ningmou

ningmou

telegram
HomeArchives

Approach to cracking Aurora theme v1.4.0

#aurora#v2board#js加密#Tidalab#sspanel2372
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The text discusses the unethical act of cracking software and someone using the cracked version on GitHub. The author criticizes the person for taking credit for the cracked version and also mentions that the person used code from the author's demonstration site without encryption. The author suggests using the Aurora theme instead and provides instructions for cracking it. The text concludes with a request for payment if anyone has further questions or requests related to cracking software.

image

Network-wide hanging dogs#

https://t.me/geekui
1.
Although cracking itself is unethical,
But this dog took my cracking results and posted them on GitHub as his own,
And even tagged me in it,
Damn, this guy has thick skin.
2.
Both the muse and dream themes of this dog are from the author's demo site, and the JavaScript of the demo site is not encrypted.
So this dog stole the code from the demo site and boasted about cracking these two themes.
Really hilarious.
3. If you have the ability, use Aurora, I have used it, what about you? Keep barking!

Preface#

Due to the cracking and reminders from the author last time, the author gave up using wasm to verify authorization. However, the new version still uses a relatively weak authorization verification method, and the degree of JavaScript obfuscation does not affect the difficulty of cracking.
Respect genuine products, resist piracy, everyone has a responsibility
Hope certain people can be more honest

Authorization verification approach#

The authorization verification logic is shown in the following code. As for how to find the code below, I have an answer: use your hands.
image

try {
  !(__globalObject.A8wd5T = Kx00jWJ.a[JDC54AY(__globalObject[eisPIs(0x6f)] + eisPIs(0x67))][JDC54AY(0x94)](KqoxCbV),
  __globalObject[__globalObject[__globalObject[0xd4] + 0xaf] - 0x23] = ybIW9h(-0x132).parse(ybIW9h(0x20d)(__globalObject.A8wd5T.decrypt(Kx00jWJ.a.util.decode64(XM764mx[eisPIs(0x53)])))),
  __globalObject[eisPIs(0x3c)][JDC54AY(eisPIs(0x70))] == XM764mx.c ? this[eisPIs(0x71)]() : (window[JDC54AY(Hq5Bu8(0x78))].u(),
  __globalObject[eisPIs(0x32)]()))
} catch (yOpTrJ) {
  this[Hq5Bu8(0x5d)]()
}

If the verification fails or an error occurs during the decryption process, it will redirect to the unauthorized page and display the message "Authorization code is incorrect, please contact the author."

The idea of authorization verification is as follows:

image
First, decrypt the license key, which results in a JSON string, and then convert it to a JSON object.
The format of the JSON object is as follows:

{"name": "Site Name","orderId": "666666","price": "9999"}

image
Then compare the name property of the JSON object with the site name provided by v2board. If it is false, it will redirect to the unauthorized page.

Cracking approach#

After understanding the above authorization verification process, cracking becomes very simple. Anyone can do it. Below are two cracking methods.

  1. First, steal an authorization code from the genuine site and fill it in your own site. Then remove the "!" after "try" or change "!== XM764mx.c" to "== XM764mx.c". This reverses the logic, making it check for verification failure before allowing usage.
  2. Construct a fake JSON object to replace the decrypted JSON object. The replacement code is as follows.
__globalObject[__globalObject[__globalObject[0xd4] + 0xaf] - 0x23] = ybIW9h(-0x132).parse('{"name": "Aurora Crack","orderId": "666666","price": "9999"}'),

Discussion Group#

https://t.me/TalkToJshi
The theme package is in the group above
aurora-site-ripper.zip according to the above tutorial
aurora-1.6.22.pj.zip use the registration generator in the group to generate a key

If you have any questions that need to be answered, please pay first. Please transfer to the following address.
TRON Network TTTTTTLuVcPQdCsYJuAa13Sc4527wYCZ4D

Questions include how to crack, why the above method doesn't work, can you provide the theme files, how to operate at xx, can you send the cracked version, etc.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.