本来很早就想搞个这玩意了,就是校验软件是否可用性,当然也可以进行请求数据的加密!
软件远程请求PHP文件,PHP进行AES的加密。加密内带入时间戳。
软件接收到了PHP的加密值,然后在软件内进行解密。
解密之后校验时间戳,判断当前的时间戳是否在返回的时间戳六十秒之内(提高安全性)。
判断无误的话,则提取解密数据的|之前的字符,进行校验。
校验成功,进软件。
校验失败,弹出服务器返回的失败内容。
软件生成之后记得使用VMP加壳软件加壳,不然被破解还是轻轻松松,加上壳之后破解难度就飙升了。
代码如下:
PHP代码:
<?php
function EncryptAES($key, $data) {
$ivLength = 16;
$iv = openssl_random_pseudo_bytes($ivLength);
$encryptedText = openssl_encrypt($data, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
$combinedData = $iv . $encryptedText;
$encryptedData = base64_encode($combinedData);
return $encryptedData;
}
$key = "5H8g9T6j2Y1n4K7B";
$valueToEncrypt = "当前可用";
$timestamp = time(); // 获取当前时间戳
$dataWithTimestamp = $valueToEncrypt . "|" . $timestamp; // 在数据后添加时间戳
$encryptedValue = EncryptAES($key, $dataWithTimestamp);
echo $encryptedValue;
?>
VB.NET代码:
Imports System.IO
Imports System.Net
Imports System.Reflection
Imports System.Runtime.InteropServices
Imports System.Security.Cryptography
Imports System.Text
Module 验证模块
Dim url As String = "http://ver.lxjc.com/app_yz/20230618.php"
Function DecryptAES(key As Byte(), encryptedData As String) As String
Dim combinedData As Byte() = Convert.FromBase64String(encryptedData)
Dim ivLength As Integer = 16 ' IV长度为16字节
Dim iv(ivLength - 1) As Byte
Buffer.BlockCopy(combinedData, 0, iv, 0, ivLength)
Dim encryptedBytes(combinedData.Length - ivLength - 1) As Byte
Buffer.BlockCopy(combinedData, ivLength, encryptedBytes, 0, encryptedBytes.Length)
Using aesAlg As Aes = Aes.Create()
aesAlg.Key = key
aesAlg.IV = iv
Dim decryptor As ICryptoTransform = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV)
Dim decryptedData As String = Nothing
Using msDecrypt As New IO.MemoryStream(encryptedBytes)
Using csDecrypt As New CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)
Using srDecrypt As New IO.StreamReader(csDecrypt)
decryptedData = srDecrypt.ReadToEnd()
End Using
End Using
End Using
Return decryptedData
End Using
End Function
'需要VMP虚拟化处理
<Obfuscation(Feature:="virtualization", Exclude:=False)>
Function get_pass() As String
Try
Dim request As HttpWebRequest = CType(WebRequest.Create(url), HttpWebRequest)
request.Method = "GET"
Dim response As HttpWebResponse = CType(request.GetResponse(), HttpWebResponse)
Using streamReader As New System.IO.StreamReader(response.GetResponseStream())
Dim responseText As String = streamReader.ReadToEnd()
Return responseText
End Using
response.Close()
Catch ex As Exception
MsgBox(ex.Message)
End
End Try
End Function
<Obfuscation(Feature:="virtualization", Exclude:=False)> '虚拟化
Function Main() '入口
Dim key As Byte() = Encoding.UTF8.GetBytes("5H8g9T6j2Y1n4K7B")
Dim encryptedValue As String = get_pass() ' 获取加密后的值
Dim decryptedValue As String = DecryptAES(key, encryptedValue)
Dim parts() As String = decryptedValue.Split("|"c)
If Not ValidateTimestamp(parts) Then
MsgBox("时间不同步,请匹配北京时间!")
End
End If
If parts(0) = "当前可用" Then
' 验证通过
MsgBox("验证通过")
Else
' 验证不通过
MsgBox(parts(0))
End
End If
End Function
<Obfuscation(Feature:="virtualization", Exclude:=False)>
Private Function ValidateTimestamp(parts As String()) As Boolean
Dim serverTimestamp As Long = Long.Parse(parts(1))
Dim epoch As New DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)
Dim currentTime As DateTime = DateTime.UtcNow
Dim timeStamp As Long = (currentTime - epoch).TotalSeconds
Dim net_time_add As Long = serverTimestamp + 8
Dim net_time_sub As Long = serverTimestamp - 8
Dim isInRange As Boolean = False
isInRange = If(timeStamp >= net_time_sub AndAlso timeStamp <= net_time_add, True, False)
Return isInRange
End Function
End Module
