DrawPad 离线注册
目录
- DrawPad 离线注册
- reg_dialog_549414
- parpms==>callback
- reg_5486C3
- do_reg_5489A4
- check_key_547842
- calc_idkey_54AB37
- calc_54A9A5
- transform_54A8FF
- calc_54A9A5
- calc_idkey_54AB37
- py
仅分析离线注册,联网时注册会有网络校验regcheck
reg_dialog_549414
定位注册对话框
char __stdcall reg_dialog_549414(HWND hWndParent, char a2)
{// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]sub_584660(dwInitParam);v2 = 0;v7 = a2;v6 = 0;dwInitParam[0] = (int)off_6FB4E0;v5 = (void (__noreturn **)())&off_6FB524;hWnd = 0;ho = 0;v10 = 0;if ( (unsigned __int8)dialog_404977((LPARAM)dwInitParam, hWndParent, 0x2Au) ){sub_54D236(&off_6EFE38);DeleteObject(ho);if ( hWnd )DestroyWindow(hWnd);v2 = 1;}else{DeleteObject(ho);if ( hWnd )DestroyWindow(hWnd);}v5 = &off_6FAF84;sub_50F2FE();sub_59D540();return v2;
}
parpms==>callback
.rdata:006FB4E0 off_6FB4E0 dd offset reg_5486C3 ; DATA XREF: reg_dialog_549414+29↑o
.rdata:006FB4E4 dd offset sub_45B683
.rdata:006FB4E8 dd offset nullsub_2
.rdata:006FB4EC dd offset do_reg_5489A4
.rdata:006FB4F0 dd offset sub_45158A
.rdata:006FB4F4 dd offset sub_548D84
.rdata:006FB4F8 dd offset nullsub_2
.rdata:006FB4FC dd offset sub_54827F
.rdata:006FB500 dd offset sub_4089B9
.rdata:006FB504 dd offset sub_421E3D
.rdata:006FB508 dd offset sub_58467B
.rdata:006FB50C dd offset sub_403538
.rdata:006FB510 dd offset sub_403731
.rdata:006FB514 dd offset GetMenu
.rdata:006FB518 dd offset sub_4C419B
.rdata:006FB51C dd offset sub_549372
.rdata:006FB520 dd offset sub_5493A9
reg_5486C3
UINT_PTR __thiscall reg_5486C3(HWND *this)
{// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]v17 = check_isreg_54A525();//can patch this ==> ret 1sub_59FE66((int)this,(int)(this + 0x32),0x6C,(int)L"Click this button if you have copied the registration code (e.g. with Ctrl+C)");sub_402B95((HGDIOBJ *)this + 0x33, this[1], 0, 1, 0);sub_4031BE(0x74, (int)(this + 0x33));sub_59F57C((int)this, 0x77, (int)L"https://www.nch.com.au/support/reg.html");sub_4031BE(0x7A, (int)(this + 0x33));if ( v17 ){v14 = (int *)L"https://www.nch.com.au/upgrade/index.html";}else{v25 = v29;v26 = 0;v27 = 0x2001;sub_547D30((int)&v25, 0);*((_WORD *)v25 + v26) = 0;v14 = v29;}sub_59F57C((int)this, 0x80, (int)v14);wprintf_5459B0(0x104, (int)L"%s Registration Code:", L"DrawPad");sub_59DC6A(0x6B, v28);wprintf_5459B0(0x104, (int)L"Register %s");sub_403269(v28, (int)this);if ( v17 )sub_59DC6A(0x80, L"Upgrade License Online");v2 = sub_403BB6((int)this, 0x76, L"Visit our ");sub_59DAD9(0x76, (int)&v22, (int)&Y, (int)&hWnd, (int)&cy);sub_59DAD9(0x77, (int)&v23, (int)&v21, (int)&hWnd, (int)&cy);v15 = cy;v12 = v3;v4 = sub_403B85((int)this, 0x77);sub_59D9B4(v12, (int)this, 0x77, v2 + v22, Y, v4, v15);sub_59DAD9(0x7D, (int)&v21, (int)&v24, (int)&Y, (int)&v22);sub_59DAD9(0x7F, (int)&hWnd, (int)&v23, (int)&Y, (int)&cy);v5 = v24 + v22;sub_59D9B4((void *)v24, (int)this, 0x7F, (int)hWnd, v24 + v22, Y, cy);sub_59DAD9(0x80, (int)&v21, (int)&v23, (int)&Y, (int)&cy);v6 = sub_59D654((void *)4, this[1]);v16 = cy;v21 = v6;v13 = Y;v7 = sub_403B85((int)this, 