Scientific use of Log4View2 to view logs

Catalog

 

Catalog

NLog log framework use inquiry-1
NLog log framework use inquiry-2
Using Log4View2 scientifically

Preface

The title is very low-key, but since you click in, then the next dry goods belong to you.
Programmers who don't want to be hackers are not good programmers. In the last one NLog log framework use inquiry-2 The article mentioned that Log4View2 tool has a 30 day trial period, and many functions are limited beyond the trial period, for example, database loading cannot be used. So how can we use it scientifically?
This article involves decompilation technology, symmetric encryption technology, IL intermediate language and other technologies. After mastering these technologies, you will find that you can use the software more scientifically.

The following content is only for personal study and use. No one is allowed to use it for commercial purposes or for illegal ways. I will not be responsible for any consequences.

Scientific use

We can use dnspy,ilspy And the. net program is decompiled by reflector. Log4View2 is a pure. net development project.

reflector is charged and needs to be used scientifically.
ILSpy is an open source. NET assembly browser and compiler.
dnSpy is a debugger and. NET assembly editor. You can use it to edit and debug assemblies even if there is no source code available.

dnspy is also a decompiler engine based on ILSpy, which has added rich functions and can even directly modify the source code. First, we look at the source code of relevant registration through dyspy, and directly find the Log4View.exe file in the installation path and drag it into dbSpy.

Find the licensing related modules (naming is very friendly)

The ApplyLicense method can be found in LicenseMgr, which calls CheckForTrial(); to check the expiration time.

After checking the expiration time, the callback uses SetLicenseInformation() and SetLicensedFeatures()

The SetLicenseInformation method is used to get some registration information from the License.

Ctrl + left mouse button to jump to method

private void SetLicenseInformation()
{
    base.LicensedTo = null;
    if (this.License == null)
    {
        return;
    }
    Log4ViewProductProvider log4ViewProductProvider = this.ProductProvider as Log4ViewProductProvider;
    this.ProductInfo = ((log4ViewProductProvider != null) ? log4ViewProductProvider.GetProductName(this.License.ProductReferenceId) : null);
    if (!this.License.RegisteredName.IsNullOrEmpty() && !this.License.RegisteredCompany.IsNullOrEmpty())
    {
        base.LicensedTo = this.License.RegisteredName + "\n" + this.License.RegisteredCompany;
        return;
    }
    if (!this.License.RegisteredName.IsNullOrEmpty())
    {
        base.LicensedTo = this.License.RegisteredName;
        return;
    }
    if (!this.License.RegisteredCompany.IsNullOrEmpty())
    {
        base.LicensedTo = this.License.RegisteredCompany;
    }
}

SetLicensedFeatures is based on whether to register, whether to try and other information to determine product function restrictions. If you register, you can choose the configuration according to the registered information. If you try, you can use it to the maximum extent. Otherwise, only one receiver is allowed. For example, if you use the network receiver, you cannot use the file receiver, and some functions will be restricted.

As shown in the figure, the functions of Logboxx and Database are disabled.

private void SetLicensedFeatures()
{
    if (base.IsRegistered)
    {
        LicenseMgr.Logger.Info(string.Format("Log4View is licensed with {0}", this.License.LicenseKey));
        Log4ViewFeatureAdapter log4ViewFeatureAdapter = new Log4ViewFeatureAdapter(this.License.Features);
        this.MultipleInstances = log4ViewFeatureAdapter.MultipleInstances;
        this.MaxReceivers = log4ViewFeatureAdapter.MaxReceivers;
        this.FileReadFilterEnabled = log4ViewFeatureAdapter.FileReadFilterEnabled;
        this.DatabaseReceiverEnabled = log4ViewFeatureAdapter.DatabaseReceiverEnabled;
        this.ExportEnabled = log4ViewFeatureAdapter.ExportEnabled;
        this.AnnotationsEnabled = log4ViewFeatureAdapter.AnnotationsEnabled;
        this.ChartEnabled = log4ViewFeatureAdapter.ChartEnabled;
        return;
    }
    if (this.IsTrial)
    {
        this.MaxReceivers = 250;
        this.FileReadFilterEnabled = (this.MultipleInstances = (this.DatabaseReceiverEnabled = (this.ExportEnabled = (this.AnnotationsEnabled = (this.ChartEnabled = true)))));
        return;
    }
    this.MaxReceivers = 1;
    this.FileReadFilterEnabled = (this.MultipleInstances = (this.DatabaseReceiverEnabled = (this.ExportEnabled = (this.AnnotationsEnabled = (this.ChartEnabled = false)))));
}

