diff --git a/.gitignore b/.gitignore index 9ac4a63..f6adf54 100644 --- a/.gitignore +++ b/.gitignore @@ -1,289 +1,4 @@ -## Ignore Visual Studio temporary files, build results, and -## files generated by popular Visual Studio add-ons. -## -## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore - -# User-specific files -*.suo -*.user -*.userosscache -*.sln.docstates - -# User-specific files (MonoDevelop/Xamarin Studio) -*.userprefs - -# Build results -[Dd]ebug/ -[Dd]ebugPublic/ -[Rr]elease/ -[Rr]eleases/ -x64/ -x86/ -bld/ -[Bb]in/ -[Oo]bj/ -[Ll]og/ - -# Visual Studio 2015 cache/options directory .vs/ -# Uncomment if you have tasks that create the project's static files in wwwroot -#wwwroot/ - -# MSTest test Results -[Tt]est[Rr]esult*/ -[Bb]uild[Ll]og.* - -# NUNIT -*.VisualState.xml -TestResult.xml - -# Build Results of an ATL Project -[Dd]ebugPS/ -[Rr]eleasePS/ -dlldata.c - -# .NET Core -project.lock.json -project.fragment.lock.json -artifacts/ -**/Properties/launchSettings.json - -*_i.c -*_p.c -*_i.h -*.ilk -*.meta -*.obj -*.pch -*.pdb -*.pgc -*.pgd -*.rsp -*.sbr -*.tlb -*.tli -*.tlh -*.tmp -*.tmp_proj -*.log -*.vspscc -*.vssscc -.builds -*.pidb -*.svclog -*.scc - -# Chutzpah Test files -_Chutzpah* - -# Visual C++ cache files -ipch/ -*.aps -*.ncb -*.opendb -*.opensdf -*.sdf -*.cachefile -*.VC.db -*.VC.VC.opendb - -# Visual Studio profiler -*.psess -*.vsp -*.vspx -*.sap - -# TFS 2012 Local Workspace -$tf/ - -# Guidance Automation Toolkit -*.gpState - -# ReSharper is a .NET coding add-in -_ReSharper*/ -*.[Rr]e[Ss]harper -*.DotSettings.user - -# JustCode is a .NET coding add-in -.JustCode - -# TeamCity is a build add-in -_TeamCity* - -# DotCover is a Code Coverage Tool -*.dotCover - -# Visual Studio code coverage results -*.coverage -*.coveragexml - -# NCrunch -_NCrunch_* -.*crunch*.local.xml -nCrunchTemp_* - -# MightyMoose -*.mm.* -AutoTest.Net/ - -# Web workbench (sass) -.sass-cache/ - -# Installshield output folder -[Ee]xpress/ - -# DocProject is a documentation generator add-in -DocProject/buildhelp/ -DocProject/Help/*.HxT -DocProject/Help/*.HxC -DocProject/Help/*.hhc -DocProject/Help/*.hhk -DocProject/Help/*.hhp -DocProject/Help/Html2 -DocProject/Help/html - -# Click-Once directory -publish/ - -# Publish Web Output -*.[Pp]ublish.xml -*.azurePubxml -# TODO: Comment the next line if you want to checkin your web deploy settings -# but database connection strings (with potential passwords) will be unencrypted -*.pubxml -*.publishproj - -# Microsoft Azure Web App publish settings. Comment the next line if you want to -# checkin your Azure Web App publish settings, but sensitive information contained -# in these scripts will be unencrypted -PublishScripts/ - -# NuGet Packages -*.nupkg -# The packages folder can be ignored because of Package Restore -**/packages/* -# except build/, which is used as an MSBuild target. -!**/packages/build/ -# Uncomment if necessary however generally it will be regenerated when needed -#!**/packages/repositories.config -# NuGet v3's project.json files produces more ignorable files -*.nuget.props -*.nuget.targets - -# Microsoft Azure Build Output -csx/ -*.build.csdef - -# Microsoft Azure Emulator -ecf/ -rcf/ - -# Windows Store app package directories and files -AppPackages/ -BundleArtifacts/ -Package.StoreAssociation.xml -_pkginfo.txt - -# Visual Studio cache files -# files ending in .cache can be ignored -*.[Cc]ache -# but keep track of directories ending in .cache -!*.[Cc]ache/ - -# Others -ClientBin/ -~$* -*~ -*.dbmdl -*.dbproj.schemaview -*.jfm -*.pfx -*.publishsettings -orleans.codegen.cs - -# Since there are multiple workflows, uncomment next line to ignore bower_components -# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) -#bower_components/ - -# RIA/Silverlight projects -Generated_Code/ - -# Backup & report files from converting an old project file -# to a newer Visual Studio version. Backup files are not needed, -# because we have git ;-) -_UpgradeReport_Files/ -Backup*/ -UpgradeLog*.XML -UpgradeLog*.htm - -# SQL Server files -*.mdf -*.ldf -*.ndf - -# Business Intelligence projects -*.rdl.data -*.bim.layout -*.bim_*.settings - -# Microsoft Fakes -FakesAssemblies/ - -# GhostDoc plugin setting file -*.GhostDoc.xml - -# Node.js Tools for Visual Studio -.ntvs_analysis.dat -node_modules/ - -# Typescript v1 declaration files -typings/ - -# Visual Studio 6 build log -*.plg - -# Visual Studio 6 workspace options file -*.opt - -# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) -*.vbw - -# Visual Studio LightSwitch build output -**/*.HTMLClient/GeneratedArtifacts -**/*.DesktopClient/GeneratedArtifacts -**/*.DesktopClient/ModelManifest.xml -**/*.Server/GeneratedArtifacts -**/*.Server/ModelManifest.xml -_Pvt_Extensions - -# Paket dependency manager -.paket/paket.exe -paket-files/ - -# FAKE - F# Make -.fake/ - -# JetBrains Rider -.idea/ -*.sln.iml - -# CodeRush -.cr/ - -# Python Tools for Visual Studio (PTVS) -__pycache__/ -*.pyc - -# Cake - Uncomment if you are using it -# tools/** -# !tools/packages.config - -# Telerik's JustMock configuration file -*.jmconfig - -# BizTalk build output -*.btp.cs -*.btm.cs -*.odx.cs -*.xsd.cs -MailDataReciever/Renci.SshNet.dll +.vscode/ +bin/ +obj/ diff --git a/README.md b/README.md index 92939db..d5f9f92 100644 --- a/README.md +++ b/README.md @@ -1,137 +1,36 @@ # Navicat Keygen - This repository will tell you how Navicat offline activation works. +[中文版README](README.zh-CN.md) -## 1. Keyword Explanation. +This repository will tell you how Navicat offline activation works. - * __Navicat Activation Public Key__ +Previous code is archived in [`windows-archived`](https://github.com/DoubleLabyrinth/navicat-keygen/tree/windows-archived) branch for the reason that previous code contains 3rd binary libraries and it gets quite big :-( - It is a __RSA-2048__ public key that Navicat used to encrypt or decrypt offline activation information. +When you git-clone this repo, please add `--single-branch` flag so that archived branch won't be cloned to your computer, which saves your time and disk. - It is stored in __navicat.exe__ as a kind of resource called __RCData__. You can see it by a kind of software [___Resource Hacker___](http://www.angusj.com/resourcehacker/). The concrete content is: +```console +$ git clone -b windows --single-branch https://github.com/DoubleLabyrinth/navicat-keygen.git +``` - > -----BEGIN PUBLIC KEY----- - > MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I - > qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv - > a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF - > R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2 - > WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt - > YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ - > awIDAQAB - > -----END PUBLIC KEY----- +## 1. How does it work? - If you have the corresponding private key, please tell me. I would be very appreciated for your generous. +see [here](doc/how-does-it-work.md) - * __Request Code__ +## 2. How to build? - It is a Base64 string that represents 256-bytes-long data, while the 256-bytes-long data is the cipher text of the __offline activation information__ encrypted by __Navicat Activation Public Key__. +see [here](doc/how-to-build.md). - * __Offline Activation Request Information__ +## 3. How to use? - It is just a JSON-style ASCII string which contains 3 items. Respectively they are `"K"`, `"DI"` and `"P"`, which represent __snKey__, __checksum__ (related with your machine and OS), __Platform__ (Appropriately speaking, it should be OS Type). +For Windows users, see [here](doc/how-to-use.windows.md). - Like: - > {"K": "xxxxxxxxxxxxxxxx", "DI": "yyyyyyyyyyyyy", "P": "WIN8"} +For Linux users, see [here](doc/how-to-use.linux.md). - * __Activation Code__ +## 4. Contributor - It is a Base64 string that represents 256-bytes-long data, while the 256-bytes-long data is the cipher text of the __offline activation response information__ encrypted by __Navicat Activation Private Key__ (so far, we don't know official activation private key). +* Deltafox79 - * __Offline Activation Response Information__ +* dragonflylee - Just like __Offline Activation Request Information__, it is also a JSON-style ASCII string. But it contains 5 items. Respectively they are `"K"`, `"N"`, `"O"`, `"T"`, '`DI`'. +* zenuo - `"K"` and `"DI"` has the same meaning mentioned in __Offline Activation Request Information__ and must be same with the corresponding items in __Offline Activation Request Information__. - - `"N"`, `"O"`, `"T"` represent __Name__, __Organization__, __Time__ respectively. __Name__ and __Organization__ are string and the type of __Time__ is unknown. - - `"T"` can be omitted. - - * __snKey__ - - It is a 4-block-long string, while every block is 4-chars-long. - - __snKey__ is generated by 10-bytes-long data. In order to explain it easily, I use __data[10]__ to represent the 10-bytes-long data. - - 1. __data[0]__ and __data[1]__ must be `0x68` and `0x2A` respectively. - - _`May change when Navicat product changes. Uncertain yet.`_ - - 2. __data[2]__, __data[3]__ and __data[4]__ can be any byte. Just set them whatever you want. - - _`May change when Navicat product changes. Uncertain yet. But it's very possible right.`_ - - 3. __data[5]__ and __data[6]__ must be `0xCE` and `0x32` respectively. - - _`May change when Navicat product changes. Uncertain yet.`_ - - 4. __data[7]__ represents whether it is __commercial license__ or __non-commercial license__. - - In Navicat 12: `0x65` is __commercial license__, `0x66` is __non-commercial license__. - In Navicat 11: `0x15` is __commercial license__, `0x16` is __non-commercial license__. - - _`May change when Navicat product changes. Uncertain yet.`_ - _`Must change when version change.`_ - - 5. High 4 bits of __data[8]__ represents __version number__. Low 4 bits is unknown, but we can use it to delay activation deadline. Possible value is `0000` or `0001`. - - In Navicat 12: High 4 bits must be `1100`, which is the binary of number `12`. - In Navicat 11: High 4 bits must be `1011`, which is the binary of number `11`. - - _`Must change when version change.`_ - - 6. __data[9]__ is unknown, but you can set it `0xFD` or `0xFC` or `0xFB` if you want to use __not-for-resale license__. - - _`May change when Navicat product changes. Uncertain yet.`_ - - After that. Navicat use __DES__ with __ECB mode__ to encrypt the last 8 bytes which are from __data[2]__ to __data[9]__. - - The DES key is: - - ```cpp - unsigned char DESKey = { 0x64, 0xAD, 0xF3, 0x2F, 0xAE, 0xF2, 0x1A, 0x27 }; - ``` - - Then encode the 10-bytes-long data: - - 1. Regard __data[10]__ as a 80-bits-long data. - - If __data[10]__ starts with `0x68` and `0x2A`, so the 80-bits-long data is `01011000 00101010......` - - 2. Divide the 80-bits-long data as 16 5-bits-long blocks. - - If __data[10]__ starts with `0x68` and `0x2A`, so the 80-bits-long data is `01011`, `00000`, `10101`, `0....`, ... - - 3. So the value every block is less than 32. Map them by a encode-table: - - ```cpp - char EncodeTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; - ``` - - Then you will get a 16-char-long string. - - If __data[10]__ starts with `0x68` and `0x2A`, so after encoded, it should starts with `"N"`, `"A"`, `"V"`. - - 4. Divide the 16-char-long string to four 4-chars-long blocks, Then you get __snKey__. - -## 3. Activation Process - - 1. Check whether __sn_Key__ that user inputs is legal. - - 2. After user clicks `Activate`, Navicat will start online activation first. If fails, user can choose offline activation. - - 3. Navicat will use the __snKey__ that user inputs and some information collected from user's machine to generate __Offline Activation Request Information__, then encrypt it by __Navicat Activation Public Key__ and return Base64-encoded string as __Request Code__. - - 4. In legal way, the __Request Code__ should be sent to Navicat official activation server by a Internet-accessible computer. And Navicat official activation server will return a legal __Activation Code__. - - But now, we use keygen to play the official activation server's role. - - 1. According to the __Request Code__, Get `"DI"` value and `"K"` value. - - 2. Fill __Offline Activation Response Information__ with `"K"` value, name, organization name and `"DI"` value. - - 3. Encrypt __Offline Activation Response Information__ by __Navicat Activation Private Key__ and you will get 256-byte-long data. - - 4. Encode 256-byte-long data by Base64. The result is __Activation Code__. - - 5. Input __Activation Code__, then offline activation is done. diff --git a/README.zh-CN.md b/README.zh-CN.md new file mode 100644 index 0000000..b4498b3 --- /dev/null +++ b/README.zh-CN.md @@ -0,0 +1,34 @@ +# Navicat Keygen + +这份repo将会告诉你Navicat是怎么完成离线激活的。 + +由于历史代码包含第三方二进制库,且大小较大,故决定将该项目的历史代码归档到 [`windows-archived`](https://github.com/DoubleLabyrinth/navicat-keygen/tree/windows-archived) 分支。 + +当你clone该仓库的时候,请使用 `--single-branch` 选项,以此避免clone到 `windows-archived` 分支,并且还可以节省你的时间和磁盘空间。 + +```console +$ git clone -b windows --single-branch https://github.com/DoubleLabyrinth/navicat-keygen.git +``` + +## 1. 注册机是怎么工作的? + +见[这里](doc/how-does-it-work.zh-CN.md)。 + +## 2. 如何编译? + +见[这里](doc/how-to-build.zh-CN.md)。 + +## 3. 如何使用这个注册机? + +针对 Windows 用户,请见[这里](doc/how-to-use.windows.zh-CN.md)。 + +针对 Linux 用户,请见[这里](doc/how-to-use.linux.zh-CN.md)。 + +## 4. 贡献者 + +* Deltafox79 + +* dragonflylee + +* zenuo + diff --git a/bash/navicat-keygen.sh b/bash/navicat-keygen.sh new file mode 100644 index 0000000..d366a1f --- /dev/null +++ b/bash/navicat-keygen.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +cd `dirname "$0"` +navicat_root=`pwd` + +# Wine environment variables +WINEDIR="wine" +export LANG="en_US.UTF-8" +export PATH="$navicat_root/$WINEDIR/bin":"$navicat_root":"$navicat_root/$WINEDIR/drive_c/windows":"$PATH" +export LD_LIBRARY_PATH="$navicat_root/$WINEDIR/lib":"$navicat_root/lib":"$LD_LIBRARY_PATH" +export WINEDLLPATH="$navicat_root/$WINEDIR/lib/wine" +export WINELOADER="$navicat_root/$WINEDIR/bin/wine64" +export WINESERVER="$navicat_root/$WINEDIR/bin/wineserver" +export WINEPREFIX="$HOME/.navicat64" +export WINEDEBUG=-all # suppress all wine debug info + +exec "${WINELOADER:-wine}" "navicat-keygen.exe" "-text" "RegPrivateKey.pem" diff --git a/bash/navicat-patcher.sh b/bash/navicat-patcher.sh new file mode 100644 index 0000000..46e223a --- /dev/null +++ b/bash/navicat-patcher.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +cd `dirname "$0"` +navicat_root=`pwd` + +# Wine environment variables +WINEDIR="wine" +export LANG="en_US.UTF-8" +export PATH="$navicat_root/$WINEDIR/bin":"$navicat_root":"$navicat_root/$WINEDIR/drive_c/windows":"$PATH" +export LD_LIBRARY_PATH="$navicat_root/$WINEDIR/lib":"$navicat_root/lib":"$LD_LIBRARY_PATH" +export WINEDLLPATH="$navicat_root/$WINEDIR/lib/wine" +export WINELOADER="$navicat_root/$WINEDIR/bin/wine64" +export WINESERVER="$navicat_root/$WINEDIR/bin/wineserver" +export WINEPREFIX="$HOME/.navicat64" +export WINEDEBUG=-all # suppress all wine debug info + +# 将斜线替换为反斜线 +navicat_root_back_slash=${navicat_root//\//\\} +# 前缀 +prefix='Z:\' +# 后缀 +suffix='\Navicat' +# wine环境中的navicat路径 +navicat_path="$prefix$navicat_root_back_slash$suffix" + +# wine执行navicat-patcher.exe +exec "${WINELOADER:-wine}" "navicat-patcher.exe" "$navicat_path" \ No newline at end of file diff --git a/common/Exception.hpp b/common/Exception.hpp new file mode 100644 index 0000000..a2b5557 --- /dev/null +++ b/common/Exception.hpp @@ -0,0 +1,66 @@ +#pragma once +#include +#include "xstring.hpp" +#include + +namespace nkg { + + class Exception { + private: + + PCTSTR _SourceFile; + SIZE_T _SourceLine; + PCTSTR _Message; + std::vector _Hints; + + public: + + Exception(PCTSTR SourceFile, SIZE_T SourceLine, PCTSTR CustomMessage) noexcept : + _SourceFile(SourceFile), + _SourceLine(SourceLine), + _Message(CustomMessage) {} + + [[nodiscard]] + auto File() const noexcept { + return _SourceFile; + } + + [[nodiscard]] + auto Line() const noexcept { + return _SourceLine; + } + + [[nodiscard]] + auto Message() const noexcept { + return _Message; + } + + auto& AddHint(const std::xstring& Hint) { + _Hints.emplace_back(Hint); + return *this; + } + + [[nodiscard]] + const auto& Hints() const noexcept { + return _Hints; + } + + [[nodiscard]] + virtual bool HasErrorCode() const noexcept { + return false; + } + + [[nodiscard]] + virtual ULONG_PTR ErrorCode() const noexcept { + return 0; + } + + [[nodiscard]] + virtual PCTSTR ErrorString() const noexcept { + return nullptr; + } + + virtual ~Exception() = default; + }; + +} diff --git a/common/ExceptionOpenssl.hpp b/common/ExceptionOpenssl.hpp new file mode 100644 index 0000000..5151748 --- /dev/null +++ b/common/ExceptionOpenssl.hpp @@ -0,0 +1,44 @@ +#pragma once +#include "Exception.hpp" +#include + +namespace nkg { + + class OpensslError final : public Exception { + private: + + unsigned long _ErrorCode; + std::xstring _ErrorString; + + public: + + OpensslError(PCTSTR SourceFile, SIZE_T SourceLine, unsigned long OpensslErrorCode, PCTSTR CustomMessage) noexcept : + Exception(SourceFile, SourceLine, CustomMessage), + _ErrorCode(OpensslErrorCode) + { + static bool CryptoStringsLoaded = false; + if (CryptoStringsLoaded == false) { + ERR_load_crypto_strings(); + CryptoStringsLoaded = true; + } + + _ErrorString = std::xstring(std::xstring_extension{}, ERR_reason_error_string(_ErrorCode), CP_UTF8); + } + + [[nodiscard]] + virtual bool HasErrorCode() const noexcept override { + return true; + } + + [[nodiscard]] + virtual ULONG_PTR ErrorCode() const noexcept override { + return _ErrorCode; + } + + [[nodiscard]] + virtual PCTSTR ErrorString() const noexcept override { + return _ErrorString.c_str(); + } + }; + +} diff --git a/common/ExceptionUser.hpp b/common/ExceptionUser.hpp new file mode 100644 index 0000000..00a85f1 --- /dev/null +++ b/common/ExceptionUser.hpp @@ -0,0 +1,28 @@ +#pragma once +#include "Exception.hpp" + +namespace nkg { + + class UserAbortionError final : public Exception { + public: + + UserAbortionError(PCTSTR SourceFile, SIZE_T SourceLine, PCTSTR CustomMessage) noexcept : + Exception(SourceFile, SourceLine, CustomMessage) {} + + [[nodiscard]] + virtual bool HasErrorCode() const noexcept override { + return false; + } + + [[nodiscard]] + virtual ULONG_PTR ErrorCode() const noexcept override { + return 0; + } + + [[nodiscard]] + virtual PCTSTR ErrorString() const noexcept override { + return nullptr; + } + }; + +} \ No newline at end of file diff --git a/common/ExceptionWin32.hpp b/common/ExceptionWin32.hpp new file mode 100644 index 0000000..4510d9f --- /dev/null +++ b/common/ExceptionWin32.hpp @@ -0,0 +1,49 @@ +#pragma once +#include "Exception.hpp" + +namespace nkg { + + class Win32Error final : public Exception { + private: + + DWORD _ErrorCode; + std::xstring _ErrorString; + + public: + + Win32Error(PCTSTR SourceFile, SIZE_T SourceLine, DWORD Win32ErrorCode, PCTSTR CustomMessage) noexcept : + Exception(SourceFile, SourceLine, CustomMessage), + _ErrorCode(Win32ErrorCode) + { + PTSTR Text = NULL; + FormatMessage( + FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK, + NULL, + Win32ErrorCode, + MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US), + reinterpret_cast(&Text), + 0, + NULL + ); + if (Text) { + _ErrorString = Text; + LocalFree(Text); + } + } + + [[nodiscard]] + virtual bool HasErrorCode() const noexcept override { + return true; + } + + [[nodiscard]] + virtual ULONG_PTR ErrorCode() const noexcept override { + return _ErrorCode; + } + + [[nodiscard]] + virtual PCTSTR ErrorString() const noexcept override { + return _ErrorString.c_str(); + } + }; +} diff --git a/common/RSACipher.hpp b/common/RSACipher.hpp new file mode 100644 index 0000000..e01c028 --- /dev/null +++ b/common/RSACipher.hpp @@ -0,0 +1,261 @@ +#pragma once +#include +#include +#include +#include +#include "Exception.hpp" +#include "ExceptionOpenssl.hpp" +#include "ResourceOwned.hpp" +#include "ResourceTraitsOpenssl.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\common\\RSACipher.hpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + enum class RSAKeyType { + PrivateKey, + PublicKey + }; + + enum class RSAKeyFormat { + PEM, + PKCS1 + }; + + class RSACipher final : private ResourceOwned { + private: + + template + static void _WriteRSAToBIO(RSA* lpRSA, BIO* lpBIO) { + if constexpr (__Type == RSAKeyType::PrivateKey) { + if (PEM_write_bio_RSAPrivateKey(lpBIO, lpRSA, nullptr, nullptr, 0, nullptr, nullptr) == 0) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PEM_write_bio_RSAPrivateKey failed.")); + } + } + + if constexpr (__Type == RSAKeyType::PublicKey) { + if constexpr (__Format == RSAKeyFormat::PEM) { + if (PEM_write_bio_RSA_PUBKEY(lpBIO, lpRSA) == 0) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PEM_write_bio_RSA_PUBKEY failed.")); + } + } + + if constexpr (__Format == RSAKeyFormat::PKCS1) { + if (PEM_write_bio_RSAPublicKey(lpBIO, lpRSA) == 0) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PEM_write_bio_RSAPublicKey failed.")); + } + } + + static_assert(__Format == RSAKeyFormat::PEM || __Format == RSAKeyFormat::PKCS1); + } + + static_assert(__Type == RSAKeyType::PrivateKey || __Type == RSAKeyType::PublicKey); + } + + template + [[nodiscard]] + static RSA* _ReadRSAFromBIO(BIO* lpBIO) { + RSA* lpRSA; + + if constexpr (__Type == RSAKeyType::PrivateKey) { + lpRSA = PEM_read_bio_RSAPrivateKey(lpBIO, nullptr, nullptr, nullptr); + if (lpRSA == nullptr) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PEM_read_bio_RSAPrivateKey failed.")) + .AddHint(TEXT("Are you sure that you DO provide a valid RSA private key file?")); + } + } + + if constexpr (__Type == RSAKeyType::PublicKey) { + if constexpr (__Format == RSAKeyFormat::PEM) { + lpRSA = PEM_read_bio_RSA_PUBKEY(lpBIO, nullptr, nullptr, nullptr); + if (lpRSA == nullptr) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PEM_read_bio_RSA_PUBKEY failed.")) + .AddHint(TEXT("Are you sure that you DO provide a valid RSA public key file with PEM format?")); + } + } + + if constexpr (__Format == RSAKeyFormat::PKCS1) { + lpRSA = PEM_read_bio_RSAPublicKey(lpBIO, nullptr, nullptr, nullptr); + if (lpRSA == nullptr) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PEM_read_bio_RSAPublicKey failed.")) + .AddHint(TEXT("Are you sure that you DO provide a valid RSA public key file with PKCS1 format?")); + } + } + + static_assert(__Format == RSAKeyFormat::PEM || __Format == RSAKeyFormat::PKCS1); + } + + static_assert(__Type == RSAKeyType::PrivateKey || __Type == RSAKeyType::PublicKey); + + return lpRSA; + } + + public: + + RSACipher() : ResourceOwned(RSA_new()) { + if (IsValid() == false) { + throw OpensslError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), ERR_get_error(), TEXT("RSA_new failed.")); + } + } + + [[nodiscard]] + size_t Bits() const { + if (Get()->n == nullptr) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("RSA modulus has not been set.")); + } else { + return BN_num_bits(Get()->n); + } + } + + void GenerateKey(int bits, unsigned int e = RSA_F4) { + ResourceOwned bn_e(BN_new()); + + if (bn_e.IsValid() == false) { + throw OpensslError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), ERR_get_error(), TEXT("BN_new failed.")); + } + + if (!BN_set_word(bn_e, e)) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("BN_set_word failed.")); + } + + if (!RSA_generate_key_ex(Get(), bits, bn_e, nullptr)) { + throw OpensslError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), ERR_get_error(), TEXT("RSA_generate_key_ex failed.")); + } + } + + template + void ExportKeyToFile(const std::xstring& FileName) const { + ResourceOwned BioFile(BIO_new_file(FileName.explicit_string(CP_UTF8).c_str(), "w")); + + if (BioFile.IsValid() == false) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("BIO_new_file failed.")); + } + + _WriteRSAToBIO<__Type, __Format>(Get(), BioFile); + } + + template + [[nodiscard]] + std::string ExportKeyString() const { + ResourceOwned BioMemory(BIO_new(BIO_s_mem())); + long StringLength; + const char* StringChars = nullptr; + + if (BioMemory.IsValid() == false) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("BIO_new failed.")); + } + + _WriteRSAToBIO<__Type, __Format>(Get(), BioMemory); + + StringLength = BIO_get_mem_data(BioMemory.Get(), &StringChars); + + return std::string(StringChars, StringLength); + } + + template + void ImportKeyFromFile(const std::xstring& FileName) { + ResourceOwned BioFile(BIO_new_file(FileName.explicit_string(CP_UTF8).c_str(), "r")); + + if (BioFile.IsValid() == false) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("BIO_new_file failed.")); + } + + TakeOver(_ReadRSAFromBIO<__Type, __Format>(BioFile)); + } + + template + void ImportKeyString(const std::string& KeyString) { + ResourceOwned BioMemory(BIO_new(BIO_s_mem())); + + if (BioMemory.IsValid() == false) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("BIO_new failed.")); + } + + if (BIO_puts(BioMemory.Get(), KeyString.c_str()) <= 0) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("BIO_puts failed.")); + } + + TakeOver(_ReadRSAFromBIO<__Type, __Format>(BioMemory)); + } + + template + size_t Encrypt(const void* lpFrom, size_t cbFrom, void* lpTo, int Padding) const { + int BytesWritten; + + if (cbFrom > INT_MAX) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Length overflowed.")); + } + + if constexpr (__Type == RSAKeyType::PrivateKey) { + BytesWritten = RSA_private_encrypt( + static_cast(cbFrom), + reinterpret_cast(lpFrom), + reinterpret_cast(lpTo), + Get(), + Padding + ); + + if (BytesWritten == -1) { + throw OpensslError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), ERR_get_error(), TEXT("RSA_private_encrypt failed.")); + } + } else { + BytesWritten = RSA_public_encrypt( + static_cast(cbFrom), + reinterpret_cast(lpFrom), + reinterpret_cast(lpTo), + Get(), + Padding + ); + + if (BytesWritten == -1) { + throw OpensslError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), ERR_get_error(), TEXT("RSA_public_encrypt failed.")); + } + } + + return BytesWritten; + } + + template + size_t Decrypt(const void* lpFrom, size_t cbFrom, void* lpTo, int Padding) const { + int BytesWritten; + + if (cbFrom > INT_MAX) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Length overflowed.")); + } + + if constexpr (__Type == RSAKeyType::PrivateKey) { + BytesWritten = RSA_private_decrypt( + static_cast(cbFrom), + reinterpret_cast(lpFrom), + reinterpret_cast(lpTo), + Get(), + Padding + ); + + if (BytesWritten == -1) { + throw OpensslError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), ERR_get_error(), TEXT("RSA_private_decrypt failed.")) + .AddHint(TEXT("Are your sure you DO provide a correct private key?")); + } + } else { + BytesWritten = RSA_public_decrypt( + static_cast(cbFrom), + reinterpret_cast(lpFrom), + reinterpret_cast(lpTo), + Get(), + Padding + ); + + if (BytesWritten == -1) { + throw OpensslError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), ERR_get_error(), TEXT("RSA_public_decrypt failed.")) + .AddHint(TEXT("Are your sure you DO provide a correct public key?")); + } + } + + return BytesWritten; + } + }; + +} diff --git a/common/ResourceOwned.hpp b/common/ResourceOwned.hpp new file mode 100644 index 0000000..49e16c5 --- /dev/null +++ b/common/ResourceOwned.hpp @@ -0,0 +1,313 @@ +#pragma once +#include +#include + +template +class ResourceOwned { +private: + + using __HandleType = typename __ResourceTraits::HandleType; + static_assert(std::is_pod_v<__HandleType>); + + __HandleType _Handle; + __LambdaReleasor _Releasor; + +public: + + ResourceOwned(__LambdaReleasor&& Releasor) noexcept : + _Handle(__ResourceTraits::InvalidValue), + _Releasor(std::forward<__LambdaReleasor>(Releasor)) {} + + ResourceOwned(const __HandleType& Handle, __LambdaReleasor&& Releasor) noexcept : + _Handle(Handle), + _Releasor(std::forward<__LambdaReleasor>(Releasor)) {} + + // + // Construct from custom releasor. + // `_Handle` will be set to an invalid value. + // + ResourceOwned(__ResourceTraits, __LambdaReleasor&& Releasor) noexcept : + _Handle(__ResourceTraits::InvalidValue), + _Releasor(std::forward<__LambdaReleasor>(Releasor)) {} + + // + // Construct from handle given and custom releasor. + // + ResourceOwned(__ResourceTraits, const __HandleType& Handle, __LambdaReleasor&& Releasor) noexcept : + _Handle(Handle), + _Releasor(std::forward<__LambdaReleasor>(Releasor)) {} + + // + // ResourceOwned doesn't allow to copy. + // Because it takes `_Handle` exclusively. + // + ResourceOwned(const ResourceOwned<__ResourceTraits, __LambdaReleasor>& Other) = delete; + + // + // ResourceOwned allows to move. + // + ResourceOwned(ResourceOwned<__ResourceTraits, __LambdaReleasor>&& Other) noexcept : + _Handle(Other._Handle), + _Releasor(std::move(Other._Releasor)) + { + Other._Handle = __ResourceTraits::InvalidValue; + } + + // + // ResourceOwned doesn't allow to copy. + // Because it takes `_Handle` exclusively. + // + ResourceOwned<__ResourceTraits, __LambdaReleasor>& operator=(const ResourceOwned<__ResourceTraits, __LambdaReleasor>& Other) = delete; + + // + // ResourceOwned allows to move. + // + ResourceOwned<__ResourceTraits, __LambdaReleasor>& operator=(ResourceOwned<__ResourceTraits, __LambdaReleasor>&& Other) noexcept { + _Handle = Other._Handle; + _Releasor = std::move(Other._Releasor); + Other._Handle = __ResourceTraits::InvalidValue; + return *this; + } + + [[nodiscard]] + operator const __HandleType&() const noexcept { // NOLINT: Allow implicit conversion. + return _Handle; + } + + template, typename = std::enable_if_t<__IsPointer>> + [[nodiscard]] + __AsType As() const noexcept { + return reinterpret_cast<__AsType>(_Handle); + } + + template, typename = typename std::enable_if_t<__IsPointer>> + [[nodiscard]] + __HandleType operator->() const noexcept { + return _Handle; + } + + [[nodiscard]] + bool IsValid() const noexcept { + return __ResourceTraits::IsValid(_Handle); + } + + [[nodiscard]] + const __HandleType& Get() const noexcept { + return _Handle; + } + + template + [[nodiscard]] + __ReturnType GetAddressOf() noexcept { + return reinterpret_cast<__ReturnType>(&_Handle); + } + + void TakeOver(const __HandleType& Handle) { + if (__ResourceTraits::IsValid(_Handle) == true) { + _Releasor(_Handle); + } + _Handle = Handle; + } + + void Discard() noexcept { + _Handle = __ResourceTraits::InvalidValue; + } + + [[nodiscard]] + __HandleType Transfer() noexcept { + __HandleType t = _Handle; + _Handle = __ResourceTraits::InvalidValue; + return t; + } + + void Release() { + if (__ResourceTraits::IsValid(_Handle)) { + _Releasor(_Handle); + _Handle = __ResourceTraits::InvalidValue; + } + } + + ~ResourceOwned() { + if (__ResourceTraits::IsValid(_Handle)) { + _Releasor(_Handle); + _Handle = __ResourceTraits::InvalidValue; + } + } +}; + +template +class ResourceOwned<__ResourceTraits, void> { +private: + + using __HandleType = typename __ResourceTraits::HandleType; + static_assert(std::is_pod_v<__HandleType>); + + __HandleType _Handle; + +public: + + ResourceOwned() noexcept : + _Handle(__ResourceTraits::InvalidValue) {} + + ResourceOwned(const __HandleType& Handle) noexcept : + _Handle(Handle) {} + + // + // Construct from custom releasor. + // `_Handle` will be set to an invalid value. + // + explicit ResourceOwned(__ResourceTraits) noexcept : + _Handle(__ResourceTraits::InvalidValue) {} + + // + // Construct from handle given and custom releasor. + // + ResourceOwned(__ResourceTraits, const __HandleType& Handle) noexcept : + _Handle(Handle) {} + + // + // ResourceOwned doesn't allow to copy. + // Because it takes `_Handle` exclusively. + // + ResourceOwned(const ResourceOwned<__ResourceTraits, void>& Other) = delete; + + // + // ResourceOwned allows to move. + // + ResourceOwned(ResourceOwned<__ResourceTraits, void>&& Other) noexcept : + _Handle(Other._Handle) { + Other._Handle = __ResourceTraits::InvalidValue; + } + + // + // ResourceOwned doesn't allow to copy. + // Because it takes `_Handle` exclusively. + // + ResourceOwned<__ResourceTraits, void>& operator=(const ResourceOwned<__ResourceTraits, void>& Other) = delete; + + // + // ResourceOwned allows to move. + // + ResourceOwned<__ResourceTraits, void>& operator=(ResourceOwned<__ResourceTraits, void>&& Other) noexcept { + _Handle = Other._Handle; + Other._Handle = __ResourceTraits::InvalidValue; + return *this; + } + + [[nodiscard]] + operator const __HandleType&() const noexcept { // NOLINT: Allow implicit conversion. + return _Handle; + } + + template, typename = typename std::enable_if_t<__IsPointer>> + [[nodiscard]] + __AsType As() const noexcept { + return reinterpret_cast<__AsType>(_Handle); + } + + template, typename = typename std::enable_if_t<__IsPointer>> + [[nodiscard]] + __HandleType operator->() const noexcept { + return _Handle; + } + + [[nodiscard]] + bool IsValid() const noexcept { + return __ResourceTraits::IsValid(_Handle); + } + + [[nodiscard]] + const __HandleType& Get() const noexcept { + return _Handle; + } + + template + [[nodiscard]] + __ReturnType GetAddressOf() noexcept { + return reinterpret_cast<__ReturnType>(&_Handle); + } + + void TakeOver(const __HandleType& Handle) { + if (__ResourceTraits::IsValid(_Handle) == true) { + __ResourceTraits::Releasor(_Handle); + } + _Handle = Handle; + } + + void Discard() noexcept { + _Handle = __ResourceTraits::InvalidValue; + } + + [[nodiscard]] + __HandleType Transfer() noexcept { + __HandleType t = _Handle; + _Handle = __ResourceTraits::InvalidValue; + return t; + } + + void Release() { + if (__ResourceTraits::IsValid(_Handle)) { + __ResourceTraits::Releasor(_Handle); + _Handle = __ResourceTraits::InvalidValue; + } + } + + ~ResourceOwned() { + if (__ResourceTraits::IsValid(_Handle)) { + __ResourceTraits::Releasor(_Handle); + _Handle = __ResourceTraits::InvalidValue; + } + } +}; + +template +ResourceOwned(__ResourceTraits) -> + ResourceOwned<__ResourceTraits, void>; + +template +ResourceOwned(__ResourceTraits, __ArgType&&) -> + ResourceOwned< + __ResourceTraits, + std::conditional_t< + std::is_same_v>, typename __ResourceTraits::HandleType> == false, + std::remove_reference_t<__ArgType>, + void + > + >; + +template +ResourceOwned(__ResourceTraits, const typename __ResourceTraits::HandleType&, __LambdaReleasor&&) -> + ResourceOwned<__ResourceTraits, std::remove_reference_t<__LambdaReleasor>>; + +template +struct CppObjectTraits { + using HandleType = __ClassType*; + + static inline const HandleType InvalidValue = nullptr; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) { + delete Handle; + } +}; + +template +struct CppDynamicArrayTraits { + using HandleType = __ClassType*; + + static inline const HandleType InvalidValue = nullptr; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) { + delete[] Handle; + } +}; + diff --git a/common/ResourceTraitsOpenssl.hpp b/common/ResourceTraitsOpenssl.hpp new file mode 100644 index 0000000..8def6dd --- /dev/null +++ b/common/ResourceTraitsOpenssl.hpp @@ -0,0 +1,64 @@ +#pragma once +#include +#include + +struct OpensslBIOTraits { + using HandleType = BIO*; + + static inline const HandleType InvalidValue = nullptr; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) noexcept { + BIO_free(Handle); + } +}; + +struct OpensslBIOChainTraits { + using HandleType = BIO*; + + static inline const HandleType InvalidValue = nullptr; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) noexcept { + BIO_free_all(Handle); + } +}; + +struct OpensslBNTraits { + using HandleType = BIGNUM*; + + static inline const HandleType InvalidValue = nullptr; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) noexcept { + BN_free(Handle); + } +}; + +struct OpensslRSATraits { + using HandleType = RSA*; + + static inline const HandleType InvalidValue = nullptr; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) noexcept { + RSA_free(Handle); + } +}; + diff --git a/common/ResourceTraitsWin32.hpp b/common/ResourceTraitsWin32.hpp new file mode 100644 index 0000000..0aef903 --- /dev/null +++ b/common/ResourceTraitsWin32.hpp @@ -0,0 +1,47 @@ +#pragma once +#include + +struct GenericHandleTraits { + using HandleType = HANDLE; + + static inline const HandleType InvalidValue = NULL; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) noexcept { + CloseHandle(Handle); + } +}; + +struct FileHandleTraits { + using HandleType = HANDLE; + + static inline const HandleType InvalidValue = INVALID_HANDLE_VALUE; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) noexcept { + CloseHandle(Handle); + } +}; + +struct MapViewHandleTraits { + using HandleType = PVOID; + + static inline const HandleType InvalidValue = NULL; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) noexcept { + UnmapViewOfFile(Handle); + } +}; diff --git a/common/bytearray.hpp b/common/bytearray.hpp new file mode 100644 index 0000000..2b25308 --- /dev/null +++ b/common/bytearray.hpp @@ -0,0 +1,9 @@ +#pragma once +#include +#include + +namespace std { + + using bytearray = vector; + +} diff --git a/common/common.vcxitems b/common/common.vcxitems new file mode 100644 index 0000000..1afa056 --- /dev/null +++ b/common/common.vcxitems @@ -0,0 +1,28 @@ + + + + $(MSBuildAllProjects);$(MSBuildThisFileFullPath) + true + {290c5d5e-52d2-4fef-909f-27fd95ae0af9} + + + + %(AdditionalIncludeDirectories);$(MSBuildThisFileDirectory) + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/common/common.vcxitems.user b/common/common.vcxitems.user new file mode 100644 index 0000000..966b4ff --- /dev/null +++ b/common/common.vcxitems.user @@ -0,0 +1,6 @@ + + + + true + + \ No newline at end of file diff --git a/common/xstring.hpp b/common/xstring.hpp new file mode 100644 index 0000000..68a0dfb --- /dev/null +++ b/common/xstring.hpp @@ -0,0 +1,288 @@ +#pragma once +#include +#include +#include +#include +#include +#include +#include + +namespace std { + + struct xstring_extension {}; + +#if defined(_UNICODE) || defined(UNICODE) + class xstring final : public wstring { + public: + + using wstring::wstring; + using wstring::operator=; + + xstring(const wstring& wstr) : wstring(wstr) {} + + xstring(wstring&& wstr) : wstring(std::move(wstr)) {} + + xstring(xstring_extension, const string& str, DWORD CodePage = CP_ACP) { + auto len = MultiByteToWideChar(CodePage, 0, str.c_str(), -1, NULL, 0); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + resize(static_cast(len) - 1); + + len = MultiByteToWideChar(CodePage, 0, str.c_str(), -1, data(), len); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + } + + xstring(xstring_extension, const char* lpstr, DWORD CodePage = CP_ACP) { + auto len = MultiByteToWideChar(CodePage, 0, lpstr, -1, NULL, 0); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + resize(static_cast(len) - 1); + + len = MultiByteToWideChar(CodePage, 0, lpstr, -1, data(), len); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + } +#else + class xstring final : public string { + public: + + using string::string; + using string::operator=; + + xstring(const string& str) : string(str) {} + + xstring(string&& str) : string(std::move(str)) {} + + xstring(xstring_extension, const string& str, DWORD CodePage = CP_ACP) { + if (CodePage == CP_ACP || CodePage == GetACP()) { + assign(str); + } else { + std::wstring wstr; + + auto len = MultiByteToWideChar(CodePage, 0, str.c_str(), -1, NULL, 0); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + wstr.resize(len - 1); + + len = MultiByteToWideChar(CodePage, 0, str.c_str(), -1, wstr.data(), len); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + len = WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), -1, NULL, 0, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + resize(len - 1); + + len = WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), -1, data(), len, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + } + } + + xstring(xstring_extension, const char* lpstr, DWORD CodePage = CP_ACP) { + if (CodePage == CP_ACP || CodePage == GetACP()) { + assign(lpstr); + } else { + std::wstring wstr; + + auto len = MultiByteToWideChar(CodePage, 0, lpstr, -1, NULL, 0); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + wstr.resize(len - 1); + + len = MultiByteToWideChar(CodePage, 0, lpstr, -1, wstr.data(), len); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + len = WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), -1, NULL, 0, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + resize(len - 1); + + len = WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), -1, data(), len, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + } + } + + xstring(xstring_extension, const wstring& wstr) { + auto len = WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), -1, NULL, 0, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + resize(len - 1); + + len = WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), -1, data(), len, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + } + + xstring(xstring_extension, const wchar_t* lpwstr) { + auto len = WideCharToMultiByte(CP_ACP, 0, lpwstr, -1, NULL, 0, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + resize(len - 1); + + len = WideCharToMultiByte(CP_ACP, 0, lpwstr, -1, data(), len, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + } +#endif + + std::string explicit_string(DWORD CodePage = CP_ACP) const { +#if defined(_UNICODE) || defined(UNICODE) + std::string str; + + auto len = WideCharToMultiByte(CodePage, 0, c_str(), -1, NULL, 0, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + str.resize(static_cast(len) - 1); + + len = WideCharToMultiByte(CodePage, 0, c_str(), -1, str.data(), len, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + return str; +#else + if (CodePage == CP_ACP || CodePage == GetACP()) { + return *this; + } else { + std::string str; + std::wstring wstr; + + auto len = MultiByteToWideChar(CP_ACP, 0, c_str(), -1, NULL, 0); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + wstr.resize(len - 1); + + len = MultiByteToWideChar(CP_ACP, 0, c_str(), -1, wstr.data(), len); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + len = WideCharToMultiByte(CodePage, 0, wstr.c_str(), -1, NULL, 0, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + str.resize(len - 1); + + len = WideCharToMultiByte(CodePage, 0, wstr.c_str(), -1, str.data(), len, NULL, NULL); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + return str; + } +#endif + } + + std::wstring explicit_wstring() const { +#if defined(_UNICODE) || defined(UNICODE) + return *this; +#else + std::wstring wstr; + + auto len = MultiByteToWideChar(CP_ACP, 0, c_str(), -1, NULL, 0); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + wstr.resize(len - 1); + + len = MultiByteToWideChar(CP_ACP, 0, c_str(), -1, wstr.data(), len); + if (len == 0) { + auto err = GetLastError(); + throw std::system_error(err, std::system_category()); + } + + return wstr; +#endif + } + + template + static xstring format(const xstring& Format, __Ts&&... Args) { + xstring s; + + auto len = _sctprintf(Format.c_str(), std::forward<__Ts>(Args)...); + if (len == -1) { + throw std::invalid_argument("_sctprintf failed."); + } + + s.resize(len); + + _sntprintf_s(s.data(), s.length() + 1, _TRUNCATE, Format.c_str(), std::forward<__Ts>(Args)...); + + return s; + } + + template + static xstring format(PCTSTR lpszFormat, __Ts&& ... Args) { + xstring s; + + auto len = _sctprintf(lpszFormat, std::forward<__Ts>(Args)...); + if (len == -1) { + throw std::invalid_argument("_sctprintf failed."); + } + + s.resize(len); + + _sntprintf_s(s.data(), s.length() + 1, _TRUNCATE, lpszFormat, std::forward<__Ts>(Args)...); + + return s; + } + }; + +} diff --git a/doc/how-does-it-work.md b/doc/how-does-it-work.md new file mode 100644 index 0000000..48f2ed2 --- /dev/null +++ b/doc/how-does-it-work.md @@ -0,0 +1,284 @@ +# Navicat Keygen - How does it work? + +[中文版](how-does-it-work.zh-CN.md) + +## 1. Keyword Explanation. + +* __Navicat Activation Public Key__ + + It is a __RSA-2048__ public key that Navicat used to encrypt or decrypt offline activation information. + + It is stored in __navicat.exe__ as a kind of resource called __RCData__. The resource name is `"ACTIVATIONPUBKEY"`. You can see it by a software called [___Resource Hacker___](http://www.angusj.com/resourcehacker/). The public key is + + ``` + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I + qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv + a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF + R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2 + WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt + YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ + awIDAQAB + -----END PUBLIC KEY----- + ``` + + If you have the corresponding private key, you can tell me. I would be very appreciated for your generous. + + __NOTICE:__ + + Start from __Navicat Premium 12.0.25__, Navicat do not load this public key from resource in `navicat.exe`. Instead, the public key is stored in `libcc.dll` and has been encrypted. To avoid being replaced easily, the public key is split into 5 parts: + + The following content is discovered from `libcc.dll` of __Navicat Premium x64 12.0.25 Simplified Chinese version__. The SHA256 value of `libcc.dll` is `607e0a84c75966b00f3d12fa833e91d159e4f51ac51b6ba66f98d0c3cbefdce0`. + + I __DO NOT__ guarantee that offset values are absolutely correct in other versions. But __char strings__ and __immediate values__ are highly possible to be found. + + 1. At file offset `+0x01A12090` in `libcc.dll`, stored as __char string__: + + ``` + "D75125B70767B94145B47C1CB3C0755E + 7CCB8825C5DCE0C58ACF944E08280140 + 9A02472FAFFD1CD77864BB821AE36766 + FEEDE6A24F12662954168BFA314BD950 + 32B9D82445355ED7BC0B880887D650F5" + ``` + + 2. At file offset `+0x0059D799` in `libcc.dll`, stored as __immediate value__ in a instruction: + + ``` + 0xFE 0xEA 0xBC 0x01 + ``` + + In decimal: `29158142` + + 3. At file offset `+0x01A11DA0` in `libcc.dll`, stored as __char string__: + + ``` + "E1CED09B9C2186BF71A70C0FE2F1E0AE + F3BD6B75277AAB20DFAF3D110F75912B + FB63AC50EC4C48689D1502715243A79F + 39FF2DE2BF15CE438FF885745ED54573 + 850E8A9F40EE2FF505EB7476F95ADB78 + 3B28CA374FAC4632892AB82FB3BF4715 + FCFE6E82D03731FC3762B6AAC3DF1C3B + C646FE9CD3C62663A97EE72DB932A301 + 312B4A7633100C8CC357262C39A2B3A6 + 4B224F5276D5EDBDF0804DC3AC4B8351 + 62BB1969EAEBADC43D2511D6E0239287 + 81B167A48273B953378D3D2080CC0677 + 7E8A2364F0234B81064C5C739A8DA28D + C5889072BF37685CBC94C2D31D0179AD + 86D8E3AA8090D4F0B281BE37E0143746 + E6049CCC06899401264FA471C016A96C + 79815B55BBC26B43052609D9D175FBCD + E455392F10E51EC162F51CF732E6BB39 + 1F56BBFD8D957DF3D4C55B71CEFD54B1 + 9C16D458757373E698D7E693A8FC3981 + 5A8BF03BA05EA8C8778D38F9873D62B4 + 460F41ACF997C30E7C3AF025FA171B5F + 5AD4D6B15E95C27F6B35AD61875E5505 + 449B4E" + ``` + + 4. At file offset `+0x0059D77F` in `libcc.dll`, stored as __immediate value__ in a instruction: + + ``` + 0x59 0x08 0x01 0x00 + ``` + + In decimal: `67673` + + 5. At file offset `+ 0x1A11D8C` in `libcc.dll`, stored as __char string__: + + ``` + "92933" + ``` + + Then output encrypted public key with format `"%s%d%s%d%s"`. The order is the same as it lists: + + ``` + D75125B70767B94145B47C1CB3C0755E7CCB8825C5DCE0C58ACF944E082801409A02472FAFFD1CD77864BB821AE36766FEEDE6A24F12662954168BFA314BD95032B9D82445355ED7BC0B880887D650F529158142E1CED09B9C2186BF71A70C0FE2F1E0AEF3BD6B75277AAB20DFAF3D110F75912BFB63AC50EC4C48689D1502715243A79F39FF2DE2BF15CE438FF885745ED54573850E8A9F40EE2FF505EB7476F95ADB783B28CA374FAC4632892AB82FB3BF4715FCFE6E82D03731FC3762B6AAC3DF1C3BC646FE9CD3C62663A97EE72DB932A301312B4A7633100C8CC357262C39A2B3A64B224F5276D5EDBDF0804DC3AC4B835162BB1969EAEBADC43D2511D6E023928781B167A48273B953378D3D2080CC06777E8A2364F0234B81064C5C739A8DA28DC5889072BF37685CBC94C2D31D0179AD86D8E3AA8090D4F0B281BE37E0143746E6049CCC06899401264FA471C016A96C79815B55BBC26B43052609D9D175FBCDE455392F10E51EC162F51CF732E6BB391F56BBFD8D957DF3D4C55B71CEFD54B19C16D458757373E698D7E693A8FC39815A8BF03BA05EA8C8778D38F9873D62B4460F41ACF997C30E7C3AF025FA171B5F5AD4D6B15E95C27F6B35AD61875E5505449B4E6767392933 + ``` + + This encrypted public key can be decrypted by my another repo: [how-does-navicat-encrypt-password](https://github.com/DoubleLabyrinth/how-does-navicat-encrypt-password), while the key used is `b'23970790'`. + + Example: + + ```cmd + E:\GitHub>git clone https://github.com/DoubleLabyrinth/how-does-navicat-encrypt-password.git + ... + E:\GitHub>cd how-does-navicat-encrypt-password\python3 + E:\GitHub\how-does-navicat-encrypt-password\python3>python + Python 3.6.3 (v3.6.3:2c5fed8, Oct 3 2017, 18:11:49) [MSC v.1900 64 bit (AMD64)] on win32 + Type "help", "copyright", "credits" or "license" for more information. + >>> from NavicatCrypto import * + >>> cipher = Navicat11Crypto(b'23970790') + >>> print(cipher.DecryptString('D75125B70767B94145B47C1CB3C0755E7CCB8825C5DCE0C58ACF944E082801409A02472FAFFD1CD77864BB821AE36766FEEDE6A24F12662954168BFA314BD95032B9D82445355ED7BC0B880887D650F529158142E1CED09B9C2186BF71A70C0FE2F1E0AEF3BD6B75277AAB20DFAF3D110F75912BFB63AC50EC4C48689D1502715243A79F39FF2DE2BF15CE438FF885745ED54573850E8A9F40EE2FF505EB7476F95ADB783B28CA374FAC4632892AB82FB3BF4715FCFE6E82D03731FC3762B6AAC3DF1C3BC646FE9CD3C62663A97EE72DB932A301312B4A7633100C8CC357262C39A2B3A64B224F5276D5EDBDF0804DC3AC4B835162BB1969EAEBADC43D2511D6E023928781B167A48273B953378D3D2080CC06777E8A2364F0234B81064C5C739A8DA28DC5889072BF37685CBC94C2D31D0179AD86D8E3AA8090D4F0B281BE37E0143746E6049CCC06899401264FA471C016A96C79815B55BBC26B43052609D9D175FBCDE455392F10E51EC162F51CF732E6BB391F56BBFD8D957DF3D4C55B71CEFD54B19C16D458757373E698D7E693A8FC39815A8BF03BA05EA8C8778D38F9873D62B4460F41ACF997C30E7C3AF025FA171B5F5AD4D6B15E95C27F6B35AD61875E5505449B4E6767392933')) + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I + qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv + a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF + R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2 + WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt + YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ + awIDAQAB + -----END PUBLIC KEY----- + ``` + + __NOTICE:__ + + Start from __Navicat Premium 12.1.11__, Navicat do not load the public key through the method I talked before. Of course, the public key is still stored in `libcc.dll`. When Navicat starts, it encrypts the public key by an 8-bytes-long XOR key and stores the ciphertext in static area. When verifing __Activation Code__, Navicat will regenerate the 8-bytes-long XOR key and decrypts the ciphertext in static area to get the public key. + + In `libcc.dll`, x64 version, you can find some instructions that looks like: + + ```asm + xor eax, 'M' + mov byte_xxxxxx, al + ... + xor eax, 'I' + mov byte_xxxxxx, al + ... + xor eax, 'I' + mov byte_xxxxxx, al + ... + xor eax, 'B' + mov byte_xxxxxx, al + ... + xor eax, 'I' + mov byte_xxxxxx, al + ... + xor eax, 'j' + mov byte_xxxxxx, al + ... + ... + ``` + +* __Request Code__ + + It is a Base64 string that represents 256-bytes-long data, while the 256-bytes-long data is the cipher text of __Offline Activation Request Information__ encrypted by __Navicat Activation Public Key__. + +* __Offline Activation Request Information__ + + It is just a JSON-style ASCII string which contains 3 items. They are `"K"`, `"DI"` and `"P"` respectively, which represent __snKey__, __DeviceIdentifier__ (related with your machine), __Platform__ (OS Type). + + Like + + ``` + {"K": "xxxxxxxxxxxxxxxx", "DI": "yyyyyyyyyyyyy", "P": "WIN8"} + ``` + +* __Activation Code__ + + It is a Base64 string that represents 256-bytes-long data, while the 256-bytes-long data is the cipher text of the __Offline Activation Response Information__ encrypted by __Navicat Activation Private Key__. So far, we don't know the official activation private key and we have to replace it in `navicat.exe` and `libcc.dll`. + +* __Offline Activation Response Information__ + + Just like __Offline Activation Request Information__, it is also a JSON-style ASCII string. But it contains 5 items. They are `"K"`, `"N"`, `"O"`, `"T"` and `"DI"` respectively. + + `"K"` and `"DI"` has the same meaning that is mentioned in __Offline Activation Request Information__ and must be the same with the corresponding items in __Offline Activation Request Information__. + + `"N"`, `"O"`, `"T"` represent __Name__, __Organization__, __Timestamp__ respectively. __Name__ and __Organization__ are UTF-8 strings and the type of __Timestamp__ can be string or integer. (Thanks for discoveries from @Wizr, issue #10) + + `"T"` can be omitted. + +* __snKey__ + + It is a 4-block-long string, while every block is 4-chars-long. + + __snKey__ is generated by 10-bytes-long data. In order to explain it easily, I use __uint8_t data[10]__ to represent the 10-bytes-long data. + + 1. __data[0]__ and __data[1]__ must be `0x68` and `0x2A` respectively. + + These two bytes are Naivcat signature number. + + 2. __data[2]__, __data[3]__ and __data[4]__ can be any byte. Just set them whatever you want. + + 3. __data[5]__ and __data[6]__ are product language signatures. + + | Language | data[5] | data[6] | Discoverer | + |------------|:---------:|:---------:|-----------------| + | English | 0xAC | 0x88 | | + | 简体中文 | 0xCE | 0x32 | | + | 繁體中文 | 0xAA | 0x99 | | + | 日本語 | 0xAD | 0x82 | @dragonflylee | + | Polski | 0xBB | 0x55 | @dragonflylee | + | Español | 0xAE | 0x10 | @dragonflylee | + | Français | 0xFA | 0x20 | @Deltafox79 | + | Deutsch | 0xB1 | 0x60 | @dragonflylee | + | 한국어 | 0xB5 | 0x60 | @dragonflylee | + | Русский | 0xEE | 0x16 | @dragonflylee | + | Português | 0xCD | 0x49 | @dragonflylee | + + 4. __data[7]__ is Navicat product ID. (Thanks @dragonflylee and @Deltafox79) + + |Product Name |Enterprise|Standard|Educational|Essentials| + |----------------------|:--------:|:------:|:---------:|:--------:| + |Navicat Report Viewer |0x0B | | | | + |Navicat Data Modeler 3| |0x84 |0x85 | | + |Navicat Premium |0x65 | |0x66 |0x67 | + |Navicat MySQL |0x68 |0x69 |0x6A |0x6B | + |Navicat PostgreSQL |0x6C |0x6D |0x6E |0x6F | + |Navicat Oracle |0x70 |0x71 |0x72 |0x73 | + |Navicat SQL Server |0x74 |0x75 |0x76 |0x77 | + |Navicat SQLite |0x78 |0x79 |0x7A |0x7B | + |Navicat MariaDB |0x7C |0x7D |0x7E |0x7F | + |Navicat MongoDB |0x80 |0x81 |0x82 | | + + 5. High 4 bits of __data[8]__ represents __major version number__. + + Low 4 bits is unknown, but we can use it to delay activation deadline. Possible values are `0000` or `0001`. + + __Example:__ + + For __Navicat 12 x64__: High 4 bits must be `1100`, which is the binary of number `12`. + For __Navicat 11 x64__: High 4 bits must be `1011`, which is the binary of number `11`. + + 6. __data[9]__ is unknown, but you can set it by `0xFD`, `0xFC` or `0xFB` if you want to use __not-for-resale license__. + + According to symbol information in __Navicat 12 for Mac x64__ version: + + * `0xFB` is __Not-For-Resale-30-days__ license. + * `0xFC` is __Not-For-Resale-90-days__ license. + * `0xFD` is __Not-For-Resale-365-days__ license. + * `0xFE` is __Not-For-Resale__ license. + * `0xFF` is __Site__ license. + + After `uint8_t data[10]` is ready, Navicat uses __DES__ with __ECB mode__ to encrypt the last 8 bytes of `uint8_t data[10]` which are from __data[2]__ to __data[9]__. + + The DES key is: + + ```cpp + unsigned char DESKey = { 0x64, 0xAD, 0xF3, 0x2F, 0xAE, 0xF2, 0x1A, 0x27 }; + ``` + + Then use Base32 to encode `uint8_t data[10]` whose encode table is + + ```cpp + char EncodeTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; + ``` + + After encoding, you will get a 16-char-long string starting with `"NAV"`. + + Finally, divide the 16-char-long string to four 4-chars-long blocks and join them with `"-"` then you will get __snKey__. + +## 2. Activation Process + +1. Check whether __snKey__ that user inputs is valid. + +2. After user clicks `Activate`, Navicat will start online activation first. If fails, user can choose offline activation. + +3. Navicat will use the __snKey__ that user inputs and some information collected from user's machine to generate __Offline Activation Request Information__. Then Navicat will encrypt it by __Navicat Activation Public Key__ and return a Base64-encoded string as __Request Code__. + +4. In legal way, the __Request Code__ should be sent to Navicat official activation server by a Internet-accessible computer. And Navicat official activation server will return a legal __Activation Code__. + + But now, we use keygen to play the official activation server's role. + + 1. According to the __Request Code__, get `"DI"` value and `"K"` value. + + 2. Fill __Offline Activation Response Information__ with `"K"` value, name, organization name, `"DI"` value and, if need, `"T"` value. + + 3. Encrypt __Offline Activation Response Information__ by __Navicat Activation Private Key__ and you will get 256-byte-long data. + + 4. Encode the 256-byte-long data by Base64. The result is __Activation Code__. + + 5. After user input __Activation Code__, offline activation is done successfully. + diff --git a/doc/how-does-it-work.zh-CN.md b/doc/how-does-it-work.zh-CN.md new file mode 100644 index 0000000..1d0a677 --- /dev/null +++ b/doc/how-does-it-work.zh-CN.md @@ -0,0 +1,282 @@ +# Navicat Keygen - 注册机是怎么工作的? + +## 1. 关键词解释. + +* __Navicat激活公钥__ + + 这是一个2048位的RSA公钥,Navicat使用这个公钥来完成相关激活信息的加密和解密。 + + 这个公钥被作为 __RCData__ 类型的资源储存在 __navicat.exe__ 当中。资源名为`"ACTIVATIONPUBKEY"`。你可以使用一个叫[Resource Hacker](http://www.angusj.com/resourcehacker/)的软件来查看它。这个公钥的具体内容为: + + ``` + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I + qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv + a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF + R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2 + WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt + YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ + awIDAQAB + -----END PUBLIC KEY----- + ``` + + 如果您有相应的私钥并乐意公开的话欢迎联系我,我将非常感谢您的慷慨。 + + __注意:__ + + 从 __Navicat Premium 12.0.25__ 开始,Navicat不再从`navicat.exe`的资源中加载私钥。事实上,公钥转为从`libcc.dll`中加载,并且已经被加密。与此同时,为了防止被轻松地替换,加密的公钥被分到5个地方储存: + + 以下内容是从 __Navicat Premium x64 12.0.25 简体中文版__ 的`libcc.dll`中发现的,`libcc.dll`的SHA256值为`607e0a84c75966b00f3d12fa833e91d159e4f51ac51b6ba66f98d0c3cbefdce0`。我不保证在Navicat的其他版本中相关偏移量和下述的相同,但相关的 __字符串__ 以及 __立即数__ 是很可能找得到的。 + + 1. 在`libcc.dll`中,文件偏移量`+0x01A12090`的地方,储存了加密公钥的第一部分,以 __字符串__ 的形式储存: + + ``` + "D75125B70767B94145B47C1CB3C0755E + 7CCB8825C5DCE0C58ACF944E08280140 + 9A02472FAFFD1CD77864BB821AE36766 + FEEDE6A24F12662954168BFA314BD950 + 32B9D82445355ED7BC0B880887D650F5" + ``` + + 2. 在`libcc.dll`中,文件偏移量`+0x0059D799`的地方,储存了加密公钥的第二部分,以 __立即数__ 的形式储存在一条指令中: + + ``` + 0xFE 0xEA 0xBC 0x01 + ``` + + 相应的十进制值为: `29158142` + + 3. 在`libcc.dll`中,文件偏移量`+0x01A11DA0`的地方,储存了加密公钥的第三部分,以 __字符串__ 的形式储存: + + ``` + "E1CED09B9C2186BF71A70C0FE2F1E0AE + F3BD6B75277AAB20DFAF3D110F75912B + FB63AC50EC4C48689D1502715243A79F + 39FF2DE2BF15CE438FF885745ED54573 + 850E8A9F40EE2FF505EB7476F95ADB78 + 3B28CA374FAC4632892AB82FB3BF4715 + FCFE6E82D03731FC3762B6AAC3DF1C3B + C646FE9CD3C62663A97EE72DB932A301 + 312B4A7633100C8CC357262C39A2B3A6 + 4B224F5276D5EDBDF0804DC3AC4B8351 + 62BB1969EAEBADC43D2511D6E0239287 + 81B167A48273B953378D3D2080CC0677 + 7E8A2364F0234B81064C5C739A8DA28D + C5889072BF37685CBC94C2D31D0179AD + 86D8E3AA8090D4F0B281BE37E0143746 + E6049CCC06899401264FA471C016A96C + 79815B55BBC26B43052609D9D175FBCD + E455392F10E51EC162F51CF732E6BB39 + 1F56BBFD8D957DF3D4C55B71CEFD54B1 + 9C16D458757373E698D7E693A8FC3981 + 5A8BF03BA05EA8C8778D38F9873D62B4 + 460F41ACF997C30E7C3AF025FA171B5F + 5AD4D6B15E95C27F6B35AD61875E5505 + 449B4E" + ``` + + 4. 在`libcc.dll`中,文件偏移量`+0x0059D77F`的地方,储存了加密公钥的第四部分,以 __立即数__ 的形式储存在一条指令中: + + ``` + 0x59 0x08 0x01 0x00 + ``` + + 相应的十进制值为: `67673` + + 5. 在`libcc.dll`中,文件偏移量`+0x01A11D8C`的地方,储存了加密公钥的第五部分,以 __字符串__ 的形式储存: + + ``` + "92933" + ``` + + 这五部分按照`"%s%d%s%d%s"`的形式输出则为加密的公钥,顺序和上述的顺序相同,具体的输出为: + + ``` + + D75125B70767B94145B47C1CB3C0755E7CCB8825C5DCE0C58ACF944E082801409A02472FAFFD1CD77864BB821AE36766FEEDE6A24F12662954168BFA314BD95032B9D82445355ED7BC0B880887D650F529158142E1CED09B9C2186BF71A70C0FE2F1E0AEF3BD6B75277AAB20DFAF3D110F75912BFB63AC50EC4C48689D1502715243A79F39FF2DE2BF15CE438FF885745ED54573850E8A9F40EE2FF505EB7476F95ADB783B28CA374FAC4632892AB82FB3BF4715FCFE6E82D03731FC3762B6AAC3DF1C3BC646FE9CD3C62663A97EE72DB932A301312B4A7633100C8CC357262C39A2B3A64B224F5276D5EDBDF0804DC3AC4B835162BB1969EAEBADC43D2511D6E023928781B167A48273B953378D3D2080CC06777E8A2364F0234B81064C5C739A8DA28DC5889072BF37685CBC94C2D31D0179AD86D8E3AA8090D4F0B281BE37E0143746E6049CCC06899401264FA471C016A96C79815B55BBC26B43052609D9D175FBCDE455392F10E51EC162F51CF732E6BB391F56BBFD8D957DF3D4C55B71CEFD54B19C16D458757373E698D7E693A8FC39815A8BF03BA05EA8C8778D38F9873D62B4460F41ACF997C30E7C3AF025FA171B5F5AD4D6B15E95C27F6B35AD61875E5505449B4E6767392933 + + ``` + + 这个加密的公钥可以用我的另外一个repo([how-does-navicat-encrypt-password](https://github.com/DoubleLabyrinth/how-does-navicat-encrypt-password))解密,其中密钥为`b'23970790'`。 + + 例如: + + ```cmd + E:\GitHub>git clone https://github.com/DoubleLabyrinth/how-does-navicat-encrypt-password.git + ... + E:\GitHub>cd how-does-navicat-encrypt-password\python3 + E:\GitHub\how-does-navicat-encrypt-password\python3>python + Python 3.6.3 (v3.6.3:2c5fed8, Oct 3 2017, 18:11:49) [MSC v.1900 64 bit (AMD64)] on win32 + Type "help", "copyright", "credits" or "license" for more information. + >>> from NavicatCrypto import * + >>> cipher = Navicat11Crypto(b'23970790') + >>> print(cipher.DecryptString('D75125B70767B94145B47C1CB3C0755E7CCB8825C5DCE0C58ACF944E082801409A02472FAFFD1CD77864BB821AE36766FEEDE6A24F12662954168BFA314BD95032B9D82445355ED7BC0B880887D650F529158142E1CED09B9C2186BF71A70C0FE2F1E0AEF3BD6B75277AAB20DFAF3D110F75912BFB63AC50EC4C48689D1502715243A79F39FF2DE2BF15CE438FF885745ED54573850E8A9F40EE2FF505EB7476F95ADB783B28CA374FAC4632892AB82FB3BF4715FCFE6E82D03731FC3762B6AAC3DF1C3BC646FE9CD3C62663A97EE72DB932A301312B4A7633100C8CC357262C39A2B3A64B224F5276D5EDBDF0804DC3AC4B835162BB1969EAEBADC43D2511D6E023928781B167A48273B953378D3D2080CC06777E8A2364F0234B81064C5C739A8DA28DC5889072BF37685CBC94C2D31D0179AD86D8E3AA8090D4F0B281BE37E0143746E6049CCC06899401264FA471C016A96C79815B55BBC26B43052609D9D175FBCDE455392F10E51EC162F51CF732E6BB391F56BBFD8D957DF3D4C55B71CEFD54B19C16D458757373E698D7E693A8FC39815A8BF03BA05EA8C8778D38F9873D62B4460F41ACF997C30E7C3AF025FA171B5F5AD4D6B15E95C27F6B35AD61875E5505449B4E6767392933')) + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I + qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv + a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF + R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2 + WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt + YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ + awIDAQAB + -----END PUBLIC KEY----- + ``` + + __注意:__ + + 从 __Navicat Premium 12.1.11__ 开始,Navicat不再用上面说的方法加载密钥。当然密钥还是储存在`libcc.dll`文件中。当Navicat启动时,它会用8字节长的XOR密钥来加密公钥,并储存到一个静态数据区中。当验证 __激活码__ 时,Navicat会重新生成一样的8字节XOR密钥,并解密在静态储存区中的密文,从而获取公钥。 + + 在`libcc.dll`,x64版本中,你会看到如下的几条指令: + + ```asm + xor eax, 'M' + mov byte_xxxxxx, al + ... + xor eax, 'I' + mov byte_xxxxxx, al + ... + xor eax, 'I' + mov byte_xxxxxx, al + ... + xor eax, 'B' + mov byte_xxxxxx, al + ... + xor eax, 'I' + mov byte_xxxxxx, al + ... + xor eax, 'j' + mov byte_xxxxxx, al + ... + ... + ``` + +* __请求码__ + + 这是一个Base64编码的字符串,代表的是长度为256字节的数据。这256字节的数据是 __离线激活信息__ 用 __Navicat激活公钥__ 加密的密文。 + +* __离线激活请求信息__ + + 这是一个JSON风格的字符串。它包含了3个Key:`"K"`、`"DI"`和`"P"`,分别代表 __序列号__、__设备识别码__(与你的电脑硬件信息相关)和 __平台__ (其实就是操作系统类型)。 + + 例如: + + ``` + {"K": "xxxxxxxxxxxxxxxx", "DI": "yyyyyyyyyyyyy", "P": "WIN8"} + ``` + +* __激活码__ + + 这是一个Base64编码的字符串,代表的是长度为256字节的数据。这256字节的数据是 __离线激活回复信息__ 用 __Navicat激活私钥__ 加密的密文。目前我们不知道官方的 __Navicat激活私钥__,所以我们得替换掉软件里的公钥。 + +* __离线激活回复信息__ + + 和 __离线激活请求信息__ 一样,它也是一个JSON风格的字符串。但是它包含5个Key,分别为`"K"`、`"N"`、`"O"`、`"T"` 和 `"DI"`. + + `"K"` 和 `"DI"` 的意义与 __离线激活请求信息__ 中的相同,且Value必须与 __离线激活请求信息__ 中的相同。 + + `"N"`、`"O"`、`"T"` 分别代表 __注册名__、__组织__、__授权时间__。 + + __注册名__ 和 __组织__ 的值类型为UTF-8编码的字符串。__授权时间__ 的值类型可以为字符串或整数(感谢@Wizr在issue #10中的报告)。 + + `"T"` 可以被省略。 + +* __序列号__ + + 这是一个被分为了4个部分的字符串,其中每个部分都是4个字符长。 + + __序列号__ 是通过10个字节的数据来生成的。为了表达方便,我用 __uint8_t data[10]__ 来表示这10个字节。 + + 1. __data[0]__ 和 __data[1]__ 必须分别为 `0x68` 和 `0x2A`。 + + 这两个字节为Navicat的标志数。 + + 2. __data[2]__、__data[3]__ 和 __data[4]__ 可以是任意字节,你想设成什么都行。 + + 3. __data[5]__ 和 __data[6]__ 是Navicat的语言标志,值如下: + + | 语言类型 | data[5] | data[6] | 发现者 | + |------------|:---------:|:---------:|-----------------| + | English | 0xAC | 0x88 | | + | 简体中文 | 0xCE | 0x32 | | + | 繁體中文 | 0xAA | 0x99 | | + | 日本語 | 0xAD | 0x82 | @dragonflylee | + | Polski | 0xBB | 0x55 | @dragonflylee | + | Español | 0xAE | 0x10 | @dragonflylee | + | Français | 0xFA | 0x20 | @Deltafox79 | + | Deutsch | 0xB1 | 0x60 | @dragonflylee | + | 한국어 | 0xB5 | 0x60 | @dragonflylee | + | Русский | 0xEE | 0x16 | @dragonflylee | + | Português | 0xCD | 0x49 | @dragonflylee | + + 4. __data[7]__ 是Navicat产品ID。(感谢 @dragonflylee 和 @Deltafox79提供的数据) + + |产品名 |Enterprise|Standard|Educational|Essentials| + |----------------------|:--------:|:------:|:---------:|:--------:| + |Navicat Report Viewer |0x0B | | | | + |Navicat Data Modeler 3| |0x84 |0x85 | | + |Navicat Premium |0x65 | |0x66 |0x67 | + |Navicat MySQL |0x68 |0x69 |0x6A |0x6B | + |Navicat PostgreSQL |0x6C |0x6D |0x6E |0x6F | + |Navicat Oracle |0x70 |0x71 |0x72 |0x73 | + |Navicat SQL Server |0x74 |0x75 |0x76 |0x77 | + |Navicat SQLite |0x78 |0x79 |0x7A |0x7B | + |Navicat MariaDB |0x7C |0x7D |0x7E |0x7F | + |Navicat MongoDB |0x80 |0x81 |0x82 | | + + 5. __data[8]__ 的高4位代表 __版本号__。低4位未知,但可以用来延长激活期限,可取的值有`0000`和`0001`。 + + 例如: + + 对于 __Navicat 12__: 高4位必须是`1100`,为`12`的二进制形式。 + 对于 __Navicat 11__: 高4位必须是`1011`,为`11`的二进制形式。 + + 6. __data[9]__ 目前暂未知,但如果你想要 __not-for-resale license__ 的话可以设成`0xFD`、`0xFC`或`0xFB`。 + + 根据 __Navicat 12 for Mac x64__ 版本残留的符号信息可知: + + * `0xFB`是 __Not-For-Resale-30-days__ license. + * `0xFC`是 __Not-For-Resale-90-days__ license. + * `0xFD`是 __Not-For-Resale-365-days__ license. + * `0xFE`是 __Not-For-Resale__ license. + * `0xFF`是 __Site__ license. + + 之后Navicat使用 __ECB__ 模式的 __DES__ 算法来加密 __data[10]__ 的后8字节,也就是 __data[2]__ 到 __data[9]__ 的部分。 + + 相应的DES密钥为: + + ```cpp + unsigned char DESKey = { 0x64, 0xAD, 0xF3, 0x2F, 0xAE, 0xF2, 0x1A, 0x27 }; + ``` + + 之后使用Base32编码 __data[10]__,其中编码表改为: + + ```cpp + char EncodeTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; + ``` + + 编码之后你应该会得到一个16字节长的字符串,并且以"NAV"打头。 + + 将16字节的字符串分成4个4字节的小块,然后用`"-"`连接就可以得到 __序列号__。 + +## 2. 激活过程 + + 1. 检查用户输入的 __序列号__ 是否合法。 + + 2. 在用户点击了`激活`按钮之后,Navicat会先尝试在线激活。如果失败,用户可以选择离线激活。 + + 3. Navicat会使用用户输入的 __序列号__ 以及从用户电脑收集来的信息生成 __离线激活请求信息__,然后用 __Navicat激活公钥__ 加密,并将密文用Base64编码,最后得到 __请求码__。 + + 4. 正常流程下,__请求码__ 应该通过可联网的电脑发送给Navicat的官方激活服务器。之后Navicat的官方激活服务器会返回一个合法的 __激活码__。 + + 但现在我们使用注册机来扮演官方激活服务器的角色,只是Navicat软件里的激活公钥得换成自己的公钥: + + 1. 根据 __请求码__, 获得`"DI"`值和`"K"`值。 + + 2. 用`"K"`值、用户名、组织名和`"DI"`值填写 __离线激活回复信息__。 + + 3. 用自己的2048位RSA私钥加密 __离线激活回复信息__,你将会得到256字节的密文。 + + 4. 用Base64编码这256字节的密文,就可以得到 __激活码__。 + + 5. 在Navicat软件中填入 __激活码__ 即可完成离线激活。 + diff --git a/doc/how-to-build.md b/doc/how-to-build.md new file mode 100644 index 0000000..c10bae3 --- /dev/null +++ b/doc/how-to-build.md @@ -0,0 +1,56 @@ +# Navicat Keygen - How to build? + +[中文版](how-to-build.zh-CN.md) + +## 1. Prerequisites + +1. Please make sure that you have __Visual Studio 2019__ or the higher. Because this is a VS2019 project. + +2. Please make sure you have installed `vcpkg` and the following libraries: + + * `capstone[x86]:x64-windows-static` + * `capstone[x86]:x86-windows-static` + * `keystone:x64-windows-static` + * `keystone:x86-windows-static` + * `openssl-windows:x64-windows-static` + * `openssl-windows:x86-windows-static` + * `rapidjson:x64-windows-static` + * `rapidjson:x86-windows-static` + + is installed. + + You can install them by: + + ```console + $ vcpkg install capstone[x86]:x64-windows-static + $ vcpkg install capstone[x86]:x86-windows-static + $ vcpkg install keystone:x64-windows-static + $ vcpkg install keystone:x86-windows-static + $ vcpkg install openssl-windows:x64-windows-static + $ vcpkg install openssl-windows:x86-windows-static + $ vcpkg install rapidjson:x64-windows-static + $ vcpkg install rapidjson:x86-windows-static + ``` + +3. Your `vcpkg` has been integrated into your __Visual Studio__, which means you have run + + ```console + $ vcpkg integrate install + ``` + + successfully. + +## 2. Build + +1. Open this project in __Visual Studio__. + +2. Select `Release` configuration. + +3. Select `Win32` to build keygen/patcher for 32-bits Navicat. + + Or select `x64` to build keygen/patcher for 64-bits Navicat. + +4. Select __Build > Build Solution__. + +You will see executable files in `bin/` directory. + diff --git a/doc/how-to-build.zh-CN.md b/doc/how-to-build.zh-CN.md new file mode 100644 index 0000000..3b0fd2d --- /dev/null +++ b/doc/how-to-build.zh-CN.md @@ -0,0 +1,50 @@ +# Navicat Keygen - 如何编译? + +## 1. 前提条件 + +1. 请确保你有 __Visual Studio 2019__ 或者更高版本。因为这是一个VS2019项目。 + +2. 请确保你安装了 `vcpkg` 以及下面几个库: + + * `capstone[x86]:x64-windows-static` + * `capstone[x86]:x86-windows-static` + * `keystone:x64-windows-static` + * `keystone:x86-windows-static` + * `openssl-windows:x64-windows-static` + * `openssl-windows:x86-windows-static` + * `rapidjson:x64-windows-static` + * `rapidjson:x86-windows-static` + + 你可以通过下面的命令来安装它们: + + ```console + $ vcpkg install capstone[x86]:x64-windows-static + $ vcpkg install capstone[x86]:x86-windows-static + $ vcpkg install keystone:x64-windows-static + $ vcpkg install keystone:x86-windows-static + $ vcpkg install openssl-windows:x64-windows-static + $ vcpkg install openssl-windows:x86-windows-static + $ vcpkg install rapidjson:x64-windows-static + $ vcpkg install rapidjson:x86-windows-static + ``` + +3. 你的 `vcpkg` 已经和你的 __Visual Studio__ 集成了,即你曾成功运行了: + + ```console + $ vcpkg integrate install + ``` + +## 2. 编译 + +1. 在 __Visual Studio__ 打开这个项目。 + +2. 选择 `Release` 配置。 + +3. 选择 `Win32` 来生成供32位Navicat使用的keygen/patcher。 + + 或者选择 `x64` 来生成供64位Navicat使用的keygen/patcher。 + +4. 选择 __生成 > 生成解决方案__。 + +生成完成后,你会在 `bin/` 文件夹下看到编译后的keygen/patcher。 + diff --git a/doc/how-to-use.linux.md b/doc/how-to-use.linux.md new file mode 100644 index 0000000..ca5c96b --- /dev/null +++ b/doc/how-to-use.linux.md @@ -0,0 +1,257 @@ +# Navicat Keygen - How to use? (Linux) + +[中文版](how-to-use.linux.zh-CN.md) + +* Maintainer(s): zenuo, DoubleLabyrinth + +--- + +> You can download [Screen recoding](image/Screen_recording.mp4) for references. + +1. Switch to the path you extracted the installation package. Run Navicat, for initialization: + + ```console + $ cd ~/navicat121_premium_en_x64 + $ ./start_navicat + ``` + + When running for the first time, you will be prompted with the following two windows, click "Cancel" to: + + ![](image/Screenshot_2019-04-30_12-31-33.png) + + ![](image/Screenshot_2019-04-30_12-31-52.png) + + Until the `Registration` window appears, select `Trial`, close Navicat after loading is complete, and execute `Step 2`: + + ![](image/Screenshot_2019-04-30_12-32-43.png) + +2. Download the latest release [from here](https://github.com/DoubleLabyrinth/navicat-keygen/releases), and extract: + + > The 64-bit executable file is downloaded here. If you use 32-bit, please download the corresponding version. + + ```console + $ curl -O -L https://github.com/DoubleLabyrinth/navicat-keygen/releases/latest/download/navicat-keygen-for-x64.zip + $ unzip navicat-keygen-for-x64.zip + ``` + +3. Download `navicat-pacther.sh` and `navicat-keygen.sh`: + + ```console + $ curl -O -L https://raw.githubusercontent.com/DoubleLabyrinth/navicat-keygen/windows/bash/navicat-patcher.sh + $ chmod +x navicat-patcher.sh + $ curl -O -L https://raw.githubusercontent.com/DoubleLabyrinth/navicat-keygen/windows/bash/navicat-keygen.sh + $ chmod +x navicat-keygen.sh + ``` + +4. Use `navicat-patcher.exe` to replace __Navicat Activation Public Key__ that is stored in `navicat.exe` or `libcc.dll`. + + > Please turn off `Navicat` when performing this step. + + ```console + $ ./navicat-patcher.sh + ``` + + It has been tested on __Navicat Premium 12.1.22 Simplified Chinese version__. The following is an example of output: + + ``` + *************************************************** + * Navicat Patcher by @DoubleLabyrinth * + * Version: 4.0 * + *************************************************** + + Press Enter to continue or Ctrl + C to abort. + + [+] Try to open Navicat.exe ... Ok! + [+] Try to open libcc.dll ... Ok! + + [+] PatchSolution0 ...... Ready to apply + [*] Patch offset = +0x029bccd8 + [+] PatchSolution1 ...... Ready to apply + [*] [0] Patch offset = +0x02206c00 + [*] [1] Patch offset = +0x0074c489 + [*] [2] Patch offset = +0x02206910 + [*] [3] Patch offset = +0x0074c46f + [*] [4] Patch offset = +0x02206904 + [-] PatchSolution2 ...... Omitted + [+] PatchSolution3 ...... Ready to apply + [*] [ 0] Instruction RVA = 0x016539c8, Patch Offset = +0x023e64d4 + [*] [ 1] Instruction RVA = 0x01653a1f, Patch Offset = +0x01652e23 + [*] [ 2] Instruction RVA = 0x01653a25, Patch Offset = +0x01652e28 + [*] [ 3] Instruction RVA = 0x01653a8c, Patch Offset = +0x01652e8e + ... + ... + ... + [*] [108] Instruction RVA = 0x016604e1, Patch Offset = +0x023e66d8 + [*] [109] Instruction RVA = 0x01660518, Patch Offset = +0x0165f91c + [*] [110] Instruction RVA = 0x0166051e, Patch Offset = +0x0165f921 + + [*] PatchSolution0 is suppressed in order to keep digital signature valid. + + [*] Generating new RSA private key, it may take a long time... + [*] Your RSA public key: + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hV66HgU4LrKXWW6O7bK + AN6ZTr5W+Mq8ClTQ+Pc+BdhLu6rww55kVq7OXKGpvx0G4eTafYMGrrBETgDSTaMq + Bx+8bZbGBWh2LtNfqU+xUrpHHBSz0ByBc3iTEzzthJl+Fzf8suDX2lWYIc/Ym/eW + YtxdJ7xOzLb68z4N0zVmA0jFX2FOm75DRYgKqy4SGixapfucL9dVaWVLTUdbrVdj + 4LX78t4t5ykbYoThrat4yuLvj/BxLaQ6ivKD+ScfHdtCoY+NA5jmBoUfBq3Q1SXB + iNaoXctbi0/H3MiPu0cRojryAocooF89yFm5/mNnzWGAYPr6DvBI8CDTZmjaQ4oC + aQIDAQAB + -----END PUBLIC KEY----- + + ******************************************************* + * PatchSolution1 * + ******************************************************* + [*] Previous: + +0x0000000002206c00 44 37 35 31 32 35 42 37 30 37 36 37 42 39 34 31 D75125B70767B941 + +0x0000000002206c10 34 35 42 34 37 43 31 43 42 33 43 30 37 35 35 45 45B47C1CB3C0755E + +0x0000000002206c20 37 43 43 42 38 38 32 35 43 35 44 43 45 30 43 35 7CCB8825C5DCE0C5 + ... + ... + [*] After: + +0x0000000002206c00 33 43 32 39 30 39 35 38 33 34 38 41 42 43 35 39 3C290958348ABC59 + +0x0000000002206c10 36 44 39 30 43 45 45 38 31 36 42 36 39 38 34 44 6D90CEE816B6984D + +0x0000000002206c20 35 32 35 34 37 45 30 32 34 31 42 36 42 43 31 41 52547E0241B6BC1A + ... + ... + + [*] Previous: + +0x000000000074c480 fe ea bc 01 .... + [*] After: + +0x000000000074c480 08 00 00 00 .... + + [*] Previous: + +0x0000000002206910 45 31 43 45 44 30 39 42 39 43 32 31 38 36 42 46 E1CED09B9C2186BF + +0x0000000002206920 37 31 41 37 30 43 30 46 45 32 46 31 45 30 41 45 71A70C0FE2F1E0AE + +0x0000000002206930 46 33 42 44 36 42 37 35 32 37 37 41 41 42 32 30 F3BD6B75277AAB20 + ... + ... + [*] After: + +0x0000000002206910 41 33 39 42 41 36 43 34 31 36 33 32 35 30 46 45 A39BA6C4163250FE + +0x0000000002206920 42 32 41 39 31 41 34 32 46 44 42 46 30 41 32 31 B2A91A42FDBF0A21 + +0x0000000002206930 33 34 46 34 36 44 43 45 34 30 42 46 41 42 33 35 34F46DCE40BFAB35 + ... + ... + + [*] Previous: + +0x000000000074c460 59 Y + +0x000000000074c470 08 01 00 ... + [*] After: + +0x000000000074c460 06 . + +0x000000000074c470 00 00 00 ... + + [*] Previous: + +0x0000000002206900 39 32 39 33 33 92933 + [*] After: + +0x0000000002206900 42 34 34 33 38 B4438 + + ******************************************************* + * PatchSolution3 * + ******************************************************* + [*] +023e64d4: 4d 49 49 ---> 4d 49 49 + [*] +01652e23: 42 49 ---> 42 49 + [*] +01652e28: 6a ---> 6a + ... + ... + ... + [*] +023e66d8: 77 49 44 41 ---> 51 49 44 41 + [*] +0165f91c: 51 41 ---> 51 41 + [*] +0165f921: 42 ---> 42 + + [*] New RSA-2048 private key has been saved to + C:\Users\DoubleSine\github.com\navicat-keygen\bin\x64-Release\RegPrivateKey.pem + + ******************************************************* + * PATCH HAS BEEN DONE SUCCESSFULLY! * + * HAVE FUN AND ENJOY~ * + ******************************************************* + ``` + +5. Then use `navicat-keygen.exe` to generate __snKey__ and __Activation Code__ + + ```console + $ ./navicat-keygen.sh + ``` + + You will be asked to select Navicat product, language and input major version number. After that an randomly generated __snKey__ will be given. + + ``` + Select Navicat product: + 0. DataModeler + 1. Premium + 2. MySQL + 3. PostgreSQL + 4. Oracle + 5. SQLServer + 6. SQLite + 7. MariaDB + 8. MongoDB + 9. ReportViewer + + (Input index)> 1 + + Select product language: + 0. English + 1. Simplified Chinese + 2. Traditional Chinese + 3. Japanese + 4. Polish + 5. Spanish + 6. French + 7. German + 8. Korean + 9. Russian + 10. Portuguese + + (Input index)> 1 + + (Input major version number, range: 0 ~ 15, default: 12)> 12 + + Serial number: + NAVO-2ORP-IN5A-GQEE + + Your name: + ``` + + You can use this __snKey__ to activate your Navicat preliminarily. + + Then you will be asked to input `Your name` and `Your organization`. Just set them whatever you want, but not too long. + + ``` + Your name: DoubleLabyrinth + Your organization: DoubleLabyrinth + Input request code (in Base64), input empty line to end: + ``` + + After that, you will be asked to input the request code. Now __DO NOT CLOSE KEYGEN__. + +6. __Set up__ a invalid proxy. Find and click `Registration`. Fill `Registration Key` by __snKey__ that the keygen gave and click `Activate`. + +7. Online activation will failed and Navicat will ask you do `Manual Activation`, just choose it. + +8. Copy your request code and paste it in the keygen. Input empty line to tell the keygen that your input ends. + + ``` + Your name: DoubleLabyrinth + Your organization: DoubleLabyrinth + + Input request code (in Base64), input empty line to end: + t2U+0yfE2FfnbjyhCXa0lglZOHu9Ntc3qyGiPbR6xb1QoU63/9BVfdaCq0blwVycXPyT/Vqw5joIKdM5oCRR/afCPM7iRcyhQMAnvqwc+AOKCqayVV+SqKLvtR/AbREI12w++PQ6Ewfs4A8PgB8OJ9G0jKt6Q/iJRblqi2WWw9mwy+YHcYYh3UAfygTnyj/xl+MzRymbY0lkus+6LPtpDecVsFFhM7F32Ee1QPwISko7bAkHOtkt+joPfYDdn9PDGZ4HEmeLvH6UqZCXkzgaAfynB7cQZFEkId8FsW2NGkbpM7wB2Hi3fNFgOIjutTprixTdbpFKn4w6gGc28ve23A== + + Request Info: + {"K":"NAVO2ORPIN5AGQEE", "DI":"R91j6WyMhxHznAKSxxxx", "P":"WIN"} + + Response Info: + {"K":"NAVO2ORPIN5AGQEE","DI":"R91j6WyMhxHznAKSxxxx","N":"DoubleLabyrinth","O":"DoubleLabyrinth","T":1547826060} + + License: + lRF18o+ZhBphyN0U5kFLHtAAGGXuvhqOcxNuvAk4dJcGeR0ISuw74mQvAfdNjv0T + I5NZFzqIJvrzM0XeR88q+3kmZkECuxwwWHP3zzDPhPiylcTV4DoGZ1tfoViUSYQc + LgXG0Fl7koZeP61YOKQ8GfX+Xk2ZTM64bYaF7NlhonM+GQUJCCF2JThmrP921t2p + b/E5pV6fLOYMM13881ZQcQcltMNVDZn4lzgzKRFFxCQFaTl6fJMHZdYVmICQTHtI + sNaym0zduc8/cv34mgJ+7NseXmsEPCdjrZ59wgfPsLhZLXqtfxi5hGWw4NMa3Sb2 + UI8dzqFzRp/hSDEM0mEqiA== + ``` + +9. Finally, you will get __Activation Code__ which looks like a Base64 string. Just copy it and paste it in Navicat `Manual Activation` window, then click `Activate`. If nothing wrong, activation should be done successfully. Don't forget to close the proxy that we just set up. + diff --git a/doc/how-to-use.linux.zh-CN.md b/doc/how-to-use.linux.zh-CN.md new file mode 100644 index 0000000..951cdb6 --- /dev/null +++ b/doc/how-to-use.linux.zh-CN.md @@ -0,0 +1,255 @@ +# Navicat Keygen - 如何使用这个注册机? (Linux) + +* 维护者:zenuo, DoubleLabyrinth + +--- + +> 可下载[录屏文件](image/Screen_recording.mp4)参考 + +1. 