push    0               ; pdwFlags
  • .text:00507B78 6A 00                                         push    0               ; pdwSkip
  • .text:00507B7A 8D 44 24 18                                   lea     eax, [esp+820h+pcbBinary]
  • .text:00507B7E 50                                            push    eax             ; pcbBinary
  • .text:00507B7F 8D 4C 24 24                                   lea     ecx, [esp+824h+pbBinary]
  • .text:00507B83 51                                            push    ecx             ; pbBinary
  • .text:00507B84 6A 00                                         push    0               ; dwFlags
  • .text:00507B86 6A 00                                         push    0               ; cchString
  • .text:00507B88 68 50 42 63 00                                push    offset pszString ; "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgk"...
  • .text:00507B8D C7 44 24 1C 00 00 00 00                       mov     [esp+834h+hHash], 0
  • .text:00507B95 C7 44 24 28 00 00 00 00                       mov     [esp+834h+phKey], 0
  • .text:00507B9D C7 44 24 2C 00 08 00 00                       mov     [esp+834h+pcbBinary], 800h
  • .text:00507BA5 C7 44 24 20 00 00 00 00                       mov     [esp+834h+phProv], 0
  • .text:00507BAD FF 15 A8 20 5C 00                             call    ds:CryptStringToBinaryA
  • .text:00507BB3 85 C0                                         test    eax, eax
  • .text:00507BB5 75 0C                                         jnz     short loc_507BC3
  • .text:00507BB7
  • .text:00507BB7                               loc_507BB7:                             ; CODE XREF: sub_507B70+7Aj
  • .text:00507BB7 B8 D8 01 00 00                                mov     eax, 1D8h
  • .text:00507BBC 81 C4 18 08 00 00                             add     esp, 818h
  • .text:00507BC2 C3                                            retn
  • .text:00507BC3                               ; ---------------------------------------------------------------------------
  • .text:00507BC3
  • .text:00507BC3                               loc_507BC3:                             ; CODE XREF: sub_507B70+45j
  • .text:00507BC3 8B 4C 24 10                                   mov     ecx, [esp+818h+pcbBinary]
  • .text:00507BC7 8D 54 24 14                                   lea     edx, [esp+818h+pcbStructInfo]
  • .text:00507BCB 52                                            push    edx             ; pcbStructInfo
  • .text:00507BCC 8D 44 24 0C                                   lea     eax, [esp+81Ch+pvStructInfo]
  • .text:00507BD0 50                                            push    eax             ; pvStructInfo
  • .text:00507BD1 6A 00                                         push    0               ; pDecodePara
  • .text:00507BD3 68 00 80 00 00                                push    8000h           ; dwFlags
  • .text:00507BD8 51                                            push    ecx             ; cbEncoded
  • .text:00507BD9 8D 54 24 2C                                   lea     edx, [esp+82Ch+pbBinary]
  • .text:00507BDD 52                                            push    edx             ; pbEncoded
  • .text:00507BDE 6A 08                                         push    8               ; lpszStructType
  • .text:00507BE0 6A 01                                         push    1               ; dwCertEncodingType
  • .text:00507BE2 FF 15 AC 20 5C 00                             call    ds:CryptDecodeObjectEx
  • .text:00507BE8 85 C0                                         test    eax, eax
  • .text:00507BEA 74 CB                                         jz      short loc_507BB7
  • .text:00507BEC 68 00 00 00 F0                                push    0F0000000h      ; dwFlags
  • .text:00507BF1 6A 01                                         push    1               ; dwProvType
  • .text:00507BF3 6A 00                                         push    0               ; szProvider
  • .text:00507BF5 6A 00                                         push    0               ; szContainer
  • .text:00507BF7 8D 44 24 14                                   lea     eax, [esp+828h+phProv]
  • .text:00507BFB 50                                            push    eax             ; phProv
  • .text:00507BFC FF 15 28 20 5C 00                             call    ds:CryptAcquireContextW
  • .text:00507C02 85 C0                                         test    eax, eax
  • .text:00507C04 75 0C                                         jnz     short loc_507C12
  • .text:00507C06 B8 D9 01 00 00                                mov     eax, 1D9h
  • .text:00507C0B 81 C4 18 08 00 00                             add     esp, 818h
  • .text:00507C11 C3                                            retn
  • .text:00507C12                               ; ---------------------------------------------------------------------------
  • .text:00507C12
  • .text:00507C12                               loc_507C12:                             ; CODE XREF: sub_507B70+94j
  • .text:00507C12 8B 54 24 08                                   mov     edx, [esp+818h+pvStructInfo]
  • .text:00507C16 8B 44 24 04                                   mov     eax, [esp+818h+phProv]
  • .text:00507C1A 8D 4C 24 0C                                   lea     ecx, [esp+818h+phKey]
  • .text:00507C1E 51                                            push    ecx             ; phKey
  • .text:00507C1F 52                                            push    edx             ; pInfo
  • .text:00507C20 6A 01                                         push    1               ; dwCertEncodingType
  • .text:00507C22 50                                            push    eax             ; hCryptProv
  • .text:00507C23 FF 15 B8 20 5C 00                             call    ds:CryptImportPublicKeyInfo
  • .text:00507C29 85 C0                                         test    eax, eax