0x7F);sub_59D9B4(v8, (int)this, 0x80, (int)hWnd + v21 + v7, v5, v13, v16);sub_5A0E9B(0x6A, 0x7B, 0x300);if ( sub_548199 )sub_5A1A3A((_DWORD **)this + 0xA, 0x111, (int)sub_5A0C70, 0x6A, (int)sub_548199, 0);hWnd = GetDlgItem(this[1], 0x6A);if ( !GetPropW(hWnd, L"OldWndProcPaste") ){v9 = (void *)SetWindowLongW(hWnd, 0xFFFFFFFC, (LONG)sub_5484EF);SetPropW(hWnd, L"OldWndProcPaste", v9);}DlgItem = GetDlgItem(this[1], 106);sub_5328D5((int)this, DlgItem, (LPARAM)L"e.g., 123456-xdhfnekf");sub_59DC28(L"Register", (int)this, 1);sub_406DD3((int)this, (int)this + 0xBF);return SetTimer(*(HWND *)((char *)this + 0xC3), 0x64u, 0, 0);
}
do_reg_5489A4
char __thiscall do_reg_5489A4(void *this)
{// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]v18 = (int)this;// id-keysub_59DB56(106, v34);//获取id-keyv17 = v34;// '-' 分隔成2部分,id和keysub_5D3613(v1, &v17, '-', (int)key); // 123456-xdhfnekfwstr_copy_54596E(v17, key_1, 0x104);id_ = j___wtol(key);*(_DWORD *)id = id_;_wcslwr(key_1);if ( !key[0] || !id_ ){sub_5A02D2(v18,106,(int)L"Enter the ID number as it appears on your registration.",2,(int)L"Incorrect Registration Details");return 0;}if ( key_1[0] ){// > 0x2C06AB// &7 !=1 !=2ArgList = check_id_53C7FA(id_);if ( (unsigned int)id_ > 100000000 && wcslen(key_1) == 8 && key_1[4] == 'e' && key_1[5] == 'n' )v4 = id_ / 0x64;elsev4 = id_;// 0x6D2BD7 7154647d// 0x711392 7410578dif ( (unsigned int)(v4 - 1) <= 0x6D2BD7 && v4 < 0x711392 && (ArgList <= 0 || ArgList > 2) ){//新版本key不走此分支//故:check_id 需要返回1 or 2v5 = j__atol("11.53") - 1;if ( v5 < 0 )v5 = 0;wprintf_5459B0(0x104,(int)L"The code you are attempting to use is not valid for version 11.53 of DrawPad (it was for version %d.xx or p""revious versions).",v5);v6 = *(_BYTE *)(v18 + 0xC7) == 0;v21 = 0x1388;v22 = L"View Upgrade Pricing Options";v23 = L"Upgrade pricing is significantly lower than normal pricing.\r\n""Click here to see the discounted upgrade options.";v24 = 0x1389;v25 = L"Continue Without Registering";if ( v6 )v25 = L"Exit and Close DrawPad";v13 = *(_DWORD *)(v18 + 4);v26 = 0;v27 = 0;v28 = 0;v29 = 0;sub_58ED2E((int)v31, v13, (int)L"Upgrade Required", (int)L"Invalid Old Version Code", (int)File, (int)&v21, 0, 0);v7 = sub_58F5A3((LPARAM)v31) - 0x1388;if ( v7 ){if ( v7 == 1 )sub_403194(v18);goto LABEL_7;}wprintf_5459B0(0x104,(int)L"https://www.nch.com.au/upgrade/index.html?software=drawpad&upgradeid=%d&upgradekey=%s",*(_DWORD *)id,key_1);v3 = (WCHAR *)&v35;goto LABEL_6;}//新版本id、key校验ArgList = 0xFFFFFFFF;v17 = 0;*(_DWORD *)v19 = 0;v8 = check_key_547842(key_1, id_, &v17);v9 = (HWND *)v18;v16 = v8;if ( !v17 ){HIDWORD(v14) = v19;LODWORD(v14) = &ArgList;// Validate Key;网络校验if ( !Validate_Key_549234(v18, (_BYTE *)id_, v14) )return 0;}if ( v16 ){dword_729260 = 0;save_reg_401D49((int)L"Registration", L"SS", ArgList);save_reg_401D49((int)L"Registration", L"SU", v19[0]);if ( ArgList == 5 ){save_reg_401D49((int)L"Registration", L"ID", 0);return 1;}save_reg_401D49((int)L"Registration", L"ID", id[0]);set_reg_53F23B((int)L"Registration", L"Key", (BYTE *)key_1);if ( !dword_729260 ){v11 = time(0);save_reg_401D49((int)L"Registration", L"RGDT", v11);reg_del_53F2C1((int)L"Registration", L"Downgraded");sub_547FB8();sub_582D95(L"Continue",v9[1],L"Registration successful.