关于爱普达的注册机
其实老夫根本不懂PHP,在chinaz上面看到个爱普达多语言企业管理系统,看介绍还可以,就下了一个来看看,因为使用的easy2php5,默认域名为localhost:8080,装上去后说这个域名未被授权使用,正好下了个dezend,于是就de了一下想看看de之后的效果。
license.php被完美解开,内容如下
$authorized_a = “1195044558”;
$authorized_b = “1479127740”;
$authorized_c = “127.0.0.1”;
$authorized_d = “delteless”;
$authorized_e = “123456”;
$authorized_f = “advanced”;
$authorized_g = “6.1.2”;
$authorized_m = “c934b5125ff788962bcb632aa71b5e3c1b6412a14bd7371e14081da3961137a2”;
尝试改了一下127.0.0.1为localhost:8080,结果提示注册文件错误,继续寻找错误提示的语言,在语言文件夹中error.php中发现了错误提示的变量$com_error_x,后来在config.php中发现了错误判断的语句,内容如下
$SERVER_NAME = $HTTP_SERVER_VARS[‘HTTP_HOST’];
if ( isset( $authorized_a, $authorized_b, $authorized_c, $authorized_d, $authorized_e, $authorized_f, $authorized_g, $authorized_m ) )
{
@include( “{$languagespath}{$db_type}”.”_error.php” );
echo “{$com_error_1}”;
exit( );
}
$zhandian = $authorized_c.$authorized_a.$authorized_b.$authorized_d.$authorized_e.$authorized_f.$authorized_g.$pre;
$zhandian = base64_encode( $zhandian );
$zhandian = strrev( $zhandian );
$zhandian = md5( $zhandian );
$doname = md5( md5( md5( $zhandian.$pre ) ) );
$doname .= $zhandian;
if ( $doname != $authorized_m )
{
@include( “{$languagespath}{$db_type}”.”_error.php” );
echo “{$com_error_2}”;
exit( );
}
$use_server = $authorized_c;
$use_start = $authorized_a;
$use_end = $authorized_b;
$htmlcreate = $authorized_e;
$use_type = $authorized_f;
$use_limit = $authorized_d;
$use_version = $authorized_g;
$now_time = time( );
$cha_time = $use_end – $now_time;
$cha_day = $cha_time / 60 / 60 / 24;
$cha_day = number_format( $cha_day );
if ( $SERVER_NAME != “127.0.0.1” && $SERVER_NAME != “192.168.0.1” && $SERVER_NAME != “localhost” )
{
$www_use_server = “www.”.$use_server;
if ( $use_server != $SERVER_NAME && $www_use_server != $SERVER_NAME )
{
@include( “{$languagespath}{$db_type}”.”_error.php” );
echo “{$com_error_3}”;
exit( );
}
}
if ( $use_limit == “limit” && $use_end < $now_time )
{
@include( “{$languagespath}{$db_type}”.”_error.php” );
echo “{$com_error_4}”;
exit( );
}
if ( $use_version != $version )
{
@include( “{$languagespath}{$db_type}”.”_error.php” );
echo “{$com_error_5}”;
exit( );
}
$tempUrl = “{$temprootpath}/{$temppath}/in_bottom{$temp_name}”;
if ( file_exists( “{$tempUrl}” ) )
{
@include( “{$languagespath}{$db_type}”.”_error.php” );
echo “{$com_error_6}”;
exit( );
}
$afile = file_get_contents( $tempUrl );
$afile = qx( “<div class=two>”, “</div>”, $afile );
$afile = str_replace( ” “, “”, $afile );
if ( $afile != “{COPY_RIGHT_AIPUDA}” )
{
@include( “{$languagespath}{$db_type}”.”_error.php” );