  • .text:00507C2B 75 0C                                         jnz     short loc_507C39
  • .text:00507C2D
  • .text:00507C2D                               loc_507C2D:                             ; CODE XREF: sub_507B70+EEj
  • .text:00507C2D B8 DA 01 00 00                                mov     eax, 1DAh
  • .text:00507C32 81 C4 18 08 00 00                             add     esp, 818h
  • .text:00507C38 C3                                            retn
  • .text:00507C39                               ; ---------------------------------------------------------------------------
  • .text:00507C39
  • .text:00507C39                               loc_507C39:                             ; CODE XREF: sub_507B70+BBj
  • .text:00507C39 8B 4C 24 08                                   mov     ecx, [esp+818h+pvStructInfo]
  • .text:00507C3D 51                                            push    ecx             ; hMem
  • .text:00507C3E FF 15 8C 22 5C 00                             call    dsocalFree
  • .text:00507C44 8B 44 24 04                                   mov     eax, [esp+818h+phProv]
  • .text:00507C48 8D 14 24                                      lea     edx, [esp+818h+hHash]
  • .text:00507C4B 52                                            push    edx             ; phHash
  • .text:00507C4C 6A 00                                         push    0               ; dwFlags
  • .text:00507C4E 6A 00                                         push    0               ; hKey
  • .text:00507C50 68 04 80 00 00                                push    8004h           ; Algid
  • .text:00507C55 50                                            push    eax             ; hProv
  • .text:00507C56 FF 15 50 20 5C 00                             call    ds:CryptCreateHash
  • .text:00507C5C 85 C0                                         test    eax, eax
  • .text:00507C5E 74 CD                                         jz      short loc_507C2D
  • .text:00507C60 8B 8C 24 20 08 00 00                          mov     ecx, [esp+818h+dwDataLen]
  • .text:00507C67 8B 94 24 1C 08 00 00                          mov     edx, [esp+818h+pbData]
  • .text:00507C6E 8B 04 24                                      mov     eax, [esp+818h+hHash]
  • .text:00507C71 6A 00                                         push    0               ; dwFlags
  • .text:00507C73 51                                            push    ecx             ; dwDataLen
  • .text:00507C74 52                                            push    edx             ; pbData
  • .text:00507C75 50                                            push    eax             ; hHash
  • .text:00507C76 FF 15 48 20 5C 00                             call    ds:CryptHashData
  • .text:00507C7C 85 C0                                         test    eax, eax
  • .text:00507C7E 75 0C                                         jnz     short loc_507C8C
  • .text:00507C80 B8 DB 01 00 00                                mov     eax, 1DBh
  • .text:00507C85 81 C4 18 08 00 00                             add     esp, 818h
  • .text:00507C8B C3                                            retn
  • .text:00507C8C                               ; ---------------------------------------------------------------------------
  • .text:00507C8C
  • .text:00507C8C                               loc_507C8C:                             ; CODE XREF: sub_507B70+10Ej
  • .text:00507C8C 8B 4C 24 0C                                   mov     ecx, [esp+818h+phKey]
  • .text:00507C90 8B 94 24 28 08 00 00                          mov     edx, [esp+818h+dwSigLen]
  • .text:00507C97 8B 84 24 24 08 00 00                          mov     eax, [esp+818h+pbSignature]
  • .text:00507C9E 56                                            push    esi
  • .text:00507C9F 6A 00                                         push    0               ; dwFlags
  • .text:00507CA1 6A 00                                         push    0               ; szDescription
  • .text:00507CA3 51                                            push    ecx             ; hPubKey
  • .text:00507CA4 8B 4C 24 10                                   mov     ecx, [esp+828h+hHash]
  • .text:00507CA8 52                                            push    edx             ; dwSigLen
  • .text:00507CA9 50                                            push    eax             ; pbSignature
  • .text:00507CAA 51                                            push    ecx             ; hHash
  • .text:00507CAB FF 15 44 20 5C 00                             call    ds:CryptVerifySignatureW
  • .text:00507CB1 8B 54 24 04                                   mov     edx, [esp+81Ch+hHash]
  • .text:00507CB5 52                                            push    edx             ; hHash
  • .text:00507CB6 8B F0                                         mov     esi, eax
  • .text:00507CB8 FF 15 40 20 5C 00                             call    ds:CryptDestroyHash
  • .text:00507CBE 8B 44 24 08                                   mov     eax, [esp+81Ch+phProv]
  • .text:00507CC2 6A 00                                         push    0               ; dwFlags
  • .text:00507CC4 50                                            push    eax             ; hProv
  • .text:00507CC5 FF 15 3C 20 5C 00                             call    ds:CryptReleaseContext
  • .text:00507CCB F7 DE                                         neg     esi
  • .text:00507CCD 1B C0                                         sbb     eax, eax
  • .text:00507CCF 25 FA FE FF FF                                and     eax, 0FFFFFEFAh
  • .text:00507CD4 05 CE 01 00 00                                add     eax, 1CEh
  • .text:00507CD9 5E                                            pop     esi
  • .text:00507CDA 81 C4 18 08 00 00                             add     esp, 818h
  • .text:00507CE0 C3                                            retn
  • .text:00507CE0                               sub_507B70      endp
  • .text:00507CE0