We know that all functions of the trial can be used, and the trial has a trial period, so long as we increase the trial period.
IsTrial whether to try.

private void CheckForTrial()
{
    this.IsTrial = false;
    if (this.License != null)
    {
        return;
    }
    DateTime? dateTime = base.CheckTrialDate();
    if (dateTime != null && dateTime.Value > DateTime.Now)
    {
        this.TrialExpireTime = dateTime.Value;
        LicenseMgr.Logger.Info(string.Format("Log4View License expires on {0}", this.TrialExpireTime));
        this.IsTrial = true;
    }
}

To judge the probation period, first read the date parameter from the licenseStore, and then verify it.

protected DateTime? CheckTrialDate()
{
    Tuple<DateTime, DateTime> tuple = this._licenseStore.CheckTrialDate();
    if (tuple == null)
    {
        return null;
    }
    DateTime item = tuple.Item1;
    DateTime dateTime = tuple.Item2;
    if (item > DateTime.Now)
    {
        return null;
    }
    if (dateTime < new DateTime(2007, 8, 15, 16, 58, 0))
    {
        dateTime = DateTime.Now.AddDays(30.0);
    }
    this._licenseStore.SaveTrialDate(dateTime);
    return new DateTime?(dateTime);
}

We can directly look at the saved time storage path. First, the current time and expiration time are pieced together and encrypted, and then stored in a file named fodszqufenusjbmebuf. The file path is saved in the "storagePath" field

public void SaveTrialDate(DateTime expireDate)
{
    string value = LicenseStore.EncryptTrialDate(string.Format(CultureInfo.InvariantCulture, "{0}#{1}", DateTime.Now.ToString(this._trialFormat), expireDate.ToString(this._trialFormat)));
    using (StreamWriter streamWriter = new StreamWriter(Path.Combine(this._storagePath, "FodszqufeUsjbmEbuf"), false))
    {
        streamWriter.Write(value);
    }
}

Check the variable directly by Ctrl+F, and you can see that the value will be assigned when the LicenseStore is initialized.

public LicenseStore(string productFamilyId, SigningSerializer serializer)
{
    this._serializer = serializer;
    string folderPath = Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData);
    this._storagePath = Path.Combine(folderPath, "Prolic", productFamilyId);
}

Environment.SpecialFolder.CommonApplicationData refers to the ProgramData directory of the system disk. If my system disk is C disk, it is C:\ProgramData \. In this directory, you can find the file saved on the date of Log4View.

We have obtained the contents of the file. You can see how NLog is encrypted and decrypted.

protected DateTime? CheckTrialDate()
{
    Tuple<DateTime, DateTime> tuple = this._licenseStore.CheckTrialDate();
    ...
}
public Tuple<DateTime, DateTime> CheckTrialDate()
{
    string text = this.ReadTrialDate();
    if (string.IsNullOrEmpty(text))
    {
        return null;
    }
    string text2 = LicenseStore.DecryptTrialDate(text);
    ...
}
private static string DecryptTrialDate(string cip)
{
    if (cip == null)
    {
        return null;
    }
    RijndaelManaged rijndaelManaged = null;
    MemoryStream memoryStream = null;
    CryptoStream cryptoStream = null;
    StreamReader streamReader = null;
    string result = null;
    try
    {
        rijndaelManaged = new RijndaelManaged
        {
            IV = Convert.FromBase64String("X9w3vURHpNUhpU+kICttoQ=="),
            Key = Convert.FromBase64String("vhMit23SLc56FN8oylrOUy8trs0I2z7piFrh4vnfx+s=")
        };
        ICryptoTransform transform = rijndaelManaged.CreateDecryptor(rijndaelManaged.Key, rijndaelManaged.IV);
        memoryStream = new MemoryStream(Convert.FromBase64String(cip));
        cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Read);
        streamReader = new StreamReader(cryptoStream);
        result = streamReader.ReadToEnd();
    }
    ...
    return result;
}

It can be seen that it uses 3DES algorithm. Key and IV have both. I personally don't know RijndaelManaged very well, so I also need to look at its default grouping mode and filling mode.

