1、申 请 I D:debugfan
2、个人邮箱:debugfan@qq.com
3、原创技术文章:Asprise OCR SDK 15.3试用版破解
1. 序言之前因同事需要,破解过Asprise OCR 4.0试用版本,对这个库比较有印象。目前最新版本为15.3,网上已经能下载到它的试用破解版本,但似乎没有看到此版本的破解文章。AspriseOCR 15.3与4.0比较,基本上没有加强保护强度,因此破解方法也可以参考网上公布的4.0版本的破解方法,只有一点点不同。AspriseOCR 15.3破解方法相当简单,甚至都用不到OllyDbg,用IDA 分析一下,找到关键修改一下就OK了。当然,这毕竟是免费试用版本,如果有经济条件的话,还是建议去购买官方正式版本。 2. 介绍Asprise OCR是一个强大的商业的OCR(光学字符识别)库,支持文字识别和二维码识别。AspriseOCR SDK有Java、C# .net、VB .net、Python、C/C++、Pascal等众多语言版本,并支持Windows、Linux、Mac OSX等操作系统平台。本篇对AspriseOCR SDK 15.3 C/C++ Windows免费试用版本进行破解,其他语言和平台版本相差不大,可依葫芦画瓢。官方下载链接:http://asprise.com/royalty-free-library/c-c++-ocr-for-windows-mac-linux-download.html 3. 编写demo官方提供的C++ Windows免费试用版本,包含了一个头文件(asprise_ocr_api.h)和一个DLL文件(aocr.dll)。官方页面中也提供了C/C++ demo代码,但没提供相应的C/C++demo程序,因此需要自己编写demo程序,主要代码如下,不多说 void testOcr()
{
const char * libFolder = "libaocr";
LIBRARY_HANDLE libHandle = dynamic_load_aocr_library(libFolder);
// one time setup
int setup = c_com_asprise_ocr_setup(false);
// starts the ocr engine; the pointer must be of long long type
long long ptrToApi = c_com_asprise_ocr_start("eng", OCR_SPEED_FAST, NULL, NULL, NULL);
char * s = c_com_asprise_ocr_recognize(ptrToApi, "image.png", -1, -1, -1, -1, -1,
OCR_RECOGNIZE_TYPE_ALL, OCR_OUTPUT_FORMAT_PDF,
"PROP_PDF_OUTPUT_FILE=result.pdf|PROP_PDF_OUTPUT_TEXT_VISIBLE=true|\
PROP_PDF_OUTPUT_RETURN_TEXT=text", "|", "=");
std::cout << "Returned: " << s << std::endl;
// do more recognition here ...
// finally, stops the OCR engine.
c_com_asprise_ocr_stop(ptrToApi);
dynamic_unload_aocr_library(libHandle);
}
|
运行效果:
1) 每次运行时,有一定概率会弹出如下提示:
2) 过期后提示
4. 分析DLL1) 用IDA加载aocr.dll。
2) 打开字符串列表窗口,搜索“evaluating Asprise”,找到其引用位置,F5反编译,得到如下代码:
BOOL sub_1005B820()
{
signed int v0; // edi@1
signed __int64 v1; // rax@12
void *v2; // esi@13
char *v3; // eax@16
char *v4; // ebx@16
DWORD dwDisposition; // [sp+Ch] [bp-128h]@1
__int64 v7; // [sp+10h] [bp-124h]@1
BYTE v8[4]; // [sp+1Ch] [bp-118h]@6
HKEY phkResult; // [sp+20h] [bp-114h]@1
BYTE Data[4]; // [sp+24h] [bp-110h]@3
CHAR SubKey; // [sp+28h] [bp-10Ch]@1
sub_1025AF9F(&v7);
sprintf_s(&SubKey, 0x100u, "Software\\Lab Asprise!\\%s\\%s\\Settings", "Asprise OCR", "15.3");
v0 = 0;
if ( RegCreateKeyExA(HKEY_CURRENT_USER, &SubKey, 0, 0, 0, 0xF003Fu, 0, &phkResult, &dwDisposition) )
{
v0 = 5;
LABEL_16:
v3 = (char *)sub_10257E26(256);
v4 = v3;
if ( v0 == 1 )
sprintf_s(
v3,
0x100u,
"Evaluation license expired (%s %s). Please remove the evaluation kit from your computer.",
"Asprise OCR",
"15.3");
else
sprintf_s(
v3,
0x100u,
"Evaluation license control error #%d (%s %s). Please contact us at support@asprise.com.",
v0,