切换到解压安装包的路径,本示例解压到了 `家目录`,运行Navicat,使其初始化环境: + + ```console + $ cd ~/navicat121_premium_en_x64 + $ ./start_navicat + ``` + + 首次启动时,会提示如下两个窗口,点击“Cancel”即可: + + ![](image/Screenshot_2019-04-30_12-31-33.png) + + ![](image/Screenshot_2019-04-30_12-31-52.png) + + 直至出现 `Registration` 窗口,选择 `Trial`,待加载完成后关闭Navicat,执行 `步骤2`: + + ![](image/Screenshot_2019-04-30_12-32-43.png) + +2. [从这里](https://github.com/DoubleLabyrinth/navicat-keygen/releases)下载最新的release,并且解压: + + > 此处下载的是64位的可执行文件,若您使用32位,请下载对应版本 + + ```console + $ curl -O -L https://github.com/DoubleLabyrinth/navicat-keygen/releases/latest/download/navicat-keygen-for-x64.zip + $ unzip navicat-keygen-for-x64.zip + ``` + +3. 下载 `navicat-pacther.sh` 和 `navicat-keygen.sh`: + + ```console + $ curl -O -L https://raw.githubusercontent.com/DoubleLabyrinth/navicat-keygen/windows/bash/navicat-patcher.sh + $ chmod +x navicat-patcher.sh + $ curl -O -L https://raw.githubusercontent.com/DoubleLabyrinth/navicat-keygen/windows/bash/navicat-keygen.sh + $ chmod +x navicat-keygen.sh + ``` + +4. 使用 `navicat-patcher.exe` 替换掉 `navicat.exe` 和 `libcc.dll` 里的Navicat激活公钥。 + + > 执行此步骤时,请将Navicat关闭 + + ```console + $ ./navicat-patcher.sh + ``` + + __Navicat Premium 12.1.22 简体中文版已通过测试__。下面将是一份样例输出: + + ``` + *************************************************** + * Navicat Patcher by @DoubleLabyrinth * + * Version: 4.0 * + *************************************************** + + Press Enter to continue or Ctrl + C to abort. + + [+] Try to open Navicat.exe ... Ok! + [+] Try to open libcc.dll ... Ok! + + [+] PatchSolution0 ...... Ready to apply + [*] Patch offset = +0x029bccd8 + [+] PatchSolution1 ...... Ready to apply + [*] [0] Patch offset = +0x02206c00 + [*] [1] Patch offset = +0x0074c489 + [*] [2] Patch offset = +0x02206910 + [*] [3] Patch offset = +0x0074c46f + [*] [4] Patch offset = +0x02206904 + [-] PatchSolution2 ...... Omitted + [+] PatchSolution3 ...... Ready to apply + [*] [ 0] Instruction RVA = 0x016539c8, Patch Offset = +0x023e64d4 + [*] [ 1] Instruction RVA = 0x01653a1f, Patch Offset = +0x01652e23 + [*] [ 2] Instruction RVA = 0x01653a25, Patch Offset = +0x01652e28 + [*] [ 3] Instruction RVA = 0x01653a8c, Patch Offset = +0x01652e8e + ... + ... + ... + [*] [108] Instruction RVA = 0x016604e1, Patch Offset = +0x023e66d8 + [*] [109] Instruction RVA = 0x01660518, Patch Offset = +0x0165f91c + [*] [110] Instruction RVA = 0x0166051e, Patch Offset = +0x0165f921 + + [*] PatchSolution0 is suppressed in order to keep digital signature valid. + + [*] Generating new RSA private key, it may take a long time... + [*] Your RSA public key: + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hV66HgU4LrKXWW6O7bK + AN6ZTr5W+Mq8ClTQ+Pc+BdhLu6rww55kVq7OXKGpvx0G4eTafYMGrrBETgDSTaMq + Bx+8bZbGBWh2LtNfqU+xUrpHHBSz0ByBc3iTEzzthJl+Fzf8suDX2lWYIc/Ym/eW + YtxdJ7xOzLb68z4N0zVmA0jFX2FOm75DRYgKqy4SGixapfucL9dVaWVLTUdbrVdj + 4LX78t4t5ykbYoThrat4yuLvj/BxLaQ6ivKD+ScfHdtCoY+NA5jmBoUfBq3Q1SXB + iNaoXctbi0/H3MiPu0cRojryAocooF89yFm5/mNnzWGAYPr6DvBI8CDTZmjaQ4oC + aQIDAQAB + -----END PUBLIC KEY----- + + ******************************************************* + * PatchSolution1 * + ******************************************************* + [*] Previous: + +0x0000000002206c00 44 37 35 31 32 35 42 37 30 37 36 37 42 39 34 31 D75125B70767B941 + +0x0000000002206c10 34 35 42 34 37 43 31 43 42 33 43 30 37 35 35 45 45B47C1CB3C0755E + +0x0000000002206c20 37 43 43 42 38 38 32 35 43 35 44 43 45 30 43 35 7CCB8825C5DCE0C5 + ... + ... + [*] After: + +0x0000000002206c00 33 43 32 39 30 39 35 38 33 34 38 41 42 43 35 39 3C290958348ABC59 + +0x0000000002206c10 36 44 39 30 43 45 45 38 31 36 42 36 39 38 34 44 6D90CEE816B6984D + +0x0000000002206c20 35 32 35 34 37 45 30 32 34 31 42 36 42 43 31 41 52547E0241B6BC1A + ... + ... + + [*] Previous: + +0x000000000074c480 fe ea bc 01 .... + [*] After: + +0x000000000074c480 08 00 00 00 .... + + [*] Previous: + +0x0000000002206910 45 31 43 45 44 30 39 42 39 43 32 31 38 36 42 46 E1CED09B9C2186BF + +0x0000000002206920 37 31 41 37 30 43 30 46 45 32 46 31 45 30 41 45 71A70C0FE2F1E0AE + +0x0000000002206930 46 33 42 44 36 42 37 35 32 37 37 41 41 42 32 30 F3BD6B75277AAB20 + ... + ... + [*] After: + +0x0000000002206910 41 33 39 42 41 36 43 34 31 36 33 32 35 30 46 45 A39BA6C4163250FE + +0x0000000002206920 42 32 41 39 31 41 34 32 46 44 42 46 30 41 32 31 B2A91A42FDBF0A21 + +0x0000000002206930 33 34 46 34 36 44 43 45 34 30 42 46 41 42 33 35 34F46DCE40BFAB35 + ... + ... + + [*] Previous: + +0x000000000074c460 59 Y + +0x000000000074c470 08 01 00 ... + [*] After: + +0x000000000074c460 06 . + +0x000000000074c470 00 00 00 ... + + [*] Previous: + +0x0000000002206900 39 32 39 33 33 92933 + [*] After: + +0x0000000002206900 42 34 34 33 38 B4438 + + ******************************************************* + * PatchSolution3 * + ******************************************************* + [*] +023e64d4: 4d 49 49 ---> 4d 49 49 + [*] +01652e23: 42 49 ---> 42 49 + [*] +01652e28: 6a ---> 6a + ... + ... + ... + [*] +023e66d8: 77 49 44 41 ---> 51 49 44 41 + [*] +0165f91c: 51 41 ---> 51 41 + [*] +0165f921: 42 ---> 42 + + [*] New RSA-2048 private key has been saved to + C:\Users\DoubleSine\github.com\navicat-keygen\bin\x64-Release\RegPrivateKey.pem + + ******************************************************* + * PATCH HAS BEEN DONE SUCCESSFULLY! * + * HAVE FUN AND ENJOY~ * + ******************************************************* + ``` + +5. 接下来使用`navicat-keygen.exe`来生成序列号和激活码 + + ```console + $ ./navicat-keygen.sh + ``` + + 你会被要求选择Navicat产品类别、语言以及输入主版本号。之后会随机生成一个序列号。 + + ``` + Select Navicat product: + 0. DataModeler + 1. Premium + 2. MySQL + 3. PostgreSQL + 4. Oracle + 5. SQLServer + 6. SQLite + 7. MariaDB + 8. MongoDB + 9. ReportViewer + + (Input index)> 1 + + Select product language: + 0. English + 1. Simplified Chinese + 2. Traditional Chinese + 3. Japanese + 4. Polish + 5. Spanish + 6. French + 7. German + 8. Korean + 9. Russian + 10. Portuguese + + (Input index)> 1 + + (Input major version number, range: 0 ~ 15, default: 12)> 12 + + Serial number: + NAVO-2ORP-IN5A-GQEE + + Your name: + ``` + + 你可以使用这个序列号暂时激活Navicat。 + + 接下来你会被要求输入`用户名`和`组织名`;请随便填写,但不要太长。 + + ``` + Your name: DoubleLabyrinth + Your organization: DoubleLabyrinth + Input request code (in Base64), input empty line to end: + ``` + + 之后你会被要求填入请求码。注意 __不要关闭命令行__. + +6. 配置一个不存在的`代理`。找到`注册`窗口,并填入keygen给你的序列号。然后点击`激活`按钮。 + +7. 在线激活失败,这时候Navicat会询问你是否`手动激活`,直接选吧。 + +8. 在`手动激活`窗口你会得到一个请求码,复制它并把它粘贴到keygen里。最后别忘了连按至少两下回车结束输入。 + + ``` + Your name: DoubleLabyrinth + Your organization: DoubleLabyrinth + + Input request code (in Base64), input empty line to end: + t2U+0yfE2FfnbjyhCXa0lglZOHu9Ntc3qyGiPbR6xb1QoU63/9BVfdaCq0blwVycXPyT/Vqw5joIKdM5oCRR/afCPM7iRcyhQMAnvqwc+AOKCqayVV+SqKLvtR/AbREI12w++PQ6Ewfs4A8PgB8OJ9G0jKt6Q/iJRblqi2WWw9mwy+YHcYYh3UAfygTnyj/xl+MzRymbY0lkus+6LPtpDecVsFFhM7F32Ee1QPwISko7bAkHOtkt+joPfYDdn9PDGZ4HEmeLvH6UqZCXkzgaAfynB7cQZFEkId8FsW2NGkbpM7wB2Hi3fNFgOIjutTprixTdbpFKn4w6gGc28ve23A== + + Request Info: + {"K":"NAVO2ORPIN5AGQEE", "DI":"R91j6WyMhxHznAKSxxxx", "P":"WIN"} + + Response Info: + {"K":"NAVO2ORPIN5AGQEE","DI":"R91j6WyMhxHznAKSxxxx","N":"DoubleLabyrinth","O":"DoubleLabyrinth","T":1547826060} + + License: + lRF18o+ZhBphyN0U5kFLHtAAGGXuvhqOcxNuvAk4dJcGeR0ISuw74mQvAfdNjv0T + I5NZFzqIJvrzM0XeR88q+3kmZkECuxwwWHP3zzDPhPiylcTV4DoGZ1tfoViUSYQc + LgXG0Fl7koZeP61YOKQ8GfX+Xk2ZTM64bYaF7NlhonM+GQUJCCF2JThmrP921t2p + b/E5pV6fLOYMM13881ZQcQcltMNVDZn4lzgzKRFFxCQFaTl6fJMHZdYVmICQTHtI + sNaym0zduc8/cv34mgJ+7NseXmsEPCdjrZ59wgfPsLhZLXqtfxi5hGWw4NMa3Sb2 + UI8dzqFzRp/hSDEM0mEqiA== + ``` + +9. 如果不出意外,你会得到一个看似用Base64编码的激活码。直接复制它,并把它粘贴到Navicat的`手动激活`窗口,最后点`激活`按钮。如果没什么意外的话应该能成功激活。别忘了关闭我们刚刚设置的不存在的代理哦。 + diff --git a/doc/how-to-use.windows.md b/doc/how-to-use.windows.md new file mode 100644 index 0000000..ceb2a5f --- /dev/null +++ b/doc/how-to-use.windows.md @@ -0,0 +1,256 @@ +# Navicat Keygen - How to use? (Windows) + +[中文版](how-to-use.windows.zh-CN.md) + +1. Download the latest release [from here](https://github.com/DoubleLabyrinth/navicat-keygen/releases). + +2. Use `navicat-patcher.exe` to replace __Navicat Activation Public Key__ that is stored in `navicat.exe` or `libcc.dll`. + + ``` + navicat-patcher.exe [-dry-run] [RSA-2048 PEM File Path] + ``` + + * `[-dry-run]` Run patcher without applying any patches. + + __This parameter is optional.__ + + * ``: The full path to Navicat installation folder. + + __This parameter must be specified.__ + + * `[RSA-2048 PEM File Path]`: The full path or relative path to a RSA-2048 private key file. + + __This parameter is optional.__ If not specified, `navicat-patcher.exe` will generate a new RSA-2048 private key file `RegPrivateKey.pem` at current directory. + + __Example: (in cmd.exe)__ + + ``` + navicat-patcher.exe "C:\Program Files\PremiumSoft\Navicat Premium 12" + ``` + + It has been tested on __Navicat Premium 12.1.22 Simplified Chinese version__. The following is an example of output. + + ``` + *************************************************** + * Navicat Patcher by @DoubleLabyrinth * + * Version: 4.0 * + *************************************************** + + Press Enter to continue or Ctrl + C to abort. + + [+] Try to open Navicat.exe ... Ok! + [+] Try to open libcc.dll ... Ok! + + [+] PatchSolution0 ...... Ready to apply + [*] Patch offset = +0x029bccd8 + [+] PatchSolution1 ...... Ready to apply + [*] [0] Patch offset = +0x02206c00 + [*] [1] Patch offset = +0x0074c489 + [*] [2] Patch offset = +0x02206910 + [*] [3] Patch offset = +0x0074c46f + [*] [4] Patch offset = +0x02206904 + [-] PatchSolution2 ...... Omitted + [+] PatchSolution3 ...... Ready to apply + [*] [ 0] Instruction RVA = 0x016539c8, Patch Offset = +0x023e64d4 + [*] [ 1] Instruction RVA = 0x01653a1f, Patch Offset = +0x01652e23 + [*] [ 2] Instruction RVA = 0x01653a25, Patch Offset = +0x01652e28 + [*] [ 3] Instruction RVA = 0x01653a8c, Patch Offset = +0x01652e8e + ... + ... + ... + [*] [108] Instruction RVA = 0x016604e1, Patch Offset = +0x023e66d8 + [*] [109] Instruction RVA = 0x01660518, Patch Offset = +0x0165f91c + [*] [110] Instruction RVA = 0x0166051e, Patch Offset = +0x0165f921 + + [*] PatchSolution0 is suppressed in order to keep digital signature valid. + + [*] Generating new RSA private key, it may take a long time... + [*] Your RSA public key: + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hV66HgU4LrKXWW6O7bK + AN6ZTr5W+Mq8ClTQ+Pc+BdhLu6rww55kVq7OXKGpvx0G4eTafYMGrrBETgDSTaMq + Bx+8bZbGBWh2LtNfqU+xUrpHHBSz0ByBc3iTEzzthJl+Fzf8suDX2lWYIc/Ym/eW + YtxdJ7xOzLb68z4N0zVmA0jFX2FOm75DRYgKqy4SGixapfucL9dVaWVLTUdbrVdj + 4LX78t4t5ykbYoThrat4yuLvj/BxLaQ6ivKD+ScfHdtCoY+NA5jmBoUfBq3Q1SXB + iNaoXctbi0/H3MiPu0cRojryAocooF89yFm5/mNnzWGAYPr6DvBI8CDTZmjaQ4oC + aQIDAQAB + -----END PUBLIC KEY----- + + ******************************************************* + * PatchSolution1 * + ******************************************************* + [*] Previous: + +0x0000000002206c00 44 37 35 31 32 35 42 37 30 37 36 37 42 39 34 31 D75125B70767B941 + +0x0000000002206c10 34 35 42 34 37 43 31 43 42 33 43 30 37 35 35 45 45B47C1CB3C0755E + +0x0000000002206c20 37 43 43 42 38 38 32 35 43 35 44 43 45 30 43 35 7CCB8825C5DCE0C5 + ... + ... + [*] After: + +0x0000000002206c00 33 43 32 39 30 39 35 38 33 34 38 41 42 43 35 39 3C290958348ABC59 + +0x0000000002206c10 36 44 39 30 43 45 45 38 31 36 42 36 39 38 34 44 6D90CEE816B6984D + +0x0000000002206c20 35 32 35 34 37 45 30 32 34 31 42 36 42 43 31 41 52547E0241B6BC1A + ... + ... + + [*] Previous: + +0x000000000074c480 fe ea bc 01 .... + [*] After: + +0x000000000074c480 08 00 00 00 .... + + [*] Previous: + +0x0000000002206910 45 31 43 45 44 30 39 42 39 43 32 31 38 36 42 46 E1CED09B9C2186BF + +0x0000000002206920 37 31 41 37 30 43 30 46 45 32 46 31 45 30 41 45 71A70C0FE2F1E0AE + +0x0000000002206930 46 33 42 44 36 42 37 35 32 37 37 41 41 42 32 30 F3BD6B75277AAB20 + ... + ... + [*] After: + +0x0000000002206910 41 33 39 42 41 36 43 34 31 36 33 32 35 30 46 45 A39BA6C4163250FE + +0x0000000002206920 42 32 41 39 31 41 34 32 46 44 42 46 30 41 32 31 B2A91A42FDBF0A21 + +0x0000000002206930 33 34 46 34 36 44 43 45 34 30 42 46 41 42 33 35 34F46DCE40BFAB35 + ... + ... + + [*] Previous: + +0x000000000074c460 59 Y + +0x000000000074c470 08 01 00 ... + [*] After: + +0x000000000074c460 06 . + +0x000000000074c470 00 00 00 ... + + [*] Previous: + +0x0000000002206900 39 32 39 33 33 92933 + [*] After: + +0x0000000002206900 42 34 34 33 38 B4438 + + ******************************************************* + * PatchSolution3 * + ******************************************************* + [*] +023e64d4: 4d 49 49 ---> 4d 49 49 + [*] +01652e23: 42 49 ---> 42 49 + [*] +01652e28: 6a ---> 6a + ... + ... + ... + [*] +023e66d8: 77 49 44 41 ---> 51 49 44 41 + [*] +0165f91c: 51 41 ---> 51 41 + [*] +0165f921: 42 ---> 42 + + [*] New RSA-2048 private key has been saved to + C:\Users\DoubleSine\github.com\navicat-keygen\bin\x64-Release\RegPrivateKey.pem + + ******************************************************* + * PATCH HAS BEEN DONE SUCCESSFULLY! * + * HAVE FUN AND ENJOY~ * + ******************************************************* + ``` + +3. Then use `navicat-keygen.exe` to generate __snKey__ and __Activation Code__ + + ``` + navicat-keygen.exe <-bin|-text> [-adv] + ``` + + * `<-bin|-text>`: Must be `-bin` or `-text`. + + If `-bin` is specified, `navicat-keygen.exe` will finally generate `license_file`. It is used for Navicat old activation method only. + + If `-text` is specified, `navicat-keygen.exe` will finally generate a Base64-style string which is __Activation Code__. It is used for Navicat new activation method. + + __This parameter must be specified.__ + + * `[-adv]`: Enable advanced mode. + + __This parameter is optional.__ If specified, `navicat-keygen.exe` will ask you input Navicat product ID number, language signature numbers. It is for future use generally. + + * ``: The full path or relative path to a RSA-2048 private key file. + + __This parameter must be specified.__ + + __Example: (in cmd.exe)__ + + ```console + navicat-keygen.exe -text .\RegPrivateKey.pem + ``` + + You will be asked to select Navicat product, language and input major version number. After that an randomly generated __snKey__ will be given. + + ``` + Select Navicat product: + 0. DataModeler + 1. Premium + 2. MySQL + 3. PostgreSQL + 4. Oracle + 5. SQLServer + 6. SQLite + 7. MariaDB + 8. MongoDB + 9. ReportViewer + + (Input index)> 1 + + Select product language: + 0. English + 1. Simplified Chinese + 2. Traditional Chinese + 3. Japanese + 4. Polish + 5. Spanish + 6. French + 7. German + 8. Korean + 9. Russian + 10. Portuguese + + (Input index)> 1 + + (Input major version number, range: 0 ~ 15, default: 12)> 12 + + Serial number: + NAVO-2ORP-IN5A-GQEE + + Your name: + ``` + + You can use this __snKey__ to activate your Navicat preliminarily. + + Then you will be asked to input `Your name` and `Your organization`. Just set them whatever you want, but not too long. + + ``` + Your name: DoubleLabyrinth + Your organization: DoubleLabyrinth + Input request code (in Base64), input empty line to end: + ``` + + After that, you will be asked to input the request code. Now __DO NOT CLOSE KEYGEN__. + +4. __Disconnect your network__ and open Navicat. Find and click `Registration`. Fill `Registration Key` by __snKey__ that the keygen gave and click `Activate`. + +5. Generally online activation will failed and Navicat will ask you do `Manual Activation`, just choose it. + +6. Copy your request code and paste it in the keygen. Input empty line to tell the keygen that your input ends. + + ``` + Your name: DoubleLabyrinth + Your organization: DoubleLabyrinth + + Input request code (in Base64), input empty line to end: + t2U+0yfE2FfnbjyhCXa0lglZOHu9Ntc3qyGiPbR6xb1QoU63/9BVfdaCq0blwVycXPyT/Vqw5joIKdM5oCRR/afCPM7iRcyhQMAnvqwc+AOKCqayVV+SqKLvtR/AbREI12w++PQ6Ewfs4A8PgB8OJ9G0jKt6Q/iJRblqi2WWw9mwy+YHcYYh3UAfygTnyj/xl+MzRymbY0lkus+6LPtpDecVsFFhM7F32Ee1QPwISko7bAkHOtkt+joPfYDdn9PDGZ4HEmeLvH6UqZCXkzgaAfynB7cQZFEkId8FsW2NGkbpM7wB2Hi3fNFgOIjutTprixTdbpFKn4w6gGc28ve23A== + + Request Info: + {"K":"NAVO2ORPIN5AGQEE", "DI":"R91j6WyMhxHznAKSxxxx", "P":"WIN"} + + Response Info: + {"K":"NAVO2ORPIN5AGQEE","DI":"R91j6WyMhxHznAKSxxxx","N":"DoubleLabyrinth","O":"DoubleLabyrinth","T":1547826060} + + License: + lRF18o+ZhBphyN0U5kFLHtAAGGXuvhqOcxNuvAk4dJcGeR0ISuw74mQvAfdNjv0T + I5NZFzqIJvrzM0XeR88q+3kmZkECuxwwWHP3zzDPhPiylcTV4DoGZ1tfoViUSYQc + LgXG0Fl7koZeP61YOKQ8GfX+Xk2ZTM64bYaF7NlhonM+GQUJCCF2JThmrP921t2p + b/E5pV6fLOYMM13881ZQcQcltMNVDZn4lzgzKRFFxCQFaTl6fJMHZdYVmICQTHtI + sNaym0zduc8/cv34mgJ+7NseXmsEPCdjrZ59wgfPsLhZLXqtfxi5hGWw4NMa3Sb2 + UI8dzqFzRp/hSDEM0mEqiA== + ``` + +7. Finally, you will get __Activation Code__ which looks like a Base64 string. Just copy it and paste it in Navicat `Manual Activation` window, then click `Activate`. If nothing wrong, activation should be done successfully. + diff --git a/doc/how-to-use.windows.zh-CN.md b/doc/how-to-use.windows.zh-CN.md new file mode 100644 index 0000000..b486498 --- /dev/null +++ b/doc/how-to-use.windows.zh-CN.md @@ -0,0 +1,254 @@ +# Navicat Keygen - 如何使用这个注册机? (Windows) + +1. [从这里](https://github.com/DoubleLabyrinth/navicat-keygen/releases)下载最新的release。 + +2. 使用`navicat-patcher.exe`替换掉`navicat.exe`和`libcc.dll`里的Navicat激活公钥。 + + ``` + navicat-patcher.exe [-dry-run] [RSA-2048 PEM File Path] + ``` + + * `[-dry-run]`: 运行patcher但不对Navicat程序做任何修改。 + + __这个参数是可选的。__ + + * ``: Navicat的完整安装路径。 + + __这个参数必须指定。__ + + * `[RSA-2048 PEM File Path]`: RSA-2048私钥文件的完整路径或相对路径。 + + __这个参数是可选的。__ 如果未指定,`navicat-patcher.exe`将会在当前目录生成一个新的RSA-2048私钥文件。 + + __例如:(在cmd.exe中)__ + + ``` + navicat-patcher.exe "C:\Program Files\PremiumSoft\Navicat Premium 12" + ``` + + __Navicat Premium 12.1.22 简体中文版已通过测试__。下面将是一份样例输出: + + ``` + *************************************************** + * Navicat Patcher by @DoubleLabyrinth * + * Version: 4.0 * + *************************************************** + + Press Enter to continue or Ctrl + C to abort. + + [+] Try to open Navicat.exe ... Ok! + [+] Try to open libcc.dll ... Ok! + + [+] PatchSolution0 ...... Ready to apply + [*] Patch offset = +0x029bccd8 + [+] PatchSolution1 ...... Ready to apply + [*] [0] Patch offset = +0x02206c00 + [*] [1] Patch offset = +0x0074c489 + [*] [2] Patch offset = +0x02206910 + [*] [3] Patch offset = +0x0074c46f + [*] [4] Patch offset = +0x02206904 + [-] PatchSolution2 ...... Omitted + [+] PatchSolution3 ...... Ready to apply + [*] [ 0] Instruction RVA = 0x016539c8, Patch Offset = +0x023e64d4 + [*] [ 1] Instruction RVA = 0x01653a1f, Patch Offset = +0x01652e23 + [*] [ 2] Instruction RVA = 0x01653a25, Patch Offset = +0x01652e28 + [*] [ 3] Instruction RVA = 0x01653a8c, Patch Offset = +0x01652e8e + ... + ... + ... + [*] [108] Instruction RVA = 0x016604e1, Patch Offset = +0x023e66d8 + [*] [109] Instruction RVA = 0x01660518, Patch Offset = +0x0165f91c + [*] [110] Instruction RVA = 0x0166051e, Patch Offset = +0x0165f921 + + [*] PatchSolution0 is suppressed in order to keep digital signature valid. + + [*] Generating new RSA private key, it may take a long time... + [*] Your RSA public key: + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hV66HgU4LrKXWW6O7bK + AN6ZTr5W+Mq8ClTQ+Pc+BdhLu6rww55kVq7OXKGpvx0G4eTafYMGrrBETgDSTaMq + Bx+8bZbGBWh2LtNfqU+xUrpHHBSz0ByBc3iTEzzthJl+Fzf8suDX2lWYIc/Ym/eW + YtxdJ7xOzLb68z4N0zVmA0jFX2FOm75DRYgKqy4SGixapfucL9dVaWVLTUdbrVdj + 4LX78t4t5ykbYoThrat4yuLvj/BxLaQ6ivKD+ScfHdtCoY+NA5jmBoUfBq3Q1SXB + iNaoXctbi0/H3MiPu0cRojryAocooF89yFm5/mNnzWGAYPr6DvBI8CDTZmjaQ4oC + aQIDAQAB + -----END PUBLIC KEY----- + + ******************************************************* + * PatchSolution1 * + ******************************************************* + [*] Previous: + +0x0000000002206c00 44 37 35 31 32 35 42 37 30 37 36 37 42 39 34 31 D75125B70767B941 + +0x0000000002206c10 34 35 42 34 37 43 31 43 42 33 43 30 37 35 35 45 45B47C1CB3C0755E + +0x0000000002206c20 37 43 43 42 38 38 32 35 43 35 44 43 45 30 43 35 7CCB8825C5DCE0C5 + ... + ... + [*] After: + +0x0000000002206c00 33 43 32 39 30 39 35 38 33 34 38 41 42 43 35 39 3C290958348ABC59 + +0x0000000002206c10 36 44 39 30 43 45 45 38 31 36 42 36 39 38 34 44 6D90CEE816B6984D + +0x0000000002206c20 35 32 35 34 37 45 30 32 34 31 42 36 42 43 31 41 52547E0241B6BC1A + ... + ... + + [*] Previous: + +0x000000000074c480 fe ea bc 01 .... + [*] After: + +0x000000000074c480 08 00 00 00 .... + + [*] Previous: + +0x0000000002206910 45 31 43 45 44 30 39 42 39 43 32 31 38 36 42 46 E1CED09B9C2186BF + +0x0000000002206920 37 31 41 37 30 43 30 46 45 32 46 31 45 30 41 45 71A70C0FE2F1E0AE + +0x0000000002206930 46 33 42 44 36 42 37 35 32 37 37 41 41 42 32 30 F3BD6B75277AAB20 + ... + ... + [*] After: + +0x0000000002206910 41 33 39 42 41 36 43 34 31 36 33 32 35 30 46 45 A39BA6C4163250FE + +0x0000000002206920 42 32 41 39 31 41 34 32 46 44 42 46 30 41 32 31 B2A91A42FDBF0A21 + +0x0000000002206930 33 34 46 34 36 44 43 45 34 30 42 46 41 42 33 35 34F46DCE40BFAB35 + ... + ... + + [*] Previous: + +0x000000000074c460 59 Y + +0x000000000074c470 08 01 00 ... + [*] After: + +0x000000000074c460 06 . + +0x000000000074c470 00 00 00 ... + + [*] Previous: + +0x0000000002206900 39 32 39 33 33 92933 + [*] After: + +0x0000000002206900 42 34 34 33 38 B4438 + + ******************************************************* + * PatchSolution3 * + ******************************************************* + [*] +023e64d4: 4d 49 49 ---> 4d 49 49 + [*] +01652e23: 42 49 ---> 42 49 + [*] +01652e28: 6a ---> 6a + ... + ... + ... + [*] +023e66d8: 77 49 44 41 ---> 51 49 44 41 + [*] +0165f91c: 51 41 ---> 51 41 + [*] +0165f921: 42 ---> 42 + + [*] New RSA-2048 private key has been saved to + C:\Users\DoubleSine\github.com\navicat-keygen\bin\x64-Release\RegPrivateKey.pem + + ******************************************************* + * PATCH HAS BEEN DONE SUCCESSFULLY! * + * HAVE FUN AND ENJOY~ * + ******************************************************* + ``` + +3. 接下来使用`navicat-keygen.exe`来生成序列号和激活码 + + ``` + navicat-keygen.exe <-bin|-text> [-adv] + ``` + + * `<-bin|-text>`: 必须是`-bin`或`-text`。 + + 如果指定了`-bin`,`navicat-keygen.exe`最终将生成`license_file`文件。这个选项是给Navicat旧激活方式使用的。 + + 如果指定了`-text`,`navicat-keygen.exe`最终将生成Base64样式的激活码。这个选项是给Navicat新激活方式使用的。 + + __这个参数必须指定。__ + + * `[-adv]`: 开启高级模式。 + + __这个参数是可选的。__ 如果指定了这个参数,`navicat-keygen.exe`将会要求你手工填写产品ID号、语言标识号。这个选项一般是给以后用的。 + + * ``: RSA-2048私钥文件的完整路径或相对路径。 + + __这个参数必须指定。__ + + __例如:(在cmd.exe中)__ + + ```console + navicat-keygen.exe -text .\RegPrivateKey.pem + ``` + + 你会被要求选择Navicat产品类别、语言以及输入主版本号。之后会随机生成一个序列号。 + + ``` + Select Navicat product: + 0. DataModeler + 1. Premium + 2. MySQL + 3. PostgreSQL + 4. Oracle + 5. SQLServer + 6. SQLite + 7. MariaDB + 8. MongoDB + 9. ReportViewer + + (Input index)> 1 + + Select product language: + 0. English + 1. Simplified Chinese + 2. Traditional Chinese + 3. Japanese + 4. Polish + 5. Spanish + 6. French + 7. German + 8. Korean + 9. Russian + 10. Portuguese + + (Input index)> 1 + + (Input major version number, range: 0 ~ 15, default: 12)> 12 + + Serial number: + NAVO-2ORP-IN5A-GQEE + + Your name: + ``` + + 你可以使用这个序列号暂时激活Navicat。 + + 接下来你会被要求输入`用户名`和`组织名`;请随便填写,但不要太长。 + + ``` + Your name: DoubleLabyrinth + Your organization: DoubleLabyrinth + Input request code (in Base64), input empty line to end: + ``` + + 之后你会被要求填入请求码。注意 __不要关闭命令行__. + +4. __断开网络__ 并打开Navicat。找到`注册`窗口,并填入keygen给你的序列号。然后点击`激活`按钮。 + +5. 一般来说在线激活肯定会失败,这时候Navicat会询问你是否`手动激活`,直接选吧。 + +6. 在`手动激活`窗口你会得到一个请求码,复制它并把它粘贴到keygen里。最后别忘了连按至少两下回车结束输入。 + + ``` + Your name: DoubleLabyrinth + Your organization: DoubleLabyrinth + + Input request code (in Base64), input empty line to end: + t2U+0yfE2FfnbjyhCXa0lglZOHu9Ntc3qyGiPbR6xb1QoU63/9BVfdaCq0blwVycXPyT/Vqw5joIKdM5oCRR/afCPM7iRcyhQMAnvqwc+AOKCqayVV+SqKLvtR/AbREI12w++PQ6Ewfs4A8PgB8OJ9G0jKt6Q/iJRblqi2WWw9mwy+YHcYYh3UAfygTnyj/xl+MzRymbY0lkus+6LPtpDecVsFFhM7F32Ee1QPwISko7bAkHOtkt+joPfYDdn9PDGZ4HEmeLvH6UqZCXkzgaAfynB7cQZFEkId8FsW2NGkbpM7wB2Hi3fNFgOIjutTprixTdbpFKn4w6gGc28ve23A== + + Request Info: + {"K":"NAVO2ORPIN5AGQEE", "DI":"R91j6WyMhxHznAKSxxxx", "P":"WIN"} + + Response Info: + {"K":"NAVO2ORPIN5AGQEE","DI":"R91j6WyMhxHznAKSxxxx","N":"DoubleLabyrinth","O":"DoubleLabyrinth","T":1547826060} + + License: + lRF18o+ZhBphyN0U5kFLHtAAGGXuvhqOcxNuvAk4dJcGeR0ISuw74mQvAfdNjv0T + I5NZFzqIJvrzM0XeR88q+3kmZkECuxwwWHP3zzDPhPiylcTV4DoGZ1tfoViUSYQc + LgXG0Fl7koZeP61YOKQ8GfX+Xk2ZTM64bYaF7NlhonM+GQUJCCF2JThmrP921t2p + b/E5pV6fLOYMM13881ZQcQcltMNVDZn4lzgzKRFFxCQFaTl6fJMHZdYVmICQTHtI + sNaym0zduc8/cv34mgJ+7NseXmsEPCdjrZ59wgfPsLhZLXqtfxi5hGWw4NMa3Sb2 + UI8dzqFzRp/hSDEM0mEqiA== + ``` + + 4. 如果不出意外,你会得到一个看似用Base64编码的激活码。直接复制它,并把它粘贴到Navicat的`手动激活`窗口,最后点`激活`按钮。如果没什么意外的话应该能成功激活。 + diff --git a/doc/image/Screen_recording.mp4 b/doc/image/Screen_recording.mp4 new file mode 100644 index 0000000..0ba72c4 Binary files /dev/null and b/doc/image/Screen_recording.mp4 differ diff --git a/doc/image/Screenshot_2019-04-30_12-31-33.png b/doc/image/Screenshot_2019-04-30_12-31-33.png new file mode 100644 index 0000000..483c947 Binary files /dev/null and b/doc/image/Screenshot_2019-04-30_12-31-33.png differ diff --git a/doc/image/Screenshot_2019-04-30_12-31-52.png b/doc/image/Screenshot_2019-04-30_12-31-52.png new file mode 100644 index 0000000..fa7b822 Binary files /dev/null and b/doc/image/Screenshot_2019-04-30_12-31-52.png differ diff --git a/doc/image/Screenshot_2019-04-30_12-32-43.png b/doc/image/Screenshot_2019-04-30_12-32-43.png new file mode 100644 index 0000000..fc3a9be Binary files /dev/null and b/doc/image/Screenshot_2019-04-30_12-32-43.png differ diff --git a/navicat-keygen.sln b/navicat-keygen.sln index 59ce178..9ae8039 100644 --- a/navicat-keygen.sln +++ b/navicat-keygen.sln @@ -1,13 +1,20 @@  Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio 14 -VisualStudioVersion = 14.0.25420.1 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.29215.179 MinimumVisualStudioVersion = 10.0.40219.1 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "navicat-keygen", "navicat-keygen\navicat-keygen.vcxproj", "{CB49F054-83AB-4C16-B73B-33D7DF696E16}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "navicat-keygen", "navicat-keygen\navicat-keygen.vcxproj", "{BA201764-EECF-4DA8-BCAD-7CFBA301FC9C}" EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "navicat-patcher", "navicat-patcher\navicat-patcher.vcxproj", "{30BE8CAB-6137-4441-9F64-599D0A6EEA0C}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "navicat-patcher", "navicat-patcher\navicat-patcher.vcxproj", "{7EE03EF3-D58D-4B53-913D-4A4DC8A29E34}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "common", "common\common.vcxitems", "{290C5D5E-52D2-4FEF-909F-27FD95AE0AF9}" EndProject Global + GlobalSection(SharedMSBuildProjectFiles) = preSolution + common\common.vcxitems*{290c5d5e-52d2-4fef-909f-27fd95ae0af9}*SharedItemsImports = 9 + common\common.vcxitems*{7ee03ef3-d58d-4b53-913d-4a4dc8a29e34}*SharedItemsImports = 4 + common\common.vcxitems*{ba201764-eecf-4da8-bcad-7cfba301fc9c}*SharedItemsImports = 4 + EndGlobalSection GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|x64 = Debug|x64 Debug|x86 = Debug|x86 @@ -15,24 +22,27 @@ Global Release|x86 = Release|x86 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution - {CB49F054-83AB-4C16-B73B-33D7DF696E16}.Debug|x64.ActiveCfg = Debug|x64 - {CB49F054-83AB-4C16-B73B-33D7DF696E16}.Debug|x64.Build.0 = Debug|x64 - {CB49F054-83AB-4C16-B73B-33D7DF696E16}.Debug|x86.ActiveCfg = Debug|Win32 - {CB49F054-83AB-4C16-B73B-33D7DF696E16}.Debug|x86.Build.0 = Debug|Win32 - {CB49F054-83AB-4C16-B73B-33D7DF696E16}.Release|x64.ActiveCfg = Release|x64 - {CB49F054-83AB-4C16-B73B-33D7DF696E16}.Release|x64.Build.0 = Release|x64 - {CB49F054-83AB-4C16-B73B-33D7DF696E16}.Release|x86.ActiveCfg = Release|Win32 - {CB49F054-83AB-4C16-B73B-33D7DF696E16}.Release|x86.Build.0 = Release|Win32 - {30BE8CAB-6137-4441-9F64-599D0A6EEA0C}.Debug|x64.ActiveCfg = Debug|x64 - {30BE8CAB-6137-4441-9F64-599D0A6EEA0C}.Debug|x64.Build.0 = Debug|x64 - {30BE8CAB-6137-4441-9F64-599D0A6EEA0C}.Debug|x86.ActiveCfg = Debug|Win32 - {30BE8CAB-6137-4441-9F64-599D0A6EEA0C}.Debug|x86.Build.0 = Debug|Win32 - {30BE8CAB-6137-4441-9F64-599D0A6EEA0C}.Release|x64.ActiveCfg = Release|x64 - {30BE8CAB-6137-4441-9F64-599D0A6EEA0C}.Release|x64.Build.0 = Release|x64 - {30BE8CAB-6137-4441-9F64-599D0A6EEA0C}.Release|x86.ActiveCfg = Release|Win32 - {30BE8CAB-6137-4441-9F64-599D0A6EEA0C}.Release|x86.Build.0 = Release|Win32 + {BA201764-EECF-4DA8-BCAD-7CFBA301FC9C}.Debug|x64.ActiveCfg = Debug|x64 + {BA201764-EECF-4DA8-BCAD-7CFBA301FC9C}.Debug|x64.Build.0 = Debug|x64 + {BA201764-EECF-4DA8-BCAD-7CFBA301FC9C}.Debug|x86.ActiveCfg = Debug|Win32 + {BA201764-EECF-4DA8-BCAD-7CFBA301FC9C}.Debug|x86.Build.0 = Debug|Win32 + {BA201764-EECF-4DA8-BCAD-7CFBA301FC9C}.Release|x64.ActiveCfg = Release|x64 + {BA201764-EECF-4DA8-BCAD-7CFBA301FC9C}.Release|x64.Build.0 = Release|x64 + {BA201764-EECF-4DA8-BCAD-7CFBA301FC9C}.Release|x86.ActiveCfg = Release|Win32 + {BA201764-EECF-4DA8-BCAD-7CFBA301FC9C}.Release|x86.Build.0 = Release|Win32 + {7EE03EF3-D58D-4B53-913D-4A4DC8A29E34}.Debug|x64.ActiveCfg = Debug|x64 + {7EE03EF3-D58D-4B53-913D-4A4DC8A29E34}.Debug|x64.Build.0 = Debug|x64 + {7EE03EF3-D58D-4B53-913D-4A4DC8A29E34}.Debug|x86.ActiveCfg = Debug|Win32 + {7EE03EF3-D58D-4B53-913D-4A4DC8A29E34}.Debug|x86.Build.0 = Debug|Win32 + {7EE03EF3-D58D-4B53-913D-4A4DC8A29E34}.Release|x64.ActiveCfg = Release|x64 + {7EE03EF3-D58D-4B53-913D-4A4DC8A29E34}.Release|x64.Build.0 = Release|x64 + {7EE03EF3-D58D-4B53-913D-4A4DC8A29E34}.Release|x86.ActiveCfg = Release|Win32 + {7EE03EF3-D58D-4B53-913D-4A4DC8A29E34}.Release|x86.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {CB1D6B65-6AEA-44E4-8698-0AEBDBC63CD2} + EndGlobalSection EndGlobal diff --git a/navicat-keygen/Base64.hpp b/navicat-keygen/Base64.hpp new file mode 100644 index 0000000..9a50e13 --- /dev/null +++ b/navicat-keygen/Base64.hpp @@ -0,0 +1,92 @@ +#pragma once +#include +#include +#include +#include +#include + +#pragma comment(lib, "Crypt32") + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-keygen\\Base64.hpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + std::xstring Base64Encode(const std::bytearray& Bytes) { + if (Bytes.empty()) { + return std::xstring(); + } else { + DWORD cchBase64String = 0; + std::xstring Base64String; + + auto bResult = CryptBinaryToString( + Bytes.data(), + static_cast(Bytes.size()), + CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, + NULL, + &cchBase64String + ); + if (bResult == FALSE) { + throw Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("CryptBinaryToString failed.")); + } + + Base64String.resize(cchBase64String - 1); + + bResult = CryptBinaryToString( + Bytes.data(), + static_cast(Bytes.size()), + CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, + Base64String.data(), + &cchBase64String + ); + if (bResult == FALSE) { + throw Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("CryptBinaryToString failed.")); + } + + return Base64String; + } + } + + std::bytearray Base64Decode(const std::xstring& Base64String) { + if (Base64String.empty()) { + return std::bytearray(); + } else { + DWORD cbBytes = 0; + std::bytearray Bytes; + + auto bResult = CryptStringToBinary( + Base64String.c_str(), + NULL, + CRYPT_STRING_BASE64, + NULL, + &cbBytes, + NULL, + NULL + ); + if (bResult == FALSE) { + throw Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("CryptStringToBinary failed.")) + .AddHint(TEXT("Are you sure it is a Base64 string?")); + } + + Bytes.resize(cbBytes); + + bResult = CryptStringToBinary( + Base64String.c_str(), + NULL, + CRYPT_STRING_BASE64, + Bytes.data(), + &cbBytes, + NULL, + NULL + ); + + if (bResult == FALSE) { + throw Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("CryptStringToBinary failed.")); + } + + return Bytes; + } + } +} diff --git a/navicat-keygen/CollectInformation.cpp b/navicat-keygen/CollectInformation.cpp new file mode 100644 index 0000000..b92b7a1 --- /dev/null +++ b/navicat-keygen/CollectInformation.cpp @@ -0,0 +1,152 @@ +#include "SerialNumberGenerator.hpp" +#include +#include + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-keygen\\CollectInformation.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace std { +#if defined(_UNICODE) || defined(UNICODE) + static auto& xcin = wcin; + static auto& xcout = wcout; + static auto& xcerr = wcerr; +#else + static auto& xcin = cin; + static auto& xcout = cout; + static auto& xcerr = cerr; +#endif +} + +namespace nkg { + + [[nodiscard]] + static int ReadInt(int MinVal, int MaxVal, PCTSTR lpszPrompt, PCTSTR lpszErrorMessage) { + int val; + std::xstring s; + while (true) { + std::xcout << lpszPrompt; + if (!std::getline(std::xcin, s)) { + throw UserAbortionError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Abort.")); + } + + if (s.empty()) + continue; + + try { + val = std::stoi(s, nullptr, 0); + if (MinVal <= val && val <= MaxVal) { + return val; + } else { + throw std::invalid_argument(""); + } + } catch (std::invalid_argument&) { + std::xcout << lpszErrorMessage << std::endl; + } + } + } + + [[nodiscard]] + static int ReadInt(int MinVal, int MaxVal, int DefaultVal, PCTSTR lpszPrompt, PCTSTR lpszErrorMessage) { + int val; + std::xstring s; + while (true) { + std::xcout << lpszPrompt; + if (!std::getline(std::xcin, s)) { + throw UserAbortionError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Abort.")); + } + + if (s.empty()) { + return DefaultVal; + } + + try { + val = std::stoi(s, nullptr, 0); + if (MinVal <= val && val <= MaxVal) { + return val; + } else { + throw std::invalid_argument(""); + } + } catch (std::invalid_argument&) { + std::xcout << lpszErrorMessage << std::endl; + } + } + } + + [[nodiscard]] + SerialNumberGenerator CollectInformationNormal() { + SerialNumberGenerator Generator; + + std::xcout << TEXT("[*] Select Navicat product:") << std::endl; + std::xcout << TEXT(" 0. DataModeler") << std::endl; + std::xcout << TEXT(" 1. Premium") << std::endl; + std::xcout << TEXT(" 2. MySQL") << std::endl; + std::xcout << TEXT(" 3. PostgreSQL") << std::endl; + std::xcout << TEXT(" 4. Oracle") << std::endl; + std::xcout << TEXT(" 5. SQLServer") << std::endl; + std::xcout << TEXT(" 6. SQLite") << std::endl; + std::xcout << TEXT(" 7. MariaDB") << std::endl; + std::xcout << TEXT(" 8. MongoDB") << std::endl; + std::xcout << TEXT(" 9. ReportViewer") << std::endl; + std::xcout << std::endl; + Generator.SetProductSignature( + static_cast(ReadInt(0, 9, TEXT("(Input index)> "), TEXT("Invalid index."))) + ); + + std::xcout << std::endl; + std::xcout << TEXT("[*] Select product language:") << std::endl; + std::xcout << TEXT(" 0. English") << std::endl; + std::xcout << TEXT(" 1. Simplified Chinese") << std::endl; + std::xcout << TEXT(" 2. Traditional Chinese") << std::endl; + std::xcout << TEXT(" 3. Japanese") << std::endl; + std::xcout << TEXT(" 4. Polish") << std::endl; + std::xcout << TEXT(" 5. Spanish") << std::endl; + std::xcout << TEXT(" 6. French") << std::endl; + std::xcout << TEXT(" 7. German") << std::endl; + std::xcout << TEXT(" 8. Korean") << std::endl; + std::xcout << TEXT(" 9. Russian") << std::endl; + std::xcout << TEXT(" 10. Portuguese") << std::endl; + std::xcout << std::endl; + Generator.SetLanguageSignature( + static_cast(ReadInt(0, 10, TEXT("(Input index)> "), TEXT("Invalid index."))) + ); + + std::xcout << std::endl; + std::xcout << TEXT("[*] Input major version number:") << std::endl; + Generator.SetVersion( + static_cast(ReadInt(0, 15, 12, TEXT("(range: 0 ~ 15, default: 12)> "), TEXT("Invalid number."))) + ); + + std::xcout << std::endl; + return Generator; + } + + [[nodiscard]] + SerialNumberGenerator CollectInformationAdvanced() { + SerialNumberGenerator Generator; + + std::xcout << TEXT("[*] Navicat Product Signature:") << std::endl; + Generator.SetProductSignature( + static_cast(ReadInt(0x00, 0xff, TEXT("(range: 0x00 ~ 0xFF)> "), TEXT("Invalid number."))) + ); + + std::xcout << std::endl; + std::xcout << TEXT("[*] Navicat Language Signature 0:") << std::endl; + auto s1 = static_cast(ReadInt(0x00, 0xff, TEXT("(range: 0x00 ~ 0xFF)> "), TEXT("Invalid number."))); + std::xcout << std::endl; + std::xcout << TEXT("[*] Navicat Language Signature 1:") << std::endl; + auto s2 = static_cast(ReadInt(0x00, 0xff, TEXT("(range: 0x00 ~ 0xFF)> "), TEXT("Invalid number."))); + Generator.SetLanguageSignature(s1, s2); + + std::xcout << std::endl; + std::xcout << TEXT("[*] Input major version number:") << std::endl; + Generator.SetVersion( + static_cast(ReadInt(0, 15, 12, TEXT("(range: 0 ~ 15, default: 12)> "), TEXT("Invalid number."))) + ); + + std::xcout << std::endl; + return Generator; + } +} + diff --git a/navicat-keygen/GenerateLicense.cpp b/navicat-keygen/GenerateLicense.cpp new file mode 100644 index 0000000..75e4505 --- /dev/null +++ b/navicat-keygen/GenerateLicense.cpp @@ -0,0 +1,241 @@ +#include +#include +#include + +#include +#include +#include +#include "Base64.hpp" +#include "SerialNumberGenerator.hpp" + +#include +#include +#include +#include +#include + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-keygen\\GenerateLicense.