VB.NET 与 PHP 互通进行的AES网络验证

laodan

软件只有一个思路，就是可以后台控制软件的打开。
实现代码也很简单，按照我的思路想破的话，其实不是说破不掉，而是说难度很大了(主要还是VMP壳。)

功能如下：
1、后端PHP根据密钥生成“XXX内容|时间戳”的类型，进行加密。然后输出。因为加入了时间戳，每次返回的密文不同。
2、软件端根据密钥进行解密，解密之后，根据“XXX内容|时间戳”输出两个数组，首先判断时间戳是否在本机时间的前八秒和后八秒之内。这样形成了本机时间和服务器的时间互通，超过时间，则解密失败。如果在时间之内，则解密数组1：“XXX内容” 这个内容，判断是否验证正确。



PHP代码：

[PHP] 纯文本查看 复制代码

<?php
function EncryptAES($key, $data) {
    $ivLength = 16;
    $iv = openssl_random_pseudo_bytes($ivLength);
    $encryptedText = openssl_encrypt($data, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
    $combinedData = $iv . $encryptedText;
    $encryptedData = base64_encode($combinedData);
    return $encryptedData;
}

$key = "5H8g9T6j2Y1n4K7B";
$valueToEncrypt = "当前可用";
$timestamp = time(); // 获取当前时间戳
$dataWithTimestamp = $valueToEncrypt . "|" . $timestamp; // 在数据后添加时间戳

$encryptedValue = EncryptAES($key, $dataWithTimestamp);
echo $encryptedValue;
?>

VB.NET代码：可改为C#代码。代码基本大差不差。

[Visual Basic .NET] 纯文本查看 复制代码

Imports System.IO
Imports System.Net
Imports System.Reflection
Imports System.Runtime.InteropServices
Imports System.Security.Cryptography
Imports System.Text

Public Class Form1

    Function DecryptAES(key As Byte(), encryptedData As String) As String
        Dim combinedData As Byte() = Convert.FromBase64String(encryptedData)

        Dim ivLength As Integer = 16 ' IV长度为16字节
        Dim iv(ivLength - 1) As Byte
        Buffer.BlockCopy(combinedData, 0, iv, 0, ivLength)

        Dim encryptedBytes(combinedData.Length - ivLength - 1) As Byte
        Buffer.BlockCopy(combinedData, ivLength, encryptedBytes, 0, encryptedBytes.Length)

        Using aesAlg As Aes = Aes.Create()
            aesAlg.Key = key
            aesAlg.IV = iv

            Dim decryptor As ICryptoTransform = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV)

            Dim decryptedData As String = Nothing
            Using msDecrypt As New IO.MemoryStream(encryptedBytes)
                Using csDecrypt As New CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)
                    Using srDecrypt As New IO.StreamReader(csDecrypt)
                        decryptedData = srDecrypt.ReadToEnd()
                    End Using
                End Using
            End Using

            Return decryptedData
        End Using
    End Function

    '需要VMP虚拟化处理
    <Obfuscation(Feature:="virtualization", Exclude:=False)>
    Function get_pass() As String
        Try
            Dim url As String = "http://ver.lxjc.com/yz/1.php"
            Dim request As HttpWebRequest = CType(WebRequest.Create(url), HttpWebRequest)
            request.Method = "GET"

            Dim response As HttpWebResponse = CType(request.GetResponse(), HttpWebResponse)

            Using streamReader As New System.IO.StreamReader(response.GetResponseStream())
                Dim responseText As String = streamReader.ReadToEnd()
                Return responseText
            End Using

            response.Close()
        Catch ex As Exception
            MsgBox(ex.Message)
            End
        End Try
    End Function
    <Obfuscation(Feature:="virtualization", Exclude:=False)>
    Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click

        Dim key As Byte() = Encoding.UTF8.GetBytes("5H8g9T6j2Y1n4K7B")
        Dim encryptedValue As String = get_pass() ' 获取加密后的值
        Dim decryptedValue As String = DecryptAES(key, encryptedValue)
        Dim parts() As String = decryptedValue.Split("|"c)
        If Not ValidateTimestamp(parts) Then
            MsgBox("时间不同步，请匹配北京时间！")
            End
        End If

        If parts(0) = "当前可用" Then
            ' 验证通过
            MsgBox("验证通过")
        Else
            ' 验证不通过
            MsgBox(parts(0))
            End
        End If
    End Sub
    <Obfuscation(Feature:="virtualization", Exclude:=False)>
    Private Function ValidateTimestamp(parts As String()) As Boolean
        Dim serverTimestamp As Long = Long.Parse(parts(1))
        Dim epoch As New DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)
        Dim currentTime As DateTime = DateTime.UtcNow
        Dim timeStamp As Long = (currentTime - epoch).TotalSeconds

        Dim net_time_add As Long = serverTimestamp + 8
        Dim net_time_sub As Long = serverTimestamp - 8

        Dim isInRange As Boolean = False

        isInRange = If(timeStamp >= net_time_sub AndAlso timeStamp <= net_time_add, True, False)
        Return isInRange
    End Function
End Class