Il me semble qu’il y a jamais eu de Tuto Mac sur ce forum (je peux me tromper)
Et bien voilà le premier tuto mac sur le forum.
Nous allons juste choper des clés sur le logiciel iExplorer, pas de keygen, ni de patch et en plus c’est assez simple
Ouvrons i*E*x*p*l*o*r*e*r et voyons son message d’erreur :
"Invalid RegistrationKey"
Maintenant ouvrons notre dissassembler préféré (pour ma part c’est Hopper) et cherchons ce string.
Il nous renvoie à la fonction : -[IERegistrationVC startValidation:].
- Code: Tout sélectionner
0000000100062751 push rbp ; Objective C Implementation defined at 0x1001e3550 (instance)
0000000100062752 mov rbp, rsp
0000000100062755 push r15
0000000100062757 push r14
0000000100062759 push r13
000000010006275b push r12
000000010006275d push rbx
000000010006275e sub rsp, 0x48
0000000100062762 mov r14, rdi
0000000100062765 mov rax, qword [ds:imp___got____stack_chk_guard] ; imp___got____stack_chk_guard
000000010006276c mov rax, qword [ds:rax]
000000010006276f mov qword [ss:rbp+var_30], rax
0000000100062773 mov rdi, rdx ; argument #1 for method imp___stubs__objc_retain
0000000100062776 call imp___stubs__objc_retain
000000010006277b mov r13, rax
000000010006277e mov rdi, qword [ds:objc_cls_ref_NSAutoreleasePool] ; objc_cls_ref_NSAutoreleasePool, argument "instance" for method _objc_msgSend
0000000100062785 mov rsi, qword [ds:0x100218c80] ; @selector(alloc)
000000010006278c mov r12, qword [ds:imp___got__objc_msgSend] ; imp___got__objc_msgSend
0000000100062793 call r12 ; _objc_msgSend
0000000100062796 mov rsi, qword [ds:0x100218c88] ; @selector(init), argument "selector" for method _objc_msgSend
000000010006279d mov rdi, rax ; argument "instance" for method _objc_msgSend
00000001000627a0 call r12 ; _objc_msgSend
00000001000627a3 mov qword [ss:rbp+var_48], rax
00000001000627a7 mov edi, 0x5 ; argument #1 for method imp___stubs__sleep
00000001000627ac call imp___stubs__sleep
00000001000627b1 mov rdi, qword [ds:objc_cls_ref_NSThread] ; objc_cls_ref_NSThread, argument "instance" for method _objc_msgSend
00000001000627b8 mov rsi, qword [ds:0x10021bbe8] ; @selector(currentThread), argument "selector" for method _objc_msgSend
00000001000627bf call r12 ; _objc_msgSend
00000001000627c2 mov rdi, rax ; argument #1 for method imp___stubs__objc_retainAutoreleasedReturnValue
00000001000627c5 call imp___stubs__objc_retainAutoreleasedReturnValue
00000001000627ca mov rbx, rax
00000001000627cd mov rsi, qword [ds:0x10021bbf0] ; @selector(isCancelled), argument "selector" for method _objc_msgSend
00000001000627d4 mov rdi, rbx ; argument "instance" for method _objc_msgSend
00000001000627d7 call r12 ; _objc_msgSend
00000001000627da mov r15b, al
00000001000627dd mov rdi, rbx ; argument #1 for method imp___stubs__objc_release
00000001000627e0 call imp___stubs__objc_release
00000001000627e5 test r15b, r15b
00000001000627e8 je 0x1000627fe
00000001000627ea mov rdi, qword [ds:objc_cls_ref_NSThread] ; objc_cls_ref_NSThread, argument "instance" for method imp___got__objc_msgSend
00000001000627f1 mov rsi, qword [ds:0x10021bbf8] ; @selector(exit)
00000001000627f8 call qword [ds:imp___got__objc_msgSend]
00000001000627fe mov rdi, qword [ds:objc_cls_ref_IERegistrationManager] ; objc_cls_ref_IERegistrationManager, argument "instance" for method imp___got__objc_msgSend, XREF=-[IERegistrationVC startValidation:]+151
0000000100062805 mov rsi, qword [ds:0x10021bc00] ; @selector(figureOutKeyType:), argument "selector" for method imp___got__objc_msgSend
000000010006280c mov rdx, r13
000000010006280f mov qword [ss:rbp+var_40], r13
0000000100062813 call qword [ds:imp___got__objc_msgSend]
0000000100062819 mov r13d, eax