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace std { +#if defined(_UNICODE) || defined(UNICODE) + static auto & xcin = wcin; + static auto& xcout = wcout; + static auto& xcerr = wcerr; +#else + static auto& xcin = cin; + static auto& xcout = cout; + static auto& xcerr = cerr; +#endif +} + +namespace nkg { + + void GenerateLicenseText(const RSACipher& Cipher, const SerialNumberGenerator& Generator) { + std::xstring username; + std::xstring organization; + std::string utf8username; + std::string utf8organization; + + std::xstring b64RequestCode; + std::bytearray RequestCode; + std::string utf8RequestInfo; + std::string utf8ResponseInfo; + std::bytearray ResponseCode; + std::xstring b64ResponseCode; + + std::xcout << TEXT("[*] Your name: "); + if (!std::getline(std::xcin, username)) { + throw UserAbortionError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Abort.")); + } else { + utf8username = username.explicit_string(CP_UTF8); + } + + std::xcout << TEXT("[*] Your organization: "); + if (!std::getline(std::xcin, organization)) { + throw UserAbortionError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Abort.")); + } else { + utf8organization = organization.explicit_string(CP_UTF8); + } + + std::xcout << TEXT("[*] Input request code in Base64: (Input empty line to end)") << std::endl; + while (true) { + std::xstring temp; + if (!std::getline(std::xcin, temp)) { + throw UserAbortionError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Abort.")); + } + + if (temp.empty()) { + break; + } + + b64RequestCode.append(temp); + } + + RequestCode = Base64Decode(b64RequestCode); + + utf8RequestInfo.resize((Cipher.Bits() + 7) / 8); + Cipher.Decrypt(RequestCode.data(), RequestCode.size(), utf8RequestInfo.data(), RSA_PKCS1_PADDING); + while (utf8RequestInfo.back() == '\x00') { + utf8RequestInfo.pop_back(); + } + + std::xcout << TEXT("[*] Request Info:") << std::endl; + std::xcout << std::xstring(std::xstring_extension{}, utf8RequestInfo, CP_UTF8) << std::endl; + std::xcout << std::endl; + + rapidjson::Document json; + rapidjson::Value N_Key; + rapidjson::Value N_Value; + rapidjson::Value O_Key; + rapidjson::Value O_Value; + rapidjson::Value T_Key; + rapidjson::Value T_Value; + rapidjson::StringBuffer buffer; + rapidjson::Writer writer(buffer); + + // + // Begin to parse + // + json.Parse(utf8RequestInfo.c_str()); + // + // Remove "Platform" info + // + json.RemoveMember("P"); + // + // Set "Name" info + // + N_Key.SetString("N", 1); + N_Value.SetString(utf8username.c_str(), static_cast(utf8username.length())); + // + // Set "Organization" info + // + O_Key.SetString("O", 1); + O_Value.SetString(utf8organization.c_str(), static_cast(utf8organization.length())); + // + // Set "Time" info + // + T_Key.SetString("T", 1); + T_Value.SetUint(static_cast(std::time(nullptr))); + // + // Add "Name", "Organization" and "Time" + // + json.AddMember(N_Key, N_Value, json.GetAllocator()); + json.AddMember(O_Key, O_Value, json.GetAllocator()); + json.AddMember(T_Key, T_Value, json.GetAllocator()); + + json.Accept(writer); + if (buffer.GetSize() > 240) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Response info is too long.")); + } + + utf8ResponseInfo.assign(buffer.GetString(), buffer.GetSize()); + + std::xcout << TEXT("[*] Response Info:") << std::endl; + std::xcout << std::xstring(std::xstring_extension{}, utf8ResponseInfo, CP_UTF8) << std::endl; + std::xcout << std::endl; + + ResponseCode.resize((Cipher.Bits() + 7) / 8); + Cipher.Encrypt(utf8ResponseInfo.data(), utf8ResponseInfo.size(), ResponseCode.data(), RSA_PKCS1_PADDING); + b64ResponseCode = Base64Encode(ResponseCode); + + std::xcout << TEXT("[*] Activation Code:") << std::endl; + std::xcout << b64ResponseCode << std::endl; + std::xcout << std::endl; + } + + void GenerateLicenseBinary(const RSACipher& Cipher, const SerialNumberGenerator& Generator) { + ResourceOwned hLicenseFile(FileHandleTraits{}); + + std::string utf8SerialNumber = Generator.GetSerialNumberShort().explicit_string(CP_UTF8); + + std::xstring username; + std::xstring organization; + std::string utf8username; + std::string utf8organization; + + std::string utf8ResponseInfo; + std::bytearray ResponseCode; + + std::xcout << TEXT("[*] Your name: "); + if (!std::getline(std::xcin, username)) { + throw UserAbortionError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Abort.")); + } else { + utf8username = username.explicit_string(CP_UTF8); + } + + std::xcout << TEXT("[*] Your organization: "); + if (!std::getline(std::xcin, organization)) { + throw UserAbortionError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Abort.")); + } else { + utf8organization = organization.explicit_string(CP_UTF8); + } + + rapidjson::Document json; + rapidjson::Value N_Key; + rapidjson::Value N_Value; + rapidjson::Value O_Key; + rapidjson::Value O_Value; + rapidjson::Value T_Key; + rapidjson::Value T_Value; + rapidjson::Value K_Key; + rapidjson::Value K_Value; + rapidjson::StringBuffer buffer; + rapidjson::Writer writer(buffer); + + json.Parse("{}"); + K_Key.SetString("K", 1); + K_Value.SetString(utf8SerialNumber.c_str(), static_cast(utf8SerialNumber.length())); + N_Key.SetString("N", 1); + N_Value.SetString(utf8username.c_str(), static_cast(utf8username.length())); + O_Key.SetString("O", 1); + O_Value.SetString(utf8organization.c_str(), static_cast(utf8organization.length())); + T_Key.SetString("T", 1); + T_Value.SetUint(static_cast(std::time(nullptr))); + + json.AddMember(K_Key, K_Value, json.GetAllocator()); + json.AddMember(N_Key, N_Value, json.GetAllocator()); + json.AddMember(O_Key, O_Value, json.GetAllocator()); + json.AddMember(T_Key, T_Value, json.GetAllocator()); + + json.Accept(writer); + if (buffer.GetSize() > 240) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Response info is too long.")); + } + + utf8ResponseInfo.assign(buffer.GetString(), buffer.GetSize()); + + std::xcout << TEXT("[*] Response Info:") << std::endl; + std::xcout << std::xstring(std::xstring_extension{}, utf8ResponseInfo, CP_UTF8) << std::endl; + std::xcout << std::endl; + + ResponseCode.resize((Cipher.Bits() + 7) / 8); + Cipher.Encrypt(utf8ResponseInfo.data(), utf8ResponseInfo.size(), ResponseCode.data(), RSA_PKCS1_PADDING); + + hLicenseFile.TakeOver( + CreateFile( + TEXT("license_file"), + GENERIC_WRITE, + 0, + NULL, + CREATE_ALWAYS, + FILE_ATTRIBUTE_NORMAL, + NULL + ) + ); + if (hLicenseFile.IsValid() == false) { + throw Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("CreateFile failed.")); + } + + DWORD NumberOfBytesWritten; + if (!WriteFile(hLicenseFile, ResponseCode.data(), static_cast(ResponseCode.size()), &NumberOfBytesWritten, NULL)) { + throw Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("WriteFile failed.")); + } + + std::xcout << TEXT("[+] license_file has been generated.") << std::endl; + + + } +} diff --git a/navicat-keygen/SerialNumberGenerator.cpp b/navicat-keygen/SerialNumberGenerator.cpp new file mode 100644 index 0000000..9211a93 --- /dev/null +++ b/navicat-keygen/SerialNumberGenerator.cpp @@ -0,0 +1,195 @@ +#include "SerialNumberGenerator.hpp" +#include +#include +#include +#include + +#pragma comment(lib, "Advapi32") + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-keygen\\NavicatKeygen.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace std { +#if defined(_UNICODE) || defined(UNICODE) + static auto & xcin = wcin; + static auto& xcout = wcout; + static auto& xcerr = wcerr; +#else + static auto& xcin = cin; + static auto& xcout = cout; + static auto& xcerr = cerr; +#endif +} + +namespace nkg { + + SerialNumberGenerator::SerialNumberGenerator() noexcept : + _Data{ 0x68 , 0x2A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x32 } {} + + void SerialNumberGenerator::SetLanguageSignature(NavicatLanguage Language) noexcept { + switch (Language) { + case NavicatLanguage::English: + _Data[5] = 0xAC; // Must be 0xAC for English version. + _Data[6] = 0x88; // Must be 0x88 for English version. + break; + case NavicatLanguage::SimplifiedChinese: + _Data[5] = 0xCE; // Must be 0xCE for Simplified Chinese version. + _Data[6] = 0x32; // Must be 0x32 for Simplified Chinese version. + break; + case NavicatLanguage::TraditionalChinese: + _Data[5] = 0xAA; // Must be 0xAA for Traditional Chinese version. + _Data[6] = 0x99; // Must be 0x99 for Traditional Chinese version. + break; + case NavicatLanguage::Japanese: + _Data[5] = 0xAD; // Must be 0xAD for Japanese version. Discoverer: @dragonflylee + _Data[6] = 0x82; // Must be 0x82 for Japanese version. Discoverer: @dragonflylee + break; + case NavicatLanguage::Polish: + _Data[5] = 0xBB; // Must be 0xBB for Polish version. Discoverer: @dragonflylee + _Data[6] = 0x55; // Must be 0x55 for Polish version. Discoverer: @dragonflylee + break; + case NavicatLanguage::Spanish: + _Data[5] = 0xAE; // Must be 0xAE for Spanish version. Discoverer: @dragonflylee + _Data[6] = 0x10; // Must be 0x10 for Spanish version. Discoverer: @dragonflylee + break; + case NavicatLanguage::French: + _Data[5] = 0xFA; // Must be 0xFA for French version. Discoverer: @Deltafox79 + _Data[6] = 0x20; // Must be 0x20 for French version. Discoverer: @Deltafox79 + break; + case NavicatLanguage::German: + _Data[5] = 0xB1; // Must be 0xB1 for German version. Discoverer: @dragonflylee + _Data[6] = 0x60; // Must be 0x60 for German version. Discoverer: @dragonflylee + break; + case NavicatLanguage::Korean: + _Data[5] = 0xB5; // Must be 0xB5 for Korean version. Discoverer: @dragonflylee + _Data[6] = 0x60; // Must be 0x60 for Korean version. Discoverer: @dragonflylee + break; + case NavicatLanguage::Russian: + _Data[5] = 0xEE; // Must be 0xB5 for Russian version. Discoverer: @dragonflylee + _Data[6] = 0x16; // Must be 0x60 for Russian version. Discoverer: @dragonflylee + break; + case NavicatLanguage::Portuguese: + _Data[5] = 0xCD; // Must be 0xCD for Portuguese version. Discoverer: @dragonflylee + _Data[6] = 0x49; // Must be 0x49 for Portuguese version. Discoverer: @dragonflylee + break; + default: + break; + } + } + + void SerialNumberGenerator::SetLanguageSignature(BYTE LanguageSignature0, BYTE LanguageSignature1) noexcept { + _Data[5] = LanguageSignature0; + _Data[6] = LanguageSignature1; + } + + void SerialNumberGenerator::SetProductSignature(NavicatProductType ProductType) noexcept { + switch (ProductType) { + case NavicatProductType::DataModeler: + _Data[7] = 0x84; + break; + case NavicatProductType::Premium: + _Data[7] = 0x65; + break; + case NavicatProductType::MySQL: + _Data[7] = 0x68; + break; + case NavicatProductType::PostgreSQL: + _Data[7] = 0x6C; + break; + case NavicatProductType::Oracle: + _Data[7] = 0x70; + break; + case NavicatProductType::SQLServer: + _Data[7] = 0x74; + break; + case NavicatProductType::SQLite: + _Data[7] = 0x78; + break; + case NavicatProductType::MariaDB: + _Data[7] = 0x7C; + break; + case NavicatProductType::MongoDB: + _Data[7] = 0x80; + break; + case NavicatProductType::ReportViewer: + _Data[7] = 0xb; + default: + break; + } + } + + void SerialNumberGenerator::SetProductSignature(BYTE ProductSignature) noexcept { + _Data[7] = ProductSignature; + } + + void SerialNumberGenerator::SetVersion(BYTE Version) { + if (Version < 0x10) { + _Data[8] = static_cast(Version << 4); + } else { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Invalid version for Navicat.")); + } + } + + void SerialNumberGenerator::Generate() { + static const TCHAR EncodeTable[] = TEXT("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"); + + RtlGenRandom(_Data + 2, 3); + + const_DES_cblock key = { 0x64, 0xAD, 0xF3, 0x2F, 0xAE, 0xF2, 0x1A, 0x27 }; + DES_key_schedule schedule; + DES_set_key_unchecked(&key, &schedule); + DES_ecb_encrypt( + reinterpret_cast(_Data + 2), + reinterpret_cast(_Data + 2), + &schedule, + DES_ENCRYPT + ); + + _SerialNumberShort.resize(16); + + _SerialNumberShort[0] = EncodeTable[_Data[0] >> 3]; + _SerialNumberShort[1] = EncodeTable[(_Data[0] & 0x07) << 2 | _Data[1] >> 6]; + _SerialNumberShort[2] = EncodeTable[_Data[1] >> 1 & 0x1F]; + _SerialNumberShort[3] = EncodeTable[(_Data[1] & 0x1) << 4 | _Data[2] >> 4]; + _SerialNumberShort[4] = EncodeTable[(_Data[2] & 0xF) << 1 | _Data[3] >> 7]; + _SerialNumberShort[5] = EncodeTable[_Data[3] >> 2 & 0x1F]; + _SerialNumberShort[6] = EncodeTable[_Data[3] << 3 & 0x1F | _Data[4] >> 5]; + _SerialNumberShort[7] = EncodeTable[_Data[4] & 0x1F]; + + _SerialNumberShort[8] = EncodeTable[_Data[5] >> 3]; + _SerialNumberShort[9] = EncodeTable[(_Data[5] & 0x07) << 2 | _Data[6] >> 6]; + _SerialNumberShort[10] = EncodeTable[_Data[6] >> 1 & 0x1F]; + _SerialNumberShort[11] = EncodeTable[(_Data[6] & 0x1) << 4 | _Data[7] >> 4]; + _SerialNumberShort[12] = EncodeTable[(_Data[7] & 0xF) << 1 | _Data[8] >> 7]; + _SerialNumberShort[13] = EncodeTable[_Data[8] >> 2 & 0x1F]; + _SerialNumberShort[14] = EncodeTable[_Data[8] << 3 & 0x1F | _Data[9] >> 5]; + _SerialNumberShort[15] = EncodeTable[_Data[9] & 0x1F]; + + _SerialNumberLong = std::xstring::format( + TEXT("%.4s-%.4s-%.4s-%.4s"), + _SerialNumberShort.c_str() + 0, + _SerialNumberShort.c_str() + 4, + _SerialNumberShort.c_str() + 8, + _SerialNumberShort.c_str() + 12 + ); + } + + [[nodiscard]] + const std::xstring& SerialNumberGenerator::GetSerialNumberShort() const noexcept { + return _SerialNumberShort; + } + + [[nodiscard]] + const std::xstring& SerialNumberGenerator::GetSerialNumberLong() const noexcept { + return _SerialNumberLong; + } + + void SerialNumberGenerator::ShowInConsole() const { + std::xcout << TEXT("[*] Serial number:") << std::endl; + std::xcout << _SerialNumberLong << std::endl; + std::xcout << std::endl; + } +} + diff --git a/navicat-keygen/SerialNumberGenerator.hpp b/navicat-keygen/SerialNumberGenerator.hpp new file mode 100644 index 0000000..8289f2b --- /dev/null +++ b/navicat-keygen/SerialNumberGenerator.hpp @@ -0,0 +1,64 @@ +#pragma once +#include +#include + +namespace nkg { + + enum class NavicatLanguage { + English, + SimplifiedChinese, + TraditionalChinese, + Japanese, + Polish, + Spanish, + French, + German, + Korean, + Russian, + Portuguese + }; + + enum class NavicatProductType { + DataModeler, + Premium, + MySQL, + PostgreSQL, + Oracle, + SQLServer, + SQLite, + MariaDB, + MongoDB, + ReportViewer + }; + + class SerialNumberGenerator { + private: + + BYTE _Data[10]; + std::xstring _SerialNumberShort; + std::xstring _SerialNumberLong; + + public: + + SerialNumberGenerator() noexcept; + + void SetLanguageSignature(NavicatLanguage Language) noexcept; + void SetLanguageSignature(BYTE LanguageSignature0, BYTE LanguageSignature1) noexcept; + + void SetProductSignature(NavicatProductType ProductType) noexcept; + void SetProductSignature(BYTE ProductSignature) noexcept; + + void SetVersion(BYTE Version); + + void Generate(); + + [[nodiscard]] + const std::xstring& GetSerialNumberShort() const noexcept; + [[nodiscard]] + const std::xstring& GetSerialNumberLong() const noexcept; + + void ShowInConsole() const; + }; + +} + diff --git a/navicat-keygen/_tmain.cpp b/navicat-keygen/_tmain.cpp index 0a7be2f..de1dec9 100644 --- a/navicat-keygen/_tmain.cpp +++ b/navicat-keygen/_tmain.cpp @@ -1,256 +1,117 @@ #include +#include #include -#include - -#include -#include -#include -#include -#include - -#pragma comment(lib, "Crypt32.lib") -#pragma comment(lib, "libcrypto.lib") - -#define NAVICAT_12 - -void GenerateSnKey(char(&SnKey)[16]) { - static char EncodeTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; - static DES_cblock DESKey = { 0x64, 0xAD, 0xF3, 0x2F, 0xAE, 0xF2, 0x1A, 0x27 }; - - BYTE temp_snKey[10] = { 0x68, 0x2a }; // must start with 0x68, 0x2a - temp_snKey[2] = rand(); - temp_snKey[3] = rand(); - temp_snKey[4] = rand(); - temp_snKey[5] = 0xCE; // must be 0xCE - temp_snKey[6] = 0x32; // must be 0x32 -#if defined(NAVICAT_12) - temp_snKey[7] = 0x65; // 0x65 - commercial, 0x66 - non-commercial - temp_snKey[8] = 0xC0; // High 4-bits = version number. Low 4-bits doesn't know, but can be used to delay activation time. -#elif defined(NAVICAT_11) - temp_snKey[7] = 0x15; // 0x15 - commercial, 0x16 - non-commercial - temp_snKey[8] = 0xB0; // High 4-bits = version number. Low 4-bits doesn't know, but can be used to delay activation time. -#endif - temp_snKey[9] = 0x70; // 0xfd, 0xfc, 0xfb if you want to use not-for-resale license. - - DES_key_schedule schedule; - DES_set_key_unchecked(&DESKey, &schedule); - DES_cblock enc_temp_snKey; - - DES_ecb_encrypt(reinterpret_cast(temp_snKey + 2), &enc_temp_snKey, &schedule, DES_ENCRYPT); - memmove_s(temp_snKey + 2, sizeof(enc_temp_snKey), enc_temp_snKey, sizeof(enc_temp_snKey)); - - SnKey[0] = EncodeTable[temp_snKey[0] >> 3]; - SnKey[1] = EncodeTable[(temp_snKey[0] & 0x07) << 2 | temp_snKey[1] >> 6]; - SnKey[2] = EncodeTable[temp_snKey[1] >> 1 & 0x1F]; - SnKey[3] = EncodeTable[(temp_snKey[1] & 0x1) << 4 | temp_snKey[2] >> 4]; - SnKey[4] = EncodeTable[(temp_snKey[2] & 0xF) << 1 | temp_snKey[3] >> 7]; - SnKey[5] = EncodeTable[temp_snKey[3] >> 2 & 0x1F]; - SnKey[6] = EncodeTable[temp_snKey[3] << 3 & 0x1F | temp_snKey[4] >> 5]; - SnKey[7] = EncodeTable[temp_snKey[4] & 0x1F]; - - SnKey[8] = EncodeTable[temp_snKey[5] >> 3]; - SnKey[9] = EncodeTable[(temp_snKey[5] & 0x07) << 2 | temp_snKey[6] >> 6]; - SnKey[10] = EncodeTable[temp_snKey[6] >> 1 & 0x1F]; - SnKey[11] = EncodeTable[(temp_snKey[6] & 0x1) << 4 | temp_snKey[7] >> 4]; - SnKey[12] = EncodeTable[(temp_snKey[7] & 0xF) << 1 | temp_snKey[8] >> 7]; - SnKey[13] = EncodeTable[temp_snKey[8] >> 2 & 0x1F]; - SnKey[14] = EncodeTable[temp_snKey[8] << 3 & 0x1F | temp_snKey[9] >> 5]; - SnKey[15] = EncodeTable[temp_snKey[9] & 0x1F]; - - _tprintf_s(TEXT("\r\n")); - _tprintf_s(TEXT("SnKey:\r\n")); - _tprintf_s(TEXT("%.4hs-%.4hs-%.4hs-%.4hs\r\n"), SnKey, SnKey + 4, SnKey + 8, SnKey + 12); - _tprintf_s(TEXT("\r\n")); +#include +#include +#include +#include "SerialNumberGenerator.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-keygen\\_tmain.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + using fnCollectInformation = SerialNumberGenerator(); + using fnGenerateLicense = void(const RSACipher& Cipher, const SerialNumberGenerator& Generator); + + SerialNumberGenerator CollectInformationNormal(); + SerialNumberGenerator CollectInformationAdvanced(); + void GenerateLicenseText(const RSACipher& Cipher, const SerialNumberGenerator& Generator); + void GenerateLicenseBinary(const RSACipher& Cipher, const SerialNumberGenerator& Generator); } -BOOL GenerateLicense(RSA* RSAPrivateKey, - const char* SnKey, - const char* Name, - const char* Organization, - const char* DI) { - - char LicenseJson[2048 / 8] = { }; -#if defined(NAVICAT_12) - sprintf_s(LicenseJson, "{\"K\":\"%.16s\", \"N\":\"%s\", \"O\":\"%s\", \"DI\":\"%s\"}", SnKey, Name, Organization, DI); -#elif defined(NAVICAT_11) - sprintf_s(LicenseJson, "{\"K\":\"%.16s\", \"N\":\"%s\", \"O\":\"%s\"}", SnKey, Name, Organization); -#endif - unsigned char License[2048 / 8] = { }; - RSA_private_encrypt(strlen(LicenseJson), - reinterpret_cast(LicenseJson), - License, - RSAPrivateKey, - RSA_PKCS1_PADDING); - -#if defined(NAVICAT_12) - DWORD LicenseStringLength = 1024; - TCHAR LicenseString[1024] = { }; - if (!CryptBinaryToString(License, sizeof(License), CRYPT_STRING_BASE64, LicenseString, &LicenseStringLength)) { - _tprintf_s(TEXT("Cannot get Base64 string. CODE: 0x%08x\r\n"), GetLastError()); - return FALSE; - } - - _tprintf_s(TEXT("License:\r\n%s"), LicenseString); - return TRUE; -#elif defined(NAVICAT_11) - HANDLE hLicenseFile = CreateFile(TEXT("license_file"), GENERIC_ALL, NULL, nullptr, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, nullptr); - if (hLicenseFile == NULL) - return FALSE; - - if (!WriteFile(hLicenseFile, License, sizeof(License), nullptr, nullptr)) { - CloseHandle(hLicenseFile); - return FALSE; - } - - CloseHandle(hLicenseFile); - return TRUE; -#endif - +static void Welcome() { + _putts(TEXT("***************************************************")); + _putts(TEXT("* Navicat Keygen by @DoubleLabyrinth *")); + _putts(TEXT("* Version: 4.0 *")); + _putts(TEXT("***************************************************")); + _putts(TEXT("")); } -int _tmain(int argc, TCHAR* argv[]) { - if (argc != 2) { - _tprintf_s(TEXT("Usage:\r\n")); - _tprintf_s(TEXT(" navicat-keygen.exe \r\n")); - return -1; - } - - srand(time(nullptr)); - -#ifdef UNICODE - char pem_file_path[256] = { }; - sprintf_s(pem_file_path, "%S", argv[1]); -#else - char* pem_file_path = argv[1]; -#endif - - RSA* PrivateKey = nullptr; - BIO* PrivateKeyFile = BIO_new(BIO_s_file()); - BIO_read_filename(PrivateKeyFile, pem_file_path); - PrivateKey = PEM_read_bio_RSAPrivateKey(PrivateKeyFile, nullptr, nullptr, nullptr); - BIO_free_all(PrivateKeyFile); - - if (PrivateKey == nullptr) { - _tprintf_s(TEXT("Failed to load private key.\r\n")); - return -2; - } - - TCHAR tName[64] = { }; - TCHAR tOrganization[64] = { }; - { - DWORD ReadCount; +static void Help() { + _putts(TEXT("Usage:")); + _putts(TEXT(" navicat-keygen.exe <-bin|-text> [-adv] ")); + _putts(TEXT("")); + _putts(TEXT(" <-bin|-text> Specify \"-bin\" to generate \"license_file\" used by Navicat 11.")); + _putts(TEXT(" Specify \"-text\" to generate base64-encoded activation code.")); + _putts(TEXT(" This parameter must be specified.")); + _putts(TEXT("")); + _putts(TEXT(" [-adv] Enable advance mode.")); + _putts(TEXT(" This parameter is optional.")); + _putts(TEXT("")); + _putts(TEXT(" A path to an RSA-2048 private key file.")); + _putts(TEXT(" This parameter must be specified.")); + _putts(TEXT("")); + _putts(TEXT("Example:")); + _putts(TEXT(" navicat-keygen.exe -text .\\RegPrivateKey.pem")); +} - _tprintf_s(TEXT("Your name: ")); - ReadConsole(GetStdHandle(STD_INPUT_HANDLE), tName, 64, &ReadCount, nullptr); - tName[ReadCount - 2] = 0; - tName[ReadCount - 1] = 0; - _tprintf_s(TEXT("Your organization: ")); - ReadConsole(GetStdHandle(STD_INPUT_HANDLE), tOrganization, 64, &ReadCount, nullptr); - tOrganization[ReadCount - 2] = 0; - tOrganization[ReadCount - 1] = 0; - } +int _tmain(int argc, PTSTR argv[]) { + Welcome(); -#ifdef UNICODE - char Name[64] = { }; - char Organization[64] = { }; + if (argc == 3 || argc == 4) { + nkg::fnCollectInformation* lpfnCollectInformation = nullptr; + nkg::fnGenerateLicense* lpfnGenerateLicense = nullptr; - if (WideCharToMultiByte(CP_UTF8, WC_ERR_INVALID_CHARS, - tName, _tcslen(tName), - Name, 64, - NULL, - NULL) == 0) { - _tprintf_s(TEXT("Failed to convert name to UTF-8. CODE: 0x%08x\r\n"), GetLastError()); - RSA_free(PrivateKey); - return GetLastError(); - } + if (_tcsicmp(argv[1], TEXT("-bin")) == 0) { + lpfnGenerateLicense = nkg::GenerateLicenseBinary; + } else if (_tcsicmp(argv[1], TEXT("-text")) == 0) { + lpfnGenerateLicense = nkg::GenerateLicenseText; + } else { + Help(); + return -1; + } - if (WideCharToMultiByte(CP_UTF8, WC_ERR_INVALID_CHARS, - tOrganization, _tcslen(tOrganization), - Organization, 64, - NULL, - NULL) == 0) { - _tprintf_s(TEXT("Failed to convert name to UTF-8. CODE: 0x%08x\r\n"), GetLastError()); - RSA_free(PrivateKey); - return GetLastError(); - } -#else - char* Name = tName; - char* Organization = tOrganization; -#endif - - char SnKey[16] = { }; - GenerateSnKey(SnKey); + if (argc == 4) { + if (_tcsicmp(argv[2], TEXT("-adv")) == 0) { + lpfnCollectInformation = nkg::CollectInformationAdvanced; + } else { + Help(); + return -1; + } + } else { + lpfnCollectInformation = nkg::CollectInformationNormal; + } - TCHAR Base64String[1024] = { }; - _tprintf_s(TEXT("Input request code (in Base64), empty line to return:\r\n")); - for (TCHAR* cur = Base64String; cur < Base64String + 1024;) { - DWORD ReadCount; - if (!ReadConsole(GetStdHandle(STD_INPUT_HANDLE), cur, Base64String + 1024 - cur, &ReadCount, NULL)) - break; + try { + nkg::RSACipher Cipher; - cur += ReadCount; -#ifdef UNICODE - if (*reinterpret_cast(cur - 4) == '\r\0\n\0') - break; -#else - if (*reinterpret_cast(cur - 4) == '\r\n\r\n') - break; -#endif - } - Base64String[1024 - 1] = NULL; + Cipher.ImportKeyFromFile(argv[argc - 1]); + if (Cipher.Bits() != 2048) { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("RSA key length mismatches.")) + .AddHint(TEXT("You must provide an RSA key whose modulus length is 2048 bits.")); + } - BYTE enc_request_code[1024] = { }; - DWORD enc_request_code_length = 1024; - if (!CryptStringToBinary(Base64String, NULL, CRYPT_STRING_BASE64, enc_request_code, &enc_request_code_length, NULL, NULL)) { - _tprintf_s(TEXT("Failed to decode Base64 string. CODE: 0x%08x\r\n"), GetLastError()); - RSA_free(PrivateKey); - return GetLastError(); - } + auto Generator = lpfnCollectInformation(); - char request_code[1024] = { }; - if (!RSA_private_decrypt(enc_request_code_length, - enc_request_code, - reinterpret_cast(request_code), - PrivateKey, RSA_PKCS1_PADDING)) { - _tprintf_s(TEXT("Failed to decrypt request code.\r\n")); - RSA_free(PrivateKey); - return -3; - } + Generator.Generate(); + Generator.ShowInConsole(); - //-------------------------------------------------------------------- + lpfnGenerateLicense(Cipher, Generator); - if (strlen(request_code) >= 256) { - _tprintf_s(TEXT("Not a valid request code.\r\n")); - RSA_free(PrivateKey); - return -4; - } + return 0; + } catch (nkg::UserAbortionError&) { + return -1; + } catch (nkg::Exception& e) { + _tprintf_s(TEXT("[-] %s:%zu ->\n"), e.File(), e.Line()); + _tprintf_s(TEXT(" %s\n"), e.Message()); - char* DI_ptr = request_code; - for (; DI_ptr < request_code + 256; DI_ptr++) { - if (*reinterpret_cast(DI_ptr) == '"ID"') { - DI_ptr += 4; - while (*DI_ptr++ != '"'); - break; - } - } + if (e.HasErrorCode()) { + _tprintf_s(TEXT(" %s (0x%zx)\n"), e.ErrorString(), e.ErrorCode()); + } - if (DI_ptr >= request_code + 256) { - _tprintf_s(TEXT("Not a valid request code.\r\n")); - RSA_free(PrivateKey); - return -5; - } + for (auto& Hint : e.Hints()) { + _tprintf_s(TEXT(" Hints: %s\n"), Hint.c_str()); + } - for (char* ptr = DI_ptr; ptr < request_code + 256; ptr++) { - if (*ptr == '"') { - *ptr = 0; - break; + return -1; + } catch (std::exception& e) { + _tprintf_s(TEXT("[-] %hs\n"), e.what()); + return -1; } + } else { + Help(); + return -1; } - - //------------------------------------------------------------------- - - GenerateLicense(PrivateKey, SnKey, Name, Organization, DI_ptr); - - RSA_free(PrivateKey); - return 0; -} \ No newline at end of file +} diff --git a/navicat-keygen/navicat-keygen.vcxproj b/navicat-keygen/navicat-keygen.vcxproj index 3aba5bd..7ab4edd 100644 --- a/navicat-keygen/navicat-keygen.vcxproj +++ b/navicat-keygen/navicat-keygen.vcxproj @@ -1,5 +1,5 @@ - - + + Debug @@ -19,42 +19,50 @@ - {CB49F054-83AB-4C16-B73B-33D7DF696E16} + 16.0 + {BA201764-EECF-4DA8-BCAD-7CFBA301FC9C} Win32Proj navicatkeygen - 8.1 + 10.0 + x86-windows-static + x64-windows-static Application true - v140 + v142 Unicode + false Application false - v140 + v142 true Unicode + false Application true - v140 + v142 Unicode + false Application false - v140 + v142 true Unicode + false + @@ -71,28 +79,32 @@ true + $(SolutionDir)bin\$(Platform)-$(Configuration)\ + $(SolutionDir)obj\$(Platform)-$(Configuration)\$(ProjectName)\ true - D:\OpenSSL-Win64\include;$(IncludePath) - D:\OpenSSL-Win64\lib;$(LibraryPath) + $(SolutionDir)bin\$(Platform)-$(Configuration)\ + $(SolutionDir)obj\$(Platform)-$(Configuration)\$(ProjectName)\ false + $(SolutionDir)bin\$(Platform)-$(Configuration)\ + $(SolutionDir)obj\$(Platform)-$(Configuration)\$(ProjectName)\ false - D:\OpenSSL-Win64\include;$(IncludePath) - D:\OpenSSL-Win64\lib;$(LibraryPath) + $(SolutionDir)bin\$(Platform)-$(Configuration)\ + $(SolutionDir)obj\$(Platform)-$(Configuration)\$(ProjectName)\ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp17 MultiThreadedDebug @@ -102,12 +114,12 @@ - - Level3 Disabled - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp17 MultiThreadedDebug @@ -118,13 +130,13 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp17 MultiThreaded @@ -137,13 +149,13 @@ Level3 - - MaxSpeed true true - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp17 MultiThreaded @@ -154,8 +166,15 @@ + + + + + + + diff --git a/navicat-keygen/navicat-keygen.vcxproj.filters b/navicat-keygen/navicat-keygen.vcxproj.filters index 0043367..3a267c9 100644 --- a/navicat-keygen/navicat-keygen.vcxproj.filters +++ b/navicat-keygen/navicat-keygen.vcxproj.filters @@ -7,7 +7,7 @@ {93995380-89BD-4b04-88EB-625FBE52EBFB} - h;hh;hpp;hxx;hm;inl;inc;xsd + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} @@ -18,5 +18,22 @@ 源文件 + + 源文件 + + + 源文件 + + + 源文件 + + + + + 头文件 + + + 头文件 + \ No newline at end of file diff --git a/navicat-keygen/navicat-keygen.vcxproj.user b/navicat-keygen/navicat-keygen.vcxproj.user new file mode 100644 index 0000000..966b4ff --- /dev/null +++ b/navicat-keygen/navicat-keygen.vcxproj.user @@ -0,0 +1,6 @@ + + + + true + + \ No newline at end of file diff --git a/navicat-patcher/CapstoneDisassembler.cpp b/navicat-patcher/CapstoneDisassembler.cpp new file mode 100644 index 0000000..f619e4e --- /dev/null +++ b/navicat-patcher/CapstoneDisassembler.cpp @@ -0,0 +1,98 @@ +#include "CapstoneDisassembler.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\CapstoneDisassembler.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + CapstoneDisassembler::CapstoneDisassembler(const CapstoneEngine& Engine) : + ResourceOwned(cs_malloc(Engine)), + _Engine(Engine), + _CurrentState{}, + _NextState{}, + _lpCurrentInsn(nullptr) + { + if (IsValid() == false) { + throw CapstoneError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), cs_errno(Engine), TEXT("cs_malloc failed.")); + } + } + + CapstoneDisassembler::CapstoneDisassembler(CapstoneDisassembler&& Other) noexcept : + ResourceOwned(static_cast&&>(Other)), + _Engine(Other._Engine), + _CurrentState(Other._CurrentState), + _NextState(Other._NextState), + _lpCurrentInsn(Other._lpCurrentInsn) {} + + CapstoneDisassembler& CapstoneDisassembler::SetContext(const CapstoneContext& Ctx) noexcept { + _lpCurrentInsn = nullptr; + + _CurrentState.lpMachineCode = nullptr; + _CurrentState.cbMachineCode = 0; + _CurrentState.Address = 0; + + _NextState = Ctx; + + return *this; + } + + [[nodiscard]] + const CapstoneContext& CapstoneDisassembler::GetContext() const noexcept { + return _NextState; + } + + [[nodiscard]] + bool CapstoneDisassembler::Next() noexcept { + bool bSucceed; + CapstoneContext backup = _NextState; + + bSucceed = cs_disasm_iter(_Engine.Get(), reinterpret_cast(&_NextState.lpMachineCode), &_NextState.cbMachineCode, &_NextState.Address, Get()); + if (bSucceed) { + if (_lpCurrentInsn == nullptr) { + _lpCurrentInsn = Get(); + } + + _CurrentState = backup; + } else { + _lpCurrentInsn = nullptr; + } + + return bSucceed; + } + + [[nodiscard]] + const cs_insn* CapstoneDisassembler::GetInstruction() const noexcept { + return _lpCurrentInsn; + } + + [[nodiscard]] + const CapstoneContext& CapstoneDisassembler::GetInstructionContext() const noexcept { + return _CurrentState; + } + + CapstoneEngine::CapstoneEngine(cs_arch ArchType, cs_mode Mode) { + auto err = cs_open(ArchType, Mode, GetAddressOf()); + if (err != CS_ERR_OK) { + throw CapstoneError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), err, TEXT("cs_open failed.")); + } + } + + void CapstoneEngine::Option(cs_opt_type Type, cs_opt_value Value) { + auto err = cs_option(Get(), Type, Value); + if (err != CS_ERR_OK) { + throw CapstoneError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), err, TEXT("cs_option failed.")); + } + } + + const char* CapstoneEngine::GetRegisterName(unsigned int reg_id) const noexcept { + return cs_reg_name(Get(), reg_id); + } + + [[nodiscard]] + CapstoneDisassembler CapstoneEngine::CreateDisassembler() const { + return CapstoneDisassembler(*this); + } +} + diff --git a/navicat-patcher/CapstoneDisassembler.hpp b/navicat-patcher/CapstoneDisassembler.hpp new file mode 100644 index 0000000..ca9f0f4 --- /dev/null +++ b/navicat-patcher/CapstoneDisassembler.hpp @@ -0,0 +1,61 @@ +#pragma once +#include "ExceptionCapstone.hpp" +#include +#include "ResourceTraitsCapstone.hpp" + +namespace nkg { + + struct CapstoneContext { + const void* lpMachineCode; + size_t cbMachineCode; + uint64_t Address; + }; + + class CapstoneEngine; + + class CapstoneDisassembler : private ResourceOwned { + friend class CapstoneEngine; + private: + + const CapstoneEngine& _Engine; + CapstoneContext _CurrentState; + CapstoneContext _NextState; + cs_insn* _lpCurrentInsn; + + CapstoneDisassembler(const CapstoneEngine& Engine); + + public: + + CapstoneDisassembler(CapstoneDisassembler&& Other) noexcept; + + CapstoneDisassembler& SetContext(const CapstoneContext& Ctx) noexcept; + + [[nodiscard]] + const CapstoneContext& GetContext() const noexcept; + + [[nodiscard]] + bool Next() noexcept; + + [[nodiscard]] + const cs_insn* GetInstruction() const noexcept; + + [[nodiscard]] + const CapstoneContext& GetInstructionContext() const noexcept; + }; + + class CapstoneEngine : private ResourceOwned { + friend class CapstoneDisassembler; + public: + + CapstoneEngine(cs_arch ArchType, cs_mode Mode); + + void Option(cs_opt_type Type, cs_opt_value Value); + + const char* GetRegisterName(unsigned int reg_id) const noexcept; + + [[nodiscard]] + CapstoneDisassembler CreateDisassembler() const; + }; + +} + diff --git a/navicat-patcher/ExceptionCapstone.hpp b/navicat-patcher/ExceptionCapstone.hpp new file mode 100644 index 0000000..b75e0cc --- /dev/null +++ b/navicat-patcher/ExceptionCapstone.hpp @@ -0,0 +1,36 @@ +#pragma once +#include +#include + +namespace nkg { + + class CapstoneError final : public Exception { + private: + + cs_err _ErrorCode; + std::xstring _ErrorString; + + public: + + CapstoneError(PCTSTR SourceFile, SIZE_T SourceLine, cs_err CapstoneErrorCode, PCTSTR CustomMessage) noexcept : + Exception(SourceFile, SourceLine, CustomMessage), + _ErrorCode(CapstoneErrorCode), + _ErrorString(std::xstring_extension{}, cs_strerror(CapstoneErrorCode), CP_UTF8) {} + + [[nodiscard]] + virtual bool HasErrorCode() const noexcept override { + return true; + } + + [[nodiscard]] + virtual ULONG_PTR ErrorCode() const noexcept override { + return _ErrorCode; + } + + [[nodiscard]] + virtual PCTSTR ErrorString() const noexcept override { + return _ErrorString.c_str(); + } + }; + +} diff --git a/navicat-patcher/ExceptionKeystone.hpp b/navicat-patcher/ExceptionKeystone.hpp new file mode 100644 index 0000000..25d60f6 --- /dev/null +++ b/navicat-patcher/ExceptionKeystone.hpp @@ -0,0 +1,37 @@ +#pragma once +#include +#include + +namespace nkg { + + class KeystoneError final : public Exception { + private: + + ks_err _ErrorCode; + std::xstring _ErrorString; + + public: + + KeystoneError(PCTSTR SourceFile, SIZE_T SourceLine, ks_err KeystoneErrorCode, PCTSTR CustomMessage) noexcept : + Exception(SourceFile, SourceLine, CustomMessage), + _ErrorCode(KeystoneErrorCode), + _ErrorString(std::xstring_extension{}, ks_strerror(KeystoneErrorCode), CP_UTF8) {} + + [[nodiscard]] + virtual bool HasErrorCode() const noexcept override { + return true; + } + + [[nodiscard]] + virtual ULONG_PTR ErrorCode() const noexcept override { + return _ErrorCode; + } + + [[nodiscard]] + virtual PCTSTR ErrorString() const noexcept override { + return _ErrorString.c_str(); + } + }; + +} + diff --git a/navicat-patcher/ImageInterpreter.cpp b/navicat-patcher/ImageInterpreter.cpp new file mode 100644 index 0000000..8a55902 --- /dev/null +++ b/navicat-patcher/ImageInterpreter.cpp @@ -0,0 +1,342 @@ +#include "ImageInterpreter.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\ImageInterpreter.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + ImageInterpreter::ImageInterpreter() : + _DosHeader(nullptr), + _NtHeaders(nullptr), + _SectionHeaderTable(nullptr), + _VsFixedFileInfo(nullptr) {} + + [[nodiscard]] + ImageInterpreter ImageInterpreter::ParseImage(PVOID ImageBase, bool DisableRelocationParsing) { + ImageInterpreter NewImage; + + NewImage._DosHeader = reinterpret_cast(ImageBase); + if (NewImage._DosHeader->e_magic != IMAGE_DOS_SIGNATURE) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Invalid Image. (DOS signature check failure)")) + .AddHint(TEXT("Are you sure you DO provide a valid WinPE file?")); + } + + NewImage._NtHeaders = reinterpret_cast( + reinterpret_cast(ImageBase) + NewImage._DosHeader->e_lfanew + ); + if (NewImage._NtHeaders->Signature != IMAGE_NT_SIGNATURE) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Invalid Image. (NT signature check failure)")) + .AddHint(TEXT("Are you sure you DO provide a valid WinPE file?")); + } + +#if defined(_M_AMD64) + if (NewImage._NtHeaders->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Invalid Image. (Optional header magic check failure)")) + .AddHint(TEXT("Are you sure you DO provide a valid 64-bits WinPE file?")); + } + if (NewImage._NtHeaders->FileHeader.Machine != IMAGE_FILE_MACHINE_AMD64) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Invalid Image. (Machine check failure)")) + .AddHint(TEXT("Are you sure you DO provide a valid 64-bits WinPE file?")); + } +#elif defined(_M_IX86) + if (NewImage._NtHeaders->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Invalid Image. (Optional header magic check failure)")) + .AddHint(TEXT("Are you sure you DO provide a valid 32-bits WinPE file?")); + } + if (NewImage._NtHeaders->FileHeader.Machine != IMAGE_FILE_MACHINE_I386) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Invalid Image. (Machine check failure)")) + .AddHint(TEXT("Are you sure you DO provide a valid 32-bits WinPE file?")); + } +#else +#error "Unsupported architecture." +#endif + + NewImage._SectionHeaderTable = reinterpret_cast( + reinterpret_cast(&NewImage._NtHeaders->OptionalHeader) + NewImage._NtHeaders->FileHeader.SizeOfOptionalHeader + ); + + for (WORD i = 0; i < NewImage._NtHeaders->FileHeader.NumberOfSections; ++i) { + uint64_t SectionName = *reinterpret_cast(NewImage._SectionHeaderTable[i].Name); + + if (NewImage._SectionNameTable.find(SectionName) == NewImage._SectionNameTable.end()) { + NewImage._SectionNameTable[SectionName] = i; + } + + NewImage._SectionRvaTable[NewImage._SectionHeaderTable[i].VirtualAddress] = i; + NewImage._SectionFileOffsetTable[NewImage._SectionHeaderTable[i].PointerToRawData] = i; + } + + if (!DisableRelocationParsing && NewImage._NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != 0) { + auto RelocTableRva = NewImage._NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress; + auto RelocTable = NewImage.RvaToPointer(RelocTableRva); + + while (RelocTable->VirtualAddress != 0) { + uintptr_t Rva = RelocTable->VirtualAddress; + PWORD RelocItems = reinterpret_cast(RelocTable + 1); + DWORD RelocItemsCount = (RelocTable->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD); + + for (DWORD i = 0; i < RelocItemsCount; ++i) { + auto RelocType = RelocItems[i] >> 12; + + switch (RelocType) { + case IMAGE_REL_BASED_ABSOLUTE: + break; + case IMAGE_REL_BASED_HIGH: + case IMAGE_REL_BASED_LOW: + case IMAGE_REL_BASED_HIGHADJ: + NewImage._RelocationRvaTable[Rva + (RelocItems[i] & 0x0fff)] = 2; + break; + case IMAGE_REL_BASED_HIGHLOW: + NewImage._RelocationRvaTable[Rva + (RelocItems[i] & 0x0fff)] = 4; + break; +#if defined(IMAGE_REL_BASED_DIR64) + case IMAGE_REL_BASED_DIR64: + NewImage._RelocationRvaTable[Rva + (RelocItems[i] & 0x0fff)] = 8; + break; +#endif + default: + break; + } + } + + RelocTable = reinterpret_cast(&RelocItems[RelocItemsCount]); + } + } + + if (NewImage._NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress) { + uintptr_t ResourceRva = NewImage._NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress; + + auto ResourceTypeTable = + NewImage.RvaToPointer(ResourceRva); + auto ResourceTypeNameEntries = + reinterpret_cast(ResourceTypeTable + 1); + auto ResourceTypeIdEntries = + ResourceTypeNameEntries + ResourceTypeTable->NumberOfNamedEntries; + bool VS_FII_Ok = false; + + for (WORD i = 0; i < ResourceTypeTable->NumberOfIdEntries && !VS_FII_Ok; ++i) { + if (ResourceTypeIdEntries[i].Id == reinterpret_cast(RT_VERSION) && ResourceTypeIdEntries[i].DataIsDirectory) { + auto ResourceNameTable = + NewImage.RvaToPointer(ResourceRva + ResourceTypeIdEntries[i].OffsetToDirectory); + auto ResourceNameNameEntries = + reinterpret_cast(ResourceNameTable + 1); + auto ResourceNameIdEntries = + ResourceNameNameEntries + ResourceNameTable->NumberOfNamedEntries; + + for (WORD j = 0; j < ResourceNameTable->NumberOfIdEntries && !VS_FII_Ok; ++j) { + if (ResourceNameIdEntries[j].Id == VS_VERSION_INFO && ResourceNameIdEntries[j].DataIsDirectory) { + auto ResourceLangTable = + NewImage.RvaToPointer(ResourceRva + ResourceNameIdEntries[j].OffsetToDirectory); + auto ResourceLangNameEntries = + reinterpret_cast(ResourceLangTable + 1); + auto ResourceLangIdEntries = + ResourceLangNameEntries + ResourceLangTable->NumberOfNamedEntries; + + for (WORD k = 0; k < ResourceLangTable->NumberOfIdEntries && !VS_FII_Ok; ++k) { + if (ResourceLangIdEntries[k].Id == MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL) && !ResourceLangIdEntries[k].DataIsDirectory) { + auto ResourceDataEntry = + NewImage.RvaToPointer(ResourceRva + ResourceLangIdEntries[k].OffsetToData); + + auto VsVersionInfo = NewImage.RvaToPointer(ResourceDataEntry->OffsetToData); + auto VsVersionInfoszKey = reinterpret_cast(VsVersionInfo + 6); + if (_wcsicmp(VsVersionInfoszKey, L"VS_VERSION_INFO") == 0) { + auto p = reinterpret_cast(VsVersionInfoszKey + _countof(L"VS_VERSION_INFO")); + while (NewImage.PointerToRva(p) % sizeof(DWORD)) { + ++p; + } + + if (reinterpret_cast(p)->dwSignature == VS_FFI_SIGNATURE) { + NewImage._VsFixedFileInfo = reinterpret_cast(p); + VS_FII_Ok = true; + } + } + } + } + } + } + } + } + } + + return NewImage; + } + + [[nodiscard]] + PIMAGE_DOS_HEADER ImageInterpreter::ImageDosHeader() const noexcept { + return _DosHeader; + } + + [[nodiscard]] + PIMAGE_NT_HEADERS ImageInterpreter::ImageNtHeaders() const noexcept { + return _NtHeaders; + } + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageInterpreter::ImageSectionTable() const noexcept { + return _SectionHeaderTable; + } + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageInterpreter::ImageSectionHeader(size_t Idx) const { + if (Idx < _NtHeaders->FileHeader.NumberOfSections) { + return _SectionHeaderTable + Idx; + } else { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Idx is out of range.")); + } + } + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageInterpreter::ImageSectionHeaderByName(PCSTR lpszSectionName) const { + uint64_t NameValue = 0; + + for (int i = 0; i < sizeof(NameValue) && lpszSectionName[i]; ++i) + reinterpret_cast(&NameValue)[i] = lpszSectionName[i]; + + auto it = _SectionNameTable.find(NameValue); + + if (it == _SectionNameTable.end()) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Target section header is not found.")) + .AddHint(std::xstring::format(TEXT("lpszSectionName = %s"), lpszSectionName)); + } + + return &_SectionHeaderTable[it->second]; + } + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageInterpreter::ImageSectionHeaderByRva(uintptr_t Rva) const { + auto it = _SectionRvaTable.upper_bound(Rva); + if (it != _SectionRvaTable.begin()) { + --it; + } + + auto SectionHeader = &_SectionHeaderTable[it->second]; + uintptr_t SectionRvaBegin = SectionHeader->VirtualAddress; + uintptr_t SectionRvaEnd = SectionRvaBegin + SectionHeader->Misc.VirtualSize; + + if (SectionRvaBegin <= Rva && Rva < SectionRvaEnd) { + return SectionHeader; + } else { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Target section header is not found.")) + .AddHint(std::xstring::format(TEXT("Rva = 0x%zx"), Rva)); + } + } + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageInterpreter::ImageSectionHeaderByVa(uintptr_t Va) const { + return ImageSectionHeaderByRva(Va - _NtHeaders->OptionalHeader.ImageBase); + } + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageInterpreter::ImageSectionHeaderByFileOffset(uintptr_t FileOffset) const { + auto it = _SectionFileOffsetTable.upper_bound(FileOffset); + if (it != _SectionFileOffsetTable.begin()) { + --it; + } + + auto SectionHeader = &_SectionHeaderTable[it->second]; + uintptr_t SectionFileOffsetBegin = SectionHeader->PointerToRawData; + uintptr_t SectionFileOffsetEnd = SectionFileOffsetBegin + SectionHeader->SizeOfRawData; + + if (SectionFileOffsetBegin <= FileOffset && FileOffset < SectionFileOffsetEnd) { + return SectionHeader; + } else { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Target section header is not found.")) + .AddHint(std::xstring::format(TEXT("FileOffset = 0x%zx"), FileOffset)); + } + } + + [[nodiscard]] + uintptr_t ImageInterpreter::RvaToVa(uintptr_t Rva) const noexcept { + return Rva + _NtHeaders->OptionalHeader.ImageBase; + } + + [[nodiscard]] + uintptr_t ImageInterpreter::RvaToFileOffset(uintptr_t Rva) const { + auto SectionHeader = ImageSectionHeaderByRva(Rva); + return SectionHeader->PointerToRawData + (Rva - static_cast(SectionHeader->VirtualAddress)); + } + + [[nodiscard]] + uintptr_t ImageInterpreter::FileOffsetToRva(uintptr_t FileOffset) const { + auto SectionHeader = ImageSectionHeaderByFileOffset(FileOffset); + return SectionHeader->VirtualAddress + (FileOffset - SectionHeader->PointerToRawData); + } + + [[nodiscard]] + uintptr_t ImageInterpreter::FileOffsetToVa(uintptr_t FileOffset) const { + return FileOffsetToRva(FileOffset) + _NtHeaders->OptionalHeader.ImageBase; + } + + [[nodiscard]] + uintptr_t ImageInterpreter::VaToRva(uintptr_t Va) const noexcept { + return Va - _NtHeaders->OptionalHeader.ImageBase; + } + [[nodiscard]] + uintptr_t ImageInterpreter::VaToFileOffset(uintptr_t Va) const { + return ImageSectionHeaderByVa(Va)->PointerToRawData; + } + + [[nodiscard]] + bool ImageInterpreter::IsRvaRangeInRelocTable(uintptr_t Rva, size_t Size) const { + auto it = _RelocationRvaTable.upper_bound(Rva); + if (it != _RelocationRvaTable.begin()) { + --it; + } + + return it->first <= Rva && Rva < it->first + it->second; + } + + [[nodiscard]] + bool ImageInterpreter::IsVaRangeInRelocTable(uintptr_t Va, size_t Size) const { + return IsRvaRangeInRelocTable(VaToRva(Va), Size); + } + + [[nodiscard]] + bool ImageInterpreter::IsFileOffsetRangeInRelocTable(uintptr_t FileOffset, size_t Size) const { + return IsRvaRangeInRelocTable(FileOffsetToRva(FileOffset), Size); + } + + [[nodiscard]] + DWORD ImageInterpreter::ImageFileMajorVersion() const { + if (_VsFixedFileInfo) { + return _VsFixedFileInfo->dwFileVersionMS; + } else { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Image does not have version info.")); + } + } + + [[nodiscard]] + DWORD ImageInterpreter::ImageFileMinorVersion() const { + if (_VsFixedFileInfo) { + return _VsFixedFileInfo->dwFileVersionLS; + } else { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Image does not have version info.")); + } + } + + [[nodiscard]] + DWORD ImageInterpreter::ImageProductMajorVersion() const { + if (_VsFixedFileInfo) { + return _VsFixedFileInfo->dwProductVersionMS; + } else { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Image does not have version info.")); + } + } + + [[nodiscard]] + DWORD ImageInterpreter::ImageProductMinorVersion() const { + if (_VsFixedFileInfo) { + return _VsFixedFileInfo->dwProductVersionLS; + } else { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Image does not have version info.")); + } + } + + [[nodiscard]] + size_t ImageInterpreter::NumberOfSections() const noexcept { + return _NtHeaders->FileHeader.NumberOfSections; + } +} + diff --git a/navicat-patcher/ImageInterpreter.hpp b/navicat-patcher/ImageInterpreter.hpp new file mode 100644 index 0000000..3d98238 --- /dev/null +++ b/navicat-patcher/ImageInterpreter.hpp @@ -0,0 +1,238 @@ +#pragma once +#include +#include +#include +#include +#include +#include +#include + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\ImageInterpreter.hpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + class ImageInterpreter { + private: + + PIMAGE_DOS_HEADER _DosHeader; + PIMAGE_NT_HEADERS _NtHeaders; + PIMAGE_SECTION_HEADER _SectionHeaderTable; + std::map _SectionNameTable; + std::map _SectionRvaTable; + std::map _SectionFileOffsetTable; + std::map _RelocationRvaTable; + VS_FIXEDFILEINFO* _VsFixedFileInfo; + + ImageInterpreter(); + + public: + + [[nodiscard]] + static ImageInterpreter ParseImage(PVOID PtrToImageBase, bool DisableRelocationParsing = false); + + template + [[nodiscard]] + __PtrType ImageBase() const noexcept { + static_assert(std::is_pointer_v<__PtrType>); + return reinterpret_cast<__PtrType>(_DosHeader); + } + + template + [[nodiscard]] + __PtrType ImageOffset(size_t Offset) const noexcept { + static_assert(std::is_pointer_v<__PtrType>); + return reinterpret_cast<__PtrType>(reinterpret_cast(_DosHeader) + Offset); + } + + [[nodiscard]] + PIMAGE_DOS_HEADER ImageDosHeader() const noexcept; + + [[nodiscard]] + PIMAGE_NT_HEADERS ImageNtHeaders() const noexcept; + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageSectionTable() const noexcept; + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageSectionHeader(size_t Idx) const; + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageSectionHeaderByName(PCSTR lpszSectionName) const; + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageSectionHeaderByRva(uintptr_t Rva) const; + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageSectionHeaderByVa(uintptr_t Va) const; + + [[nodiscard]] + PIMAGE_SECTION_HEADER ImageSectionHeaderByFileOffset(uintptr_t FileOffset) const; + + template + [[nodiscard]] + __PtrType ImageSectionView(PIMAGE_SECTION_HEADER SectionHeader, size_t Offset = 0) const noexcept { + return ImageOffset<__PtrType>(SectionHeader->PointerToRawData + Offset); + } + + template + [[nodiscard]] + __PtrType ImageSectionViewByName(PCSTR lpszSectionName, size_t Offset = 0) const { + return ImageOffset<__PtrType>(ImageSectionHeaderByName(lpszSectionName)->PointerToRawData + Offset); + } + + template + [[nodiscard]] + __PtrType ImageSectionViewByRva(uintptr_t Rva, size_t Offset = 0) const { + return ImageOffset<__PtrType>(ImageSectionHeaderByRva(Rva)->PointerToRawData + Offset); + } + + template + [[nodiscard]] + __PtrType ImageSectionViewByVa(uintptr_t Va, size_t Offset = 0) const { + return ImageOffset<__PtrType>(ImageSectionHeaderByVa(Va)->PointerToRawData + Offset); + } + + template + [[nodiscard]] + __PtrType ImageSectionViewByFileOffset(uintptr_t FileOffset, size_t Offset = 0) const { + return ImageOffset<__PtrType>(ImageSectionHeaderByFileOffset(FileOffset)->PointerToRawData + Offset); + } + + template + [[nodiscard]] + __ReturnType SearchSection(PIMAGE_SECTION_HEADER SectionHeader, __Hint&& Hint) const { + static_assert(std::is_pointer_v<__ReturnType>); + + auto begin = ImageSectionView(SectionHeader); + auto end = begin + SectionHeader->Misc.VirtualSize; + + for (; begin < end; ++begin) { + if (Hint(begin) == true) { + return reinterpret_cast<__ReturnType>(const_cast(begin)); + } + } + + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Data is not found.")); + } + + template + [[nodiscard]] + __ReturnType SearchSection(PIMAGE_SECTION_HEADER SectionHeader, size_t Offset, __Hint&& Hint) const { + static_assert(std::is_pointer_v<__ReturnType>); + + auto begin = ImageSectionView(SectionHeader) + Offset; + auto end = begin + SectionHeader->Misc.VirtualSize; + + for (; begin < end; ++begin) { + if (Hint(begin) == true) { + return reinterpret_cast<__ReturnType>(const_cast(begin)); + } + } + + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Data is not found.")); + } + + template + [[nodiscard]] + __ReturnType SearchSection(PCSTR lpszSectionName, __Hint&& Hint) const { + return SearchSection<__ReturnType>(ImageSectionHeaderByName(lpszSectionName), std::forward<__Hint>(Hint)); + } + + template + [[nodiscard]] + __ReturnType SearchSection(PCSTR lpszSectionName, size_t Offset, __Hint&& Hint) const { + return SearchSection<__ReturnType>(ImageSectionHeaderByName(lpszSectionName), Offset, std::forward<__Hint>(Hint)); + } + + [[nodiscard]] + uintptr_t RvaToVa(uintptr_t Rva) const noexcept; + + [[nodiscard]] + uintptr_t RvaToFileOffset(uintptr_t Rva) const; + + template + [[nodiscard]] + __PtrType RvaToPointer(uintptr_t Rva) const { + static_assert(std::is_pointer_v<__PtrType>); + return ImageOffset<__PtrType>(RvaToFileOffset(Rva)); + } + + [[nodiscard]] + uintptr_t FileOffsetToRva(uintptr_t FileOffset) const; + + [[nodiscard]] + uintptr_t FileOffsetToVa(uintptr_t FileOffset) const; + + template + [[nodiscard]] + __PtrType FileOffsetToPointer(uintptr_t FileOffset) const noexcept { + return ImageOffset<__PtrType>(FileOffset); + } + + [[nodiscard]] + uintptr_t VaToRva(uintptr_t Va) const noexcept; + + [[nodiscard]] + uintptr_t VaToFileOffset(uintptr_t Va) const; + + template + [[nodiscard]] + __PtrType VaToPointer(uintptr_t Va) const noexcept { + return RvaToPointer<__PtrType>(VaToRva(Va)); + } + + template + [[nodiscard]] + uintptr_t PointerToFileOffset(__PtrType Ptr) const noexcept { + static_assert(std::is_pointer_v<__PtrType>); + return reinterpret_cast(Ptr) - reinterpret_cast(_DosHeader); + } + + template + [[nodiscard]] + uintptr_t PointerToRva(__PtrType Ptr) const { + return FileOffsetToRva(PointerToFileOffset(Ptr)); + } + + template + [[nodiscard]] + uintptr_t PointerToVa(__PtrType Ptr) const { + return FileOffsetToVa(PointerToFileOffset(Ptr)); + } + + [[nodiscard]] + bool IsRvaRangeInRelocTable(uintptr_t Rva, size_t Size) const; + + [[nodiscard]] + bool IsVaRangeInRelocTable(uintptr_t Va, size_t Size) const; + + [[nodiscard]] + bool IsFileOffsetRangeInRelocTable(uintptr_t FileOffset, size_t Size) const; + + template + [[nodiscard]] + bool IsFileOffsetRangeInRelocTable(__PtrType Ptr, size_t Size) const { + return IsRvaRangeInRelocTable(PointerToRva(Ptr), Size); + } + + [[nodiscard]] + DWORD ImageFileMajorVersion() const; + + [[nodiscard]] + DWORD ImageFileMinorVersion() const; + + [[nodiscard]] + DWORD ImageProductMajorVersion() const; + + [[nodiscard]] + DWORD ImageProductMinorVersion() const; + + [[nodiscard]] + size_t NumberOfSections() const noexcept; + }; + +} + diff --git a/navicat-patcher/KeystoneAssembler.cpp b/navicat-patcher/KeystoneAssembler.cpp new file mode 100644 index 0000000..0f105df --- /dev/null +++ b/navicat-patcher/KeystoneAssembler.cpp @@ -0,0 +1,44 @@ +#include "KeystoneAssembler.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\KeystoneAssembler.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + KeystoneAssembler::KeystoneAssembler(const KeystoneEngine& Engine) noexcept : + _Engine(Engine) {} + + [[nodiscard]] + std::vector KeystoneAssembler::GenerateMachineCode(const char* AssemblyCode, uint64_t Address) const { + ResourceOwned pbMachineCode(KeystoneMallocTraits{}); + size_t cbMachineCode = 0; + size_t InstructionsProcessed = 0; + + if (ks_asm(_Engine, AssemblyCode, Address, pbMachineCode.GetAddressOf(), &cbMachineCode, &InstructionsProcessed) != 0) { + throw KeystoneError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), ks_errno(_Engine), TEXT("ks_asm failed.")); + } + + return std::vector(pbMachineCode.Get(), pbMachineCode.Get() + cbMachineCode); + } + + KeystoneEngine::KeystoneEngine(ks_arch ArchType, ks_mode Mode) { + auto err = ks_open(ArchType, Mode, GetAddressOf()); + if (err != KS_ERR_OK) { + throw KeystoneError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), err, TEXT("ks_open failed.")); + } + } + + void KeystoneEngine::Option(ks_opt_type Type, ks_opt_value Value) { + auto err = ks_option(Get(), Type, Value); + if (err != KS_ERR_OK) { + throw KeystoneError(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), err, TEXT("ks_option failed.")); + } + } + + KeystoneAssembler KeystoneEngine::CreateAssembler() const { + return KeystoneAssembler(*this); + } +} + diff --git a/navicat-patcher/KeystoneAssembler.hpp b/navicat-patcher/KeystoneAssembler.hpp new file mode 100644 index 0000000..6e5145b --- /dev/null +++ b/navicat-patcher/KeystoneAssembler.hpp @@ -0,0 +1,39 @@ +#pragma once +#include "ExceptionKeystone.hpp" +#include +#include "ResourceTraitsKeystone.hpp" +#include + +namespace nkg { + + class KeystoneEngine; + + class KeystoneAssembler { + friend class KeystoneEngine; + private: + + const KeystoneEngine& _Engine; + + KeystoneAssembler(const KeystoneEngine& Engine) noexcept; + + public: + + [[nodiscard]] + std::vector GenerateMachineCode(const char* AssemblyCode, uint64_t Address = 0) const; + + }; + + class KeystoneEngine : private ResourceOwned { + friend class KeystoneAssembler; + public: + + KeystoneEngine(ks_arch ArchType, ks_mode Mode); + + void Option(ks_opt_type Type, ks_opt_value Value); + + [[nodiscard]] + KeystoneAssembler CreateAssembler() const; + }; + +} + diff --git a/navicat-patcher/Misc.cpp b/navicat-patcher/Misc.cpp new file mode 100644 index 0000000..6f47086 --- /dev/null +++ b/navicat-patcher/Misc.cpp @@ -0,0 +1,176 @@ +#include +#include +#include +#include +#include +#include + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\Misc.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + template + static inline bool ProbeForRead(const void* p, void* out) { + __try { + *reinterpret_cast<__Type*>(out) = *reinterpret_cast(p); + return true; + } __except (EXCEPTION_EXECUTE_HANDLER) { + return false; + } + } + + // + // Print memory data in [lpMemBegin, lpMemEnd) + // If `base` is not nullptr, print address as offset. Otherwise, as absolute address. + // NOTICE: + // `base` must >= `from` + // + void PrintMemory(const void* lpMemBegin, const void* lpMemEnd, const void* lpBase) noexcept { + auto pbBegin = reinterpret_cast(lpMemBegin); + auto pbEnd = reinterpret_cast(lpMemEnd); + auto pbBase = reinterpret_cast(lpBase); + + if (pbBegin >= pbEnd) + return; + + while (reinterpret_cast(pbBegin) % 16) + pbBegin--; + + while (reinterpret_cast(pbEnd) % 16) + pbEnd++; + + while (pbBegin < pbEnd) { + uint16_t Values[16] = {}; + + if (pbBase) { + uintptr_t d = pbBegin >= lpBase ? pbBegin - pbBase : pbBase - pbBegin; + if (pbBegin >= lpBase) { + _tprintf_s(TEXT("+0x%.*zx "), static_cast(2 * sizeof(void*)), d); + } else { + _tprintf_s(TEXT("-0x%.*zx "), static_cast(2 * sizeof(void*)), d); + } + } else { + _tprintf_s(TEXT("0x%.*zx "), static_cast(2 * sizeof(void*)), reinterpret_cast(pbBegin)); + } + + for (int i = 0; i < 16; ++i) { + if (pbBegin + i < lpMemBegin || pbBegin + i >= lpMemEnd) { + _tprintf_s(TEXT(" ")); + Values[i] = 0xfffe; + } else if (ProbeForRead(pbBegin + i, Values + i)) { + _tprintf_s(TEXT("%02x "), Values[i]); + } else { + _tprintf_s(TEXT("?? ")); + Values[i] = 0xffff; + } + } + + _tprintf_s(TEXT(" ")); + + for (int i = 0; i < 16; ++i) { // NOLINT + if (0x20 <= Values[i] && Values[i] < 0x7f) { + _tprintf_s(TEXT("%c"), Values[i]); + } else if (Values[i] == 0xfffe) { + _tprintf_s(TEXT(" ")); + } else { + _tprintf_s(TEXT(".")); + } + } + + _tprintf_s(TEXT("\n")); + + pbBegin += 0x10; + } + } + + // + // Print memory data in [lpMem, lpMem + cbMem) + // If `base` is not nullptr, print address as offset. Otherwise, as absolute address. + // NOTICE: + // `base` must >= `from` + // + void PrintMemory(const void* lpMem, size_t cbMem, const void* lpBase) noexcept { + PrintMemory(lpMem, reinterpret_cast(lpMem) + cbMem, lpBase); + } + + void PrintBytes(const void* lpMemBegin, const void* lpMemEnd) noexcept { + auto pbMemBegin = reinterpret_cast(lpMemBegin); + auto pbMemEnd = reinterpret_cast(lpMemEnd); + + if (pbMemBegin < pbMemEnd) { + uint8_t v; + + if (ProbeForRead(pbMemBegin, &v)) { + _tprintf_s(TEXT("%.2x"), v); + } else { + _tprintf_s(TEXT("??")); + } + + ++pbMemBegin; + } + + while (pbMemBegin < pbMemEnd) { + uint8_t v; + + if (ProbeForRead(pbMemBegin, &v)) { + _tprintf_s(TEXT(" %.2x"), v); + } else { + _tprintf_s(TEXT(" ??")); + } + + ++pbMemBegin; + } + } + + void PrintBytes(const void* lpMem, size_t cbMem) noexcept { + PrintBytes(lpMem, reinterpret_cast(lpMem) + cbMem); + } + + [[nodiscard]] + bool IsValidDirectoryPath(PCTSTR lpszDirectoryPath) noexcept { + DWORD Attribute = GetFileAttributes(lpszDirectoryPath); + return Attribute != INVALID_FILE_ATTRIBUTES && (Attribute & FILE_ATTRIBUTE_DIRECTORY) != 0; + } + + [[nodiscard]] + bool IsValidFilePath(PCTSTR lpszFilePath) noexcept { + DWORD Attribute = GetFileAttributes(lpszFilePath); + return Attribute != INVALID_FILE_ATTRIBUTES && (Attribute & FILE_ATTRIBUTE_DIRECTORY) == 0; + } + + [[nodiscard]] + bool IsWineEnvironment() noexcept { + static bool Checked = false; + static bool IsWineEnv = false; + + if (Checked == false) { + auto hNtdll = GetModuleHandle(TEXT("ntdll.dll")); + IsWineEnv = hNtdll && GetProcAddress(hNtdll, "wine_get_version") != nullptr; + Checked = true; + } + + return IsWineEnv; + } + + std::xstring GetCurrentWorkingDirectory() { + std::xstring CurrentDirectory; + + auto s = ::GetCurrentDirectory(0, NULL); + if (s == 0) { + throw Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("GetCurrentDirectory failed")); + } + + CurrentDirectory.resize(static_cast(s) - 1); + + s = ::GetCurrentDirectory(s, CurrentDirectory.data()); + if (s == 0) { + throw Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("GetCurrentDirectory failed")); + } + + return CurrentDirectory; + } +} + diff --git a/navicat-patcher/Misc.hpp b/navicat-patcher/Misc.hpp new file mode 100644 index 0000000..b17c6a3 --- /dev/null +++ b/navicat-patcher/Misc.hpp @@ -0,0 +1,74 @@ +#pragma once +#include +#include +#include +#include +#include + +#define LOG_SUCCESS(tab, fmt, ...) tab ? _tprintf_s(TEXT("%*c[+] " fmt "\n"), tab, ' ', __VA_ARGS__) : _tprintf_s(TEXT("[+] " fmt "\n"), __VA_ARGS__) +#define LOG_FAILURE(tab, fmt, ...) tab ? _tprintf_s(TEXT("%*c[-] " fmt "\n"), tab, ' ', __VA_ARGS__) : _tprintf_s(TEXT("[-] " fmt "\n"), __VA_ARGS__) +#define LOG_HINT(tab, fmt, ...) tab ? _tprintf_s(TEXT("%*c[*] " fmt "\n"), tab, ' ', __VA_ARGS__) : _tprintf_s(TEXT("[*] " fmt "\n"), __VA_ARGS__) +#define LOG_SELECT(tab, fmt, ...) tab ? _tprintf_s(TEXT("%*c[?] " fmt " "), tab, ' ', __VA_ARGS__) : _tprintf_s(TEXT("[?] " fmt " "), __VA_ARGS__) + +namespace nkg { + + template + constexpr size_t literal_length(const char (&)[__Len]) noexcept { + return __Len - 1; + } + + template + constexpr auto address_delta(__PtrType1 p1, __PtrType2 p2) noexcept { + static_assert(std::is_pointer_v<__PtrType1>); + static_assert(std::is_pointer_v<__PtrType2>); + return reinterpret_cast(p1) - reinterpret_cast(p2); + } + + template + constexpr __PtrType address_offset(__PtrType p, decltype(static_cast(nullptr) - static_cast(nullptr)) offset) noexcept { + static_assert(std::is_pointer_v<__PtrType>); + return reinterpret_cast<__PtrType>( + const_cast(reinterpret_cast(p)) + offset + ); + } + + template + constexpr __ReturnType address_offset_cast(__PtrType p, decltype(static_cast(nullptr) - static_cast(nullptr)) offset) noexcept { + static_assert(std::is_pointer_v<__ReturnType>); + static_assert(std::is_pointer_v<__PtrType>); + return reinterpret_cast<__ReturnType>( + const_cast(reinterpret_cast(p)) + offset + ); + } + + // + // Print memory data in [lpMemBegin, lpMemEnd) + // If `base` is not nullptr, print address as offset. Otherwise, as absolute address. + // NOTICE: + // `base` must >= `from` + // + void PrintMemory(const void* lpMemBegin, const void* lpMemEnd, const void* lpBase) noexcept; + + // + // Print memory data in [lpMem, lpMem + cbMem) + // If `base` is not nullptr, print address as offset. Otherwise, as absolute address. + // NOTICE: + // `base` must >= `from` + // + void PrintMemory(const void* lpMem, size_t cbMem, const void* lpBase) noexcept; + + void PrintBytes(const void* lpMemBegin, const void* lpMemEnd) noexcept; + void PrintBytes(const void* lpMem, size_t cbMem) noexcept; + + [[nodiscard]] + bool IsValidDirectoryPath(PCTSTR lpszDirectoryPath) noexcept; + + [[nodiscard]] + bool IsValidFilePath(PCTSTR lpszFilePath) noexcept; + + [[nodiscard]] + bool IsWineEnvironment() noexcept; + + std::xstring GetCurrentWorkingDirectory(); +} + diff --git a/navicat-patcher/NavicatCrypto.hpp b/navicat-patcher/NavicatCrypto.hpp new file mode 100644 index 0000000..5273aec --- /dev/null +++ b/navicat-patcher/NavicatCrypto.hpp @@ -0,0 +1,217 @@ +#pragma once +#include +#include +#include +#include +#include + +class Navicat11Crypto { +protected: + using BlockType = uint8_t[BF_BLOCK]; + + BF_KEY _BlowfishKey; + + template + static void _BytesToHex(const void* src, size_t len, char* dst) noexcept { + auto pb_src = reinterpret_cast(src); + for (size_t i = 0; i < len; ++i) { + char h = pb_src[i] >> 4; + char l = pb_src[i] & 0x0F; + + if constexpr (__UpperCase) { + h += h >= 10 ? 'A' - 10 : '0'; + l += l >= 10 ? 'A' - 10 : '0'; + } else { + h += h >= 10 ? 'a' - 10 : '0'; + l += l >= 10 ? 'a' - 10 : '0'; + } + + dst[2 * i] = h; + dst[2 * i + 1] = l; + } + } + + static void _HexToBytes(const char* src, size_t len, void* dst) { + auto pb_dst = reinterpret_cast(dst); + for (size_t i = 0; i < len; i += 2) { + uint8_t h = src[i]; + uint8_t l = src[i + 1]; + + if ('0' <= h && h <= '9') { + h -= '0'; + } else if ('A' <= h && h <= 'F') { + h -= 'A'; + } else if ('a' <= h && h <= 'f') { + h -= 'a'; + } else { + throw std::invalid_argument("Non-hex character detected."); + } + + if ('0' <= l && l <= '9') { + l -= '0'; + } else if ('A' <= l && l <= 'F') { + l -= 'A'; + } else if ('a' <= l && l <= 'f') { + l -= 'a'; + } else { + throw std::invalid_argument("Non-hex character detected."); + } + + pb_dst[i / 2] = (h << 4) ^ l; + } + } + + static void _XorBlock(BlockType& a, const BlockType& b) noexcept { + reinterpret_cast(a) ^= reinterpret_cast(b); + } + + [[nodiscard]] + std::string _EncryptString(const void* lpPlaintext, size_t cbPlaintext) const { + std::string Ciphertext; + + if (cbPlaintext) { + Ciphertext.resize(2 * cbPlaintext); + + alignas(sizeof(BlockType)) BlockType CV = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; + alignas(sizeof(BlockType)) BlockType Block; + auto lpPlaintextBlock = reinterpret_cast(lpPlaintext); + auto lpCiphertextHexBlock = Ciphertext.data(); + auto BlockCount = cbPlaintext / BF_BLOCK; + + BF_ecb_encrypt(CV, CV, &_BlowfishKey, BF_ENCRYPT); + + for (size_t i = 0; i < BlockCount; ++i, lpPlaintextBlock += sizeof(BlockType), lpCiphertextHexBlock += 2 * sizeof(BlockType)) { + memcpy(Block, lpPlaintextBlock, sizeof(BlockType)); + + _XorBlock(Block, CV); + BF_ecb_encrypt(Block, Block, &_BlowfishKey, BF_ENCRYPT); + _XorBlock(CV, Block); + + _BytesToHex(Block, sizeof(Block), lpCiphertextHexBlock); + } + + auto LeftByteCount = cbPlaintext % sizeof(BlockType); + if (LeftByteCount) { + BF_ecb_encrypt(CV, CV, &_BlowfishKey, BF_ENCRYPT); + + for (size_t i = 0; i < LeftByteCount; ++i) { + CV[i] ^= lpPlaintextBlock[i]; + } + + _BytesToHex(CV, LeftByteCount, lpCiphertextHexBlock); + } + } + + return Ciphertext; + } + + [[nodiscard]] + std::string _DecryptString(const char* lpCiphertext, size_t cbCiphertext) const { + std::string Plaintext; + + if (cbCiphertext) { + if (cbCiphertext % 2) { + throw std::invalid_argument("Ciphertext is not a hex string."); + } + + Plaintext.resize(cbCiphertext / 2); + + alignas(sizeof(BlockType)) BlockType CV = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; + alignas(sizeof(BlockType)) BlockType Block; + auto lpPlaintextBlock = Plaintext.data(); + auto lpCiphertextHexBlock = lpCiphertext; + auto BlockCount = cbCiphertext / (2 * sizeof(BlockType)); + + BF_ecb_encrypt(CV, CV, &_BlowfishKey, BF_ENCRYPT); + + for (size_t i = 0; i < BlockCount; ++i, lpPlaintextBlock += sizeof(BlockType), lpCiphertextHexBlock += 2 * sizeof(BlockType)) { + alignas(sizeof(BlockType)) BlockType CiphertextBlock; + + _HexToBytes(lpCiphertextHexBlock, 2 * sizeof(BlockType), CiphertextBlock); + memcpy(Block, CiphertextBlock, sizeof(BlockType)); + + BF_ecb_encrypt(Block, Block, &_BlowfishKey, BF_DECRYPT); + _XorBlock(Block, CV); + _XorBlock(CV, CiphertextBlock); + + memcpy(lpPlaintextBlock, Block, sizeof(BlockType)); + } + + auto LeftHexCount = cbCiphertext % (2 * sizeof(BlockType)); + if (LeftHexCount) { + _HexToBytes(lpCiphertextHexBlock, LeftHexCount, Block); + + BF_ecb_encrypt(CV, CV, &_BlowfishKey, BF_ENCRYPT); + + for (size_t i = 0; i < LeftHexCount / 2; ++i) { + lpPlaintextBlock[i] = Block[i] ^ CV[i]; + } + } + } + + return Plaintext; + } + +public: + + Navicat11Crypto() noexcept { + static const uint8_t PresetKey[SHA_DIGEST_LENGTH] = { + 0x42, 0xCE, 0xB2, 0x71, 0xA5, 0xE4, 0x58, 0xB7, + 0x4A, 0xEA, 0x93, 0x94, 0x79, 0x22, 0x35, 0x43, + 0x91, 0x87, 0x33, 0x40 + }; + + BF_set_key(&_BlowfishKey, sizeof(PresetKey), PresetKey); + } + + Navicat11Crypto(const void* lpUserKey, size_t cbUserKey) noexcept { + SetKey(lpUserKey, cbUserKey); + } + + Navicat11Crypto(const std::initializer_list& UserKey) noexcept { + SetKey(UserKey); + } + + void SetKey(const void* lpUserKey, size_t cbUserKey) noexcept { + uint8_t MessageDigest[SHA_DIGEST_LENGTH]; + + BF_set_key( + &_BlowfishKey, + sizeof(MessageDigest), + SHA1(reinterpret_cast(lpUserKey), cbUserKey, MessageDigest) + ); + + OPENSSL_cleanse(MessageDigest, SHA_DIGEST_LENGTH); + } + + void SetKey(const std::initializer_list& UserKey) noexcept { + uint8_t MessageDigest[SHA_DIGEST_LENGTH]; + + BF_set_key( + &_BlowfishKey, + sizeof(MessageDigest), + SHA1(UserKey.begin(), UserKey.size(), MessageDigest) + ); + + OPENSSL_cleanse(MessageDigest, SHA_DIGEST_LENGTH); + } + + [[nodiscard]] + std::string EncryptString(const std::string& Plaintext) const { + return _EncryptString(Plaintext.c_str(), Plaintext.length()); + } + + [[nodiscard]] + std::string DecryptString(const std::string& Ciphertext) const { + return _DecryptString(Ciphertext.c_str(), Ciphertext.length()); + } + + void Clear() noexcept { + OPENSSL_cleanse(&_BlowfishKey, sizeof(_BlowfishKey)); + } + + ~Navicat11Crypto() noexcept { + Clear(); + } +}; + diff --git a/navicat-patcher/PatchSolution0.cpp b/navicat-patcher/PatchSolution0.cpp new file mode 100644 index 0000000..47b947e --- /dev/null +++ b/navicat-patcher/PatchSolution0.cpp @@ -0,0 +1,82 @@ +#include "PatchSolutions.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution0.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + const char PatchSolution0::Keyword[461] = + "-----BEGIN PUBLIC KEY-----\r\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I\r\n" + "qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv\r\n" + "a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF\r\n" + "R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2\r\n" + "WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt\r\n" + "YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ\r\n" + "awIDAQAB\r\n" + "-----END PUBLIC KEY-----\r\n"; + + [[nodiscard]] + bool PatchSolution0::FindPatchOffset() noexcept { + try { + _PatchOffset = _Image.PointerToFileOffset( + _Image.SearchSection(".rsrc", [](const uint8_t* p) { + __try { + return memcmp(p, Keyword, literal_length(Keyword)) == 0; + } __except (EXCEPTION_EXECUTE_HANDLER) { + return false; + } + }) + ); + + LOG_SUCCESS(0, "PatchSolution0 ...... Ready to apply"); + LOG_HINT(4, "Patch offset = +0x%.8zx", _PatchOffset); + + return true; + } catch (nkg::Exception&) { + _PatchOffset = InvalidOffset; + + LOG_FAILURE(0, "PatchSolution0 ...... Omitted"); + + return false; + } + } + + [[nodiscard]] + bool PatchSolution0::CheckKey(const RSACipher& Cipher) const noexcept { + auto szPublicKey = Cipher.ExportKeyString(); + for (auto i = szPublicKey.find("\n"); i != std::string::npos; i = szPublicKey.find("\n", i + 2)) { + szPublicKey.replace(i, 1, "\r\n"); + } + + return szPublicKey.length() == literal_length(Keyword); + } + + void PatchSolution0::MakePatch(const RSACipher& Cipher) const { + if (_PatchOffset == InvalidOffset) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PatchSolution0 has not been ready yet.")); + } + + auto szPublicKey = Cipher.ExportKeyString(); + for (auto i = szPublicKey.find("\n"); i != std::string::npos; i = szPublicKey.find("\n", i + 2)) { + szPublicKey.replace(i, 1, "\r\n"); + } + + _putts(TEXT("*******************************************************")); + _putts(TEXT("* PatchSolution0 *")); + _putts(TEXT("*******************************************************")); + + LOG_HINT(0, "Previous:"); + PrintMemory(_Image.ImageOffset(_PatchOffset), literal_length(Keyword), _Image.ImageBase()); + + memcpy(_Image.ImageOffset(_PatchOffset), szPublicKey.c_str(), literal_length(Keyword)); + + LOG_HINT(0, "After:"); + PrintMemory(_Image.ImageOffset(_PatchOffset), literal_length(Keyword), _Image.ImageBase()); + + _putts(TEXT("")); + } +} + diff --git a/navicat-patcher/PatchSolution1.cpp b/navicat-patcher/PatchSolution1.cpp new file mode 100644 index 0000000..45f9ce4 --- /dev/null +++ b/navicat-patcher/PatchSolution1.cpp @@ -0,0 +1,308 @@ +#include "PatchSolutions.hpp" +#include "NavicatCrypto.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution1.