支持Visual SVN Server4.2.1以及舊的4.x。代碼拿去。
#define _CRT_SECURE_NO_WARNINGS
#include <windows.h>
#include <stdio.h>
char RsaPublicKey[128] = {
0x2D, 0x58, 0x22, 0x42, 0x9E, 0x9B, 0x65, 0xFD, 0x23, 0xC1, 0x27, 0xB2, 0xBD, 0x75, 0x82, 0xA5,
0x79, 0xF2, 0x2A, 0x3B, 0x35, 0x4B, 0x93, 0xD7, 0x93, 0xFF, 0xB1, 0x80, 0x23, 0xEF, 0x53, 0xF8,
0xF4, 0xC6, 0x37, 0xC6, 0x02, 0xED, 0x3B, 0xB5, 0x3D, 0x0D, 0x6A, 0x9D, 0xE0, 0x14, 0x33, 0xB5,
0x5D, 0xB9, 0xD7, 0xC5, 0x1A, 0x18, 0xE0, 0x90, 0x53, 0x65, 0x15, 0x5E, 0x80, 0x4B, 0xE8, 0x92,
0x70, 0xE3, 0x6D, 0x2B, 0x06, 0x72, 0x18, 0x82, 0xC3, 0x29, 0x16, 0x92, 0xAC, 0xAB, 0xE3, 0x15,
0x73, 0x51, 0x65, 0xF7, 0xBD, 0xCF, 0x10, 0x08, 0x66, 0xD0, 0x3E, 0x54, 0x4D, 0x73, 0x94, 0x2F,
0x91, 0xA4, 0xCC, 0x02, 0x89, 0xBB, 0x90, 0xB1, 0xAA, 0x86, 0x8E, 0x33, 0x77, 0x58, 0xF5, 0xBB,
0xEB, 0xFD, 0xCC, 0x18, 0x67, 0x7B, 0x82, 0xB8, 0xC7, 0xA2, 0x34, 0x7A, 0x3D, 0x2D, 0xA3, 0xA9
};
char RsaPublicKey_Reversed[128] = {
0xA9, 0xA3, 0x2D, 0x3D, 0x7A, 0x34, 0xA2, 0xC7, 0xB8, 0x82, 0x7B, 0x67, 0x18, 0xCC, 0xFD, 0xEB,
0xBB, 0xF5, 0x58, 0x77, 0x33, 0x8E, 0x86, 0xAA, 0xB1, 0x90, 0xBB, 0x89, 0x02, 0xCC, 0xA4, 0x91,
0x2F, 0x94, 0x73, 0x4D, 0x54, 0x3E, 0xD0, 0x66, 0x08, 0x10, 0xCF, 0xBD, 0xF7, 0x65, 0x51, 0x73,
0x15, 0xE3, 0xAB, 0xAC, 0x92, 0x16, 0x29, 0xC3, 0x82, 0x18, 0x72, 0x06, 0x2B, 0x6D, 0xE3, 0x70,
0x92, 0xE8, 0x4B, 0x80, 0x5E, 0x15, 0x65, 0x53, 0x90, 0xE0, 0x18, 0x1A, 0xC5, 0xD7, 0xB9, 0x5D,
0xB5, 0x33, 0x14, 0xE0, 0x9D, 0x6A, 0x0D, 0x3D, 0xB5, 0x3B, 0xED, 0x02, 0xC6, 0x37, 0xC6, 0xF4,
0xF8, 0x53, 0xEF, 0x23, 0x80, 0xB1, 0xFF, 0x93, 0xD7, 0x93, 0x4B, 0x35, 0x3B, 0x2A, 0xF2, 0x79,
0xA5, 0x82, 0x75, 0xBD, 0xB2, 0x27, 0xC1, 0x23, 0xFD, 0x65, 0x9B, 0x9E, 0x42, 0x22, 0x58, 0x2D
};
char RsaPublicKey_Patch[128] = {
0x59, 0xEB, 0x6B, 0x93, 0x10, 0x06, 0xF4, 0xEB, 0xCE, 0x5A, 0xF8, 0xD3, 0xE8, 0x02, 0xCB, 0xBD,
0x02, 0xF9, 0x9E, 0x1B, 0x17, 0x3A, 0x23, 0x34, 0x3D, 0x68, 0xB3, 0xB8, 0x3A, 0xC4, 0xC9, 0x59,
0xD9, 0xCC, 0xB9, 0x0D, 0xC7, 0xE4, 0xBA, 0x26, 0x5C, 0xD9, 0x6E, 0xA5, 0x34, 0x58, 0x12, 0x14,
0xB7, 0x2D, 0x0F, 0x93, 0x5D, 0xF4, 0x2F, 0xBA, 0x50, 0x90, 0xC8, 0xB6, 0x58, 0x29, 0xEA, 0x71,
0xDF, 0x40, 0xA2, 0x8B, 0xE5, 0x4E, 0xCF, 0xDF, 0x70, 0x74, 0x0A, 0xC0, 0x5F, 0x57, 0x4D, 0xCD,
0xC2, 0xB7, 0x42, 0x77, 0xCF, 0xEC, 0xA3, 0x3C, 0xC2, 0x3E, 0xD0, 0xB7, 0x8A, 0xAE, 0xB6, 0x74,
0xDD, 0x1B, 0xDA, 0xD5, 0xF8, 0x0E, 0x40, 0x90, 0x66, 0x23, 0x33, 0x51, 0x52, 0xF1, 0xFD, 0xF6,