000000010006281c mov rbx, qword [ds:_OBJC_IVAR_$_IERegistrationVC.tf_regKeyStatus] ; _OBJC_IVAR_$_IERegistrationVC.tf_regKeyStatus
0000000100062823 cmp r13d, 0x3
0000000100062827 jne 0x1000628a8
0000000100062829 mov rdi, qword [ds:r14+rbx] ; argument "instance" for method _objc_msgSend
000000010006282d mov rsi, qword [ds:0x1002195a8] ; @selector(setHidden:), argument "selector" for method _objc_msgSend
0000000100062834 xor edx, edx
0000000100062836 call r12 ; _objc_msgSend
0000000100062839 mov rdi, qword [ds:r14+rbx] ; argument "instance" for method _objc_msgSend
000000010006283d mov rsi, qword [ds:0x100218db0] ; @selector(setStringValue:), argument "selector" for method _objc_msgSend
0000000100062844 lea rdx, qword [ds:cfstring_Invalid_Registration_Key] ; @"Invalid Registration Key"
000000010006284b call r12 ; _objc_msgSend
000000010006284e mov rdi, qword [ds:objc_cls_ref_NSUserDefaults] ; objc_cls_ref_NSUserDefaults, argument "instance" for method _objc_msgSend
0000000100062855 mov rsi, qword [ds:0x1002193d8] ; @selector(standardUserDefaults), argument "selector" for method _objc_msgSend
000000010006285c call r12 ; _objc_msgSend
000000010006285f mov rdi, rax ; argument #1 for method imp___stubs__objc_retainAutoreleasedReturnValue
0000000100062862 call imp___stubs__objc_retainAutoreleasedReturnValue
0000000100062867 mov rbx, rax
000000010006286a lea rax, qword [ds:_Pref_RegCodePirateDidUpgrade] ; _Pref_RegCodePirateDidUpgrade
0000000100062871 mov rdx, qword [ds:rax]
0000000100062874 mov rsi, qword [ds:0x1002194a8] ; @selector(boolForKey:), argument "selector" for method _objc_msgSend
000000010006287b mov rdi, rbx ; argument "instance" for method _objc_msgSend
000000010006287e call r12 ; _objc_msgSend
0000000100062881 mov r15b, al
0000000100062884 mov rdi, rbx ; argument #1 for method imp___stubs__objc_release
0000000100062887 call imp___stubs__objc_release
000000010006288c test r15b, r15b
000000010006288f mov rdi, qword [ds:objc_cls_ref_IEPirateDiscountWC] ; objc_cls_ref_IEPirateDiscountWC
0000000100062896 je 0x100062b0c
000000010006289c mov rsi, qword [ds:0x10021bc08] ; @selector(showAsOldPirateOnRegEnter)
00000001000628a3 jmp 0x100062b13
00000001000628a8 mov rdi, qword [ds:r14+rbx] ; argument "instance" for method imp___got__objc_msgSend, XREF=-[IERegistrationVC startValidation:]+214
00000001000628ac mov rsi, qword [ds:0x1002195a8] ; @selector(setHidden:), argument "selector" for method imp___got__objc_msgSend
00000001000628b3 xor edx, edx
00000001000628b5 call qword [ds:imp___got__objc_msgSend]
00000001000628bb cmp r13d, 0x4
00000001000628bf mov rdi, qword [ds:r14+rbx]
00000001000628c3 mov rsi, qword [ds:0x100218db0] ; @selector(setStringValue:)
00000001000628ca jne 0x1000628de
00000001000628cc lea rdx, qword [ds:cfstring_Invalid_Registration_Key] ; @"Invalid Registration Key"
00000001000628d3 call qword [ds:imp___got__objc_msgSend]
00000001000628d9 jmp 0x100062b19
00000001000628de lea rdx, qword [ds:cfstring_Registration_Successful_] ; @"Registration Successful!", XREF=-[IERegistrationVC startValidation:]+377
00000001000628e5 call r12 ; _objc_msgSend
00000001000628e8 mov rdi, qword [ds:objc_cls_ref_IERegistrationManager] ; objc_cls_ref_IERegistrationManager, argument "instance" for method _objc_msgSend
00000001000628ef mov rsi, qword [ds:0x10021bc18] ; @selector(saveRegistrationKey:), argument "selector" for method _objc_msgSend
00000001000628f6 mov rdx, qword [ss:rbp+var_40]
00000001000628fa call r12 ; _objc_msgSend
00000001000628fd mov rax, qword [ds:_OBJC_IVAR_$_IERegistrationVC.btn_continueDemo] ; _OBJC_IVAR_$_IERegistrationVC.btn_continueDemo
0000000100062904 mov rdi, qword [ds:r14+rax] ; argument "instance" for method _objc_msgSend