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + static Navicat11Crypto g_NavicatCipher = Navicat11Crypto("23970790", 8); + + const char PatchSolution1::Keyword0[160 + 1] = + "D75125B70767B94145B47C1CB3C0755E" + "7CCB8825C5DCE0C58ACF944E08280140" + "9A02472FAFFD1CD77864BB821AE36766" + "FEEDE6A24F12662954168BFA314BD950" + "32B9D82445355ED7BC0B880887D650F5"; + + const char PatchSolution1::Keyword1[4 + 1] = + "\xfe\xea\xbc\x01"; + + const char PatchSolution1::Keyword2[742 + 1] = + "E1CED09B9C2186BF71A70C0FE2F1E0AE" + "F3BD6B75277AAB20DFAF3D110F75912B" + "FB63AC50EC4C48689D1502715243A79F" + "39FF2DE2BF15CE438FF885745ED54573" + "850E8A9F40EE2FF505EB7476F95ADB78" + "3B28CA374FAC4632892AB82FB3BF4715" + "FCFE6E82D03731FC3762B6AAC3DF1C3B" + "C646FE9CD3C62663A97EE72DB932A301" + "312B4A7633100C8CC357262C39A2B3A6" + "4B224F5276D5EDBDF0804DC3AC4B8351" + "62BB1969EAEBADC43D2511D6E0239287" + "81B167A48273B953378D3D2080CC0677" + "7E8A2364F0234B81064C5C739A8DA28D" + "C5889072BF37685CBC94C2D31D0179AD" + "86D8E3AA8090D4F0B281BE37E0143746" + "E6049CCC06899401264FA471C016A96C" + "79815B55BBC26B43052609D9D175FBCD" + "E455392F10E51EC162F51CF732E6BB39" + "1F56BBFD8D957DF3D4C55B71CEFD54B1" + "9C16D458757373E698D7E693A8FC3981" + "5A8BF03BA05EA8C8778D38F9873D62B4" + "460F41ACF997C30E7C3AF025FA171B5F" + "5AD4D6B15E95C27F6B35AD61875E5505" + "449B4E"; + + const char PatchSolution1::Keyword3[4 + 1] = + "\x59\x08\x01\x00"; + + const char PatchSolution1::Keyword4[5 + 1] = + "92933"; + + [[nodiscard]] + bool PatchSolution1::FindPatchOffset() noexcept { + try { + PIMAGE_SECTION_HEADER SectionHeader_text = _Image.ImageSectionHeaderByName(".text"); + PIMAGE_SECTION_HEADER SectionHeader_rdata = _Image.ImageSectionHeaderByName(".rdata"); + const uint8_t* pbPatch[_countof(_PatchOffset)] = {}; + + pbPatch[0] = _Image.SearchSection(SectionHeader_rdata, [](const uint8_t* p) { + __try { + return memcmp(p, Keyword0, sizeof(Keyword0)) == 0; + } __except (EXCEPTION_EXECUTE_HANDLER) { + return false; + } + }); + + pbPatch[2] = _Image.SearchSection(SectionHeader_rdata, [](const uint8_t* p) { + __try { + return memcmp(p, Keyword2, sizeof(Keyword2)) == 0; + } __except (EXCEPTION_EXECUTE_HANDLER) { + return false; + } + }); + + pbPatch[4] = _Image.SearchSection(SectionHeader_rdata, [](const uint8_t* p) { + __try { + return memcmp(p, Keyword4, sizeof(Keyword4)) == 0; + } __except (EXCEPTION_EXECUTE_HANDLER) { + return false; + } + }); + + pbPatch[1] = _Image.SearchSection(SectionHeader_text, [&pbPatch](const uint8_t* p) { + __try { + if (memcmp(p, Keyword1, literal_length(Keyword1)) == 0) { + // Keyword3 must be close to Keyword1 + for (auto j = p - 64; j < p + 64; ++j) { + if (memcmp(j, Keyword3, literal_length(Keyword3)) == 0) { + pbPatch[3] = j; + return true; + } + } + } + + return false; + } __except (EXCEPTION_EXECUTE_HANDLER) { + return false; + } + }); + + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + _PatchOffset[i] = _Image.PointerToFileOffset(pbPatch[i]); + } + + _PatchSize[0] = literal_length(Keyword0); + while (pbPatch[0][_PatchSize[0] + 1] == 0 && _PatchSize[0] < literal_length(Keyword0) + literal_length("29158142") - 1) { + ++_PatchSize[0]; + } + + _PatchSize[1] = sizeof(uint32_t); + + _PatchSize[2] = literal_length(Keyword2); + while (pbPatch[2][_PatchSize[2] + 1] == 0 && _PatchSize[2] < literal_length(Keyword2) + literal_length("67673") - 1) { + ++_PatchSize[2]; + } + + _PatchSize[3] = sizeof(uint32_t); + + _PatchSize[4] = literal_length(Keyword4); + + LOG_SUCCESS(0, "PatchSolution1 ...... Ready to apply"); + LOG_HINT(4, "[0] Patch offset = +0x%.8zx", _PatchOffset[0]); + LOG_HINT(4, "[1] Patch offset = +0x%.8zx", _PatchOffset[1]); + LOG_HINT(4, "[2] Patch offset = +0x%.8zx", _PatchOffset[2]); + LOG_HINT(4, "[3] Patch offset = +0x%.8zx", _PatchOffset[3]); + LOG_HINT(4, "[4] Patch offset = +0x%.8zx", _PatchOffset[4]); + + return true; + } catch (nkg::Exception&) { + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + _PatchOffset[i] = InvalidOffset; + _PatchSize[i] = 0; + } + + LOG_FAILURE(0, "PatchSolution1 ...... Omitted"); + + return false; + } + } + + [[nodiscard]] + bool PatchSolution1::CheckKey(const RSACipher& Cipher) const noexcept { + if (_PatchSize[0] && _PatchSize[1] && _PatchSize[2] && _PatchSize[3] && _PatchSize[4]) { + auto szPublicKey = Cipher.ExportKeyString(); + for (auto i = szPublicKey.find("\n"); i != std::string::npos; i = szPublicKey.find("\n", i + 2)) { + szPublicKey.replace(i, 1, "\r\n"); + } + + auto szPublicKeyEncrypted = g_NavicatCipher.EncryptString(szPublicKey); + + if (szPublicKeyEncrypted.length() != 920) { + return false; + } + + // we require the chars in [p1, p2) of szPublicKeyEncrypted must be number chars + size_t p1, p2; + + p1 = _PatchSize[0]; + p2 = literal_length(Keyword0) + literal_length("29158142"); + + if (('1' <= szPublicKeyEncrypted[p1] && szPublicKeyEncrypted[p1] <= '9') == false) { + return false; + } + + for (size_t i = p1 + 1; i < p2; ++i) { + if (('0' <= szPublicKeyEncrypted[i] && szPublicKeyEncrypted[i] <= '9') == false) { + return false; + } + } + + // we require the chars in [p1, p2) of szPublicKeyEncrypted must be number chars + + p1 = literal_length(Keyword0) + literal_length("29158142") + _PatchSize[2]; + p2 = literal_length(Keyword0) + literal_length("29158142") + literal_length(Keyword2) + literal_length("67673"); + + if (('1' <= szPublicKeyEncrypted[p1] && szPublicKeyEncrypted[p1] <= '9') == false) { + return false; + } + + for (size_t i = p1 + 1; i < p2; ++i) { + if (('0' <= szPublicKeyEncrypted[i] && szPublicKeyEncrypted[i] <= '9') == false) { + return false; + } + } + + return true; + } else { + return false; + } + } + + void PatchSolution1::MakePatch(const RSACipher& Cipher) const { + if (_PatchSize[0] && _PatchSize[1] && _PatchSize[2] && _PatchSize[3] && _PatchSize[4]) { + auto szPublicKey = Cipher.ExportKeyString(); + for (auto i = szPublicKey.find("\n"); i != std::string::npos; i = szPublicKey.find("\n", i + 2)) { + szPublicKey.replace(i, 1, "\r\n"); + } + + auto szPublicKeyEncrypted = g_NavicatCipher.EncryptString(szPublicKey); + + // + // p0 p1 p2 p3 p4 p5 + // Original encrypted public key layout: |160 chars|8 chars|742 chars|5 chars|5 chars| + // | | + // V V + // ImmValue1 ImmValue3 + size_t p0, p1, p2, p3, p4, p5; + p0 = 0; + p1 = _PatchSize[0]; + p2 = literal_length(Keyword0) + literal_length("29158142"); + p3 = literal_length(Keyword0) + literal_length("29158142") + _PatchSize[2]; + p4 = literal_length(Keyword0) + literal_length("29158142") + literal_length(Keyword2) + literal_length("67673"); + p5 = literal_length(Keyword0) + literal_length("29158142") + literal_length(Keyword2) + literal_length("67673") + literal_length(Keyword4); + + if (szPublicKeyEncrypted.length() != 920) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("szPublicKeyEncrypted.length() != 920")); + } + + std::string EncryptedPEM0(szPublicKeyEncrypted.begin() + p0, szPublicKeyEncrypted.begin() + p1); + std::string EncryptedPEM1(szPublicKeyEncrypted.begin() + p1, szPublicKeyEncrypted.begin() + p2); + std::string EncryptedPEM2(szPublicKeyEncrypted.begin() + p2, szPublicKeyEncrypted.begin() + p3); + std::string EncryptedPEM3(szPublicKeyEncrypted.begin() + p3, szPublicKeyEncrypted.begin() + p4); + std::string EncryptedPEM4(szPublicKeyEncrypted.begin() + p4, szPublicKeyEncrypted.begin() + p5); + uint32_t ImmValue1 = std::stoul(EncryptedPEM1.c_str()); + uint32_t ImmValue3 = std::stoul(EncryptedPEM3.c_str()); + + uint8_t* pbPatch[_countof(_PatchOffset)] = {}; + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + pbPatch[i] = _Image.FileOffsetToPointer(_PatchOffset[i]); + } + + _putts(TEXT("*******************************************************")); + _putts(TEXT("* PatchSolution1 *")); + _putts(TEXT("*******************************************************")); + + // ---------------------------------- + // process PatchOffsets[0] + // ---------------------------------- + LOG_HINT(0, "Previous:"); + PrintMemory(pbPatch[0], _PatchSize[0], _Image.ImageBase()); + + memcpy(pbPatch[0], EncryptedPEM0.data(), _PatchSize[0]); + + LOG_HINT(0, "After:"); + PrintMemory(pbPatch[0], _PatchSize[0], _Image.ImageBase()); + + _putts(TEXT("")); + + // ---------------------------------- + // process PatchOffsets[1] + // ---------------------------------- + LOG_HINT(0, "Previous:"); + PrintMemory(pbPatch[1], _PatchSize[1], _Image.ImageBase()); + + memcpy(pbPatch[1], &ImmValue1, _PatchSize[1]); + + LOG_HINT(0, "After:"); + PrintMemory(pbPatch[1], _PatchSize[1], _Image.ImageBase()); + + _putts(TEXT("")); + + // ---------------------------------- + // process PatchOffsets[2] + // ---------------------------------- + LOG_HINT(0, "Previous:"); + PrintMemory(pbPatch[2], _PatchSize[2], _Image.ImageBase()); + + memcpy(pbPatch[2], EncryptedPEM2.data(), _PatchSize[2]); + + LOG_HINT(0, "After:"); + PrintMemory(pbPatch[2], _PatchSize[2], _Image.ImageBase()); + + _putts(TEXT("")); + + // ---------------------------------- + // process PatchOffsets[3] + // ---------------------------------- + LOG_HINT(0, "Previous:"); + PrintMemory(pbPatch[3], _PatchSize[3], _Image.ImageBase()); + + memcpy(pbPatch[3], &ImmValue3, _PatchSize[3]); + + LOG_HINT(0, "After:"); + PrintMemory(pbPatch[3], _PatchSize[3], _Image.ImageBase()); + + _putts(TEXT("")); + + // ---------------------------------- + // process PatchOffsets[4] + // ---------------------------------- + LOG_HINT(0, "Previous:"); + PrintMemory(pbPatch[4], _PatchSize[4], _Image.ImageBase()); + + memcpy(pbPatch[4], EncryptedPEM4.data(), _PatchSize[4]); + + LOG_HINT(0, "After:"); + PrintMemory(pbPatch[4], _PatchSize[4], _Image.ImageBase()); + + _putts(TEXT("")); + } else { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PatchSolution1 has not been ready yet.")); + } + } +} + diff --git a/navicat-patcher/PatchSolution2-amd64.cpp b/navicat-patcher/PatchSolution2-amd64.cpp new file mode 100644 index 0000000..3ec0f57 --- /dev/null +++ b/navicat-patcher/PatchSolution2-amd64.cpp @@ -0,0 +1,511 @@ +#include "PatchSolutions.hpp" +#include +#include + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution2-amd64.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + /* + Keyword[0x188][5] is generated by the following python script: + +-----Begin Python3 Script----- +meta = \ + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I" \ + "qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv" \ + "a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF" \ + "R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2" \ + "WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt" \ + "YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ" \ + "awIDAQAB" + +print('const uint8_t PatchSolution2::Keyword[0x188][5] = {') +for i in range(0, len(meta)): + i1 = '0x83, 0xf0, 0x%.2x' % ord(meta[i]) # asm('xor eax, meta[i]') + i2 = '0x88, 0x05' # asm_prefix('mov byte ptr ds:xxxxxxxxxxxxxxxx, al') + print(' { %s, %s }' % (i1, i2), end = ',\n' if i != len(meta) - 1 else '\n') +print('};') +-----End Python3 Script----- + + */ + const uint8_t PatchSolution2::Keyword[0x188][5] = { + { 0x83, 0xf0, 0x4d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 }, + { 0x83, 0xf0, 0x67, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6b, 0x88, 0x05 }, + { 0x83, 0xf0, 0x71, 0x88, 0x05 }, + { 0x83, 0xf0, 0x68, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6b, 0x88, 0x05 }, + { 0x83, 0xf0, 0x69, 0x88, 0x05 }, + { 0x83, 0xf0, 0x47, 0x88, 0x05 }, + { 0x83, 0xf0, 0x39, 0x88, 0x05 }, + { 0x83, 0xf0, 0x77, 0x88, 0x05 }, + { 0x83, 0xf0, 0x30, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x51, 0x88, 0x05 }, + { 0x83, 0xf0, 0x45, 0x88, 0x05 }, + { 0x83, 0xf0, 0x46, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x43, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x51, 0x88, 0x05 }, + { 0x83, 0xf0, 0x38, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 }, + { 0x83, 0xf0, 0x43, 0x88, 0x05 }, + { 0x83, 0xf0, 0x67, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4b, 0x88, 0x05 }, + { 0x83, 0xf0, 0x43, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x51, 0x88, 0x05 }, + { 0x83, 0xf0, 0x45, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x77, 0x88, 0x05 }, + { 0x83, 0xf0, 0x31, 0x88, 0x05 }, + { 0x83, 0xf0, 0x64, 0x88, 0x05 }, + { 0x83, 0xf0, 0x71, 0x88, 0x05 }, + { 0x83, 0xf0, 0x46, 0x88, 0x05 }, + { 0x83, 0xf0, 0x33, 0x88, 0x05 }, + { 0x83, 0xf0, 0x53, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6b, 0x88, 0x05 }, + { 0x83, 0xf0, 0x43, 0x88, 0x05 }, + { 0x83, 0xf0, 0x61, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x7a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x73, 0x88, 0x05 }, + { 0x83, 0xf0, 0x38, 0x88, 0x05 }, + { 0x83, 0xf0, 0x38, 0x88, 0x05 }, + { 0x83, 0xf0, 0x39, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x71, 0x88, 0x05 }, + { 0x83, 0xf0, 0x64, 0x88, 0x05 }, + { 0x83, 0xf0, 0x57, 0x88, 0x05 }, + { 0x83, 0xf0, 0x39, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x32, 0x88, 0x05 }, + { 0x83, 0xf0, 0x64, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x64, 0x88, 0x05 }, + { 0x83, 0xf0, 0x68, 0x88, 0x05 }, + { 0x83, 0xf0, 0x33, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x47, 0x88, 0x05 }, + { 0x83, 0xf0, 0x39, 0x88, 0x05 }, + { 0x83, 0xf0, 0x79, 0x88, 0x05 }, + { 0x83, 0xf0, 0x50, 0x88, 0x05 }, + { 0x83, 0xf0, 0x63, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4c, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x69, 0x88, 0x05 }, + { 0x83, 0xf0, 0x47, 0x88, 0x05 }, + { 0x83, 0xf0, 0x70, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 }, + { 0x83, 0xf0, 0x46, 0x88, 0x05 }, + { 0x83, 0xf0, 0x34, 0x88, 0x05 }, + { 0x83, 0xf0, 0x45, 0x88, 0x05 }, + { 0x83, 0xf0, 0x39, 0x88, 0x05 }, + { 0x83, 0xf0, 0x56, 0x88, 0x05 }, + { 0x83, 0xf0, 0x48, 0x88, 0x05 }, + { 0x83, 0xf0, 0x53, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x47, 0x88, 0x05 }, + { 0x83, 0xf0, 0x65, 0x88, 0x05 }, + { 0x83, 0xf0, 0x38, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x50, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x79, 0x88, 0x05 }, + { 0x83, 0xf0, 0x32, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6b, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x44, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x64, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x34, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 }, + { 0x83, 0xf0, 0x63, 0x88, 0x05 }, + { 0x83, 0xf0, 0x45, 0x88, 0x05 }, + { 0x83, 0xf0, 0x79, 0x88, 0x05 }, + { 0x83, 0xf0, 0x67, 0x88, 0x05 }, + { 0x83, 0xf0, 0x76, 0x88, 0x05 }, + { 0x83, 0xf0, 0x73, 0x88, 0x05 }, + { 0x83, 0xf0, 0x73, 0x88, 0x05 }, + { 0x83, 0xf0, 0x45, 0x88, 0x05 }, + { 0x83, 0xf0, 0x66, 0x88, 0x05 }, + { 0x83, 0xf0, 0x67, 0x88, 0x05 }, + { 0x83, 0xf0, 0x69, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x76, 0x88, 0x05 }, + { 0x83, 0xf0, 0x61, 0x88, 0x05 }, + { 0x83, 0xf0, 0x35, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x35, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x33, 0x88, 0x05 }, + { 0x83, 0xf0, 0x35, 0x88, 0x05 }, + { 0x83, 0xf0, 0x32, 0x88, 0x05 }, + { 0x83, 0xf0, 0x55, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x44, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x73, 0x88, 0x05 }, + { 0x83, 0xf0, 0x55, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6b, 0x88, 0x05 }, + { 0x83, 0xf0, 0x54, 0x88, 0x05 }, + { 0x83, 0xf0, 0x58, 0x88, 0x05 }, + { 0x83, 0xf0, 0x47, 0x88, 0x05 }, + { 0x83, 0xf0, 0x51, 0x88, 0x05 }, + { 0x83, 0xf0, 0x68, 0x88, 0x05 }, + { 0x83, 0xf0, 0x70, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x57, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x46, 0x88, 0x05 }, + { 0x83, 0xf0, 0x34, 0x88, 0x05 }, + { 0x83, 0xf0, 0x66, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 }, + { 0x83, 0xf0, 0x70, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x33, 0x88, 0x05 }, + { 0x83, 0xf0, 0x45, 0x88, 0x05 }, + { 0x83, 0xf0, 0x65, 0x88, 0x05 }, + { 0x83, 0xf0, 0x64, 0x88, 0x05 }, + { 0x83, 0xf0, 0x47, 0x88, 0x05 }, + { 0x83, 0xf0, 0x36, 0x88, 0x05 }, + { 0x83, 0xf0, 0x32, 0x88, 0x05 }, + { 0x83, 0xf0, 0x72, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x73, 0x88, 0x05 }, + { 0x83, 0xf0, 0x71, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 }, + { 0x83, 0xf0, 0x67, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x53, 0x88, 0x05 }, + { 0x83, 0xf0, 0x64, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x79, 0x88, 0x05 }, + { 0x83, 0xf0, 0x78, 0x88, 0x05 }, + { 0x83, 0xf0, 0x43, 0x88, 0x05 }, + { 0x83, 0xf0, 0x53, 0x88, 0x05 }, + { 0x83, 0xf0, 0x50, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 }, + { 0x83, 0xf0, 0x52, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x46, 0x88, 0x05 }, + { 0x83, 0xf0, 0x52, 0x88, 0x05 }, + { 0x83, 0xf0, 0x30, 0x88, 0x05 }, + { 0x83, 0xf0, 0x51, 0x88, 0x05 }, + { 0x83, 0xf0, 0x67, 0x88, 0x05 }, + { 0x83, 0xf0, 0x5a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x46, 0x88, 0x05 }, + { 0x83, 0xf0, 0x62, 0x88, 0x05 }, + { 0x83, 0xf0, 0x52, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x55, 0x88, 0x05 }, + { 0x83, 0xf0, 0x30, 0x88, 0x05 }, + { 0x83, 0xf0, 0x66, 0x88, 0x05 }, + { 0x83, 0xf0, 0x72, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x33, 0x88, 0x05 }, + { 0x83, 0xf0, 0x34, 0x88, 0x05 }, + { 0x83, 0xf0, 0x66, 0x88, 0x05 }, + { 0x83, 0xf0, 0x69, 0x88, 0x05 }, + { 0x83, 0xf0, 0x56, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x67, 0x88, 0x05 }, + { 0x83, 0xf0, 0x59, 0x88, 0x05 }, + { 0x83, 0xf0, 0x69, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4c, 0x88, 0x05 }, + { 0x83, 0xf0, 0x75, 0x88, 0x05 }, + { 0x83, 0xf0, 0x5a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x53, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x62, 0x88, 0x05 }, + { 0x83, 0xf0, 0x73, 0x88, 0x05 }, + { 0x83, 0xf0, 0x38, 0x88, 0x05 }, + { 0x83, 0xf0, 0x5a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x78, 0x88, 0x05 }, + { 0x83, 0xf0, 0x69, 0x88, 0x05 }, + { 0x83, 0xf0, 0x48, 0x88, 0x05 }, + { 0x83, 0xf0, 0x50, 0x88, 0x05 }, + { 0x83, 0xf0, 0x64, 0x88, 0x05 }, + { 0x83, 0xf0, 0x70, 0x88, 0x05 }, + { 0x83, 0xf0, 0x31, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x44, 0x88, 0x05 }, + { 0x83, 0xf0, 0x34, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x55, 0x88, 0x05 }, + { 0x83, 0xf0, 0x70, 0x88, 0x05 }, + { 0x83, 0xf0, 0x76, 0x88, 0x05 }, + { 0x83, 0xf0, 0x73, 0x88, 0x05 }, + { 0x83, 0xf0, 0x46, 0x88, 0x05 }, + { 0x83, 0xf0, 0x63, 0x88, 0x05 }, + { 0x83, 0xf0, 0x69, 0x88, 0x05 }, + { 0x83, 0xf0, 0x34, 0x88, 0x05 }, + { 0x83, 0xf0, 0x51, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x59, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x47, 0x88, 0x05 }, + { 0x83, 0xf0, 0x55, 0x88, 0x05 }, + { 0x83, 0xf0, 0x32, 0x88, 0x05 }, + { 0x83, 0xf0, 0x57, 0x88, 0x05 }, + { 0x83, 0xf0, 0x50, 0x88, 0x05 }, + { 0x83, 0xf0, 0x48, 0x88, 0x05 }, + { 0x83, 0xf0, 0x36, 0x88, 0x05 }, + { 0x83, 0xf0, 0x72, 0x88, 0x05 }, + { 0x83, 0xf0, 0x76, 0x88, 0x05 }, + { 0x83, 0xf0, 0x43, 0x88, 0x05 }, + { 0x83, 0xf0, 0x68, 0x88, 0x05 }, + { 0x83, 0xf0, 0x47, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6c, 0x88, 0x05 }, + { 0x83, 0xf0, 0x31, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x52, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4b, 0x88, 0x05 }, + { 0x83, 0xf0, 0x72, 0x88, 0x05 }, + { 0x83, 0xf0, 0x78, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x71, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4c, 0x88, 0x05 }, + { 0x83, 0xf0, 0x69, 0x88, 0x05 }, + { 0x83, 0xf0, 0x65, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6c, 0x88, 0x05 }, + { 0x83, 0xf0, 0x73, 0x88, 0x05 }, + { 0x83, 0xf0, 0x76, 0x88, 0x05 }, + { 0x83, 0xf0, 0x61, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x55, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x79, 0x88, 0x05 }, + { 0x83, 0xf0, 0x72, 0x88, 0x05 }, + { 0x83, 0xf0, 0x67, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x43, 0x88, 0x05 }, + { 0x83, 0xf0, 0x36, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x79, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x59, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x76, 0x88, 0x05 }, + { 0x83, 0xf0, 0x5a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x45, 0x88, 0x05 }, + { 0x83, 0xf0, 0x52, 0x88, 0x05 }, + { 0x83, 0xf0, 0x33, 0x88, 0x05 }, + { 0x83, 0xf0, 0x68, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x46, 0x88, 0x05 }, + { 0x83, 0xf0, 0x45, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4c, 0x88, 0x05 }, + { 0x83, 0xf0, 0x31, 0x88, 0x05 }, + { 0x83, 0xf0, 0x65, 0x88, 0x05 }, + { 0x83, 0xf0, 0x51, 0x88, 0x05 }, + { 0x83, 0xf0, 0x62, 0x88, 0x05 }, + { 0x83, 0xf0, 0x43, 0x88, 0x05 }, + { 0x83, 0xf0, 0x79, 0x88, 0x05 }, + { 0x83, 0xf0, 0x54, 0x88, 0x05 }, + { 0x83, 0xf0, 0x66, 0x88, 0x05 }, + { 0x83, 0xf0, 0x44, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x59, 0x88, 0x05 }, + { 0x83, 0xf0, 0x79, 0x88, 0x05 }, + { 0x83, 0xf0, 0x51, 0x88, 0x05 }, + { 0x83, 0xf0, 0x31, 0x88, 0x05 }, + { 0x83, 0xf0, 0x57, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x34, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x31, 0x88, 0x05 }, + { 0x83, 0xf0, 0x32, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6c, 0x88, 0x05 }, + { 0x83, 0xf0, 0x78, 0x88, 0x05 }, + { 0x83, 0xf0, 0x66, 0x88, 0x05 }, + { 0x83, 0xf0, 0x30, 0x88, 0x05 }, + { 0x83, 0xf0, 0x77, 0x88, 0x05 }, + { 0x83, 0xf0, 0x56, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x52, 0x88, 0x05 }, + { 0x83, 0xf0, 0x35, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x63, 0x88, 0x05 }, + { 0x83, 0xf0, 0x47, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x37, 0x88, 0x05 }, + { 0x83, 0xf0, 0x58, 0x88, 0x05 }, + { 0x83, 0xf0, 0x43, 0x88, 0x05 }, + { 0x83, 0xf0, 0x58, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x52, 0x88, 0x05 }, + { 0x83, 0xf0, 0x48, 0x88, 0x05 }, + { 0x83, 0xf0, 0x4f, 0x88, 0x05 }, + { 0x83, 0xf0, 0x46, 0x88, 0x05 }, + { 0x83, 0xf0, 0x48, 0x88, 0x05 }, + { 0x83, 0xf0, 0x53, 0x88, 0x05 }, + { 0x83, 0xf0, 0x66, 0x88, 0x05 }, + { 0x83, 0xf0, 0x31, 0x88, 0x05 }, + { 0x83, 0xf0, 0x67, 0x88, 0x05 }, + { 0x83, 0xf0, 0x7a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x58, 0x88, 0x05 }, + { 0x83, 0xf0, 0x57, 0x88, 0x05 }, + { 0x83, 0xf0, 0x61, 0x88, 0x05 }, + { 0x83, 0xf0, 0x62, 0x88, 0x05 }, + { 0x83, 0xf0, 0x52, 0x88, 0x05 }, + { 0x83, 0xf0, 0x53, 0x88, 0x05 }, + { 0x83, 0xf0, 0x76, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6d, 0x88, 0x05 }, + { 0x83, 0xf0, 0x74, 0x88, 0x05 }, + { 0x83, 0xf0, 0x31, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6e, 0x88, 0x05 }, + { 0x83, 0xf0, 0x72, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6c, 0x88, 0x05 }, + { 0x83, 0xf0, 0x37, 0x88, 0x05 }, + { 0x83, 0xf0, 0x73, 0x88, 0x05 }, + { 0x83, 0xf0, 0x57, 0x88, 0x05 }, + { 0x83, 0xf0, 0x36, 0x88, 0x05 }, + { 0x83, 0xf0, 0x63, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x78, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6c, 0x88, 0x05 }, + { 0x83, 0xf0, 0x6a, 0x88, 0x05 }, + { 0x83, 0xf0, 0x75, 0x88, 0x05 }, + { 0x83, 0xf0, 0x75, 0x88, 0x05 }, + { 0x83, 0xf0, 0x51, 0x88, 0x05 }, + { 0x83, 0xf0, 0x61, 0x88, 0x05 }, + { 0x83, 0xf0, 0x77, 0x88, 0x05 }, + { 0x83, 0xf0, 0x49, 0x88, 0x05 }, + { 0x83, 0xf0, 0x44, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x51, 0x88, 0x05 }, + { 0x83, 0xf0, 0x41, 0x88, 0x05 }, + { 0x83, 0xf0, 0x42, 0x88, 0x05 } + }; + + [[nodiscard]] + bool PatchSolution2::FindPatchOffset() noexcept { + try { + auto SectionHeader_text = _Image.ImageSectionHeaderByName(".text"); + auto SectionView_text = _Image.ImageSectionView(SectionHeader_text); + const uint8_t* lpPatch[_countof(_PatchOffset)] = {}; + + std::vector Hints; + DWORD PossibleRangeStart = 0xffffffff; + DWORD PossibleRangeEnd; + + for (DWORD i = 0; i < SectionHeader_text->SizeOfRawData; ++i) { + if (memcmp(SectionView_text + i, Keyword[0], sizeof(Keyword[0])) == 0) { + size_t RRip = i + sizeof(Keyword[0]) + sizeof(uint32_t); + size_t RRipOffset = *reinterpret_cast(SectionView_text + i + sizeof(Keyword[0])); + + Hints.emplace_back(RRip + RRipOffset); + + if (i < PossibleRangeStart) { + PossibleRangeStart = i; + } + } + } + + PossibleRangeStart -= 0x1000; + PossibleRangeEnd = PossibleRangeStart + 0x100000; + + // Keywords[0] should occur 9 times. + // Because there's only 9 'M' chars in `KeywordMeta`. + if (Hints.size() != 9) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Hints.size() != 9")); + } + + std::sort(Hints.begin(), Hints.end()); + + // assert + // if not satisfied, refuse to patch + if (Hints.back() - Hints.front() != 0x18360F8F8 - 0x18360F7D0) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Hints.back() - Hints.front() != 0x18360F8F8 - 0x18360F7D0")); + } + + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + for (DWORD j = PossibleRangeStart; j < PossibleRangeEnd; ++j) { + if (memcmp(SectionView_text + j, Keyword[i], sizeof(Keyword[i])) == 0) { + size_t RRip = j + sizeof(Keyword[i]) + sizeof(uint32_t); + size_t RRipOffset = *reinterpret_cast(SectionView_text + j + sizeof(Keyword[i])); + size_t Index = RRip + RRipOffset - Hints.front(); + + if (Index == i) { + lpPatch[i] = SectionView_text + j; + } + } + } + + // if not found, refuse to patch + if (lpPatch[i] == nullptr) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("A patch point is missing.")); + } + } + + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + _PatchOffset[i] = _Image.PointerToFileOffset(lpPatch[i]); + } + + LOG_SUCCESS(0, "PatchSolution2 ...... Ready to apply"); + for (size_t i = 0; i < _countof(_PatchOffset); i += 4) { + static_assert(sizeof(_countof(_PatchOffset)) % 4 == 0); + LOG_HINT(4, "Patch offset[%zu ... %zu] = 0x%.8zx, 0x%.8zx, 0x%.8zx, 0x%.8zx", i, i + 3, _PatchOffset[i], _PatchOffset[i + 1], _PatchOffset[i + 2], _PatchOffset[i + 3]); + } + + return true; + } catch (nkg::Exception&) { + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + _PatchOffset[i] = InvalidOffset; + } + + LOG_FAILURE(0, "PatchSolution2 ...... Omitted"); + + return false; + } + } +} + diff --git a/navicat-patcher/PatchSolution2-generic.cpp b/navicat-patcher/PatchSolution2-generic.cpp new file mode 100644 index 0000000..1cbb385 --- /dev/null +++ b/navicat-patcher/PatchSolution2-generic.cpp @@ -0,0 +1,92 @@ +#include "PatchSolutions.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution2-generic.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + const char PatchSolution2::KeywordMeta[0x188 + 1] = + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I" + "qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv" + "a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF" + "R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2" + "WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt" + "YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ" + "awIDAQAB"; + + [[nodiscard]] + bool PatchSolution2::CheckKey(const RSACipher& Cipher) const noexcept { + auto szPublicKey = Cipher.ExportKeyString(); + + for (auto pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----BEGIN PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("-----END PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----END PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----END PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("\n"); pos != std::string::npos; pos = szPublicKey.find("\n", pos)) { + szPublicKey.erase(pos, literal_length("\n")); + } + + return szPublicKey.length() == literal_length(KeywordMeta); + } + + void PatchSolution2::MakePatch(const RSACipher& Cipher) const { + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + if (_PatchOffset[i] == InvalidOffset) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PatchSolution2 has not been ready yet.")); + } + } + + auto pbImage = _Image.ImageBase(); + auto szPublicKey = Cipher.ExportKeyString(); + + for (auto pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----BEGIN PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("-----END PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----END PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----END PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("\n"); pos != std::string::npos; pos = szPublicKey.find("\n", pos)) { + szPublicKey.erase(pos, literal_length("\n")); + } + + if (szPublicKey.length() != literal_length(KeywordMeta)) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("szPublicKey.length() != literal_length(KeywordMeta)")); + } + + _putts(TEXT("*******************************************************")); + _putts(TEXT("* PatchSolution2 *")); + _putts(TEXT("*******************************************************")); + + for (size_t i = 0; i < _countof(_PatchOffset); i += 2) { + static_assert(_countof(_PatchOffset) % 2 == 0); + LOG_HINT(0, "+0x%.8zx: %.2x %.2x %.2x -> %.2x %.2x %.2x | +0x%.8zx: %.2x %.2x %.2x -> %.2x %.2x %.2x", + _PatchOffset[i], + pbImage[_PatchOffset[i]], + pbImage[_PatchOffset[i] + 1], + pbImage[_PatchOffset[i] + 2], + pbImage[_PatchOffset[i]], + pbImage[_PatchOffset[i] + 1], + szPublicKey[i], + _PatchOffset[i + 1], + pbImage[_PatchOffset[i + 1]], + pbImage[_PatchOffset[i + 1] + 1], + pbImage[_PatchOffset[i + 1] + 2], + pbImage[_PatchOffset[i + 1]], + pbImage[_PatchOffset[i + 1] + 1], + szPublicKey[i + 1] + ); + + pbImage[_PatchOffset[i] + 2] = szPublicKey[i]; + pbImage[_PatchOffset[i + 1] + 2] = szPublicKey[i + 1]; + } + } +} + diff --git a/navicat-patcher/PatchSolution2-i386.cpp b/navicat-patcher/PatchSolution2-i386.cpp new file mode 100644 index 0000000..82a6cfd --- /dev/null +++ b/navicat-patcher/PatchSolution2-i386.cpp @@ -0,0 +1,517 @@ +#include "PatchSolutions.hpp" +#include +#include + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution2-i386.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + /* + Keyword[0x188][5] is generated by the following python script: + +-----Begin Python3 Script----- +meta = \ + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1dqF3SkCaAAmMzs889I" \ + "qdW9M2dIdh3jG9yPcmLnmJiGpBF4E9VHSMGe8oPAy2kJDmdNt4BcEygvssEfginv" \ + "a5t5jm352UAoDosUJkTXGQhpAWMF4fBmBpO3EedG62rOsqMBgmSdAyxCSPBRJIOF" \ + "R0QgZFbRnU0frj34fiVmgYiLuZSAmIbs8ZxiHPdp1oD4tUpvsFci4QJtYNjNnGU2" \ + "WPH6rvChGl1IRKrxMtqLielsvajUjyrgOC6NmymYMvZNER3htFEtL1eQbCyTfDmt" \ + "YyQ1Wt4Ot12lxf0wVIR5mcGN7XCXJRHOFHSf1gzXWabRSvmt1nrl7sW6cjxljuuQ" \ + "awIDAQAB" + +print('const uint8_t PatchSolution2::Keywords[0x188][5] = {') +for i in range(0, len(meta)): + if i % 3 == 0: + i1 = '0x83, 0xf2, 0x%.2x' % ord(meta[i]) # asm('xor edx, meta[i]') + i2 = '0x88, 0x15' # asm_prefix('mov byte ptr ds:xxxxxxxx, dl') + elif i % 3 == 1: + i1 = '0x83, 0xf0, 0x%.2x' % ord(meta[i]) # asm('xor eax, meta[i]') + i2 = '0xa2' # asm_prefix('mov byte ptr ds:xxxxxxxx, al') + else: + i1 = '0x83, 0xf1, 0x%.2x' % ord(meta[i]) # asm('xor ecx, meta[i]') + i2 = '0x88, 0x0d' # asm_prefix('mov byte ptr ds:xxxxxxxx, cl') + print(' { %s, %s }' % (i1, i2), end=',\n' if i != len(meta) - 1 else '\n') +print('};') +-----End Python3 Script----- + + */ + const uint8_t PatchSolution2::Keyword[0x188][5] = { + { 0x83, 0xf2, 0x4d, 0x88, 0x15 }, + { 0x83, 0xf0, 0x49, 0xa2 }, + { 0x83, 0xf1, 0x49, 0x88, 0x0d }, + { 0x83, 0xf2, 0x42, 0x88, 0x15 }, + { 0x83, 0xf0, 0x49, 0xa2 }, + { 0x83, 0xf1, 0x6a, 0x88, 0x0d }, + { 0x83, 0xf2, 0x41, 0x88, 0x15 }, + { 0x83, 0xf0, 0x4e, 0xa2 }, + { 0x83, 0xf1, 0x42, 0x88, 0x0d }, + { 0x83, 0xf2, 0x67, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6b, 0xa2 }, + { 0x83, 0xf1, 0x71, 0x88, 0x0d }, + { 0x83, 0xf2, 0x68, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6b, 0xa2 }, + { 0x83, 0xf1, 0x69, 0x88, 0x0d }, + { 0x83, 0xf2, 0x47, 0x88, 0x15 }, + { 0x83, 0xf0, 0x39, 0xa2 }, + { 0x83, 0xf1, 0x77, 0x88, 0x0d }, + { 0x83, 0xf2, 0x30, 0x88, 0x15 }, + { 0x83, 0xf0, 0x42, 0xa2 }, + { 0x83, 0xf1, 0x41, 0x88, 0x0d }, + { 0x83, 0xf2, 0x51, 0x88, 0x15 }, + { 0x83, 0xf0, 0x45, 0xa2 }, + { 0x83, 0xf1, 0x46, 0x88, 0x0d }, + { 0x83, 0xf2, 0x41, 0x88, 0x15 }, + { 0x83, 0xf0, 0x41, 0xa2 }, + { 0x83, 0xf1, 0x4f, 0x88, 0x0d }, + { 0x83, 0xf2, 0x43, 0x88, 0x15 }, + { 0x83, 0xf0, 0x41, 0xa2 }, + { 0x83, 0xf1, 0x51, 0x88, 0x0d }, + { 0x83, 0xf2, 0x38, 0x88, 0x15 }, + { 0x83, 0xf0, 0x41, 0xa2 }, + { 0x83, 0xf1, 0x4d, 0x88, 0x0d }, + { 0x83, 0xf2, 0x49, 0x88, 0x15 }, + { 0x83, 0xf0, 0x49, 0xa2 }, + { 0x83, 0xf1, 0x42, 0x88, 0x0d }, + { 0x83, 0xf2, 0x43, 0x88, 0x15 }, + { 0x83, 0xf0, 0x67, 0xa2 }, + { 0x83, 0xf1, 0x4b, 0x88, 0x0d }, + { 0x83, 0xf2, 0x43, 0x88, 0x15 }, + { 0x83, 0xf0, 0x41, 0xa2 }, + { 0x83, 0xf1, 0x51, 0x88, 0x0d }, + { 0x83, 0xf2, 0x45, 0x88, 0x15 }, + { 0x83, 0xf0, 0x41, 0xa2 }, + { 0x83, 0xf1, 0x77, 0x88, 0x0d }, + { 0x83, 0xf2, 0x31, 0x88, 0x15 }, + { 0x83, 0xf0, 0x64, 0xa2 }, + { 0x83, 0xf1, 0x71, 0x88, 0x0d }, + { 0x83, 0xf2, 0x46, 0x88, 0x15 }, + { 0x83, 0xf0, 0x33, 0xa2 }, + { 0x83, 0xf1, 0x53, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6b, 0x88, 0x15 }, + { 0x83, 0xf0, 0x43, 0xa2 }, + { 0x83, 0xf1, 0x61, 0x88, 0x0d }, + { 0x83, 0xf2, 0x41, 0x88, 0x15 }, + { 0x83, 0xf0, 0x41, 0xa2 }, + { 0x83, 0xf1, 0x6d, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4d, 0x88, 0x15 }, + { 0x83, 0xf0, 0x7a, 0xa2 }, + { 0x83, 0xf1, 0x73, 0x88, 0x0d }, + { 0x83, 0xf2, 0x38, 0x88, 0x15 }, + { 0x83, 0xf0, 0x38, 0xa2 }, + { 0x83, 0xf1, 0x39, 0x88, 0x0d }, + { 0x83, 0xf2, 0x49, 0x88, 0x15 }, + { 0x83, 0xf0, 0x71, 0xa2 }, + { 0x83, 0xf1, 0x64, 0x88, 0x0d }, + { 0x83, 0xf2, 0x57, 0x88, 0x15 }, + { 0x83, 0xf0, 0x39, 0xa2 }, + { 0x83, 0xf1, 0x4d, 0x88, 0x0d }, + { 0x83, 0xf2, 0x32, 0x88, 0x15 }, + { 0x83, 0xf0, 0x64, 0xa2 }, + { 0x83, 0xf1, 0x49, 0x88, 0x0d }, + { 0x83, 0xf2, 0x64, 0x88, 0x15 }, + { 0x83, 0xf0, 0x68, 0xa2 }, + { 0x83, 0xf1, 0x33, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6a, 0x88, 0x15 }, + { 0x83, 0xf0, 0x47, 0xa2 }, + { 0x83, 0xf1, 0x39, 0x88, 0x0d }, + { 0x83, 0xf2, 0x79, 0x88, 0x15 }, + { 0x83, 0xf0, 0x50, 0xa2 }, + { 0x83, 0xf1, 0x63, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6d, 0x88, 0x15 }, + { 0x83, 0xf0, 0x4c, 0xa2 }, + { 0x83, 0xf1, 0x6e, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6d, 0x88, 0x15 }, + { 0x83, 0xf0, 0x4a, 0xa2 }, + { 0x83, 0xf1, 0x69, 0x88, 0x0d }, + { 0x83, 0xf2, 0x47, 0x88, 0x15 }, + { 0x83, 0xf0, 0x70, 0xa2 }, + { 0x83, 0xf1, 0x42, 0x88, 0x0d }, + { 0x83, 0xf2, 0x46, 0x88, 0x15 }, + { 0x83, 0xf0, 0x34, 0xa2 }, + { 0x83, 0xf1, 0x45, 0x88, 0x0d }, + { 0x83, 0xf2, 0x39, 0x88, 0x15 }, + { 0x83, 0xf0, 0x56, 0xa2 }, + { 0x83, 0xf1, 0x48, 0x88, 0x0d }, + { 0x83, 0xf2, 0x53, 0x88, 0x15 }, + { 0x83, 0xf0, 0x4d, 0xa2 }, + { 0x83, 0xf1, 0x47, 0x88, 0x0d }, + { 0x83, 0xf2, 0x65, 0x88, 0x15 }, + { 0x83, 0xf0, 0x38, 0xa2 }, + { 0x83, 0xf1, 0x6f, 0x88, 0x0d }, + { 0x83, 0xf2, 0x50, 0x88, 0x15 }, + { 0x83, 0xf0, 0x41, 0xa2 }, + { 0x83, 0xf1, 0x79, 0x88, 0x0d }, + { 0x83, 0xf2, 0x32, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6b, 0xa2 }, + { 0x83, 0xf1, 0x4a, 0x88, 0x0d }, + { 0x83, 0xf2, 0x44, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6d, 0xa2 }, + { 0x83, 0xf1, 0x64, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4e, 0x88, 0x15 }, + { 0x83, 0xf0, 0x74, 0xa2 }, + { 0x83, 0xf1, 0x34, 0x88, 0x0d }, + { 0x83, 0xf2, 0x42, 0x88, 0x15 }, + { 0x83, 0xf0, 0x63, 0xa2 }, + { 0x83, 0xf1, 0x45, 0x88, 0x0d }, + { 0x83, 0xf2, 0x79, 0x88, 0x15 }, + { 0x83, 0xf0, 0x67, 0xa2 }, + { 0x83, 0xf1, 0x76, 0x88, 0x0d }, + { 0x83, 0xf2, 0x73, 0x88, 0x15 }, + { 0x83, 0xf0, 0x73, 0xa2 }, + { 0x83, 0xf1, 0x45, 0x88, 0x0d }, + { 0x83, 0xf2, 0x66, 0x88, 0x15 }, + { 0x83, 0xf0, 0x67, 0xa2 }, + { 0x83, 0xf1, 0x69, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6e, 0x88, 0x15 }, + { 0x83, 0xf0, 0x76, 0xa2 }, + { 0x83, 0xf1, 0x61, 0x88, 0x0d }, + { 0x83, 0xf2, 0x35, 0x88, 0x15 }, + { 0x83, 0xf0, 0x74, 0xa2 }, + { 0x83, 0xf1, 0x35, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6a, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6d, 0xa2 }, + { 0x83, 0xf1, 0x33, 0x88, 0x0d }, + { 0x83, 0xf2, 0x35, 0x88, 0x15 }, + { 0x83, 0xf0, 0x32, 0xa2 }, + { 0x83, 0xf1, 0x55, 0x88, 0x0d }, + { 0x83, 0xf2, 0x41, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6f, 0xa2 }, + { 0x83, 0xf1, 0x44, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6f, 0x88, 0x15 }, + { 0x83, 0xf0, 0x73, 0xa2 }, + { 0x83, 0xf1, 0x55, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4a, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6b, 0xa2 }, + { 0x83, 0xf1, 0x54, 0x88, 0x0d }, + { 0x83, 0xf2, 0x58, 0x88, 0x15 }, + { 0x83, 0xf0, 0x47, 0xa2 }, + { 0x83, 0xf1, 0x51, 0x88, 0x0d }, + { 0x83, 0xf2, 0x68, 0x88, 0x15 }, + { 0x83, 0xf0, 0x70, 0xa2 }, + { 0x83, 0xf1, 0x41, 0x88, 0x0d }, + { 0x83, 0xf2, 0x57, 0x88, 0x15 }, + { 0x83, 0xf0, 0x4d, 0xa2 }, + { 0x83, 0xf1, 0x46, 0x88, 0x0d }, + { 0x83, 0xf2, 0x34, 0x88, 0x15 }, + { 0x83, 0xf0, 0x66, 0xa2 }, + { 0x83, 0xf1, 0x42, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6d, 0x88, 0x15 }, + { 0x83, 0xf0, 0x42, 0xa2 }, + { 0x83, 0xf1, 0x70, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4f, 0x88, 0x15 }, + { 0x83, 0xf0, 0x33, 0xa2 }, + { 0x83, 0xf1, 0x45, 0x88, 0x0d }, + { 0x83, 0xf2, 0x65, 0x88, 0x15 }, + { 0x83, 0xf0, 0x64, 0xa2 }, + { 0x83, 0xf1, 0x47, 0x88, 0x0d }, + { 0x83, 0xf2, 0x36, 0x88, 0x15 }, + { 0x83, 0xf0, 0x32, 0xa2 }, + { 0x83, 0xf1, 0x72, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4f, 0x88, 0x15 }, + { 0x83, 0xf0, 0x73, 0xa2 }, + { 0x83, 0xf1, 0x71, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4d, 0x88, 0x15 }, + { 0x83, 0xf0, 0x42, 0xa2 }, + { 0x83, 0xf1, 0x67, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6d, 0x88, 0x15 }, + { 0x83, 0xf0, 0x53, 0xa2 }, + { 0x83, 0xf1, 0x64, 0x88, 0x0d }, + { 0x83, 0xf2, 0x41, 0x88, 0x15 }, + { 0x83, 0xf0, 0x79, 0xa2 }, + { 0x83, 0xf1, 0x78, 0x88, 0x0d }, + { 0x83, 0xf2, 0x43, 0x88, 0x15 }, + { 0x83, 0xf0, 0x53, 0xa2 }, + { 0x83, 0xf1, 0x50, 0x88, 0x0d }, + { 0x83, 0xf2, 0x42, 0x88, 0x15 }, + { 0x83, 0xf0, 0x52, 0xa2 }, + { 0x83, 0xf1, 0x4a, 0x88, 0x0d }, + { 0x83, 0xf2, 0x49, 0x88, 0x15 }, + { 0x83, 0xf0, 0x4f, 0xa2 }, + { 0x83, 0xf1, 0x46, 0x88, 0x0d }, + { 0x83, 0xf2, 0x52, 0x88, 0x15 }, + { 0x83, 0xf0, 0x30, 0xa2 }, + { 0x83, 0xf1, 0x51, 0x88, 0x0d }, + { 0x83, 0xf2, 0x67, 0x88, 0x15 }, + { 0x83, 0xf0, 0x5a, 0xa2 }, + { 0x83, 0xf1, 0x46, 0x88, 0x0d }, + { 0x83, 0xf2, 0x62, 0x88, 0x15 }, + { 0x83, 0xf0, 0x52, 0xa2 }, + { 0x83, 0xf1, 0x6e, 0x88, 0x0d }, + { 0x83, 0xf2, 0x55, 0x88, 0x15 }, + { 0x83, 0xf0, 0x30, 0xa2 }, + { 0x83, 0xf1, 0x66, 0x88, 0x0d }, + { 0x83, 0xf2, 0x72, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6a, 0xa2 }, + { 0x83, 0xf1, 0x33, 0x88, 0x0d }, + { 0x83, 0xf2, 0x34, 0x88, 0x15 }, + { 0x83, 0xf0, 0x66, 0xa2 }, + { 0x83, 0xf1, 0x69, 0x88, 0x0d }, + { 0x83, 0xf2, 0x56, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6d, 0xa2 }, + { 0x83, 0xf1, 0x67, 0x88, 0x0d }, + { 0x83, 0xf2, 0x59, 0x88, 0x15 }, + { 0x83, 0xf0, 0x69, 0xa2 }, + { 0x83, 0xf1, 0x4c, 0x88, 0x0d }, + { 0x83, 0xf2, 0x75, 0x88, 0x15 }, + { 0x83, 0xf0, 0x5a, 0xa2 }, + { 0x83, 0xf1, 0x53, 0x88, 0x0d }, + { 0x83, 0xf2, 0x41, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6d, 0xa2 }, + { 0x83, 0xf1, 0x49, 0x88, 0x0d }, + { 0x83, 0xf2, 0x62, 0x88, 0x15 }, + { 0x83, 0xf0, 0x73, 0xa2 }, + { 0x83, 0xf1, 0x38, 0x88, 0x0d }, + { 0x83, 0xf2, 0x5a, 0x88, 0x15 }, + { 0x83, 0xf0, 0x78, 0xa2 }, + { 0x83, 0xf1, 0x69, 0x88, 0x0d }, + { 0x83, 0xf2, 0x48, 0x88, 0x15 }, + { 0x83, 0xf0, 0x50, 0xa2 }, + { 0x83, 0xf1, 0x64, 0x88, 0x0d }, + { 0x83, 0xf2, 0x70, 0x88, 0x15 }, + { 0x83, 0xf0, 0x31, 0xa2 }, + { 0x83, 0xf1, 0x6f, 0x88, 0x0d }, + { 0x83, 0xf2, 0x44, 0x88, 0x15 }, + { 0x83, 0xf0, 0x34, 0xa2 }, + { 0x83, 0xf1, 0x74, 0x88, 0x0d }, + { 0x83, 0xf2, 0x55, 0x88, 0x15 }, + { 0x83, 0xf0, 0x70, 0xa2 }, + { 0x83, 0xf1, 0x76, 0x88, 0x0d }, + { 0x83, 0xf2, 0x73, 0x88, 0x15 }, + { 0x83, 0xf0, 0x46, 0xa2 }, + { 0x83, 0xf1, 0x63, 0x88, 0x0d }, + { 0x83, 0xf2, 0x69, 0x88, 0x15 }, + { 0x83, 0xf0, 0x34, 0xa2 }, + { 0x83, 0xf1, 0x51, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4a, 0x88, 0x15 }, + { 0x83, 0xf0, 0x74, 0xa2 }, + { 0x83, 0xf1, 0x59, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4e, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6a, 0xa2 }, + { 0x83, 0xf1, 0x4e, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6e, 0x88, 0x15 }, + { 0x83, 0xf0, 0x47, 0xa2 }, + { 0x83, 0xf1, 0x55, 0x88, 0x0d }, + { 0x83, 0xf2, 0x32, 0x88, 0x15 }, + { 0x83, 0xf0, 0x57, 0xa2 }, + { 0x83, 0xf1, 0x50, 0x88, 0x0d }, + { 0x83, 0xf2, 0x48, 0x88, 0x15 }, + { 0x83, 0xf0, 0x36, 0xa2 }, + { 0x83, 0xf1, 0x72, 0x88, 0x0d }, + { 0x83, 0xf2, 0x76, 0x88, 0x15 }, + { 0x83, 0xf0, 0x43, 0xa2 }, + { 0x83, 0xf1, 0x68, 0x88, 0x0d }, + { 0x83, 0xf2, 0x47, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6c, 0xa2 }, + { 0x83, 0xf1, 0x31, 0x88, 0x0d }, + { 0x83, 0xf2, 0x49, 0x88, 0x15 }, + { 0x83, 0xf0, 0x52, 0xa2 }, + { 0x83, 0xf1, 0x4b, 0x88, 0x0d }, + { 0x83, 0xf2, 0x72, 0x88, 0x15 }, + { 0x83, 0xf0, 0x78, 0xa2 }, + { 0x83, 0xf1, 0x4d, 0x88, 0x0d }, + { 0x83, 0xf2, 0x74, 0x88, 0x15 }, + { 0x83, 0xf0, 0x71, 0xa2 }, + { 0x83, 0xf1, 0x4c, 0x88, 0x0d }, + { 0x83, 0xf2, 0x69, 0x88, 0x15 }, + { 0x83, 0xf0, 0x65, 0xa2 }, + { 0x83, 0xf1, 0x6c, 0x88, 0x0d }, + { 0x83, 0xf2, 0x73, 0x88, 0x15 }, + { 0x83, 0xf0, 0x76, 0xa2 }, + { 0x83, 0xf1, 0x61, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6a, 0x88, 0x15 }, + { 0x83, 0xf0, 0x55, 0xa2 }, + { 0x83, 0xf1, 0x6a, 0x88, 0x0d }, + { 0x83, 0xf2, 0x79, 0x88, 0x15 }, + { 0x83, 0xf0, 0x72, 0xa2 }, + { 0x83, 0xf1, 0x67, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4f, 0x88, 0x15 }, + { 0x83, 0xf0, 0x43, 0xa2 }, + { 0x83, 0xf1, 0x36, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4e, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6d, 0xa2 }, + { 0x83, 0xf1, 0x79, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6d, 0x88, 0x15 }, + { 0x83, 0xf0, 0x59, 0xa2 }, + { 0x83, 0xf1, 0x4d, 0x88, 0x0d }, + { 0x83, 0xf2, 0x76, 0x88, 0x15 }, + { 0x83, 0xf0, 0x5a, 0xa2 }, + { 0x83, 0xf1, 0x4e, 0x88, 0x0d }, + { 0x83, 0xf2, 0x45, 0x88, 0x15 }, + { 0x83, 0xf0, 0x52, 0xa2 }, + { 0x83, 0xf1, 0x33, 0x88, 0x0d }, + { 0x83, 0xf2, 0x68, 0x88, 0x15 }, + { 0x83, 0xf0, 0x74, 0xa2 }, + { 0x83, 0xf1, 0x46, 0x88, 0x0d }, + { 0x83, 0xf2, 0x45, 0x88, 0x15 }, + { 0x83, 0xf0, 0x74, 0xa2 }, + { 0x83, 0xf1, 0x4c, 0x88, 0x0d }, + { 0x83, 0xf2, 0x31, 0x88, 0x15 }, + { 0x83, 0xf0, 0x65, 0xa2 }, + { 0x83, 0xf1, 0x51, 0x88, 0x0d }, + { 0x83, 0xf2, 0x62, 0x88, 0x15 }, + { 0x83, 0xf0, 0x43, 0xa2 }, + { 0x83, 0xf1, 0x79, 0x88, 0x0d }, + { 0x83, 0xf2, 0x54, 0x88, 0x15 }, + { 0x83, 0xf0, 0x66, 0xa2 }, + { 0x83, 0xf1, 0x44, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6d, 0x88, 0x15 }, + { 0x83, 0xf0, 0x74, 0xa2 }, + { 0x83, 0xf1, 0x59, 0x88, 0x0d }, + { 0x83, 0xf2, 0x79, 0x88, 0x15 }, + { 0x83, 0xf0, 0x51, 0xa2 }, + { 0x83, 0xf1, 0x31, 0x88, 0x0d }, + { 0x83, 0xf2, 0x57, 0x88, 0x15 }, + { 0x83, 0xf0, 0x74, 0xa2 }, + { 0x83, 0xf1, 0x34, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4f, 0x88, 0x15 }, + { 0x83, 0xf0, 0x74, 0xa2 }, + { 0x83, 0xf1, 0x31, 0x88, 0x0d }, + { 0x83, 0xf2, 0x32, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6c, 0xa2 }, + { 0x83, 0xf1, 0x78, 0x88, 0x0d }, + { 0x83, 0xf2, 0x66, 0x88, 0x15 }, + { 0x83, 0xf0, 0x30, 0xa2 }, + { 0x83, 0xf1, 0x77, 0x88, 0x0d }, + { 0x83, 0xf2, 0x56, 0x88, 0x15 }, + { 0x83, 0xf0, 0x49, 0xa2 }, + { 0x83, 0xf1, 0x52, 0x88, 0x0d }, + { 0x83, 0xf2, 0x35, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6d, 0xa2 }, + { 0x83, 0xf1, 0x63, 0x88, 0x0d }, + { 0x83, 0xf2, 0x47, 0x88, 0x15 }, + { 0x83, 0xf0, 0x4e, 0xa2 }, + { 0x83, 0xf1, 0x37, 0x88, 0x0d }, + { 0x83, 0xf2, 0x58, 0x88, 0x15 }, + { 0x83, 0xf0, 0x43, 0xa2 }, + { 0x83, 0xf1, 0x58, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4a, 0x88, 0x15 }, + { 0x83, 0xf0, 0x52, 0xa2 }, + { 0x83, 0xf1, 0x48, 0x88, 0x0d }, + { 0x83, 0xf2, 0x4f, 0x88, 0x15 }, + { 0x83, 0xf0, 0x46, 0xa2 }, + { 0x83, 0xf1, 0x48, 0x88, 0x0d }, + { 0x83, 0xf2, 0x53, 0x88, 0x15 }, + { 0x83, 0xf0, 0x66, 0xa2 }, + { 0x83, 0xf1, 0x31, 0x88, 0x0d }, + { 0x83, 0xf2, 0x67, 0x88, 0x15 }, + { 0x83, 0xf0, 0x7a, 0xa2 }, + { 0x83, 0xf1, 0x58, 0x88, 0x0d }, + { 0x83, 0xf2, 0x57, 0x88, 0x15 }, + { 0x83, 0xf0, 0x61, 0xa2 }, + { 0x83, 0xf1, 0x62, 0x88, 0x0d }, + { 0x83, 0xf2, 0x52, 0x88, 0x15 }, + { 0x83, 0xf0, 0x53, 0xa2 }, + { 0x83, 0xf1, 0x76, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6d, 0x88, 0x15 }, + { 0x83, 0xf0, 0x74, 0xa2 }, + { 0x83, 0xf1, 0x31, 0x88, 0x0d }, + { 0x83, 0xf2, 0x6e, 0x88, 0x15 }, + { 0x83, 0xf0, 0x72, 0xa2 }, + { 0x83, 0xf1, 0x6c, 0x88, 0x0d }, + { 0x83, 0xf2, 0x37, 0x88, 0x15 }, + { 0x83, 0xf0, 0x73, 0xa2 }, + { 0x83, 0xf1, 0x57, 0x88, 0x0d }, + { 0x83, 0xf2, 0x36, 0x88, 0x15 }, + { 0x83, 0xf0, 0x63, 0xa2 }, + { 0x83, 0xf1, 0x6a, 0x88, 0x0d }, + { 0x83, 0xf2, 0x78, 0x88, 0x15 }, + { 0x83, 0xf0, 0x6c, 0xa2 }, + { 0x83, 0xf1, 0x6a, 0x88, 0x0d }, + { 0x83, 0xf2, 0x75, 0x88, 0x15 }, + { 0x83, 0xf0, 0x75, 0xa2 }, + { 0x83, 0xf1, 0x51, 0x88, 0x0d }, + { 0x83, 0xf2, 0x61, 0x88, 0x15 }, + { 0x83, 0xf0, 0x77, 0xa2 }, + { 0x83, 0xf1, 0x49, 0x88, 0x0d }, + { 0x83, 0xf2, 0x44, 0x88, 0x15 }, + { 0x83, 0xf0, 0x41, 0xa2 }, + { 0x83, 0xf1, 0x51, 0x88, 0x0d }, + { 0x83, 0xf2, 0x41, 0x88, 0x15 }, + { 0x83, 0xf0, 0x42, 0xa2 } + }; + + [[nodiscard]] + bool PatchSolution2::FindPatchOffset() noexcept { + + try { + auto SectionHeader_text = _Image.ImageSectionHeaderByName(".text"); + auto SectionView_text = _Image.ImageSectionView(SectionHeader_text); + const uint8_t* lpPatch[_countof(_PatchOffset)] = {}; + + std::vector Hints; + DWORD PossibleRangeStart = 0xffffffff; + DWORD PossibleRangeEnd; + + for (DWORD i = 0; i < SectionHeader_text->SizeOfRawData; ++i) { + if (memcmp(SectionView_text + i, Keyword[0], sizeof(Keyword[0])) == 0) { + Hints.emplace_back( + *reinterpret_cast(SectionView_text + i + sizeof(Keyword[0])) + ); + + if (i < PossibleRangeStart) { + PossibleRangeStart = i; + } + } + } + + PossibleRangeStart -= 0x1000; + PossibleRangeEnd = PossibleRangeStart + 0x100000; + + // Keywords[0] should occur 3 times. + if (Hints.size() != 3) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Hints.size() != 3")); + } + + std::sort(Hints.begin(), Hints.end()); + + if (Hints.back() - Hints.front() != 0x127382BE - 0x12738210) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Hints.back() - Hints.front() != 0x127382BE - 0x12738210")); + } + + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + uint8_t CurrentKeyword[9]; + size_t CurrentKeywordSize = i % 3 == 1 ? 