1 Introduction
He finished his last, that someone asked a question: If you do not bypass the compiler, but the compiler how to do directly?
Remember once Net software reverse process: https://www.cnblogs.com/dotnetcrazy/p/10142315.html
Today it said: This sample provides: Links: https://pan.baidu.com/s/1ekYVKXt_Jz3ShwjoFknW0g extraction code: ywf6
2. Debugging break
1. Charles knew Net shell program
2.dnspy open and found garbled
3.de4dot shelling
4. This is the procedure after the anti-aliasing
Reopen not garbled 5. renamed
6. run directly see the effect, find tips
7. off the next entry point
8. Single-step wave
9. suspected function of the off key, and then run
10. Single-step a few times to find the dynamic loading of the dll file
11. off at key points around the suspect is, then F11, with a look inside
12. reach the Login page
13. attempt to search for login authentication code inside the prompts (and last time, this is not the same, the height of the last package, this mess)
14. The verification of this discovery button click event is called ok in the name
15. found some comparisons, off, and then change the value of the value text4 right to see what effect
16. there is a comparison, regardless of the words still fail to run
17. vipdata see a turn into datatime, presumably related to time
18. Search loginfrom in this.vipdate, found this place, you can determine the format of the time string (basis: You can turn the time, and you can use string concatenation)
19. The set-off and then click Debug
20. A debugging process modification value
21. further modifications vipdata
22. found success
Then the following is compiled revised
3. Compile the modified
1. Edit method
2. Modify the compiler can not find End
PS: This is the reason why I write the name of the classic reverse ( to solve this problem is solved 90% of the Net inverse problem )
3.发现dnspy不能正确识别命名空间,而且代码太lou没法变相绕过(没有高度封装)
4.没关系,我们自己扒dll
5.把资源文件保存成一个个dll,找到我们需要的dll
6.那怎么知道dll的真实名字呢?其实也很简单,拖进Reflector就知道了
6.1.为了稳妥,我把Tianaya.x的dll都保存了(省得折腾)
7.重新运行后再编译,发现uploadxx.dll的某个方法不能识别
PS:其实你在uploadxx.dll里面搜一下就知道没有这个方法了,然后理想Net里面只有导入命名空间的方法才可以简写
8.其实你根据using的命令空间,或者去upload里面看都是没有Module1的,真正的命名空间是MyLibrary
9.这段可以删掉
10.发现已经修改好了,那么保存一下
11.只要这个放在原文件的根目录下就可以破解了(如果遇到不能破解的,可以用上次我讲的修改资源文件的方法)
4.小小验证
贴一个GIF结束
附录
贴一下我的ok_click:
using System;
using System.Collections;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Drawing;
using System.Runtime.CompilerServices;
using System.Text.RegularExpressions;
using System.Threading;
using System.Web;
using System.Windows.Forms;
using System.Xml;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using Tianya.Data.SQLite;
using Tianya.MyLibrary;
using Tianya.UpLoadClient.My;
namespace Tianya.UpLoadClient
{
// Token: 0x02000061 RID: 97
[DesignerGenerated]
public partial class LoginForm : Form
{
// Token: 0x06000CD4 RID: 3284 RVA: 0x000BA510 File Offset: 0x000B8910
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
private void OK_Click(object sender, EventArgs e)
{
try
{
this.Timer1.Enabled = false;
this.OK.Enabled = false;
string text = this.txtUsername.Text.Trim();
string text2 = this.txtPassword.Text.Trim();
if (text.Length < 1 | text2.Length < 1)