0000000100062908 mov rbx, rax
000000010006290b mov rsi, qword [ds:0x100219d38] ; @selector(setBezelStyle:), argument "selector" for method _objc_msgSend
0000000100062912 mov edx, 0xc
0000000100062917 call r12 ; _objc_msgSend
000000010006291a mov rdi, qword [ds:r14+rbx] ; argument "instance" for method _objc_msgSend
000000010006291e mov rsi, qword [ds:0x100219080] ; @selector(setTitle:), argument "selector" for method _objc_msgSend
0000000100062925 lea rdx, qword [ds:cfstring_Okay] ; @"Okay"
000000010006292c call r12 ; _objc_msgSend
000000010006292f mov r15, qword [ds:r14+rbx]
0000000100062933 mov rsi, qword [ds:0x100219d48] ; @selector(title), argument "selector" for method _objc_msgSend
000000010006293a mov rdi, r15 ; argument "instance" for method _objc_msgSend
000000010006293d call r12 ; _objc_msgSend
0000000100062940 mov rdi, rax ; argument #1 for method imp___stubs__objc_retainAutoreleasedReturnValue
0000000100062943 call imp___stubs__objc_retainAutoreleasedReturnValue
0000000100062948 mov rbx, rax
000000010006294b mov rsi, qword [ds:0x10021bba0] ; @selector(setAlternateTitle:), argument "selector" for method _objc_msgSend
0000000100062952 mov rdi, r15 ; argument "instance" for method _objc_msgSend
0000000100062955 mov rdx, rbx
0000000100062958 call r12 ; _objc_msgSend
000000010006295b mov rdi, rbx ; argument #1 for method imp___stubs__objc_release
000000010006295e call imp___stubs__objc_release
0000000100062963 mov rax, qword [ds:_OBJC_IVAR_$_IERegistrationVC.btn_continueDemo] ; _OBJC_IVAR_$_IERegistrationVC.btn_continueDemo
000000010006296a mov rdi, qword [ds:r14+rax] ; argument "instance" for method _objc_msgSend
000000010006296e mov rsi, qword [ds:0x1002195a0] ; @selector(setEnabled:), argument "selector" for method _objc_msgSend
0000000100062975 mov edx, 0x1
000000010006297a call r12 ; _objc_msgSend
000000010006297d mov rdi, qword [ds:objc_cls_ref_NSObject] ; objc_cls_ref_NSObject, argument "instance" for method _objc_msgSend
0000000100062984 mov rcx, qword [ds:0x10021bba8] ; @selector(updateCountdown)
000000010006298b mov rsi, qword [ds:0x100219b90] ; @selector(cancelPreviousPerformRequestsWithTarget:selector:object:), argument "selector" for method _objc_msgSend
0000000100062992 xor r8d, r8d
0000000100062995 mov rdx, r14
0000000100062998 mov qword [ss:rbp+var_50], r14
000000010006299c call r12 ; _objc_msgSend
000000010006299f mov rdi, qword [ds:objc_cls_ref_IERegistrationManager] ; objc_cls_ref_IERegistrationManager, argument "instance" for method _objc_msgSend
00000001000629a6 mov rsi, qword [ds:0x10021bc20] ; @selector(utmStringWithType:key:), argument "selector" for method _objc_msgSend
00000001000629ad mov edx, r13d
00000001000629b0 mov r14, r12
00000001000629b3 mov rcx, qword [ss:rbp+var_40]
00000001000629b7 call r14 ; _objc_msgSend
00000001000629ba mov rdi, rax ; argument #1 for method imp___stubs__objc_retainAutoreleasedReturnValue
00000001000629bd call imp___stubs__objc_retainAutoreleasedReturnValue
00000001000629c2 mov r12, rax
00000001000629c5 mov rdi, qword [ds:objc_cls_ref_CommonData] ; objc_cls_ref_CommonData, argument "instance" for method _objc_msgSend
00000001000629cc mov rsi, qword [ds:0x100218fa8] ; @selector(sharedInstance), argument "selector" for method _objc_msgSend
00000001000629d3 call r14 ; _objc_msgSend
00000001000629d6 mov rdi, rax ; argument #1 for method imp___stubs__objc_retainAutoreleasedReturnValue
00000001000629d9 call imp___stubs__objc_retainAutoreleasedReturnValue
00000001000629de mov rbx, rax
00000001000629e1 mov rsi, qword [ds:0x10021bc28] ; @selector(lastConnectedDeviceType), argument "selector" for method _objc_msgSend