public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV)
{
    return this.NewEncryptor(rgbKey, this.ModeValue, rgbIV, this.FeedbackSizeValue, RijndaelManagedTransformMode.Encrypt);
}
private ICryptoTransform NewEncryptor(byte[] rgbKey, CipherMode mode, byte[] rgbIV, int feedbackSize, RijndaelManagedTransformMode encryptMode)
{
    if (rgbKey == null)
    {
        rgbKey = Utils.GenerateRandom(this.KeySizeValue / 8);
    }
    if (rgbIV == null)
    {
        rgbIV = Utils.GenerateRandom(this.BlockSizeValue / 8);
    }
    return new RijndaelManagedTransform(rgbKey, mode, rgbIV, this.BlockSizeValue, feedbackSize, this.PaddingValue, encryptMode);
}

Find out where ModeValue is assigned, select this.ModeValue and right-click to analyze

Look where it's assigned

protected SymmetricAlgorithm()
{
    this.ModeValue = CipherMode.CBC;
    this.PaddingValue = PaddingMode.PKCS7;
}

So smart do you know what to do? For example, is it very scientific to define the time-out as 2999?

Replace the encrypted file with the original file and restart it. You can see that the expiration time changes to 2999

what? You don't want to encrypt or decrypt it. You want me to give it directly?
Take it, Rtii82/K20ex7W41cuLLTHBq9qGA/VrVEf/zv7IoPUQL8ZUA8fikC3Saeh5oZUwcTUI+0xdX08OXGXqQwJP+eA==

After replacement



Want to know why? Go decrypt it yourself.

Edit and debug assemblies

This article is actually over, but someone in the last one thanked me for being so enthusiastic and teaching people to crack it.

I can't crack it!!!

But in order to let you learn more skills, let's talk about some dry goods.

As mentioned earlier, DnSpy is a debugger and. NET assembly editor. You can use it to edit and debug assemblies even if there is no source code available.

Debug assembly

Students with sharp eyes may see the green start button in the first picture.

Just like debugging in VS, we hit the breakpoint and start it directly.

Debugging method is the same as in VS, shortcut key is the same, F10 or F11 statement by statement.



Edit assembly

In front of us, it's quite troublesome to use scientifically. After searching for the code for half a day, we need to know the encryption and decryption algorithm.

We know that as long as we are trying, we can use the software to the greatest extent. Then we can directly change the source code this.IsTrial = false to this.IsTrial = true and return it.

private void CheckForTrial()
{
    this.IsTrial = false;
    if (this.License != null)
    {
        return;
    }
    DateTime? dateTime = base.CheckTrialDate();
    if (dateTime != null && dateTime.Value > DateTime.Now)
    {
        this.TrialExpireTime = dateTime.Value;
        LicenseMgr.Logger.Info(string.Format("Log4View License expires on {0}", this.TrialExpireTime));
        this.IsTrial = true;
    }
}

Right click where you need to modify the source code and select Edit IL instruction.

You can see that you first load 0(false) onto the stack through ldc.i4.0 and then call set_IsTrial assignment.

We can change ldc.i4.0 to ldc.i4.1 to true. Then change ldarg.0 to ret to return. We can also add instructions directly.

The point of this article is not to talk about how to learn IL. You can search the Internet for a lot.

Then click OK in the lower right corner to save, and you can see that the compiler optimizes the code automatically.

Just now, I just saved it to memory. Finally, I need to save it to a file.

DnSpy needs to be run with administrator privileges, otherwise it cannot be saved.

DnSpy can also edit methods.

But I can't compile and save it after I try. The students who are interested can try it by themselves.

epilogue

This article involves decompilation, 3DES symmetric encryption, IL language and other technologies. At the same time, it is very convenient to use DnSpy to modify IL. What can I do after modification? Let's play by ourselves.
Actually, there are a lot of things that DnSpy does behind the modification of IL. These latter principles all need us to spend more time to study. Finally, we call on everyone to respect copyright, not to spread pirated software, not to be used for illegal purposes.

Last but not least, if this article is helpful to you, we will scan wechat and pay attention to the subscription number of Jiege technology sharing

References

  1. It's so easy to understand the IL code (1)

 

 

 

source: https://www.cnblogs.com/Jack-Blog/p/11976252.html

Tags: Database network

Posted on Tue, 21 Apr 2020 19:17:17 -0700 by gasper000