{
MessageBox.Show("請您輸入帳號密碼", "親愛的用戶", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
else
{
try
{
this.StrMacip = ClassGetRegCodeMD5.GetRegCodeMD5(16);
}
catch (Exception ex)
{
aModuleMain.MsgBox(ex.Message + "~Macip");
return;
}
if (Operators.CompareString(this.StrMacip, "", false) == 0)
{
aModuleMain.MsgBox("系统异常");
}
else
{
this.Addlog("正在登入中...");
string str = Conversions.ToString(Operators.ConcatenateObject("txtUserName=" + this.txtUsername.Text.Trim() + "&txtPassword=" + this.txtPassword.Text.Trim() + "&macip=" + this.StrMacip + "&logintime=" + HttpUtility.UrlEncode(Conversions.ToString(DateAndTime.Now)) + "&model=" + Conversions.ToString((int)aModuleMain.AppWebsite) + "&appname=" + this.appname + "&ComputerInfo=", NewLateBinding.LateGet(null, typeof(HttpUtility), "UrlEncode", new object[]
{
RuntimeHelpers.GetObjectValue(this.GetMyComputerInfo())
}, null, null, null)));
string right = Conversions.ToString(Conversion.Int(Conversions.ToDouble(Strings.Left(Conversions.ToString(this.strToAsc(this.txtUsername.Text.ToString().Trim())), 6)) + Conversion.Int(Conversions.ToDouble(Strings.Left(Conversions.ToString(this.strToAsc(this.txtPassword.Text.ToString().Trim())), 4))) * Conversion.Int(Conversions.ToDouble(Strings.Left(Conversions.ToString(this.strToAsc(Strings.Replace(Strings.Replace(this.StrMacip, ":", "", 1, -1, CompareMethod.Binary), ".", "", 1, -1, CompareMethod.Binary))), 5)))));
int num = 1;
checked
{
string text3;
for (;;)
{
string getText = "/yahooreg/loginClient.aspx?" + str;
text3 = Conversions.ToString(this.loginGeturl(getText, num, 30));
if (text3.Trim().Length < 1)
{
break;
}
int num2 = Strings.InStr(text3, "</root>", CompareMethod.Binary);
if (num2 > 0 && Operators.CompareString(Strings.Right(text3, "</root>".Length), "</root>", false) != 0)
{
num2 += "</root>".Length;
text3 = Strings.Left(text3, num2);
}
string text4 = "";
try
{
text4 = Regex.Match(text3, "\\[(?<v>[^\\[\\]{}]+)\\]").Groups["v"].Value.Trim();
this.vipdate = Regex.Match(text3, "\\{(?<v>[^\\[\\]{}]+)\\}").Groups["v"].Value.Trim();
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.LoadXml(text3);
XmlNode xmlNode = xmlDocument.SelectSingleNode("root");
if (xmlNode.HasChildNodes & xmlNode.ChildNodes.Count > 2)
{
try
{
foreach (object obj in xmlNode.ChildNodes)
{
XmlElement xmlElement = (XmlElement)obj;
if (Operators.CompareString(xmlElement.Name, "sid", false) == 0)
{
text4 = xmlElement.InnerText.Trim();
}
else if (Operators.CompareString(xmlElement.Name, "vipdate", false) == 0)
{
this.vipdate = xmlElement.InnerText.Trim();
}
}
}
finally
{
// delete
}
}
}
catch (Exception ex2)
{
if (num < 3)
{
num++;
continue;
}
aModuleMain.MsgBox(ex2.Message + "~xml");
}
goto IL_439;
}
aModuleMain.MsgBox("網絡連接失敗");
return;
IL_439:
if (text3.Contains("帐号已過期"))
{
this.Addlog("帐号已過期,請您續費後使用");
this.TabControl1.SelectedTab = this.TabPage自助充值繳費;
}
else
{
string text4 = right; // add
this.vipdate = "2029-10-01"; // add
if (text4.Length > 0 && Operators.CompareString(text4, right, false) == 0)
{
if (Operators.CompareString(this.vipdate, "", false) == 0)
{
aModuleMain.MsgBox("登入出错");
return;
}
DateTime date = DateAndTime.Now.AddYears(-1);