00000001000629e8 mov rdi, rbx ; argument "instance" for method _objc_msgSend
00000001000629eb call r14 ; _objc_msgSend
00000001000629ee mov rdi, rax ; argument #1 for method imp___stubs__objc_retainAutoreleasedReturnValue
00000001000629f1 call imp___stubs__objc_retainAutoreleasedReturnValue
00000001000629f6 mov r15, rax
00000001000629f9 mov rdi, rbx ; argument #1 for method imp___stubs__objc_release
00000001000629fc call imp___stubs__objc_release
0000000100062a01 mov rdi, qword [ds:objc_cls_ref_CommonData] ; objc_cls_ref_CommonData, argument "instance" for method _objc_msgSend
0000000100062a08 mov rsi, qword [ds:0x100218fa8] ; @selector(sharedInstance), argument "selector" for method _objc_msgSend
0000000100062a0f call r14 ; _objc_msgSend
0000000100062a12 mov rdi, rax ; argument #1 for method imp___stubs__objc_retainAutoreleasedReturnValue
0000000100062a15 call imp___stubs__objc_retainAutoreleasedReturnValue
0000000100062a1a mov rbx, rax
0000000100062a1d mov rsi, qword [ds:0x10021bc30] ; @selector(lastConnectedDeviceColor), argument "selector" for method _objc_msgSend
0000000100062a24 mov rdi, rbx ; argument "instance" for method _objc_msgSend
0000000100062a27 call r14 ; _objc_msgSend
0000000100062a2a mov rdi, rax ; argument #1 for method imp___stubs__objc_retainAutoreleasedReturnValue
0000000100062a2d call imp___stubs__objc_retainAutoreleasedReturnValue
0000000100062a32 mov r13, rax
0000000100062a35 mov rdi, rbx ; argument #1 for method imp___stubs__objc_release
0000000100062a38 call imp___stubs__objc_release
0000000100062a3d mov rsi, qword [ds:0x100218d50] ; @selector(length), argument "selector" for method _objc_msgSend
0000000100062a44 mov rdi, r15 ; argument "instance" for method _objc_msgSend
0000000100062a47 call r14 ; _objc_msgSend
0000000100062a4a test rax, rax
0000000100062a4d je 0x100062b32
C’est cette fonction qui affiche notre message d’erreur. En la parcourant, on peut voir aussi notre message de réussite qui est « Registration Successful! ».
On peut faire en sorte de tomber sur notre message de réussite mais nous, on cherche une clé.
La variable $r13 contient notre clé qui doit être vérifiée. La fonction « figureOutKeyType: » prend en paramètre notre clé.
Allons voir cette fonction, elle appartient à la class « IERegistrationManager ».
La class « IERegistrationManager » contient plein de fonctions, on peut les voir sur la partie gauche de Hopper.
Et on s’aperçoit qu'il y a une fonction qui s’appelle « testKeys ». La fonction teste-t-elle des clés ?
Eh bien oui, elle teste des clés toutes faites.
- Code: Tout sélectionner
000000010010523c push rbp ; Objective C Implementation defined at 0x10020a248 (class)
000000010010523d mov rbp, rsp
0000000100105240 push r15
0000000100105242 push r14
0000000100105244 push r13
0000000100105246 push r12
0000000100105248 push rbx
0000000100105249 sub rsp, 0x378
0000000100105250 mov qword [ss:rbp+var_388], rdi
0000000100105257 mov rax, qword [ds:imp___got____stack_chk_guard] ; imp___got____stack_chk_guard
000000010010525e mov rax, qword [ds:rax]
0000000100105261 mov qword [ss:rbp+var_30], rax
;suite du test des clés
Toutes les clés fonctionnent.
On va aller plus loin, grâce à hopper, certaines parties des 10 clés se répètent. Elle apparait dans la première clé et dans la dernière.
Et si on mélange les parties des 10 clé, elle fonctionne aussi.;
On peut même prendre juste une partie et la répétée plusieurs fois
Retournons à nos fonctions, il y en a une qui permet de vérifier si elles sont piratées. Et il y en plein.
On peut facilement se créer une clé et même faire un faux keygenne.
Merci de m'avoir lu.
N'hésitez pas à critiquer.
PS : Est-ce que les clés fonctionnent-t-elles sur Pc ?