0x22, 0xE4, 0xB8, 0x2E, 0xF8, 0xEF, 0xDE, 0x8F, 0x78, 0x8A, 0xCD, 0xC1, 0x5A, 0x61, 0xD5, 0xD6
};
char RsaPublicKey_PatchReversed[128] = {
0xD6, 0xD5, 0x61, 0x5A, 0xC1, 0xCD, 0x8A, 0x78, 0x8F, 0xDE, 0xEF, 0xF8, 0x2E, 0xB8, 0xE4, 0x22,
0xF6, 0xFD, 0xF1, 0x52, 0x51, 0x33, 0x23, 0x66, 0x90, 0x40, 0x0E, 0xF8, 0xD5, 0xDA, 0x1B, 0xDD,
0x74, 0xB6, 0xAE, 0x8A, 0xB7, 0xD0, 0x3E, 0xC2, 0x3C, 0xA3, 0xEC, 0xCF, 0x77, 0x42, 0xB7, 0xC2,
0xCD, 0x4D, 0x57, 0x5F, 0xC0, 0x0A, 0x74, 0x70, 0xDF, 0xCF, 0x4E, 0xE5, 0x8B, 0xA2, 0x40, 0xDF,
0x71, 0xEA, 0x29, 0x58, 0xB6, 0xC8, 0x90, 0x50, 0xBA, 0x2F, 0xF4, 0x5D, 0x93, 0x0F, 0x2D, 0xB7,
0x14, 0x12, 0x58, 0x34, 0xA5, 0x6E, 0xD9, 0x5C, 0x26, 0xBA, 0xE4, 0xC7, 0x0D, 0xB9, 0xCC, 0xD9,
0x59, 0xC9, 0xC4, 0x3A, 0xB8, 0xB3, 0x68, 0x3D, 0x34, 0x23, 0x3A, 0x17, 0x1B, 0x9E, 0xF9, 0x02,
0xBD, 0xCB, 0x02, 0xE8, 0xD3, 0xF8, 0x5A, 0xCE, 0xEB, 0xF4, 0x06, 0x10, 0x93, 0x6B, 0xEB, 0x59
};
DWORD SearchKey(PCHAR Buffer, DWORD BufSize, PCHAR KeyBuf, DWORD KeyBufSize)
{
DWORD i;
for(i = 0; i < BufSize - KeyBufSize; i++)
{
if(!memcmp(Buffer + i, KeyBuf, KeyBufSize))
return i;
}
return 0;
}
BOOL PatchRsaPublicKey(char *Filename)
{
HANDLE hFile = INVALID_HANDLE_VALUE;
HANDLE hFileSave = INVALID_HANDLE_VALUE;
PCHAR pFileBuf = NULL;
BOOL bRetVal = FALSE;
do {
DWORD FileSize = 0, dwRead, dwWritten, KeyPos;
BOOL bRet;
CHAR BackupFilename[MAX_PATH];
printf("[+]Patching %s\n", Filename);
hFile = CreateFile(Filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile == INVALID_HANDLE_VALUE)
{
printf("[-]Open %s failed\n", Filename);
break;
}
FileSize = GetFileSize(hFile, NULL);
pFileBuf = LocalAlloc(LPTR, FileSize);
if(!pFileBuf)
{
printf("[-]Alloc %d bytes failed\n", FileSize);
break;
}
bRet = ReadFile(hFile, pFileBuf, FileSize, &dwRead, NULL);
if(!bRet || dwRead != FileSize)
{
printf("[-]ReadFile %d bytes failed, acturally read %d bytes\n", FileSize, dwRead);
break;
}
KeyPos = SearchKey(pFileBuf, FileSize, RsaPublicKey, sizeof(RsaPublicKey));
if(KeyPos)
{
memcpy(pFileBuf + KeyPos, RsaPublicKey_Patch, sizeof(RsaPublicKey_Patch));
printf(" [+]Replace RSA public key @ 0x%x\n", KeyPos);
}
else
{
KeyPos = SearchKey(pFileBuf, FileSize, RsaPublicKey_Reversed, sizeof(RsaPublicKey_Reversed));
if(KeyPos)
{
memcpy(pFileBuf + KeyPos, RsaPublicKey_PatchReversed, sizeof(RsaPublicKey_PatchReversed));
printf(" [+]Replace RSA public key @ 0x%x (reversed)\n", KeyPos);
}
}
if(!KeyPos)
{
KeyPos = SearchKey(pFileBuf, FileSize, RsaPublicKey_Patch, sizeof(RsaPublicKey_Patch));
