关于SolusVM的破解
solusvm的授权部分在system下面的clean.php里面。这个文件包括两个函数,一个LicenseDecode,一个LicenseDecodePart。
那么自然,逆向他的算法即可。
因为怕dmca,我就不放解密了~
我放加密233333
<?php
private $_s_C_OOO_o01 = "ypO%_Y/y0#rY@KFi==@65%swYskCaCTk-52#*StP6HCsrwP!tB";
private $_s_C_OOO_o02 = "MM=co=_prb+;XyuHkHfNtyWy/y@/FzcofZ9HqjQ9?XxSb96a.d";
private $_s_C_OOO_o03 = "31m*R*Z!zmnDjdqovF8Wyq1-LZUAFohEKqn652kM.FGykJF7LT";
private $_s_C_OOO_o04 = "UF*zssdx8E9Q7+tzZ%*Y#j2=/FFZOekUr1BXB6OANpO1-ivAOm";
private $_s_C_OOO_o05 = 30;
private $_s_C_OOO_o06 = "+";
private $_s_C_OOO_o07 = 30;
private $_s_C_OOO_o08 = "(";
private $_s_C_OOO_o09 = "=============================== START KEY DATA =================================\n";
private $_s_C_OOO_o10 = "\n================================ END KEY DATA ==================================";
public function LicenseEncode($result)
{
$resulttraw = serialize($result);
$resulttraw = base64_encode($resulttraw);
$md5Hash = md5($resulttraw . $result['checkDate'] . $this->_s_C_OOO_o04);
$data = $md5Hash.$resulttraw;
$md5Hash = md5(strrev($data) . $this->_s_C_OOO_o03);
$data = $md5Hash.strrev($data);
$data = $this->LicenseEncodePart($data, $this->_s_C_OOO_o01);
$data = strrev($data);
$data = gzdeflate($data);
$data = convert_uuencode($data);
$data = strrev($data);
$data = $this->LicenseEncodePart($data, $this->_s_C_OOO_o02);
$data = strtoupper($data);
$data = wordwrap($data, 18, "+", true);
$data = wordwrap($data, 348, "(", true);
$data = wordwrap($data, 80, "\n", true);
$data = $this->_s_C_OOO_o09 . $data;
$data = $data . $this->_s_C_OOO_o10;
return $data;
}
private function LicenseEncodePart($string, $key)
{
$key = sha1($key);
$strLen = strlen($string);
$keyLen = strlen($key);
$i = 0;
while( $i < $strLen )
{
$ordStr = ord(substr($string, $i, 1));
if( $j == $keyLen )
{
$j = 0;
}
$ordKey = ord(substr($key, $j, 1));
$j++;
$hash .= strrev(base_convert(dechex($ordStr + $ordKey), 16, 36));
$i += 1;
}
return $hash;
}
授权访问的位置是 /clients/modules/servers/licensing/slbs_verify_license.php
我给一个slbs_verify_license.php的范例:
<?php
require "cleaned.php";
if(isset($_POST["nodes"]) && isset($_POST["licensekey"]) && isset($_POST["domain"]) && isset($_POST["ip"]) && isset($_POST["dir"])){
$returnarray = array( "hash" => '',
"hash2" => '',
"status" => 'Active',
"productid" => 20,
"checkDate" => date("Y-M-D"),
"companyname" => "NagakaTech",
"email" => "admin@loli.ren",
"configoptions" => "Slaves=100|Mini Slaves=100|Micro Slaves=100"
);
$data = LicenseEncode($returnarray);
echo($data);
}else{
echo("No input");
}
使用的版本是1.20.03,只测试了前台网页的license正常~
附注:
solusvm服务器(需要host掉)
http://www.soluslabs.com
licensing1.soluslabs.net
licensing5.soluslabs.net
链接:
https://www.myitmx.com/470.html
https://www.loli.ren/2018/01/27/%E8%AE%B0%E4%B8%80%E6%AC%A1solusvm%E7%9A%84%E7%A0%B4%E8%A7%A3
别啥都破解了 圈内分享分享就行了
搞得小学生都来开IDC 然后你们再骂国人主机商xxooyc014t 除了这个至少还有3个暗桩在其他文件里。。。 记得不是用ioncube进行加密的么?呃。。。 dream7758521 发表于 2018-2-21 14:32
其实只要知道了验证方法做一个伪站就可以了
没全解肯定不能用的。。比如有暗桩格盘slave呢2333 dream7758521 发表于 2018-2-21 14:32
其实只要知道了验证方法做一个伪站就可以了
验证license的时候估计不会只返回一个success这么简单,很有可能还有一个加密串之类的东西 所以哈哈哈大部分crack就卡在这里了 有兴趣的dalao可以在验证授权的时候抓个包看看是什么数据yc010t