echo “{$com_error_7}”;
exit( );
}
可以看到error_3的判断就是如果server_name不等于127.0.0.1或192.168.0.1或localhost,就判断$authorized_c与$authorized_c加www头后是否与域名相符,不相符就提示error_3,但改了$authorized_c之后会提示error_2。
再接着看error_2的判断,首先定义一个变量$zhandian,$zhandian的值是把
$authorized_c、authorized_a、$authorized_b、$authorized_d、$authorized_e、$authorized_f、$authorized_g、$pre这几个变量的值串起来,可以从license.php中找到前面七个变量,$pre在哪里呢?终于在function.php的最后发现了这句$pre = “x01x7fxc2xdfx80xbfxe0xa0xbf”;将这些字符串起来后用base64_encode()函数给编码一遍,当时不知道这个函数是php自带的,还特地找了个base64编码的工具来弄,紧接下来就是将base64编码过的字符串用函数strrev()处理一次,strrev()是干嘛的呢,搜索了一下,原来是将整个字符串颠倒的,要命啊,把这几十个字符倒过来写一遍?那试着写了个php文件,定义一个变量的值为字符串,然后strrev()处理一次输出,真爽,成功的颠倒了,突然想到php有没有内置一个base64_encode()函数呢,有md5()函数以前就是知道的,再试着在那个php文件里加了一句base64的处理,太他妈伟大了,居然这么简单,那下面就好办了,将颠倒过的字符串md5加密一次,再跟$pre的值串一次,再连续三次md5加密赋值给变量$doname,最后就将得到的这个字符串与第一次md5之后的字符串连接起来再赋给$doname,接下来就是判断这个字符串是否与变量$authorized_m的值相同,不同就提示error_2,那不就简单了?将$authorized_c的内容改掉,重新按照上面的过程来一遍,重新得到一个$authorized_m不就行了么?
再看到error_4是提示过期的,用date(‘Y-m-d H:i:s’, $authorized_b)输出看了一下,得到一个时间,那不就简单了么,把$authorized_b的这个数字改大重新得到$authorized_m就OK了!
下面是当时的草稿
$authorized_a = “1195044558”;
$authorized_b = “1479127740”;
$authorized_c = “localhost:8080”;
$authorized_d = “delteless”;
$authorized_e = “123456”;
$authorized_f = “advanced”;
$authorized_g = “6.1.2”;
$pre = “x01x7fxc2xdfx80xbfxe0xa0xbf”;echo “下面为运算的过程<br>”;
$zhandian = $authorized_c.$authorized_a.$authorized_b.$authorized
_d.$authorized_e.$authorized_f.$authorized_g.$pre;
echo “第一次连接字符串后: “.$zhandian;
echo “<br>”;
$aaa=base64_encode( $zhandian );
echo “base64加密后: “.$aaa;
echo “<br>”;$bbb=strrev( $aaa );
echo “strrev函数颠倒字符串后: “.$bbb;
echo “<br>”;
$ccc=md5($bbb);
echo “md5加密后: “.$ccc;
echo “<br>”;
$ddd = md5( md5( md5( $ccc.$pre ) ) );
$ddd .= $ccc;
echo “<br><br>结果在此行,请将此行的字符串填入authorized_m: “.$ddd;
echo “<br>”;
echo time();
echo “<br>”;
$eee=date(‘Y-m-d H:i:s’, 1195044558);
$fff=date(‘Y-m-d H:i:s’, 1479127740);
echo “$eee”;
echo “<br>”;
echo “$fff”;echo “authorized_a “.$authorized_a.” 表示起始时间为 “.$eee.”<br>”;
echo “authorized_b “.$authorized_b.” 表示起始时间为 “.$fff.”<br>”;
echo “authorized_c “.$authorized_c.” 表示你要使用的域名<br><br><br>”;
哈哈,懒得很,变量瞎定义的,搞这点东西都搞死个人,幸好以前学C语言还隐约记得一点,才折磨了出来,将新的license.php放入includes文件夹,再次测试网站就显示出来了
2008/07/26 15:57:43
这个应该不关license的事吧,没有试过放在子目录
你在http://dagai.net/aipuda直接生成一个license试试看
2008/07/25 18:09:44
我是在http://dagai.net/aipuda/index.php下了license
2008/07/25 18:08:48
放了license 还是出现错误?Fatal error: This file has expired. in Domain.com\aipuda\install.php on line 0
还要加什么东西?
(能放在子目录中吗?)
2008/03/21 21:16:30
难道最后不是么?保存为PHP就行了
2008/03/21 09:13:56
把程序公布出来吧!谢谢!