4 : 5; + + memcpy(CurrentKeyword, Keyword[i], CurrentKeywordSize); + *reinterpret_cast(CurrentKeyword + CurrentKeywordSize) = Hints[0] + i; + CurrentKeywordSize += sizeof(uint32_t); + + for (DWORD j = PossibleRangeStart; j < PossibleRangeEnd; ++j) { + if (memcmp(SectionView_text + j, CurrentKeyword, CurrentKeywordSize) == 0) { + lpPatch[i] = SectionView_text + j; + break; + } + } + + // if not found, refuse to patch + if (lpPatch[i] == nullptr) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("A patch point is missing.")); + } + } + + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + _PatchOffset[i] = _Image.PointerToFileOffset(lpPatch[i]); + } + + LOG_SUCCESS(0, "PatchSolution2 ...... Ready to apply"); + for (size_t i = 0; i < _countof(_PatchOffset); i += 4) { + static_assert(sizeof(_countof(_PatchOffset)) % 4 == 0); + LOG_HINT(4, "Patch offset[%zu ... %zu] = 0x%.8zx, 0x%.8zx, 0x%.8zx, 0x%.8zx", i, i + 3, _PatchOffset[i], _PatchOffset[i + 1], _PatchOffset[i + 2], _PatchOffset[i + 3]); + } + + return true; + } catch (nkg::Exception&) { + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + _PatchOffset[i] = InvalidOffset; + } + + LOG_FAILURE(0, "PatchSolution2 ...... Omitted"); + + return false; + } + } +} + diff --git a/navicat-patcher/PatchSolution3-amd64.cpp b/navicat-patcher/PatchSolution3-amd64.cpp new file mode 100644 index 0000000..6f3c182 --- /dev/null +++ b/navicat-patcher/PatchSolution3-amd64.cpp @@ -0,0 +1,231 @@ +#include "PatchSolutions.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution3-amd64.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + PatchSolution3::PatchSolution3(const ImageInterpreter& Image) : + _Image(Image), + _Engine(CS_ARCH_X86, CS_MODE_64), + _Patch{} + { + _Engine.Option(CS_OPT_DETAIL, CS_OPT_ON); + } + + PatchSolution3::PatchSolution3(const ImageInterpreter* lpImage) : + _Image(*lpImage), + _Engine(CS_ARCH_X86, CS_MODE_64), + _Patch{} + { + _Engine.Option(CS_OPT_DETAIL, CS_OPT_ON); + } + + [[nodiscard]] + bool PatchSolution3::CheckIfMatchPattern(const cs_insn* lpInsn) const noexcept { + // the instruction we're interested in has one of the following patterns: + // 1. mov PTR [MEM], IMM (IMM must consist of printable chars) // for IMM_DATA + // 2. lea REG, PTR [MEM] (MEM must point to a non-empty printable string) // for STRING_DATA + + if (_stricmp(lpInsn->mnemonic, "mov") == 0) { + if (lpInsn->detail->x86.operands[1].type != X86_OP_IMM) { + return false; + } + + auto pbImmValue = lpInsn->bytes + lpInsn->detail->x86.encoding.imm_offset; + auto cbImmValue = lpInsn->detail->x86.encoding.imm_size; + + return IsPrintable(pbImmValue, cbImmValue); + } else if (_stricmp(lpInsn->mnemonic, "lea") == 0) { + // as far as I know, all strings are loaded by "lea REG, QWORD PTR [RIP + disp]" + // so operands[1] must look like "[RIP + disp]" + if (lpInsn->detail->x86.operands[1].mem.base != X86_REG_RIP) { + return false; + } + + // scale must 1, otherwise pattern mismatches + if (lpInsn->detail->x86.operands[1].mem.scale != 1) { + return false; + } + + auto StringRva = static_cast( + lpInsn->address + lpInsn->size + // Next RIP + lpInsn->detail->x86.operands[1].mem.disp + ); + + try { + auto StringPtr = _Image.RvaToPointer(StringRva); + auto StringLength = strlen(StringPtr); + + // StringPtr must have at least one char + // every char in StringPtr must be printable, otherwise pattern mismatches + return StringLength && IsPrintable(StringPtr, StringLength); + } catch (nkg::Exception&) { + // If not found, pattern mismatches + return false; + } + } else { + return false; + } + } + + [[nodiscard]] + bool PatchSolution3::CheckIfFound(const cs_insn* lpInsn, size_t KeywordIdx) const noexcept { + // the instruction we're interested in has one of the following patterns: + // 1. mov PTR [MEM], IMM (IMM must consist of printable chars) // for IMM_DATA + // 2. lea REG, PTR [MEM] (MEM must point to a non-empty printable string) // for STRING_DATA + + auto& op_count = lpInsn->detail->x86.op_count; + auto& operands = lpInsn->detail->x86.operands; + + if (op_count != 2) { + return false; + } + + if (Keyword[KeywordIdx].Type == IMM_DATA && operands[1].type == X86_OP_IMM) { + static_assert(sizeof(operands[1].imm) == sizeof(Keyword[KeywordIdx].Value)); + return + operands[1].imm == *reinterpret_cast(Keyword[KeywordIdx].Value) && + lpInsn->detail->x86.encoding.imm_size == Keyword[KeywordIdx].Size; + } else if (Keyword[KeywordIdx].Type == STRING_DATA && operands[1].type == X86_OP_MEM) { + auto StringRva = static_cast( + lpInsn->address + lpInsn->size + // Next RIP + operands[1].mem.disp + ); + + try { + auto StringPtr = _Image.RvaToPointer(StringRva); + return + strncmp(StringPtr, reinterpret_cast(Keyword[KeywordIdx].Value), Keyword[KeywordIdx].Size) == 0 && + StringPtr[Keyword[KeywordIdx].Size] == '\x00'; + } catch (nkg::Exception&) { + return false; + } + } else { + return false; + } + } + + [[nodiscard]] + PatchSolution3::PatchInfo PatchSolution3::CreatePatchPoint(const void* lpOpcode, const cs_insn* lpInsn, size_t KeywordIdx) const noexcept { + PatchInfo NewPatch; + + NewPatch.OpcodeRva = lpInsn->address; + NewPatch.lpOpcode = const_cast(lpOpcode); + + if (lpInsn->detail->x86.operands[1].type == X86_OP_MEM) { + auto StringRva = static_cast( + lpInsn->address + lpInsn->size + // Next RIP + lpInsn->detail->x86.operands[1].mem.disp + ); + + NewPatch.lpOriginalString = _Image.RvaToPointer(StringRva); + + if (Keyword[KeywordIdx].NotRecommendedToModify) { + NewPatch.lpPatch = address_offset(NewPatch.lpOpcode, lpInsn->detail->x86.encoding.disp_offset); + NewPatch.cbPatch = lpInsn->detail->x86.encoding.disp_size; + } else { + NewPatch.lpPatch = reinterpret_cast(NewPatch.lpOriginalString); + NewPatch.cbPatch = Keyword[KeywordIdx].Size; + } + } else { // X86_OP_IMM + NewPatch.lpPatch = address_offset(NewPatch.lpOpcode, lpInsn->detail->x86.encoding.imm_offset); + NewPatch.cbPatch = lpInsn->detail->x86.encoding.imm_size; + NewPatch.lpOriginalString = nullptr; + } + + NewPatch.lpReplaceString = nullptr; + + return NewPatch; + } + + [[nodiscard]] + bool PatchSolution3::FindPatchOffset() noexcept { + try { + static const uint8_t HeaderOfTargetFunction[] = { + 0x40, 0x55, // push rbp + 0x48, 0x8D, 0xAC, 0x24, 0x70, 0xBC, 0xFF, 0xFF, // lea rbp, [rsp-4390h] + 0xB8, 0x90, 0x44, 0x00, 0x00 // mov eax, 4490h + }; + + PatchInfo Patch[_countof(_Patch)] = {}; + + const uint8_t* lpTargetFunction = nullptr; + auto lptargetFunctionHint = _Image.SearchSection(".text", [&lpTargetFunction](const uint8_t* p) { + __try { + if (*reinterpret_cast(p) == 0x6b67424e) { + auto i = p - 0x250; + for (; i < p; ++i) { + if (memcmp(i, HeaderOfTargetFunction, sizeof(HeaderOfTargetFunction)) == 0) { + lpTargetFunction = i; + return true; + } + } + } + + return false; + } __except (EXCEPTION_EXECUTE_HANDLER) { + return false; + } + }); + + size_t KeywordIndex = 0; + CapstoneDisassembler Disassembler = _Engine.CreateDisassembler(); + + Disassembler.SetContext(CapstoneContext{ lpTargetFunction, 0xcd03, _Image.PointerToRva(lpTargetFunction) }); + + while (Disassembler.Next()) { + auto lpInsn = Disassembler.GetInstruction(); + + if (lpInsn->mnemonic[0] == 'j' || lpInsn->mnemonic[0] == 'J') { + auto JumpedBranch = GetJumpedBranch(Disassembler.GetContext(), lpInsn); + + if (_stricmp(lpInsn->mnemonic, "jmp") == 0) { + Disassembler.SetContext(JumpedBranch); + } else { + Disassembler.SetContext(SelectBranch(Disassembler.GetContext(), JumpedBranch, KeywordIndex)); + } + } else if (_stricmp(lpInsn->mnemonic, "ret") == 0) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Reach end of function.")); + } else { + if (CheckIfMatchPattern(lpInsn) == false) { + continue; + } + + if (CheckIfFound(lpInsn, KeywordIndex) == false) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Missing a patch.")); + } + + Patch[KeywordIndex] = CreatePatchPoint(Disassembler.GetInstructionContext().lpMachineCode, lpInsn, KeywordIndex); + + ++KeywordIndex; + } + + if (KeywordIndex == _countof(Patch)) { + break; + } + } + + if (KeywordIndex != _countof(Patch)) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Some patches are not found.")); + } + + LOG_SUCCESS(0, "PatchSolution3 ...... Ready to apply"); + for (size_t i = 0; i < _countof(Patch); ++i) { + _Patch[i] = Patch[i]; + LOG_HINT(4, "[%3zu] Instruction RVA = 0x%.8llx, Patch Offset = +0x%.8zx", i, _Patch[i].OpcodeRva, address_delta(_Patch[i].lpPatch, _Image.ImageBase())); + } + + return true; + } catch (nkg::Exception&) { + memset(_Patch, 0, sizeof(_Patch)); + + LOG_FAILURE(0, "PatchSolution3 ...... Omitted"); + + return false; + } + } +} + diff --git a/navicat-patcher/PatchSolution3-generic.cpp b/navicat-patcher/PatchSolution3-generic.cpp new file mode 100644 index 0000000..7a882c1 --- /dev/null +++ b/navicat-patcher/PatchSolution3-generic.cpp @@ -0,0 +1,424 @@ +#include "PatchSolutions.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution3-generic.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + const PatchSolution3::KeywordInfo PatchSolution3::Keyword[111] = { + { { 0x4d, 0x49, 0x49 }, 3, STRING_DATA, false }, + { { 0x42, 0x49 }, 2, IMM_DATA, false }, + { { 0x6a }, 1, IMM_DATA, false }, + { { 0x41 }, 1, IMM_DATA, false }, + { { 0x4e, 0x42, 0x67, 0x6b }, 4, IMM_DATA, false }, + { { 0x71 }, 1, IMM_DATA, false }, + { { 0x68, 0x6b, 0x69, 0x47, 0x39, 0x77 }, 6, STRING_DATA, false }, + { { 0x30 }, 1, STRING_DATA, true }, + { { 0x42 }, 1, IMM_DATA, false }, + { { 0x41 }, 1, IMM_DATA, false }, + { { 0x51, 0x45, 0x46, 0x41, 0x41, 0x4f, 0x43 }, 7, STRING_DATA, false }, + { { 0x41, 0x51, 0x38, 0x41, 0x4d, 0x49 }, 6, STRING_DATA, false }, + { { 0x49, 0x42 }, 2, STRING_DATA, false }, + { { 0x43, 0x67, 0x4b, 0x43 }, 4, IMM_DATA, false }, + { { 0x41, 0x51 }, 2, STRING_DATA, false }, + { { 0x45, 0x41, 0x77, 0x31 }, 4, IMM_DATA, false }, + { { 0x64, 0x71, 0x46, 0x33 }, 4, IMM_DATA, false }, + { { 0x53 }, 1, STRING_DATA, true }, + { { 0x6b, 0x43, 0x61, 0x41, 0x41, 0x6d }, 6, STRING_DATA, false }, + { { 0x4d, 0x7a, 0x73, 0x38 }, 4, IMM_DATA, false }, + { { 0x38, 0x39, 0x49, 0x71 }, 4, IMM_DATA, false }, + { { 0x64 }, 1, IMM_DATA, false }, + { { 0x57 }, 1, IMM_DATA, false }, + { { 0x39, 0x4d, 0x32, 0x64 }, 4, IMM_DATA, false }, + { { 0x49, 0x64, 0x68 }, 3, STRING_DATA, false }, + { { 0x33, 0x6a }, 2, IMM_DATA, false }, + { { 0x47, 0x39, 0x79, 0x50 }, 4, IMM_DATA, false }, + { { 0x63, 0x6d }, 2, IMM_DATA, false }, + { { 0x4c }, 1, IMM_DATA, false }, + { { 0x6e, 0x6d, 0x4a }, 3, STRING_DATA, false }, + { { 0x69, 0x47, 0x70, 0x42, 0x46, 0x34, 0x45 }, 7, STRING_DATA, false }, + { { 0x39, 0x56, 0x48, 0x53, 0x4d, 0x47 }, 6, STRING_DATA, false }, + { { 0x65, 0x38, 0x6f, 0x50, 0x41, 0x79, 0x32, 0x6b }, 8, STRING_DATA, false }, + { { 0x4a, 0x44 }, 2, STRING_DATA, false }, + { { 0x6d, 0x64 }, 2, IMM_DATA, false }, + { { 0x4e, 0x74, 0x34 }, 3, STRING_DATA, false }, + { { 0x42, 0x63, 0x45, 0x79, 0x67, 0x76 }, 6, STRING_DATA, false }, + { { 0x73, 0x73, 0x45, 0x66, 0x67, 0x69 }, 6, STRING_DATA, false }, + { { 0x6e, 0x76, 0x61, 0x35, 0x74 }, 5, STRING_DATA, false }, + { { 0x35, 0x6a, 0x6d, 0x33, 0x35, 0x32 }, 6, STRING_DATA, false }, + { { 0x55, 0x41 }, 2, IMM_DATA, false }, + { { 0x6f, 0x44, 0x6f, 0x73 }, 4, IMM_DATA, false }, + { { 0x55, 0x4a }, 2, IMM_DATA, false }, + { { 0x6b, 0x54, 0x58, 0x47, 0x51 }, 5, STRING_DATA, false }, + { { 0x68, 0x70, 0x41, 0x57, 0x4d, 0x46 }, 6, STRING_DATA, false }, + { { 0x34, 0x66, 0x42, 0x6d, 0x42 }, 5, STRING_DATA, false }, + { { 0x70, 0x4f, 0x33, 0x45 }, 4, IMM_DATA, false }, + { { 0x65, 0x64 }, 2, IMM_DATA, false }, + { { 0x47 }, 1, IMM_DATA, false }, + { { 0x36, 0x32, 0x72, 0x4f, 0x73, 0x71 }, 6, STRING_DATA, false }, + { { 0x4d }, 1, IMM_DATA, false }, + { { 0x42, 0x67, 0x6d, 0x53 }, 4, STRING_DATA, false }, + { { 0x64 }, 1, IMM_DATA, false }, + { { 0x41, 0x79, 0x78, 0x43, 0x53 }, 5, STRING_DATA, false }, + { { 0x50 }, 1, IMM_DATA, false }, + { { 0x42, 0x52, 0x4a, 0x49, 0x4f }, 5, STRING_DATA, false }, + { { 0x46, 0x52, 0x30, 0x51, 0x67, 0x5a, 0x46, 0x62 }, 8, STRING_DATA, false }, + { { 0x52 }, 1, IMM_DATA, false }, + { { 0x6e, 0x55, 0x30, 0x66 }, 4, STRING_DATA, false }, + { { 0x72, 0x6a, 0x33, 0x34 }, 4, IMM_DATA, false }, + { { 0x66 }, 1, STRING_DATA, true }, + { { 0x69, 0x56, 0x6d, 0x67 }, 4, IMM_DATA, false }, + { { 0x59, 0x69, 0x4c, 0x75 }, 4, STRING_DATA, false }, + { { 0x5a, 0x53, 0x41, 0x6d }, 4, IMM_DATA, false }, + { { 0x49, 0x62 }, 2, IMM_DATA, false }, + { { 0x73 }, 1, IMM_DATA, false }, + { { 0x38, 0x5a, 0x78, 0x69 }, 4, IMM_DATA, false }, + { { 0x48 }, 1, IMM_DATA, false }, + { { 0x50, 0x64, 0x70, 0x31 }, 4, IMM_DATA, false }, + { { 0x6f, 0x44 }, 2, IMM_DATA, false }, + { { 0x34 }, 1, IMM_DATA, false }, + { { 0x74, 0x55, 0x70, 0x76, 0x73, 0x46 }, 6, STRING_DATA, false }, + { { 0x63, 0x69, 0x34, 0x51, 0x4a, 0x74 }, 6, STRING_DATA, false }, + { { 0x59, 0x4e, 0x6a, 0x4e, 0x6e, 0x47, 0x55 }, 7, STRING_DATA, false }, + { { 0x32, 0x57, 0x50, 0x48 }, 4, STRING_DATA, false }, + { { 0x36, 0x72, 0x76, 0x43, 0x68, 0x47, 0x6c }, 7, STRING_DATA, false }, + { { 0x31, 0x49, 0x52, 0x4b, 0x72, 0x78, 0x4d, 0x74 }, 8, STRING_DATA, false }, + { { 0x71, 0x4c, 0x69, 0x65, 0x6c }, 5, STRING_DATA, false }, + { { 0x73, 0x76, 0x61, 0x6a, 0x55, 0x6a, 0x79, 0x72 }, 8, STRING_DATA, false }, + { { 0x67 }, 1, STRING_DATA, true }, + { { 0x4f, 0x43, 0x36, 0x4e, 0x6d, 0x79, 0x6d, 0x59 }, 8, STRING_DATA, false }, + { { 0x4d }, 1, IMM_DATA, false }, + { { 0x76, 0x5a, 0x4e }, 3, STRING_DATA, false }, + { { 0x45, 0x52, 0x33, 0x68, 0x74 }, 5, STRING_DATA, false }, + { { 0x46 }, 1, IMM_DATA, false }, + { { 0x45, 0x74, 0x4c, 0x31 }, 4, STRING_DATA, false }, + { { 0x65, 0x51, 0x62, 0x43, 0x79 }, 5, STRING_DATA, false }, + { { 0x54, 0x66, 0x44, 0x6d, 0x74, 0x59, 0x79, 0x51 }, 8, STRING_DATA, false }, + { { 0x31, 0x57, 0x74, 0x34 }, 4, STRING_DATA, false }, + { { 0x4f }, 1, IMM_DATA, false }, + { { 0x74, 0x31, 0x32, 0x6c, 0x78, 0x66 }, 6, STRING_DATA, false }, + { { 0x30 }, 1, IMM_DATA, false }, + { { 0x77, 0x56, 0x49, 0x52, 0x35 }, 5, STRING_DATA, false }, + { { 0x6d }, 1, IMM_DATA, false }, + { { 0x63, 0x47, 0x4e, 0x37 }, 4, STRING_DATA, false }, + { { 0x58, 0x43, 0x58, 0x4a }, 4, STRING_DATA, false }, + { { 0x52, 0x48, 0x4f, 0x46 }, 4, IMM_DATA, false }, + { { 0x48, 0x53 }, 2, IMM_DATA, false }, + { { 0x66 }, 1, IMM_DATA, false }, + { { 0x31, 0x67, 0x7a, 0x58, 0x57 }, 5, STRING_DATA, false }, + { { 0x61 }, 1, IMM_DATA, false }, + { { 0x62 }, 1, IMM_DATA, false }, + { { 0x52, 0x53 }, 2, STRING_DATA, false }, + { { 0x76, 0x6d, 0x74, 0x31, 0x6e }, 5, STRING_DATA, false }, + { { 0x72, 0x6c }, 2, STRING_DATA, true }, + { { 0x37, 0x73, 0x57 }, 3, STRING_DATA, false }, + { { 0x36, 0x63, 0x6a }, 3, STRING_DATA, false }, + { { 0x78, 0x6c, 0x6a, 0x75, 0x75, 0x51, 0x61 }, 7, STRING_DATA, false }, + { { 0x77, 0x49, 0x44, 0x41 }, 4, STRING_DATA, false }, + { { 0x51, 0x41 }, 2, IMM_DATA, false }, + { { 0x42 }, 1, IMM_DATA, false } + }; + + [[nodiscard]] + bool PatchSolution3::IsPrintable(const void* p, size_t s) noexcept { + auto pb = reinterpret_cast(p); + for (size_t i = 0; i < s; ++i) { + if (isprint(pb[i]) == false) { + return false; + } + } + return true; + } + + [[nodiscard]] + CapstoneContext PatchSolution3::GetJumpedBranch(const CapstoneContext& NotJumpedBranch, const cs_insn* lpJxxInsn) const { + CapstoneContext JumpedBranch; + + JumpedBranch.lpMachineCode = _Image.RvaToPointer( + static_cast(lpJxxInsn->detail->x86.operands[0].imm) + ); + + JumpedBranch.cbMachineCode = NotJumpedBranch.cbMachineCode - ( + reinterpret_cast(JumpedBranch.lpMachineCode) - + reinterpret_cast(NotJumpedBranch.lpMachineCode) + ); + + JumpedBranch.Address = lpJxxInsn->detail->x86.operands[0].imm; + + return JumpedBranch; + } + + [[nodiscard]] + CapstoneContext PatchSolution3::SelectBranch(const CapstoneContext& NotJumpedBranch, const CapstoneContext& JumpedBranch, size_t KeywordIdx) const { + CapstoneContext A = NotJumpedBranch; + CapstoneContext B = JumpedBranch; + int WeightA = 0; + int WeightB = 0; + auto Disassembler = _Engine.CreateDisassembler(); + + while (true) { + int WeightAPrev = WeightA; + int WeightBPrev = WeightB; + + // + // process NotJumpedBranch + // + Disassembler.SetContext(A); + while (Disassembler.Next()) { + auto lpInsn = Disassembler.GetInstruction(); + + // + // For all x86 mnemonics, only 'jcc' or 'jmp' starts with 'j' or 'J'. + // So it should be a new branch if we meet them. + // + if (lpInsn->mnemonic[0] == 'j' || lpInsn->mnemonic[0] == 'J') { + auto JumpedBranch = GetJumpedBranch(Disassembler.GetContext(), lpInsn); + + if (_stricmp(lpInsn->mnemonic, "jmp") == 0) { + Disassembler.SetContext(JumpedBranch); + } else { + try { + Disassembler.SetContext(SelectBranch(Disassembler.GetContext(), JumpedBranch, KeywordIdx)); + } catch (nkg::Exception&) { + // If exception occurs, give up NotJumpedBranch + break; + } + } + } else if (_stricmp(lpInsn->mnemonic, "ret") == 0) { + return JumpedBranch; + } else { + if (CheckIfMatchPattern(lpInsn) == false) { + continue; + } + + // + // if match pattern, but keyword doesn't match, + // NotJumpedBranch must not be what we want + // + if (CheckIfFound(lpInsn, KeywordIdx) == false) { + return JumpedBranch; + } + + // + // If keyword is succeeded to match + // Add WeightA and stop processing NotJumpedBranch + // + ++WeightA; + break; + } + } + A = Disassembler.GetContext(); + + // + // process JumpedBranch + // + Disassembler.SetContext(B); + while (Disassembler.Next()) { + auto lpInsn = Disassembler.GetInstruction(); + + // + // For all x86 mnemonics, only 'jcc' or 'jmp' starts with 'j' or 'J'. + // So it should be a new branch if we meet them. + // + if (lpInsn->mnemonic[0] == 'j' || lpInsn->mnemonic[0] == 'J') { + auto JumpedBranch = GetJumpedBranch(Disassembler.GetContext(), lpInsn); + + if (_stricmp(lpInsn->mnemonic, "jmp") == 0) { + Disassembler.SetContext(JumpedBranch); + } else { + try { + Disassembler.SetContext(SelectBranch(Disassembler.GetContext(), JumpedBranch, KeywordIdx)); + } catch (nkg::Exception&) { + // If exception occurs, give up JumpedBranch + break; + } + } + } else if (_stricmp(lpInsn->mnemonic, "ret") == 0) { + return NotJumpedBranch; + } else { + if (CheckIfMatchPattern(lpInsn) == false) { + continue; + } + + // + // if match pattern, but keyword doesn't match, + // JumpedBranch must not be what we want + // + if (CheckIfFound(lpInsn, KeywordIdx) == false) { + return NotJumpedBranch; + } + + // + // If keyword is succeeded to match + // Add WeightB and stop processing JumpedBranch + // + ++WeightB; + break; + } + } + B = Disassembler.GetContext(); + + // + // If this happens, it means neither of two branch is our target + if (WeightAPrev == WeightA && WeightBPrev == WeightB) { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Branch is not selected.")); + } + + if (WeightA != WeightB) + return WeightA > WeightB ? NotJumpedBranch : JumpedBranch; + else + ++KeywordIdx; + } + } + + [[nodiscard]] + bool PatchSolution3::CheckKey(const RSACipher& Cipher) const noexcept { + // + // Brute-force search, cchString should be 1 or 2 + // + auto SearchString = [](const void* lpRange, size_t cbRange, const char* lpString, size_t cchString) -> const char* { + const char* p = reinterpret_cast(lpRange); + + for (size_t i = 0; i < cbRange; ++i) { + if (p[i] == lpString[0]) { + bool match = true; + + __try { + for (size_t j = 1; j < cchString; ++j) { + if (p[i + j] != lpString[j]) { + match = false; + break; + } + } + } __except (EXCEPTION_EXECUTE_HANDLER) { + match = false; + } + + if (match && p[i + cchString] == '\x00') + return address_offset_cast(lpRange, i); + } + } + + return nullptr; + }; + + auto szPublicKey = Cipher.ExportKeyString(); + + for (auto pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----BEGIN PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("-----END PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----END PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----END PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("\n"); pos != std::string::npos; pos = szPublicKey.find("\n", pos)) { + szPublicKey.erase(pos, literal_length("\n")); + } + + if (szPublicKey.length() != 0x188) { + return false; + } + + size_t PublicKeyReadCursor = 0; + auto SectionHeader_rdata = _Image.ImageSectionHeaderByName(".rdata"); + auto SectionView_rdata = _Image.ImageSectionView(SectionHeader_rdata); + + for (size_t i = 0; i < _countof(_Patch); PublicKeyReadCursor += Keyword[i].Size, ++i) { + if (Keyword[i].NotRecommendedToModify) { + _Patch[i].lpReplaceString = nullptr; + + const char* lpReplaceString = nullptr; + const void* lpSearchRange = _Patch[i].lpOriginalString; + size_t cbSearchRange = SectionHeader_rdata->SizeOfRawData - address_delta(_Patch[i].lpOriginalString, SectionView_rdata); + + for (size_t offset = 0;;) { + lpReplaceString = SearchString( + address_offset(lpSearchRange, offset), + cbSearchRange - offset, + szPublicKey.c_str() + PublicKeyReadCursor, + Keyword[i].Size + ); + + if (lpReplaceString == nullptr) { + return false; + } + + if (_Image.IsRvaRangeInRelocTable(_Image.PointerToRva(lpReplaceString), Keyword[i].Size + 1)) { + // + // Damn it! + // ReplaceString will be modified during relocation + // We have to find another one + // + ++offset; + } else { + // + // ReplaceString won't be modified during relocation + // which can be used to act as a part of public key string + // + break; + } + } + + _Patch[i].lpReplaceString = const_cast(lpReplaceString); + } + } + + return true; + } + + void PatchSolution3::MakePatch(const RSACipher& Cipher) const { + for (size_t i = 0; i < _countof(_Patch); ++i) { + if (_Patch[i].lpPatch == nullptr) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PatchSolution3 has not been ready yet.")); + } + } + + auto szPublicKey = Cipher.ExportKeyString(); + + for (auto pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----BEGIN PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("-----END PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----END PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----END PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("\n"); pos != std::string::npos; pos = szPublicKey.find("\n", pos)) { + szPublicKey.erase(pos, literal_length("\n")); + } + + _putts(TEXT("*******************************************************")); + _putts(TEXT("* PatchSolution3 *")); + _putts(TEXT("*******************************************************")); + + size_t readptr = 0; + for (size_t i = 0; i < _countof(_Patch); readptr += Keyword[i].Size, ++i) { + _tprintf_s(TEXT("[*] +%.8zx: "), address_delta(_Patch[i].lpPatch, _Image.ImageBase())); + + PrintBytes(_Patch[i].lpPatch, _Patch[i].cbPatch); + _tprintf_s(TEXT(" ---> ")); + + if (Keyword[i].NotRecommendedToModify) { + auto offset = _Patch[i].lpReplaceString - _Patch[i].lpOriginalString; + uint64_t disp = 0; + + memcpy(&disp, _Patch[i].lpPatch, _Patch[i].cbPatch); + disp += offset; + + memcpy(_Patch[i].lpPatch, &disp, _Patch[i].cbPatch); + } else { + memcpy(_Patch[i].lpPatch, szPublicKey.c_str() + readptr, Keyword[i].Size); + } + + PrintBytes(_Patch[i].lpPatch, _Patch[i].cbPatch); + _tprintf_s(TEXT("\n")); + } + + _putts(TEXT("")); + return; + } +} + diff --git a/navicat-patcher/PatchSolution3-i386.cpp b/navicat-patcher/PatchSolution3-i386.cpp new file mode 100644 index 0000000..0ad7f4c --- /dev/null +++ b/navicat-patcher/PatchSolution3-i386.cpp @@ -0,0 +1,247 @@ +#include "PatchSolutions.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution3-i386.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + PatchSolution3::PatchSolution3(const ImageInterpreter& Image) : + _Image(Image), + _Engine(CS_ARCH_X86, CS_MODE_32), + _Patch{} + { + _Engine.Option(CS_OPT_DETAIL, CS_OPT_ON); + } + + PatchSolution3::PatchSolution3(const ImageInterpreter* lpImage) : + _Image(*lpImage), + _Engine(CS_ARCH_X86, CS_MODE_32), + _Patch{} + { + _Engine.Option(CS_OPT_DETAIL, CS_OPT_ON); + } + + [[nodiscard]] + bool PatchSolution3::CheckIfMatchPattern(const cs_insn* lpInsn) const noexcept { + // the instruction we're interested in has one of the following patterns: + // 1. mov PTR [MEM], IMM (IMM must consist of printable chars) // for KeywordType::IMM_DATA + // except pattern "mov [ebp - 0x4], IMM" + // 2. push IMM (IMM must consist of printable chars) // for KeywordType::IMM_DATA + // 3. push offset MEM (MEM must point to a non-empty printable string) // for KeywordType::STRING_DATA + // + + if (_stricmp(lpInsn->mnemonic, "mov") == 0) { + // filter the case "mov [ebp - 0x4], IMM" + // because IMM may consist of printable chars in that case, which will mislead us. + // + // Here I use "> -0x30" to intensify condition, instead of "== -0x4" + if (lpInsn->detail->x86.operands[0].type == X86_OP_MEM && + lpInsn->detail->x86.operands[0].mem.base == X86_REG_EBP && + lpInsn->detail->x86.operands[0].mem.disp > -0x30) + { + return false; + } + + if (lpInsn->detail->x86.operands[1].type != X86_OP_IMM) { + return false; + } + + auto pbImmValue = lpInsn->bytes + lpInsn->detail->x86.encoding.imm_offset; + auto cbImmValue = lpInsn->detail->x86.encoding.imm_size; + + // each bytes of imm must be printable; + return IsPrintable(pbImmValue, cbImmValue); + } else if (_stricmp(lpInsn->mnemonic, "push") == 0) { + if (lpInsn->detail->x86.operands[0].type != X86_OP_IMM) { + return false; + } + + // test if match pattern 2 + auto pbImmValue = lpInsn->bytes + lpInsn->detail->x86.encoding.imm_offset; + auto cbImmValue = lpInsn->detail->x86.encoding.imm_size; + if (IsPrintable(pbImmValue, cbImmValue)) { + return true; + } + + // test if match pattern 3 + auto StringRva = static_cast( + lpInsn->detail->x86.operands[0].imm - _Image.ImageNtHeaders()->OptionalHeader.ImageBase + ); + + try { + auto StringPtr = _Image.RvaToPointer(StringRva); + auto StringLength = strlen(StringPtr); + + // StringPtr must have at least one char + // every char in StringPtr must be printable, otherwise pattern mismatches + return StringLength && IsPrintable(StringPtr, StringLength); + } catch (nkg::Exception&) { + // If not found, pattern mismatches + return false; + } + } else { + return false; + } + } + + [[nodiscard]] + bool PatchSolution3::CheckIfFound(const cs_insn* lpInsn, size_t KeywordIdx) const noexcept { + // the instruction we're interested in has one of the following patterns: + // 1. mov PTR [MEM], IMM (IMM must consist of printable chars) // for KeywordType::IMM_DATA + // except pattern "mov [ebp - 0x4], IMM" + // 2. push IMM (IMM must consist of printable chars) // for KeywordType::IMM_DATA + // 3. push offset MEM (MEM must point to a non-empty printable string) // for KeywordType::STRING_DATA + // + + auto& op_count = lpInsn->detail->x86.op_count; + auto& operands = lpInsn->detail->x86.operands; + + if (op_count < 1 || operands[op_count - 1].type != X86_OP_IMM) { + return false; + } + + if (Keyword[KeywordIdx].Type == IMM_DATA) { + static_assert(sizeof(operands[op_count - 1].imm) == sizeof(Keyword[KeywordIdx].Value)); + return + operands[op_count - 1].imm == *reinterpret_cast(Keyword[KeywordIdx].Value) && + lpInsn->detail->x86.encoding.imm_size == Keyword[KeywordIdx].Size; + } else if (Keyword[KeywordIdx].Type == STRING_DATA) { + auto StringRva = static_cast( + operands[op_count - 1].imm - _Image.ImageNtHeaders()->OptionalHeader.ImageBase + ); + + try { + auto StringPtr = _Image.RvaToPointer(StringRva); + return + strncmp(StringPtr, reinterpret_cast(Keyword[KeywordIdx].Value), Keyword[KeywordIdx].Size) == 0 && + StringPtr[Keyword[KeywordIdx].Size] == '\x00'; + } catch (nkg::Exception&) { + return false; + } + } else { + return false; + } + } + + [[nodiscard]] + PatchSolution3::PatchInfo PatchSolution3::CreatePatchPoint(const void* lpOpcode, const cs_insn* lpInsn, size_t KeywordIdx) const noexcept { + PatchInfo NewPatch; + + NewPatch.OpcodeRva = lpInsn->address; + NewPatch.lpOpcode = const_cast(lpOpcode); + + if (Keyword[KeywordIdx].Type == IMM_DATA) { + NewPatch.lpPatch = address_offset(NewPatch.lpOpcode, lpInsn->detail->x86.encoding.imm_offset); + NewPatch.cbPatch = lpInsn->detail->x86.encoding.imm_size; + NewPatch.lpOriginalString = nullptr; + } else { + auto StringRva = static_cast( + lpInsn->detail->x86.operands[0].imm - _Image.ImageNtHeaders()->OptionalHeader.ImageBase + ); + + NewPatch.lpOriginalString = _Image.RvaToPointer(StringRva); + + if (Keyword[KeywordIdx].NotRecommendedToModify) { + NewPatch.lpPatch = address_offset(NewPatch.lpOpcode, lpInsn->detail->x86.encoding.imm_offset); + NewPatch.cbPatch = lpInsn->detail->x86.encoding.imm_size; + } else { + NewPatch.lpPatch = reinterpret_cast(NewPatch.lpOriginalString); + NewPatch.cbPatch = Keyword[KeywordIdx].Size; + } + } + + NewPatch.lpReplaceString = nullptr; + + return NewPatch; + } + + [[nodiscard]] + bool PatchSolution3::FindPatchOffset() noexcept { + try { + static const uint8_t HeaderOfTargetFunction[] = { + 0x55, // push ebp + 0x8B, 0xEC, // mov ebp, esp + 0x6A, 0xFF // push 0xffffffff + }; + + PatchInfo Patch[_countof(_Patch)] = {}; + + const uint8_t* lpTargetFunction = nullptr; + auto lptargetFunctionHint = _Image.SearchSection(".text", [&lpTargetFunction](const uint8_t* p) { + __try { + if (*reinterpret_cast(p) == 0x6b67424e) { + auto i = p - 0x1B0; + for (; i < p; ++i) { + if (memcmp(i, HeaderOfTargetFunction, sizeof(HeaderOfTargetFunction)) == 0) { + lpTargetFunction = i; + return true; + } + } + } + + return false; + } __except (EXCEPTION_EXECUTE_HANDLER) { + return false; + } + }); + + size_t KeywordIndex = 0; + CapstoneDisassembler Disassembler = _Engine.CreateDisassembler(); + + Disassembler.SetContext(CapstoneContext{ lpTargetFunction, 0x9014, _Image.PointerToRva(lpTargetFunction) }); + + while (Disassembler.Next()) { + auto lpInsn = Disassembler.GetInstruction(); + + if (lpInsn->mnemonic[0] == 'j' || lpInsn->mnemonic[0] == 'J') { + auto JumpedBranch = GetJumpedBranch(Disassembler.GetContext(), lpInsn); + + if (_stricmp(lpInsn->mnemonic, "jmp") == 0) { + Disassembler.SetContext(JumpedBranch); + } else { + Disassembler.SetContext(SelectBranch(Disassembler.GetContext(), JumpedBranch, KeywordIndex)); + } + } else if (_stricmp(lpInsn->mnemonic, "ret") == 0) { + return false; + } else { + if (CheckIfMatchPattern(lpInsn) == false) { + continue; + } + + if (CheckIfFound(lpInsn, KeywordIndex) == false) { + return false; + } + + Patch[KeywordIndex] = CreatePatchPoint(Disassembler.GetInstructionContext().lpMachineCode, lpInsn, KeywordIndex); + + ++KeywordIndex; + } + + if (KeywordIndex == _countof(Patch)) { + break; + } + } + + if (KeywordIndex != _countof(Patch)) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Some patches are not found.")); + } + + LOG_SUCCESS(0, "PatchSolution3 ...... Ready to apply"); + for (size_t i = 0; i < _countof(Patch); ++i) { + _Patch[i] = Patch[i]; + LOG_HINT(4, "[%3zu] Instruction RVA = 0x%.8llx, Patch Offset = +0x%.8zx", i, _Patch[i].OpcodeRva, address_delta(_Patch[i].lpPatch, _Image.ImageBase())); + } + + return true; + } catch (nkg::Exception&) { + memset(_Patch, 0, sizeof(_Patch)); + + LOG_FAILURE(0, "PatchSolution3 ...... Omitted"); + + return false; + } + } +} + diff --git a/navicat-patcher/PatchSolution4-amd64.cpp b/navicat-patcher/PatchSolution4-amd64.cpp new file mode 100644 index 0000000..cc54298 --- /dev/null +++ b/navicat-patcher/PatchSolution4-amd64.cpp @@ -0,0 +1,150 @@ +#include "PatchSolutions.hpp" +#include + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution4-amd64.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + PatchSolution4::PatchSolution4(const ImageInterpreter& Image) : + _Image(Image), + _DisassemblyEngine(CS_ARCH_X86, CS_MODE_64), + _AssemblyEngine(KS_ARCH_X86, KS_MODE_64), + _pbPatchMachineCode(nullptr), + _pbPatchNewPublicKey(nullptr) { _DisassemblyEngine.Option(CS_OPT_DETAIL, CS_OPT_ON); } + + PatchSolution4::PatchSolution4(const ImageInterpreter* Image) : + _Image(*Image), + _DisassemblyEngine(CS_ARCH_X86, CS_MODE_64), + _AssemblyEngine(KS_ARCH_X86, KS_MODE_64), + _pbPatchMachineCode(nullptr), + _pbPatchNewPublicKey(nullptr) { _DisassemblyEngine.Option(CS_OPT_DETAIL, CS_OPT_ON); } + + bool PatchSolution4::FindPatchOffset() noexcept { + try { + _pbPatchMachineCode = _Image.SearchSection(".text", [](const uint8_t* p) { + __try { + return + p[0] == 0x48 && p[1] == 0x8d && // prefix of "lea rcx, [rbp+5Fh+var_38]" + p[4] == 0x48 && p[5] == 0x83 && // prefix of "cmp [rbp+5Fh+var_20], 10h" + p[9] == 0x48 && p[10] == 0x0f && p[11] == 0x43 && // prefix of "cmovnb rcx, [rbp+5Fh+var_38]" + p[14] == 0x48 && p[15] == 0x8d && // prefix of "lea rax, [rbp+5Fh+var_58]" + p[18] == 0x48 && p[19] == 0x83 && // prefix of "cmp [rbp+5Fh+var_40], 10h" + p[23] == 0x48 && p[24] == 0x0f && p[25] == 0x43 && // prefix of "cmovnb rax, [rbp+5Fh+var_58]" + p[28] == 0x44 && p[29] == 0x0f && p[30] == 0xb6 && // prefix of "movzx r8d, byte ptr [rax+rdi]" + p[33] == 0x44 && p[34] == 0x02 && // prefix of "add r8b, [rcx+rdi]" + p[37] == 0xba && // prefix of "mov edx, 1" + p[42] == 0x48 && p[43] == 0x8b && // prefix of "mov rcx, rbx" + p[45] == 0xe8; // prefix of "call sub_1806E65F0" + } __except (EXCEPTION_EXECUTE_HANDLER) { + return false; + } + }); + + auto RegisterIndex = X86_REG_INVALID; + auto Disassembler = _DisassemblyEngine.CreateDisassembler(); + Disassembler.SetContext({ _pbPatchMachineCode, 45, _Image.PointerToVa(_pbPatchMachineCode) }); + + if (Disassembler.Next() && Disassembler.Next() && Disassembler.Next() && Disassembler.Next() && Disassembler.Next() && Disassembler.Next() && Disassembler.Next()) { + auto lpInsn = Disassembler.GetInstruction(); + if (_stricmp(lpInsn->mnemonic, "movzx") == 0 && + lpInsn->detail->x86.op_count == 2 && + lpInsn->detail->x86.operands[0].type == X86_OP_REG && + lpInsn->detail->x86.operands[1].type == X86_OP_MEM && + lpInsn->detail->x86.operands[1].size == 1 && + lpInsn->detail->x86.operands[1].mem.scale == 1) + { + RegisterIndex = lpInsn->detail->x86.operands[1].mem.index; + } else { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Unexpected machine code.")); + } + } else { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Disassemble failed.")); + } + + if (Disassembler.Next() && Disassembler.Next() && Disassembler.Next()) { + auto lpInsn = Disassembler.GetInstruction(); + + // + // The previous instruction of "call sub_1806E65F0" should set RCX register. + // + if (_stricmp(lpInsn->mnemonic, "mov") != 0 || + lpInsn->detail->x86.op_count < 1 || + lpInsn->detail->x86.operands[0].type != X86_OP_REG || + lpInsn->detail->x86.operands[0].reg != X86_REG_RCX) + { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Unexpected machine code.")); + } + } else { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Disassemble failed.")); + } + + for (size_t i = 0; i < _Image.NumberOfSections(); ++i) { + auto lpSectionHeader = _Image.ImageSectionHeader(i); + if (lpSectionHeader->SizeOfRawData > lpSectionHeader->Misc.VirtualSize) { + auto cbReserved = + lpSectionHeader->SizeOfRawData - + lpSectionHeader->Misc.VirtualSize; + + if (cbReserved >= 0x188) { + _pbPatchNewPublicKey = _Image.ImageSectionView(lpSectionHeader, lpSectionHeader->Misc.VirtualSize); + + auto Assembler = _AssemblyEngine.CreateAssembler(); + _NewMachineCode = Assembler.GenerateMachineCode( + std::xstring::format( + TEXT( + "lea rax, qword ptr[0x%.16llx];" + "mov r8b, byte ptr[rax + %hs];" + "mov edx, 1;" + ), + _Image.PointerToVa(_pbPatchNewPublicKey), + _DisassemblyEngine.GetRegisterName(RegisterIndex) + ).explicit_string().c_str(), + _Image.PointerToVa(_pbPatchMachineCode) + ); + + // >>>>>>>>>>>> .text:00000001819B02C0 48 8D 4D 27 lea rcx, [rbp + 5Fh + var_38] + // .text:00000001819B02C4 48 83 7D 3F 10 cmp[rbp + 5Fh + var_20], 10h + // 42 BYTES .text:00000001819B02C9 48 0F 43 4D 27 cmovnb rcx, [rbp + 5Fh + var_38] + // .text:00000001819B02CE 48 8D 45 07 lea rax, [rbp + 5Fh + var_58] + // THESE CODE .text:00000001819B02D2 48 83 7D 1F 10 cmp[rbp + 5Fh + var_40], 10h + // WILL BE .text:00000001819B02D7 48 0F 43 45 07 cmovnb rax, [rbp + 5Fh + var_58] + // REPLACED .text:00000001819B02DC 44 0F B6 04 38 movzx r8d, byte ptr[rax + rdi] + // .text:00000001819B02E1 44 02 04 39 add r8b, [rcx + rdi] + // <<<<<<<<<<<< .text:00000001819B02E5 BA 01 00 00 00 mov edx, 1 + // .text:00000001819B02EA 48 8B CB mov rcx, rbx + // .text:00000001819B02ED E8 FE 62 D3 FE call sub_1806E65F0 + while (_NewMachineCode.size() < 42) { + _NewMachineCode.emplace_back(0x90); // padding with "nop" + } + + if (_NewMachineCode.size() != 42) { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Something unexpected happens.")); + } + + LOG_SUCCESS(0, "PatchSolution4 ...... Ready to apply"); + LOG_HINT(4, "Machine code patch VA = 0x%zx", _Image.PointerToVa(_pbPatchMachineCode)); + LOG_HINT(4, "New public key VA = 0x%zx", _Image.PointerToVa(_pbPatchNewPublicKey)); + LOG_HINT(4, "New public key offset = 0x%zx", _Image.PointerToFileOffset(_pbPatchNewPublicKey)); + + return true; + } + } + } + + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("No space to store public key.")); + } catch (nkg::Exception&) { + _pbPatchMachineCode = nullptr; + _pbPatchNewPublicKey = nullptr; + _NewMachineCode.clear(); + + LOG_FAILURE(0, "PatchSolution4 ...... Omitted"); + + return false; + } + } + +} + diff --git a/navicat-patcher/PatchSolution4-generic.cpp b/navicat-patcher/PatchSolution4-generic.cpp new file mode 100644 index 0000000..d57584a --- /dev/null +++ b/navicat-patcher/PatchSolution4-generic.cpp @@ -0,0 +1,72 @@ +#include "PatchSolutions.hpp" + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution4-generic.