"Asprise OCR",
"15.3");
j_j__free(v4);
v2 = (void *)sub_10257E26(512);
sub_1025845D(v2, "%s?m=eval_error&p=%s&v=%s&e=%d", (unsigned int)"http://asprise.com/license-mesg.html");
MessageBoxA(0, v4, "Sorry, an error occurred", 0x40010u);
goto LABEL_20;
}
if ( dwDisposition == 1 )
{
*(_DWORD *)Data = v7;
if ( RegSetValueExA(phkResult, "sys-DO-NOT-MODIFY", 0, 4u, Data, 4u) )
v0 = 2;
}
else if ( dwDisposition == 2 )
{
*(_DWORD *)Data = 4;
if ( RegQueryValueExA(phkResult, "sys-DO-NOT-MODIFY", 0, 0, v8, (LPDWORD)Data) )
{
v0 = 3;
}
else if ( v7 >= (unsigned int)(*(_DWORD *)v8 + 2592000) )
{
v0 = 1;
}
}
else
{
v0 = 4;
}
RegCloseKey(phkResult);
if ( v0 )
goto LABEL_16;
sub_1025A11E();
++dword_10635F4C;
LODWORD(v1) = sub_1025AF9F(0);
if ( !(v1 % 4) )
{
v2 = (void *)sub_10257E26(512);
sub_1025845D(v2, "%s?m=ok&p=%s&v=%s&e=%d", (unsigned int)"http://asprise.com/license-mesg.html");
if ( MessageBoxA(
0,
"Thank you for evaluating Asprise products. \n"
"Click the 'Yes' button below to visit our website or 'No' to continue: ",
"Asprise Software - asprise.com",
0x1124u) != 6 )
{
LABEL_21:
j_j__free(v2);
return v0 == 0;
}
LABEL_20:
ShellExecuteA(0, "open", (LPCSTR)v2, 0, 0, 1);
goto LABEL_21;
}
return v0 == 0;
}
|
以上就是试用检测的关键代码,流程简要分析如下:
1) 第一个调用函数sub_1025AF9F的反编译代码如下:
signed __int64 __cdecl sub_1025AF9F(signed __int64 *a1)
{
signed __int64 result; // rax@1
struct _FILETIME SystemTimeAsFileTime; // [sp+0h] [bp-8h]@1
GetSystemTimeAsFileTime(&SystemTimeAsFileTime);
result = (*(_QWORD *)&SystemTimeAsFileTime - 116444736000000000i64) / 0x989680ui64;
if ( result > 32535244799i64 )
result = -1i64;
if ( a1 )
*a1 = result;
return result;
}
|
这实际上就是C运行库的time函数
2) 写注册表
*(_DWORD *)Data = v7;
if ( RegSetValueExA(phkResult, "sys-DO-NOT-MODIFY", 0, 4u, Data, 4u) )
|
写注册表的数据参数Data,源自v7,而v7是time函数调用的结果。以上是将初始时间写入到注册表中
3) 查询注册表
*(_DWORD *)Data = 4;
if ( RegQueryValueExA(phkResult, "sys-DO-NOT-MODIFY", 0, 0, v8, (LPDWORD)Data) )
|
读取第一次运行时存储的初始时间
4) 随机提示
LODWORD(v1) = sub_1025AF9F(0);
if ( !(v1 % 4) )
{
v2 = (void *)sub_10257E26(512);
sub_1025845D(v2, "%s?m=ok&p=%s&v=%s&e=%d", (unsigned int)"http://asprise.com/license-mesg.html");
if ( MessageBoxA(
|
将time(0)的返回值模4,当结果为0时,则弹出试用提示
5. 破解过程1) 去掉随机提示
在IDA中找到下面一行
.text:1005B96D jnz loc_1005BA6D
|
点击菜单“Edit”->“Patch Program”->“Assemble”,修改为
.text:1005B96D jmp loc_1005BA6D
|
2) 修改过期检测
在IDA中找到下面一行
.text:1005B92F jb short loc_1005B93D
|
点击菜单“Edit”->“Patch Program” ->“Assemble”,修改为
.text:1005B92F jmp short loc_1005B93D
|
3) 生成破解DLL
点击菜单“Edit”->“Patch Program” ->“Applypatches to input file”,在弹出的对话框中点击“OK”,生成破解的DLL文件
(完)
|
吾爱游客
发表于 2016-8-30 15:39
发表于 2016-9-1 16:20