\r\nThank you for registering DrawPad.",L"Registration Accepted",0xFFFD,0x40u);if ( v17 != (wchar_t *)2 )sub_548D8E((int)v9, (int)v9[1]);return 1;}}sub_5A02D2((UINT_PTR)v9,106,(int)L"Please check:\r\n""- They are exactly identical to the details provided in your registration email.\r\n""- You are using the correct ID and key for the correct product. Only the ID and key for DrawPad will be accepted.",2,(int)L"Incorrect Registration Details");return 0;}v12 = *(_DWORD *)(v18 + 4);v21 = 0x1388;v22 = (void **)L"Activate serial number online now";v23 = (void **)L"Click here if you have not activated your 12-digit serial number online and have not received an ID-Key.";v24 = 0x1389;v25 = L"Already activated serial number";v26 = L"If you have already activated your serial number online, check your email for the ID-key. Then, click here to en""ter your ID-Key.";v27 = 0;v28 = 0;v29 = 0;sub_58ED2E((int)v31,v12,(int)L"Online Activation is Required",(int)L"ID-Key is required to complete the registration.",(int)L"The code that you have entered is a license serial number. You must activate your serial number online to recei""ve the ID-Key needed to register DrawPad.",(int)&v21,0,0);if ( sub_58F5A3((LPARAM)v31) == 0x1388 ){wprintf_5459B0(0x104, (int)L"https://www.nch.com.au/activate/index.html?code=%s", key);v3 = File;
LABEL_6:sub_4010B4(v3);}
LABEL_7:sub_4088D2((int)v31);return 0;
}
check_key_547842
char __userpurge check_key_547842@<al>(wchar_t *key@<eax>, unsigned int id, _DWORD *out)
{if ( calc_idkey_54AB37(key, 0, id, out) )return 1;elsereturn calc_idkey_54AB37(key, 1u, id, out);
}
calc_idkey_54AB37
char __userpurge calc_idkey_54AB37@<al>(wchar_t *key@<edi>, unsigned __int16 flag, unsigned int id, _DWORD *out)
{unsigned __int16 v5; // [esp+8h] [ebp-208h] BYREF__int16 v6; // [esp+Ah] [ebp-206h]__int16 v7; // [esp+Ch] [ebp-204h]__int16 v8; // [esp+Eh] [ebp-202h]calc_54A9A5(&v5, id / 100, flag);if ( v5 == *key && v6 == key[1] && v7 == key[2] && v8 == key[3] && key[4] == 'e' && key[5] == 'n' ){*out = 0;if ( wcslen(key) != 8 )goto LABEL_16;if ( id > 100000000 )return 1;}if ( wcslen(key) == 8 ){calc_54A9A5(&v5, id, flag);if ( v5 == *key && v6 == key[1] && v7 == key[2] && v8 == key[3] ){*out = 0;return 1;}}
LABEL_16:*out = 1;return 0;
}
calc_54A9A5
int __userpurge calc_54A9A5@<eax>(unsigned __int16 *target@<esi>, unsigned int id, unsigned __int16 a3)