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + bool PatchSolution4::CheckKey(const RSACipher& Cipher) const noexcept { + auto szPublicKey = Cipher.ExportKeyString(); + + for (auto pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----BEGIN PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("-----END PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----END PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----END PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("\n"); pos != std::string::npos; pos = szPublicKey.find("\n", pos)) { + szPublicKey.erase(pos, literal_length("\n")); + } + + return szPublicKey.length() == 0x188; + } + + void PatchSolution4::MakePatch(const RSACipher& Cipher) const { + if (_pbPatchMachineCode == nullptr || _pbPatchNewPublicKey == nullptr || _NewMachineCode.empty()) { + throw Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("PatchSolution4 has not been ready yet.")); + } + + auto szPublicKey = Cipher.ExportKeyString(); + + for (auto pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----BEGIN PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----BEGIN PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("-----END PUBLIC KEY-----"); pos != std::string::npos; pos = szPublicKey.find("-----END PUBLIC KEY-----", pos)) { + szPublicKey.erase(pos, literal_length("-----END PUBLIC KEY-----")); + } + + for (auto pos = szPublicKey.find("\n"); pos != std::string::npos; pos = szPublicKey.find("\n", pos)) { + szPublicKey.erase(pos, literal_length("\n")); + } + + _putts(TEXT("*******************************************************")); + _putts(TEXT("* PatchSolution4 *")); + _putts(TEXT("*******************************************************")); + + LOG_HINT(0, "Previous:"); + PrintMemory(_pbPatchMachineCode, _NewMachineCode.size(), _Image.ImageBase()); + + memcpy(_pbPatchMachineCode, _NewMachineCode.data(), _NewMachineCode.size()); + + LOG_HINT(0, "After:"); + PrintMemory(_pbPatchMachineCode, _NewMachineCode.size(), _Image.ImageBase()); + + _putts(TEXT("")); + + LOG_HINT(0, "Previous:"); + PrintMemory(_pbPatchNewPublicKey, szPublicKey.size(), _Image.ImageBase()); + + memcpy(_pbPatchNewPublicKey, szPublicKey.data(), szPublicKey.size()); + + LOG_HINT(0, "After:"); + PrintMemory(_pbPatchNewPublicKey, szPublicKey.size(), _Image.ImageBase()); + + _putts(TEXT("")); + } +} + diff --git a/navicat-patcher/PatchSolution4-i386.cpp b/navicat-patcher/PatchSolution4-i386.cpp new file mode 100644 index 0000000..b2634a2 --- /dev/null +++ b/navicat-patcher/PatchSolution4-i386.cpp @@ -0,0 +1,145 @@ +#include "PatchSolutions.hpp" +#include + +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\PatchSolution4-i386.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ + +namespace nkg { + + PatchSolution4::PatchSolution4(const ImageInterpreter& Image) : + _Image(Image), + _DisassemblyEngine(CS_ARCH_X86, CS_MODE_32), + _AssemblyEngine(KS_ARCH_X86, KS_MODE_32), + _pbPatchMachineCode(nullptr), + _pbPatchNewPublicKey(nullptr) { _DisassemblyEngine.Option(CS_OPT_DETAIL, CS_OPT_ON); } + + PatchSolution4::PatchSolution4(const ImageInterpreter* Image) : + _Image(*Image), + _DisassemblyEngine(CS_ARCH_X86, CS_MODE_32), + _AssemblyEngine(KS_ARCH_X86, KS_MODE_32), + _pbPatchMachineCode(nullptr), + _pbPatchNewPublicKey(nullptr) { _DisassemblyEngine.Option(CS_OPT_DETAIL, CS_OPT_ON); } + + bool PatchSolution4::FindPatchOffset() noexcept { + try { + _pbPatchMachineCode = _Image.SearchSection(".text", [](const uint8_t* p) { + __try { + return + p[0] == 0x83 && // prefix of "cmp [ebp+var_30], 10h" + p[4] == 0x8d && // prefix of "lea ecx, [ebp+Dst]" + p[7] == 0x8d && // prefix of "lea eax, [ebp+Memory]" + p[10] == 0x0f && p[11] == 0x43 && // prefix of "cmovnb ecx, [ebp+Dst]" + p[14] == 0x83 && // prefix of "cmp [ebp+var_18], 10h" + p[18] == 0x0f && p[19] == 0x43 && // prefix of "cmovnb eax, [ebp+Memory]" + p[22] == 0x8a && // prefix of "mov dl, [eax+ebx]" + p[25] == 0x02; // prefix of "add dl, [ecx+ebx]" + // p[28] + } __except (EXCEPTION_EXECUTE_HANDLER) { + return false; + } + }); + + auto RegisterIndex = X86_REG_INVALID; + auto RegisterFinalValue = X86_REG_INVALID; + auto Disassembler = _DisassemblyEngine.CreateDisassembler(); + Disassembler.SetContext({ _pbPatchMachineCode, 28, _Image.PointerToVa(_pbPatchMachineCode) }); + + if (Disassembler.Next() && Disassembler.Next() && Disassembler.Next() && Disassembler.Next() && Disassembler.Next() && Disassembler.Next() && Disassembler.Next()) { + auto lpInsn = Disassembler.GetInstruction(); + if (_stricmp(lpInsn->mnemonic, "mov") == 0 && + lpInsn->detail->x86.op_count == 2 && + lpInsn->detail->x86.operands[0].type == X86_OP_REG && + lpInsn->detail->x86.operands[1].type == X86_OP_MEM && + lpInsn->detail->x86.operands[1].size == 1 && + lpInsn->detail->x86.operands[1].mem.scale == 1) + { + RegisterIndex = lpInsn->detail->x86.operands[1].mem.index; + } else { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Unexpected machine code.")); + } + } else { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Disassemble failed.")); + } + + if (Disassembler.Next()) { + auto lpInsn = Disassembler.GetInstruction(); + if (_stricmp(lpInsn->mnemonic, "add") == 0 && + lpInsn->detail->x86.op_count >= 1 && + lpInsn->detail->x86.operands[0].type == X86_OP_REG && + lpInsn->detail->x86.operands[0].size == 1) + { + RegisterFinalValue = lpInsn->detail->x86.operands[0].reg; + } else { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Unexpected machine code.")); + } + } else { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Disassemble failed.")); + } + + for (size_t i = 0; i < _Image.NumberOfSections(); ++i) { + auto lpSectionHeader = _Image.ImageSectionHeader(i); + if (lpSectionHeader->SizeOfRawData > lpSectionHeader->Misc.VirtualSize) { + auto cbReserved = + lpSectionHeader->SizeOfRawData - + lpSectionHeader->Misc.VirtualSize; + + if (cbReserved >= 0x188) { + _pbPatchNewPublicKey = _Image.ImageSectionView(lpSectionHeader, lpSectionHeader->Misc.VirtualSize); + + auto Assembler = _AssemblyEngine.CreateAssembler(); + _NewMachineCode = Assembler.GenerateMachineCode( + std::xstring::format( + TEXT( + "call +5;" + "pop eax;" + "add eax, 0x%.8x;" + "mov %hs, byte ptr [eax + %hs];" + ), + _Image.PointerToVa(_pbPatchNewPublicKey) - (_Image.PointerToVa(_pbPatchMachineCode) + 5), + _DisassemblyEngine.GetRegisterName(RegisterFinalValue), + _DisassemblyEngine.GetRegisterName(RegisterIndex) + ).explicit_string().c_str() + ); + + // >>>>>>>>>>>> .text:113FE4A0 83 7D D0 10 cmp [ebp+var_30], 10h + // 28 BYTES .text:113FE4A4 8D 4D BC lea ecx, [ebp+Dst] + // .text:113FE4A7 8D 45 D4 lea eax, [ebp+Memory] + // THESE CODE .text:113FE4AA 0F 43 4D BC cmovnb ecx, [ebp+Dst] + // WILL BE .text:113FE4AE 83 7D E8 10 cmp [ebp+var_18], 10h + // REPLACED .text:113FE4B2 0F 43 45 D4 cmovnb eax, [ebp+Memory] + // .text:113FE4B6 8A 14 18 mov dl, [eax+ebx] + // <<<<<<<<<<<< .text:113FE4B9 02 14 19 add dl, [ecx+ebx] + while (_NewMachineCode.size() < 28) { + _NewMachineCode.emplace_back(0x90); // padding with "nop" + } + + if (_NewMachineCode.size() != 28) { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Something unexpected happens.")); + } + + LOG_SUCCESS(0, "PatchSolution4 ...... Ready to apply"); + LOG_HINT(4, "Machine code patch VA = 0x%zx", _Image.PointerToVa(_pbPatchMachineCode)); + LOG_HINT(4, "New public key VA = 0x%zx", _Image.PointerToVa(_pbPatchNewPublicKey)); + LOG_HINT(4, "New public key offset = 0x%zx", _Image.PointerToFileOffset(_pbPatchNewPublicKey)); + + return true; + } + } + } + + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("No space to store public key.")); + } catch (nkg::Exception&) { + _pbPatchMachineCode = nullptr; + _pbPatchNewPublicKey = nullptr; + _NewMachineCode.clear(); + + LOG_FAILURE(0, "PatchSolution4 ...... Omitted"); + + return false; + } + } + +} + diff --git a/navicat-patcher/PatchSolutions.hpp b/navicat-patcher/PatchSolutions.hpp new file mode 100644 index 0000000..f1f1e27 --- /dev/null +++ b/navicat-patcher/PatchSolutions.hpp @@ -0,0 +1,234 @@ +#pragma once +#include +#include "ImageInterpreter.hpp" +#include "CapstoneDisassembler.hpp" +#include "KeystoneAssembler.hpp" +#include "Misc.hpp" + +namespace nkg { + + class PatchSolution { + protected: + + static constexpr size_t InvalidOffset = -1; + + public: + + [[nodiscard]] + virtual bool FindPatchOffset() noexcept = 0; + + [[nodiscard]] + virtual bool CheckKey(const RSACipher& Cipher) const noexcept = 0; + + virtual void MakePatch(const RSACipher& Cipher) const = 0; + + virtual ~PatchSolution() = default; + }; + + // + // PatchSolution0 will replace the RSA public key stored in navicat.exe + // + class PatchSolution0 final : public PatchSolution { + private: + + static const char Keyword[461]; + + const ImageInterpreter& _Image; + size_t _PatchOffset; + + public: + + PatchSolution0(const ImageInterpreter& Image) noexcept : + _Image(Image), + _PatchOffset(InvalidOffset) {} + + PatchSolution0(const ImageInterpreter* lpImage) noexcept : + _Image(*lpImage), + _PatchOffset(InvalidOffset) {} + + [[nodiscard]] + virtual bool FindPatchOffset() noexcept override; + + [[nodiscard]] + virtual bool CheckKey(const RSACipher& Cipher) const noexcept override; + + virtual void MakePatch(const RSACipher& Cipher) const override; + }; + + // + // PatchSolution1 will replace the RSA public key stored in libcc.dll + // + class PatchSolution1 final : public PatchSolution { + private: + + static const char Keyword0[160 + 1]; + static const char Keyword1[4 + 1]; + static const char Keyword2[742 + 1]; + static const char Keyword3[4 + 1]; + static const char Keyword4[5 + 1]; + + const ImageInterpreter& _Image; + size_t _PatchOffset[5]; + size_t _PatchSize[5]; + + public: + + PatchSolution1(const ImageInterpreter& Image) noexcept : + _Image(Image), + _PatchOffset{ InvalidOffset , InvalidOffset , InvalidOffset , InvalidOffset , InvalidOffset }, + _PatchSize{} {} + + PatchSolution1(const ImageInterpreter* lpImage) noexcept : + _Image(*lpImage), + _PatchOffset{ InvalidOffset , InvalidOffset , InvalidOffset , InvalidOffset , InvalidOffset }, + _PatchSize{} {} + + [[nodiscard]] + virtual bool FindPatchOffset() noexcept override; + + [[nodiscard]] + virtual bool CheckKey(const RSACipher& Cipher) const noexcept override; + + virtual void MakePatch(const RSACipher& Cipher) const override; + }; + + // + // PatchSolution2 will replace the RSA public key stored in libcc.dll + // + class PatchSolution2 final : public PatchSolution { + private: + + static const char KeywordMeta[0x188 + 1]; + static const uint8_t Keyword[0x188][5]; + + const ImageInterpreter& _Image; + size_t _PatchOffset[0x188]; + + public: + + PatchSolution2(const ImageInterpreter& Image) noexcept : + _Image(Image), + _PatchOffset{} + { + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + _PatchOffset[i] = InvalidOffset; + } + } + + PatchSolution2(const ImageInterpreter* lpImage) noexcept : + _Image(*lpImage), + _PatchOffset{} + { + for (size_t i = 0; i < _countof(_PatchOffset); ++i) { + _PatchOffset[i] = InvalidOffset; + } + } + + [[nodiscard]] + virtual bool FindPatchOffset() noexcept override; + + [[nodiscard]] + virtual bool CheckKey(const RSACipher& Cipher) const noexcept override; + + virtual void MakePatch(const RSACipher& Cipher) const override; + }; + + // + // PatchSolution3 will replace the RSA public key stored in libcc.dll + // + class PatchSolution3 final : public PatchSolution { + private: + + using KeywordValueType = uint8_t[8]; + + using KeywordSizeType = size_t; + + enum KeywordTypeEnum { IMM_DATA, STRING_DATA }; + + struct KeywordInfo { + KeywordValueType Value; + KeywordSizeType Size; + KeywordTypeEnum Type; + bool NotRecommendedToModify; + }; + + struct PatchInfo { + uint64_t OpcodeRva; + void* lpOpcode; + void* lpPatch; + size_t cbPatch; + char* lpOriginalString; + char* lpReplaceString; + }; + + static const KeywordInfo Keyword[111]; + + const ImageInterpreter& _Image; + CapstoneEngine _Engine; + mutable PatchInfo _Patch[111]; + + [[nodiscard]] + static bool IsPrintable(const void* p, size_t s) noexcept; + + [[nodiscard]] + bool CheckIfMatchPattern(const cs_insn* lpInsn) const noexcept; + + [[nodiscard]] + bool CheckIfFound(const cs_insn* lpInsn, size_t KeywordIdx) const noexcept; + + [[nodiscard]] + PatchInfo CreatePatchPoint(const void* lpOpcode, const cs_insn* lpInsn, size_t KeywordIdx) const noexcept; + + [[nodiscard]] + CapstoneContext GetJumpedBranch(const CapstoneContext& Bifurcation, const cs_insn* lpJxxInsn) const; + + [[nodiscard]] + CapstoneContext SelectBranch(const CapstoneContext& NotJumpedBranch, const CapstoneContext& JumpedBranch, size_t KeywordIdx) const; + + public: + + PatchSolution3(const ImageInterpreter& Image); + + PatchSolution3(const ImageInterpreter* lpImage); + + [[nodiscard]] + virtual bool FindPatchOffset() noexcept override; + + [[nodiscard]] + virtual bool CheckKey(const RSACipher& Cipher) const noexcept override; + + virtual void MakePatch(const RSACipher& Cipher) const override; + }; + + // + // PatchSolution3 will replace the RSA public key stored in libcc.dll + // For Navicat Data Modeler 3 + // + class PatchSolution4 : public PatchSolution { + private: + + static const uint8_t KeywordA[0x188]; + static const uint8_t KeywordB[0x188]; + + const ImageInterpreter& _Image; + CapstoneEngine _DisassemblyEngine; + KeystoneEngine _AssemblyEngine; + uint8_t* _pbPatchMachineCode; + uint8_t* _pbPatchNewPublicKey; + std::vector _NewMachineCode; + + public: + + PatchSolution4(const ImageInterpreter& Image); + + PatchSolution4(const ImageInterpreter* lpImage); + + [[nodiscard]] + virtual bool FindPatchOffset() noexcept override; + + [[nodiscard]] + virtual bool CheckKey(const RSACipher& Cipher) const noexcept override; + + virtual void MakePatch(const RSACipher& Cipher) const override; + }; +} diff --git a/navicat-patcher/ResourceTraitsCapstone.hpp b/navicat-patcher/ResourceTraitsCapstone.hpp new file mode 100644 index 0000000..8c5da4e --- /dev/null +++ b/navicat-patcher/ResourceTraitsCapstone.hpp @@ -0,0 +1,33 @@ +#pragma once +#include + +struct CapstoneHandleTraits { + using HandleType = csh; + + static inline const HandleType InvalidValue = NULL; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(HandleType& Handle) noexcept { + cs_close(&Handle); + } +}; + +struct CapstoneInsnTraits { + using HandleType = cs_insn*; + + static inline const HandleType InvalidValue = nullptr; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) noexcept { + cs_free(Handle, 1); + } +}; + diff --git a/navicat-patcher/ResourceTraitsKeystone.hpp b/navicat-patcher/ResourceTraitsKeystone.hpp new file mode 100644 index 0000000..892fef8 --- /dev/null +++ b/navicat-patcher/ResourceTraitsKeystone.hpp @@ -0,0 +1,33 @@ +#pragma once +#include + +struct KeystoneHandleTraits { + using HandleType = ks_engine*; + + static inline const HandleType InvalidValue = nullptr; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) noexcept { + ks_close(Handle); + } +}; + +struct KeystoneMallocTraits { + using HandleType = uint8_t*; + + static inline const HandleType InvalidValue = nullptr; + + [[nodiscard]] + static bool IsValid(const HandleType& Handle) noexcept { + return Handle != InvalidValue; + } + + static void Releasor(const HandleType& Handle) noexcept { + ks_free(Handle); + } +}; + diff --git a/navicat-patcher/_tmain.cpp b/navicat-patcher/_tmain.cpp index 8df6c52..3fd444f 100644 --- a/navicat-patcher/_tmain.cpp +++ b/navicat-patcher/_tmain.cpp @@ -1,105 +1,459 @@ #include +#include #include -#include -#include -#include -#include +#include +#include +#include +#include +#include "ImageInterpreter.hpp" +#include "PatchSolutions.hpp" +#include "Misc.hpp" -#pragma comment(lib, "libcrypto.lib") +#undef NKG_CURRENT_SOURCE_FILE +#undef NKG_CURRENT_SOURCE_LINE +#define NKG_CURRENT_SOURCE_FILE() TEXT(".\\navicat-patcher\\_tmain.cpp") +#define NKG_CURRENT_SOURCE_LINE() __LINE__ -BOOL BackupNavicat(PTSTR NavicatFileName) { - TCHAR new_NavicatFileName[1024] = { }; - - if (NavicatFileName == nullptr) - NavicatFileName = TEXT("navicat.exe"); +static void Welcome() { + _putts(TEXT("***************************************************")); + _putts(TEXT("* Navicat Patcher by @DoubleLabyrinth *")); + _putts(TEXT("* Version: 4.1 *")); + _putts(TEXT("***************************************************")); + _putts(TEXT("")); + _putts(TEXT("Press Enter to continue or Ctrl + C to abort.")); + auto c = _gettchar(); + while (c != TEXT('\n') && _gettchar() != TEXT('\n')) {} +} - _stprintf_s(new_NavicatFileName, TEXT("%s%s"), NavicatFileName, TEXT(".backup")); +static void Help() { + _putts(TEXT("***************************************************")); + _putts(TEXT("* Navicat Patcher by @DoubleLabyrinth *")); + _putts(TEXT("* Version: 4.1 *")); + _putts(TEXT("***************************************************")); + _putts(TEXT("")); + _putts(TEXT("Usage:")); + _putts(TEXT(" navicat-patcher.exe [-dry-run] [RSA-2048 PEM File Path]")); + _putts(TEXT("")); + _putts(TEXT(" [-dry-run] Run patcher without applying any patches.")); + _putts(TEXT(" This parameter is optional.")); + _putts(TEXT("")); + _putts(TEXT(" The folder path where Navicat is installed.")); + _putts(TEXT(" This parameter must be specified.")); + _putts(TEXT("")); + _putts(TEXT(" [RSA-2048 PEM File Path] The path to an RSA-2048 private key file.")); + _putts(TEXT(" This parameter is optional.")); + _putts(TEXT(" If not specified, an RSA-2048 private key file")); + _putts(TEXT(" named \"RegPrivateKey.pem\" will be generated.")); + _putts(TEXT("")); + _putts(TEXT("Example:")); + _putts(TEXT(" navicat-patcher.exe \"C:\\Program Files\\PremiumSoft\\Navicat Premium 12\"")); +} - if (!CopyFile(NavicatFileName, new_NavicatFileName, TRUE)) { - switch (GetLastError()) { - case ERROR_FILE_NOT_FOUND: - _tprintf_s(TEXT("Cannot find %s.\r\n"), NavicatFileName); - break; - case ERROR_FILE_EXISTS: - _tprintf_s(TEXT("Backup file already exists.\r\n")); - break; - default: - _tprintf_s(TEXT("Unknown error. CODE: 0x%08x.\r\n"), GetLastError()); +static bool ParseCommandLine(int argc, PTSTR argv[], bool& bDryRun, std::xstring& NavInstallPath, std::xstring& RsaPrivateKeyPath) { + if (argc == 2) { + bDryRun = false; + NavInstallPath = argv[1]; + RsaPrivateKeyPath.clear(); + return true; + } else if (argc == 3) { + if (_tcsicmp(argv[1], TEXT("-dry-run")) == 0) { + bDryRun = true; + NavInstallPath = argv[2]; + RsaPrivateKeyPath.clear(); + return true; + } else { + bDryRun = false; + NavInstallPath = argv[1]; + RsaPrivateKeyPath = argv[2]; + return true; + } + } else if (argc == 4) { + if (_tcsicmp(argv[1], TEXT("-dry-run")) == 0) { + bDryRun = true; + NavInstallPath = argv[2]; + RsaPrivateKeyPath = argv[3]; + return true; + } else { + return false; } - return FALSE; + } else { + return false; } - - _tprintf_s(TEXT("%s has been backed up.\r\n"), NavicatFileName); - return TRUE; } -BOOL ReplaceNavicatPublicKey(HANDLE resUpdater, void* pemPublicKey, size_t length) { - return UpdateResource(resUpdater, - RT_RCDATA, - TEXT("ActivationPubKey"), - MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT), - pemPublicKey, length); +static void SelectPatchSolutions( + ResourceOwned>& lpSolution0, + ResourceOwned>& lpSolution1, + ResourceOwned>& lpSolution2, + ResourceOwned>& lpSolution3) +{ + // if RSA public is detected in libcc.dll, don't patch main application to keep digital signature valid. + if ((lpSolution1.IsValid() || lpSolution2.IsValid() || lpSolution3.IsValid()) && lpSolution0.IsValid()) { + LOG_HINT(0, "PatchSolution0 is suppressed in order to keep digital signature valid."); + lpSolution0.Release(); + } } -RSA* GeneratePrivateKey() { - RSA* PrivateKey = RSA_generate_key(2048, RSA_F4, nullptr, nullptr); - BIO* PrivateKeyFile = BIO_new(BIO_s_file()); - BIO_write_filename(PrivateKeyFile, "RegPrivateKey.pem"); - PEM_write_bio_RSAPrivateKey(PrivateKeyFile, PrivateKey, nullptr, nullptr, 0, nullptr, nullptr); - BIO_free_all(PrivateKeyFile); +static void NavicatBackupDetect(const std::xstring& FilePath) { + if (std::xstring BackupPath = FilePath + TEXT(".backup"); nkg::IsValidFilePath(BackupPath.c_str()) == true) { + while (true) { + LOG_SELECT(0, "Previous backup %s detected. Delete? (y/n)", BackupPath.c_str()); - return PrivateKey; -} + auto select = _gettchar(); + while (select != TEXT('\n') && _gettchar() != TEXT('\n')) {} + if (select == TEXT('Y') || select == TEXT('y')) { + if (!DeleteFile(BackupPath.c_str())) { + throw nkg::Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("Failed to delete backup file.")); + } else { + break; + } + } else if (select == TEXT('N') || select == TEXT('n')) { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Backup file still existed. Patch abort!")); + } else { + continue; + } + } -int _tmain(int argc, TCHAR* argv[]) { - if (argc != 2 && argc != 3) { - _tprintf_s(TEXT("Usage:\r\n")); - _tprintf_s(TEXT(" navicat-patcher.exe \r\n")); - return 0; + _putts(TEXT("")); } +} - if (BackupNavicat(argv[1]) == FALSE) - return GetLastError(); +static void NavicatBackupMake(const std::xstring& FilePath) { + std::xstring BackupPath = FilePath + TEXT(".backup"); + if (CopyFile(FilePath.c_str(), BackupPath.c_str(), TRUE) == FALSE) { + throw nkg::Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("CopyFile failed.")); + } +} - RSA* PrivateKey = GeneratePrivateKey(); +static void LoadKey( + nkg::RSACipher& Cipher, const std::xstring& KeyFilePath, + nkg::PatchSolution* pSolution0, + nkg::PatchSolution* pSolution1, + nkg::PatchSolution* pSolution2, + nkg::PatchSolution* pSolution3, + nkg::PatchSolution* pSolution4) +{ + if (KeyFilePath.empty() == false) { + LOG_HINT(0, "Import RSA-2048 key from %s", KeyFilePath.c_str()); - HANDLE hUpdater = BeginUpdateResource(argv[1], FALSE); - if (hUpdater == NULL) { - _tprintf_s(TEXT("Cannot open file. CODE: 0x%08x\r\n"), GetLastError()); - RSA_free(PrivateKey); - return GetLastError(); - } + Cipher.ImportKeyFromFile(KeyFilePath); - char pemPublicKey[1024] = { }; - { - char temp_buf[1024] = { }; - BIO* BIO_pemPublicKey = BIO_new(BIO_s_mem()); - - PEM_write_bio_RSA_PUBKEY(BIO_pemPublicKey, PrivateKey); - BIO_read(BIO_pemPublicKey, temp_buf, 1024); - BIO_free_all(BIO_pemPublicKey); - - char* pemPublicKey_ptr = pemPublicKey; - for (size_t i = 0; i < 1024; ++i) { - if (temp_buf[i] == '\n') - *(pemPublicKey_ptr++) = '\r'; - if (temp_buf[i] == 0) - break; - *(pemPublicKey_ptr++) = temp_buf[i]; + if (pSolution0 && !pSolution0->CheckKey(Cipher) || + pSolution1 && !pSolution1->CheckKey(Cipher) || + pSolution2 && !pSolution2->CheckKey(Cipher) || + pSolution3 && !pSolution3->CheckKey(Cipher) || + pSolution4 && !pSolution4->CheckKey(Cipher)) + { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("The RSA private key you provide cannot be used.")); } + } else { + LOG_HINT(0, "Generating new RSA private key, it may take a long time..."); + + do { + Cipher.GenerateKey(2048); + } while (pSolution0 && !pSolution0->CheckKey(Cipher) || + pSolution1 && !pSolution1->CheckKey(Cipher) || + pSolution2 && !pSolution2->CheckKey(Cipher) || + pSolution3 && !pSolution3->CheckKey(Cipher) || + pSolution4 && !pSolution4->CheckKey(Cipher)); // re-generate RSA key if one of 'CheckKey's return false } - if (ReplaceNavicatPublicKey(hUpdater, pemPublicKey, strlen(pemPublicKey)) == FALSE) { - _tprintf_s(TEXT("Cannot replace public key. CODE: 0x%08x\r\n"), GetLastError()); - EndUpdateResource(hUpdater, TRUE); - return GetLastError(); + LOG_HINT(0, "Your RSA public key:\n%hs", Cipher.ExportKeyString().c_str()); +} + +int _tmain(int argc, PTSTR argv[]) { + bool bDryRun; + std::xstring NavInstallPath; + std::xstring RsaPrivateKeyPath; + + if (ParseCommandLine(argc, argv, bDryRun, NavInstallPath, RsaPrivateKeyPath) == false) { + Help(); + return -1; } else { - _tprintf_s(TEXT("Public key has been replaced.\r\n")); - EndUpdateResource(hUpdater, FALSE); + Welcome(); + + try { + if (nkg::IsValidDirectoryPath(NavInstallPath.c_str()) == false) { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Navicat installation path doesn't point to a directory.")) + .AddHint(TEXT("Are you sure the path you specified is correct?")) + .AddHint(std::xstring::format(TEXT("The path you specified: %s"), NavInstallPath.c_str())); + } + + if (RsaPrivateKeyPath.empty() == false && nkg::IsValidFilePath(RsaPrivateKeyPath.c_str()) == false) { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("RSA key file path doesn't point to a file.")) + .AddHint(TEXT("Are you sure the path you specified is correct?")) + .AddHint(std::xstring::format(TEXT("The path you specified: %s"), RsaPrivateKeyPath.c_str())); + } + + while (NavInstallPath.back() == TEXT('\\') || NavInstallPath.back() == TEXT('/')) { + NavInstallPath.pop_back(); + } + + NavInstallPath.push_back(nkg::IsWineEnvironment() ? TEXT('/') : TEXT('\\')); + + nkg::RSACipher Cipher; + + std::xstring MainExePath; + ResourceOwned hMainExe(FileHandleTraits{}); + ResourceOwned hMainExeMapping(GenericHandleTraits{}); + ResourceOwned lpMainExeMapping(MapViewHandleTraits{}); + ResourceOwned lpMainExeInterpreter(CppObjectTraits{}); + + std::xstring LibccDllPath; + ResourceOwned hLibccDll(FileHandleTraits{}); + ResourceOwned hLibccDllMapping(GenericHandleTraits{}); + ResourceOwned lpLibccDllMapping(MapViewHandleTraits{}); + ResourceOwned lpLibccDllInterpreter(CppObjectTraits{}); + + ResourceOwned lpSolution0(CppObjectTraits{}); + ResourceOwned lpSolution1(CppObjectTraits{}); + ResourceOwned lpSolution2(CppObjectTraits{}); + ResourceOwned lpSolution3(CppObjectTraits{}); + ResourceOwned lpSolution4(CppObjectTraits{}); + + // + // Open main application + // + do { + MainExePath = NavInstallPath + TEXT("Navicat.exe"); + hMainExe.TakeOver( + CreateFile(MainExePath.c_str(), GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL) + ); + if (hMainExe.IsValid()) { + LOG_SUCCESS(0, "Try to open Navicat.exe ... Ok!"); + break; + } else if (GetLastError() == ERROR_FILE_NOT_FOUND) { + LOG_FAILURE(0, "Try to open Navicat.exe ... Not found!"); + } else { + throw nkg::Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("Failed to open Navicat.exe")); + } + + MainExePath = NavInstallPath + TEXT("Modeler.exe"); + hMainExe.TakeOver( + CreateFile(MainExePath.c_str(), GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL) + ); + if (hMainExe.IsValid()) { + LOG_SUCCESS(0, "Try to open Modeler.exe ... Ok!"); + break; + } else if (GetLastError() == ERROR_FILE_NOT_FOUND) { + LOG_FAILURE(0, "Try to open Modeler.exe ... Not found!"); + } else { + throw nkg::Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("Failed to open Modeler.exe")); + } + + MainExePath = NavInstallPath + TEXT("Rviewer.exe"); + hMainExe.TakeOver( + CreateFile(MainExePath.c_str(), GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL) + ); + if (hMainExe.IsValid()) { + LOG_SUCCESS(0, "Try to open Rviewer.exe ... Ok!"); + break; + } else if (GetLastError() == ERROR_FILE_NOT_FOUND) { + LOG_FAILURE(0, "Try to open Rviewer.exe ... Not found!"); + } else { + throw nkg::Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("Failed to open Rviewer.exe")); + } + + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("Main application is not found.")) + .AddHint(TEXT("Are you sure you specified a valid Navicat installation path?")) + .AddHint(std::xstring::format(TEXT("The path you specified: %s"), NavInstallPath.c_str())); + } while (false); + + // + // Open libcc.dll, if have + // + do { + LibccDllPath = NavInstallPath + TEXT("libcc.dll"); + hLibccDll.TakeOver( + CreateFile(LibccDllPath.c_str(), GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL) + ); + if (hLibccDll.IsValid()) { + LOG_SUCCESS(0, "Try to open libcc.dll ... Ok!"); + break; + } else if (GetLastError() == ERROR_FILE_NOT_FOUND) { + LOG_FAILURE(0, "Try to open libcc.dll ... Not found!"); + } else { + throw nkg::Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("Failed to open libcc.dll")); + } + } while (false); + + _putts(TEXT("")); + + // + // Map main application + // + hMainExeMapping.TakeOver(CreateFileMapping(hMainExe, NULL, PAGE_READWRITE, 0, 0, NULL)); + if (hMainExeMapping.IsValid() == false) { + throw nkg::Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("CreateFileMapping failed.")); + } + + lpMainExeMapping.TakeOver(MapViewOfFile(hMainExeMapping, FILE_MAP_ALL_ACCESS, 0, 0, 0)); + if (hMainExeMapping.IsValid() == false) { + throw nkg::Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("MapViewOfFile failed.")); + } + + lpMainExeInterpreter.TakeOver( + new nkg::ImageInterpreter(nkg::ImageInterpreter::ParseImage(lpMainExeMapping)) + ); + + lpSolution0.TakeOver(new nkg::PatchSolution0(lpMainExeInterpreter)); + + // + // Map libcc.dll, if have + // + if (hLibccDll.IsValid()) { + hLibccDllMapping.TakeOver(CreateFileMapping(hLibccDll, NULL, PAGE_READWRITE, 0, 0, NULL)); + if (hMainExeMapping.IsValid() == false) { + throw nkg::Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("CreateFileMapping failed.")); + } + + lpLibccDllMapping.TakeOver(MapViewOfFile(hLibccDllMapping, FILE_MAP_ALL_ACCESS, 0, 0, 0)); + if (hMainExeMapping.IsValid() == false) { + throw nkg::Win32Error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), GetLastError(), TEXT("MapViewOfFile failed.")); + } + + lpLibccDllInterpreter.TakeOver( + new nkg::ImageInterpreter(nkg::ImageInterpreter::ParseImage(lpLibccDllMapping)) + ); + + lpSolution1.TakeOver(new nkg::PatchSolution1(lpLibccDllInterpreter)); + lpSolution2.TakeOver(new nkg::PatchSolution2(lpLibccDllInterpreter)); + lpSolution3.TakeOver(new nkg::PatchSolution3(lpLibccDllInterpreter)); + lpSolution4.TakeOver(new nkg::PatchSolution4(lpLibccDllInterpreter)); + } + + // + // Finding patch offsets + // + + if (lpSolution0->FindPatchOffset() == false) { + lpSolution0.Release(); + } + + if (lpSolution1.IsValid() && lpSolution1->FindPatchOffset() == false) { + lpSolution1.Release(); + } + + if (lpSolution2.IsValid() && lpSolution2->FindPatchOffset() == false) { + lpSolution2.Release(); + } + + if (lpSolution3.IsValid() && lpSolution3->FindPatchOffset() == false) { + lpSolution3.Release(); + } + + if (lpSolution4.IsValid() && lpSolution4->FindPatchOffset() == false) { + lpSolution4.Release(); + } + + _putts(TEXT("")); + + // + // decide which solutions will be applied + // + SelectPatchSolutions(lpSolution0, lpSolution1, lpSolution2, lpSolution3); + + if (lpSolution0.IsValid() == false && lpSolution1.IsValid() == false && lpSolution2.IsValid() == false && lpSolution3.IsValid() == false && lpSolution4.IsValid() == false) { + throw nkg::Exception(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), TEXT("No patch applied. Patch abort!")) + .AddHint(TEXT("Are you sure your Navicat has not been patched/modified before?")); + } + + _putts(TEXT("")); + + // + // detecting backups + // + if (lpSolution0.IsValid()) { + NavicatBackupDetect(MainExePath); + } + + if (lpSolution1.IsValid() || lpSolution2.IsValid() || lpSolution3.IsValid() || lpSolution4.IsValid()) { + NavicatBackupDetect(LibccDllPath); + } + + // + // Loading key + // + LoadKey(Cipher, RsaPrivateKeyPath, lpSolution0, lpSolution1, lpSolution2, lpSolution3, lpSolution4); + + if (bDryRun == false) { + // + // Saving private key if not given + // + if (RsaPrivateKeyPath.empty()) { + Cipher.ExportKeyToFile(std::xstring{ std::xstring_extension{}, "RegPrivateKey.pem" }); + } + + // + // Making backups + // + if (lpSolution0.IsValid()) { + NavicatBackupMake(MainExePath); + } + + if (lpSolution1.IsValid() || lpSolution2.IsValid() || lpSolution3.IsValid() || lpSolution4.IsValid()) { + NavicatBackupMake(LibccDllPath); + } + + // + // Making patch. No way to go back here :-) + // + if (lpSolution0.IsValid()) { + lpSolution0->MakePatch(Cipher); + } + + if (lpSolution1.IsValid()) { + lpSolution1->MakePatch(Cipher); + } + + if (lpSolution2.IsValid()) { + lpSolution2->MakePatch(Cipher); + } + + if (lpSolution3.IsValid()) { + lpSolution3->MakePatch(Cipher); + } + + if (lpSolution4.IsValid()) { + lpSolution4->MakePatch(Cipher); + } + + if (RsaPrivateKeyPath.empty()) { + LOG_HINT( + 0, + "New RSA-2048 private key has been saved to\n%s%cRegPrivateKey.pem", + nkg::GetCurrentWorkingDirectory().c_str(), + nkg::IsWineEnvironment() ? TEXT('/') : TEXT('\\') + ); + + _putts(TEXT("")); + } + + _putts(TEXT("*******************************************************")); + _putts(TEXT("* PATCH HAS BEEN DONE SUCCESSFULLY! *")); + _putts(TEXT("* HAVE FUN AND ENJOY~ *")); + _putts(TEXT("*******************************************************")); + } else { + _putts(TEXT("*******************************************************")); + _putts(TEXT("* DRY-RUN MODE ENABLE! *")); + _putts(TEXT("* NO PATCH WILL BE APPLIED! *")); + _putts(TEXT("*******************************************************")); + } + + return 0; + } catch (nkg::Exception& e) { + LOG_FAILURE(0, "%s:%zu ->", e.File(), e.Line()); + LOG_FAILURE(4, "%s", e.Message()); + if (e.HasErrorCode()) { + LOG_HINT(4, "%s (0x%zx)", e.ErrorString(), e.ErrorCode()); + } + + for (auto& Hint : e.Hints()) { + LOG_HINT(4, "Hint: %s", Hint.c_str()); + } + return -1; + } } +} - _tprintf_s(TEXT("Success!.\r\n")); - RSA_free(PrivateKey); - return 0; -} \ No newline at end of file diff --git a/navicat-patcher/navicat-patcher.vcxproj b/navicat-patcher/navicat-patcher.vcxproj index 2c0ab6b..a266297 100644 --- a/navicat-patcher/navicat-patcher.vcxproj +++ b/navicat-patcher/navicat-patcher.vcxproj @@ -1,5 +1,5 @@ - - + + Debug @@ -19,42 +19,50 @@ - {30BE8CAB-6137-4441-9F64-599D0A6EEA0C} + 16.0 + {7EE03EF3-D58D-4B53-913D-4A4DC8A29E34} Win32Proj navicatpatcher - 8.1 + 10.0 + x86-windows-static + x64-windows-static Application true - v140 + v142 Unicode + false Application false - v140 + v142 true Unicode + false Application true - v140 + v142 Unicode + false Application false - v140 + v142 true Unicode + false + @@ -71,29 +79,33 @@ true + $(SolutionDir)obj\$(Platform)-$(Configuration)\$(ProjectName)\ + $(SolutionDir)bin\$(Platform)-$(Configuration)\ true - D:\OpenSSL-Win64\include;$(IncludePath) - D:\OpenSSL-Win64\lib;$(LibraryPath) + $(SolutionDir)obj\$(Platform)-$(Configuration)\$(ProjectName)\ + $(SolutionDir)bin\$(Platform)-$(Configuration)\ false + $(SolutionDir)obj\$(Platform)-$(Configuration)\$(ProjectName)\ + $(SolutionDir)bin\$(Platform)-$(Configuration)\ false - D:\OpenSSL-Win64\include;$(IncludePath) - D:\OpenSSL-Win64\lib;$(LibraryPath) + $(SolutionDir)obj\$(Platform)-$(Configuration)\$(ProjectName)\ + $(SolutionDir)bin\$(Platform)-$(Configuration)\ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true MultiThreadedDebug + stdcpp17 Console @@ -102,13 +114,13 @@ - - Level3 Disabled - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true MultiThreadedDebug + stdcpp17 Console @@ -118,14 +130,14 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true MultiThreaded + stdcpp17 Console @@ -137,14 +149,14 @@ Level3 - - MaxSpeed true true - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true MultiThreaded + stdcpp17 Console @@ -154,8 +166,53 @@ + + + + + + + + + true + true + + + true + true + + + true + true + + + + true + true + + + true + true + + + + true + true + + + + + + + + + + + + + diff --git a/navicat-patcher/navicat-patcher.vcxproj.filters b/navicat-patcher/navicat-patcher.vcxproj.filters index 0043367..5d48e2f 100644 --- a/navicat-patcher/navicat-patcher.vcxproj.filters +++ b/navicat-patcher/navicat-patcher.vcxproj.filters @@ -7,7 +7,7 @@ {93995380-89BD-4b04-88EB-625FBE52EBFB} - h;hh;hpp;hxx;hm;inl;inc;xsd + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} @@ -18,5 +18,82 @@ 源文件 + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + 源文件 + + + + + 头文件 + + + 头文件 + + + 头文件 + + + 头文件 + + + 头文件 + + + 头文件 + + + 头文件 + + + 头文件 + + + 头文件 + + + 头文件 + \ No newline at end of file diff --git a/navicat-patcher/navicat-patcher.vcxproj.user b/navicat-patcher/navicat-patcher.vcxproj.user new file mode 100644 index 0000000..966b4ff --- /dev/null +++ b/navicat-patcher/navicat-patcher.vcxproj.user @@ -0,0 +1,6 @@ + + + + true + + \ No newline at end of file