DateTime.TryParse(this.vipdate, out date);
int num3 = (int)DateAndTime.DateDiff(DateInterval.Second, date, DateAndTime.Now, FirstDayOfWeek.Sunday, FirstWeekOfYear.Jan1);
if (num3 > 0)
{
aModuleMain.MsgBox("程序已到期,請續費後再使用" + Conversions.ToString(num3));
this.TabControl1.SelectedTab = this.TabPage自助充值繳費;
return;
}
Thread thread = new Thread(delegate()
{
try
{
string setting = Interaction.GetSetting(Application.StartupPath, "cache", "time", "");
bool flag = true;
if (!string.IsNullOrEmpty(setting))
{
DateTime now = DateAndTime.Now;
DateTime.TryParse(setting, out now);
if (DateAndTime.DateDiff(DateInterval.Day, now, DateAndTime.Now, FirstDayOfWeek.Sunday, FirstWeekOfYear.Jan1) <= 0L)
{
flag = false;
}
}
if (flag)
{
string text5 = Application.StartupPath + "\\Cache";
this.Addlog("正在清理緩存..." + text5.Replace(Application.StartupPath, ""));
ClassMy.DelOldFile(text5, "", 30);
text5 = Application.StartupPath + "\\upload";
this.Addlog("正在清理緩存..." + text5.Replace(Application.StartupPath, ""));
ClassMy.DelOldFile(text5, "", 30);
text5 = Application.StartupPath + "\\test\\login";
this.Addlog("正在清理緩存..." + text5.Replace(Application.StartupPath, ""));
ClassMy.DelOldFile(text5, "", 30);
text5 = Application.StartupPath + "\\test\\ThumbnailImage";
this.Addlog("正在清理緩存..." + text5.Replace(Application.StartupPath, ""));
ClassMy.DelOldFile(text5, "", 30);
text5 = Application.StartupPath + "\\test\\" + Application.ProductName;
this.Addlog("正在清理緩存..." + text5.Replace(Application.StartupPath, ""));
ClassMy.DelOldFile(text5, "", 30);
Interaction.SaveSetting(Application.StartupPath, "cache", "time", DateAndTime.Now.ToString("s"));
}
this.Addlog("正在優化數據庫...");
// update
MySQLiteCreateFile.Create(Tianya.MyLibrary.Module1.dbfile, LoginForm.ds);
this.Addlog("正在備份數據庫...");
// update
ClassMy.DBBackup(Tianya.MyLibrary.Module1.dbname, Tianya.MyLibrary.Module1.dbfile, delegate(string n)
{
this.Addlog("正在備份數據庫 " + n);
});
}
catch (Exception ex4)
{
aModuleMain.MsgBox(ex4.Message + "~2");
}
});
Thread thread2 = thread;
thread2.IsBackground = true;
thread2.Start();
while (thread2.IsAlive)
{
Application.DoEvents();
Thread.Sleep(1);
}
LoginForm.IsLoginSucceeded = true;
this.Addlog("登入成功,正在启动中...");
this.Visible = false;
this.checkmacip();
this.checkUpdate(false);
this.ShowNotifyIcon1(this.NotifyIcon1);
aModuleMain.LoginFormvipdate = this.vipdate;
aModuleMain.LoginFormtxtUsername = this.txtUsername.Text.Trim();
aModuleMain.LoginFormtxtPassword = this.txtPassword.Text.Trim();
LoginForm.MethodInvoker1();
SystemEvents.PowerModeChanged += this.PowerModeChanged;
this.Addlog("登入 - " + MyProject.Application.Info.AssemblyName);
}
else if (Strings.InStr(text3, "帐号或密码不正确", CompareMethod.Binary) > 0 | Strings.InStr(text3, "资料不正确", CompareMethod.Binary) > 0)
{
this.TabControl1.SelectedIndex = 0;
this.Addlog("帐号或密码不正确");
}
else if (Strings.InStr(text3, "帐号未激活", CompareMethod.Binary) > 0)
{
this.TabControl1.SelectedIndex = 0;
this.Addlog("帐号已注册未激活,请联系提供者");
}
else
{
this.TabControl1.SelectedIndex = 0;
this.Addlog("登入失败,请稍后重试");
}
this.formSaveSetting();
}
}
}
}
}
catch (Exception ex3)
{
aModuleMain.MsgBox(ex3.Message + "~login");
}
finally
{
this.OK.Enabled = !LoginForm.IsLoginSucceeded;
}
}
}
}