{wchar_t *v3; // ecxwchar_t *v4; // ecxint v6[9]; // [esp+8h] [ebp-44h]int v7[7]; // [esp+2Ch] [ebp-20h]unsigned int v8; // [esp+48h] [ebp-4h]unsigned int ida; // [esp+54h] [ebp+8h]str_copy_40106E(L"abcdef", target);v6[0] = (int)L"mnbvaq";v6[1] = (int)L"cxzlbr";v6[2] = (int)L"kjhgct";v6[3] = (int)L"fdsady";v6[4] = (int)L"poiueu";v6[5] = (int)L"ytrefo";v6[6] = (int)L"wqalgx";v6[7] = (int)L"ksjdhv";v6[8] = (int)L"hfgbif";v7[0] = (int)L"qazwja";v7[1] = (int)L"sxedkf";v7[2] = (int)L"crfvlg";v7[3] = (int)L"tgbymh";v7[4] = (int)L"hnujni";v7[5] = (int)L"miklop";v7[6] = (int)L"plokpc";v8 = id / 9;transform_54A8FF((wchar_t *)v6[id % 9], target);transform_54A8FF((wchar_t *)v7[v8 % 7], target);ida = id / 0x3F;v8 = ida / 9;transform_54A8FF((wchar_t *)v6[ida % 9], target);transform_54A8FF((wchar_t *)v7[v8 % 7], target);ida /= 0x3Fu;v8 = ida / 9;transform_54A8FF((wchar_t *)v6[ida % 9], target);transform_54A8FF((wchar_t *)v7[v8 % 7], target);transform_54A8FF((wchar_t *)v6[ida / 0x3F % 9], target);transform_54A8FF((wchar_t *)v7[ida / 0x3F / 9 % 7], target);transform_54A8FF(L"hfgbif", v3); // targettransform_54A8FF(L"qazwja", v4); // targettransform_54A8FF((wchar_t *)v6[a3 % 9], target);// 0return transform_54A8FF((wchar_t *)v7[a3 / 9 % 7], target);// 9
}
transform_54A8FF
int __usercall transform_54A8FF@<eax>(wchar_t *a1@<eax>, wchar_t *a2@<ecx>)
{int result; // eaxint v3; // et2*a2 = (*a2 + *a1 - 0xC2) % 0x1A + 0x61;a2[1] = (a1[1] + a2[1] - 0xC2) % 0x1A + 0x61;a2[2] = (a1[2] + a2[2] - 0xC2) % 0x1A + 0x61;a2[3] = (a1[3] + a2[3] - 0xC2) % 0x1A + 0x61;a2[4] = (a1[4] + a2[4] - 0xC2) % 0x1A + 0x61;v3 = (a1[5] + a2[5] - 0xC2) % 0x1A;result = (a1[5] + a2[5] - 0xC2) / 0x1A;a2[6] = 0;a2[5] = v3 + 0x61;return result;
}
py
断网注册
import random
import stringdef _check_id(id:int):# if id<0x2C06AB:# return Falsex=id&7return True if (x==1 or x==2) else Falsedef generate_id(upper_bound=0x7fffffff,condition_callback=_check_id ):while True:# 生成随机数rand_num = random.randint(0x2C06AB+1, upper_bound)# 如果随机数满足条件,返回该随机数if condition_callback(rand_num):return rand_numdef transform(a1:str, buffer:list):assert len(a1) >= 6 and len(buffer) >= 6, "长度必须至少为6"# a2 = list(a2)for i in range(6):buffer[i] = chr(((ord(a1[i]) + ord(buffer[i]) - 0xC2) % 0x1A) + 0x61)return ''.join(buffer) def calc_idkey(id:int):a3=0v6=['' for i in range(9)]v7=['' for i in range(7)]v6[0] = "mnbvaq"v6[1] = "cxzlbr"v6[2] = "kjhgct"v6[3] = "fdsady"v6[4] = "poiueu"v6[5] = "ytrefo"v6[6] = "wqalgx"v6[7] = "ksjdhv"v6[8] = "hfgbif"v7[0] = "qazwja"v7[1] = "sxedkf"v7[2] = "crfvlg"v7[3] = "tgbymh"v7[4] = "hnujni"v7[5] = "miklop"v7[6] = "plokpc"buffer=list('abcdef')transform(v6[id%9],buffer)v8 = id // 9transform(v7[v8 % 7], buffer)ida = id // 0x3Fv8 = ida // 9transform(v6[ida % 9], buffer)transform(v7[v8 % 7], buffer)ida //= 0x3Fv8 = ida // 9transform(v6[ida % 9], buffer)transform(v7[v8 % 7], buffer)transform(v6[ida // 0x3F % 9], buffer)transform(v7[ida // 0x3F // 9 % 7], buffer)transform(v6[8], buffer) # transform("hfgbif", target) #// targettransform(v7[0] , buffer) # transform("qazwja", target) # // targettransform(v6[a3 % 9], buffer) #// 0transform(v7[a3 // 9 % 7], buffer) #// 9return ''.join(buffer)def gen():id=generate_id()print('[-]id:',id)key=calc_idkey(id)print('[-]calc key:',key)s=string.ascii_letters+string.digitspad=''.join(random.choices(s, k=2))id_key='-'.join((str(id),key+pad))print('\n\nid_key:\n',id_key,sep='')if __name__=="__main__":gen()pass
断网使用
v11.47
v11.53
name 通过注册表添加