if(!KeyPos)
KeyPos = SearchKey(pFileBuf, FileSize, RsaPublicKey_PatchReversed, sizeof(RsaPublicKey_PatchReversed));
if(KeyPos)
{
printf(" [-]ALREADY PATCHED!\n");
break;
}
else
{
printf(" [-]RSA public key not found!\n");
break;
}
}
CloseHandle(hFile);
hFile = INVALID_HANDLE_VALUE;
strcpy(BackupFilename, Filename);
strcat(BackupFilename, ".bak");
MoveFile(Filename, BackupFilename);
hFileSave = CreateFile(Filename, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFileSave == INVALID_HANDLE_VALUE)
{
printf(" [-]Open %s failed\n", Filename);
break;
}
bRet = WriteFile(hFileSave, pFileBuf, FileSize, &dwWritten, NULL);
if(!bRet || dwWritten != FileSize)
{
printf(" [-]Save %s failed\n", BackupFilename);
break;
}
bRetVal = TRUE;
} while (0);
if(hFile != INVALID_HANDLE_VALUE)
CloseHandle(hFile);
if(hFileSave != INVALID_HANDLE_VALUE)
CloseHandle(hFileSave);
if(pFileBuf)
LocalFree(pFileBuf);
return bRetVal;
}
void WorkForReverse(void)
{
DWORD i;
for(i = 0; i < sizeof(RsaPublicKey_Patch); i++)
{
UCHAR c = (UCHAR)RsaPublicKey_Patch[ sizeof(RsaPublicKey_Patch) - i - 1 ];
if(!(i % 16))
printf("\n");
printf("0x%02X, ", c);
}
}
int main(int argc, char *argv[])
{
DWORD PatchCount = 0;
printf("Visual SVN Server 4.x cracker\n");
printf(" DeltaFoX Original Works, feats. mengxp \n\n");
printf("Copy this program to Visual SVN Server bin folder\n");
printf("Press any key to continue\n\n");
//WorkForReverse();
getch();
PatchCount += PatchRsaPublicKey("mod_licensing_visualsvn.so");
PatchCount += PatchRsaPublicKey("vsvnwmiprov.dll");
PatchCount += PatchRsaPublicKey("vdfssvc.exe");
PatchCount += PatchRsaPublicKey("vrepocfgsvc.exe");
PatchCount += PatchRsaPublicKey("vsvnjobsvc.exe");
if(!PatchCount)
{
printf("\nALL PATCH FAILED!\n");
getch();
exit(-1);
}
printf("\nPATCH DONE!\n\n");
printf("License string: \n");
printf("--------------------------------------------------\n");
printf("Sec2jm50v7275f41vas7m6n9i3b43olhqj89uc59ro2n5h5uev\n");
printf("mbpssgo4q4n8puuckqqcg7o66vqi2e2iinv3sphudb79khb0nt\n");
printf("8l4tli5atlolmpea9til7emprkd25abs84nt2jj3jdmjsaom1p\n");
printf("29ikvhataug7jabab5ml5apilvjvo28drjmfn4mok0btf4jv2i\n");
printf("0rtq9a77sq0aiiqr4lbqbret70lnbhekjhh03nasekv1ji0cb1\n");
printf("lk1pasd4p21p0t4hrl9p1174n21pacb4vlbi0oc4l59vvc3gmh\n");
printf("931r87tc8k64nntc8kd50h3kiiahlnjc0l\n");
printf("--------------------------------------------------\n");
getch();
return 0;
}