@@z5v        bs'{  
复制代码

  • int __cdecl sub_507B70(BYTE *pbData, DWORD dwDataLen, BYTE *pbSignature, DWORD dwSigLen)
  • {
  •   int result; // eax@2
  •   BOOL v5; // esi@11
  •   HCRYPTHASH hHash; // [sp+0h] [bp-818h]@1
  •   HCRYPTPROV phProv; // [sp+4h] [bp-814h]@1
  •   struct _CERT_PUBLIC_KEY_INFO *pvStructInfo; // [sp+8h] [bp-810h]@3
  •   HCRYPTKEY phKey; // [sp+Ch] [bp-80Ch]@1
  •   DWORD pcbBinary; // [sp+10h] [bp-808h]@1
  •   DWORD pcbStructInfo; // [sp+14h] [bp-804h]@3
  •   BYTE pbBinary; // [sp+18h] [bp-800h]@1

  •   hHash = 0;
  •   phKey = 0;
  •   pcbBinary = 2048;
  •   phProv = 0;
  •   if ( CryptStringToBinaryA(pszString, 0, 0, &pbBinary, &pcbBinary, 0, 0)
  •     && CryptDecodeObjectEx(1u, (LPCSTR)8, &pbBinary, pcbBinary, 0x8000u, 0, &pvStructInfo, &pcbStructInfo) )
  •   {
  •     if ( CryptAcquireContextW(&phProv, 0, 0, 1u, 0xF0000000) )
  •     {
  •       if ( CryptImportPublicKeyInfo(phProv, 1u, pvStructInfo, &phKey)
  •         && (LocalFree(pvStructInfo), CryptCreateHash(phProv, 0x8004u, 0, 0, &hHash)) )
  •       {
  •         if ( CryptHashData(hHash, pbData, dwDataLen, 0) )
  •         {
  •           v5 = CryptVerifySignatureW(hHash, pbSignature, dwSigLen, phKey, 0, 0);
  •           CryptDestroyHash(hHash);
  •           CryptReleaseContext(phProv, 0);
  •           result = v5 != 0 ? 200 : 462;
  •         }
  •         else
  •         {
  •           result = 475;
  •         }
  •       }
  •       else
  •       {
  •         result = 474;
  •       }
  •     }
  •     else
  •     {
  •       result = 473;
  •     }
  •   }
  •   else
  •   {
  •     result = 472;
  •   }
  •   return result;
  • }

xUF5  
4、因此只需将result = v5 != 0 ? 200 : 462;修改为result = v5 != 0 ? 462 : 200即可破解;或者CryptVerifySignatureW返回值为true亦可破解。 v ;nnr0;  
v5 != 0 ? 200 : 462部分对应的汇编代码为: @:/H)F^x  
复制代码

  • .text:00507CCB F7 DE                                         neg     esi
  • .text:00507CCD 1B C0                                         sbb     eax, eax
  • .text:00507CCF 25 FA FE FF FF                                and     eax, 0FFFFFEFAh
  • .text:00507CD4 05 CE 01 00 00                                add     eax, 1CEh
  • .text:00507CD9 5E                                            pop     esi
  • .text:00507CDA 81 C4 18 08 00 00                             add     esp, 818h
  • .text:00507CE0 C3                                            retn

?&JK q^9\I  
5、使用神器大白进行补丁,只需在特征码定位到neg esi处,使esi的值为true,大白设置界面如下: pS~=T}o  

Source insight 4.x大白破解补丁图文破解教程

Source insight 4.x大白破解补丁图文破解教程
描述:Source insight 4.x大白补丁图文破解教程
图片:0.png



aeE~[m  
6、大白补丁文件和授权文件如下,授权文件中的内容可自行修改 f~?kx41dq  
本部分内容设定了隐藏,需要回复后才能看到




上一篇:安卓无线鼠标3.2.5破解版 手机变鼠标操控电脑
下一篇:1.76诺言复古版本[GOM引擎]传奇版本论坛
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

社区精彩导读
传奇热门资源
宣传专版
热门软件应用

QQ|站长QQ:76944522|传奇版本|小黑屋|传奇服务端|传奇一条龙|光芒论坛 |友链申请|网站地图

GMT+8, 2024-3-19 17:31 , Processed in 0.343201 second(s), 36 queries .

Powered by gm2.cc! X3.4 © 2015-2022 www.gm2.cc

快速回复 返回顶部 返回列表