#破解#Solusvm授权破解思路和使用方法(附带伪授权站)

by VPSPS

VPS评审 / 2019-01-31 17:25

Solusvm也算是一个很老的面板了 在一年前 我就放出了破解思路 现在我更新了3个伪装授权服务器直接hosts一下即可使用,仅供学习使用请在24h内删除

2018022214484319.png

Solusvm的授权部分在system下面的clean.php里面。这个文件包括两个函数,一个LicenseDecode,一个LicenseDecodePart。那么自然,逆向他的算法即可。因为怕dmca,我就不放解密了~

php前缀       private $_s_C_OOO_o01 = "ypO%_Y/y0#rY@KFi==@65%swYskCaCTk-52#*StP6HCsrwP!tB";       private $_s_C_OOO_o02 = "MM=co=_prb+;XyuHkHfNtyWy/y@/FzcofZ9HqjQ9?XxSb96a.d";       private $_s_C_OOO_o03 = "31m*R*Z!zmnDjdqovF8Wyq1-LZUAFohEKqn652kM.FGykJF7LT";       private $_s_C_OOO_o04 = "UF*zssdx8E9Q7+tzZ%*Y#j2=/FFZOekUr1BXB6OANpO1-ivAOm";       private $_s_C_OOO_o05 = 30;       private $_s_C_OOO_o06 = "+";       private $_s_C_OOO_o07 = 30;       private $_s_C_OOO_o08 = "(";       private $_s_C_OOO_o09 = "=============================== START KEY DATA =================================n";       private $_s_C_OOO_o10 = "n================================ END KEY DATA ==================================";          public function LicenseEncode($result){       	$resulttraw = serialize($result);           $resulttraw = base64_encode($resulttraw);   	$md5Hash = md5($resulttraw . $result['checkDate'] . $this->_s_C_OOO_o04);   	$data = $md5Hash.$resulttraw;   	$md5Hash = md5(strrev($data) . $this->_s_C_OOO_o03);   	$data = $md5Hash.strrev($data);   	$data = $this->LicenseEncodePart($data, $this->_s_C_OOO_o01);   	$data = strrev($data);           $data = gzdeflate($data);           $data = convert_uuencode($data);   	$data = strrev($data);   	$data = $this->LicenseEncodePart($data, $this->_s_C_OOO_o02);   	$data = strtoupper($data);   	$data = wordwrap($data, 18, "+", true);   	$data = wordwrap($data, 348, "(", true);   	$data = wordwrap($data, 80, "n", true);   	$data = $this->_s_C_OOO_o09 . $data;   	$data = $data . $this->_s_C_OOO_o10;   	return $data;       }          private function LicenseEncodePart($string, $key){           $key = sha1($key);           $strLen = strlen($string);           $keyLen = strlen($key);           $i = 0;           while( $i < $strLen )            {               $ordStr = ord(substr($string, $i, 1));   	    if( $j == $keyLen )                {                   $j = 0;               }   	    $ordKey = ord(substr($key, $j, 1));               $j++;               $hash .= strrev(base_convert(dechex($ordStr + $ordKey), 16, 36));               $i += 1;           }           return $hash;       }   

授权访问的位置是 /clients/modules/servers/licensing/slbs_verify_license.php

我给一个slbs_verify_license.php的范例:

php前缀   	require "cleaned.php";   	if(isset($_POST["nodes"]) && isset($_POST["licensekey"]) && isset($_POST["domain"]) && isset($_POST["ip"]) && isset($_POST["dir"])){ 						        	$returnarray = array( "hash" => '',   		"hash2" => '',   		"status" => 'Active',   		"productid" => 20,   		"checkDate" => date("Y-M-D"),   		"companyname" => "NagakaTech",   		"email" => "admin@loli.ren",   		"configoptions" => "Slaves=100|Mini Slaves=100|Micro Slaves=100"   	);   	$data = LicenseEncode($returnarray);   	echo($data);   }else{   	echo("No input");   }   

后记

我使用的版本是1.20.03 测试正常

附注

solusvm服务器(需要hosts掉)

http://www.soluslabs.com

licensing1.soluslabs.net

licensing5.soluslabs.net

送上已经搭建好的伪授权站(感谢Nico大佬)

伪授权站1   150.95.9.225 soluslabs.com   150.95.9.225 www.soluslabs.com   150.95.9.225 licensing1.soluslabs.net   150.95.9.225 licensing2.soluslabs.net   150.95.9.225 licensing3.soluslabs.net   150.95.9.225 licensing4.soluslabs.net   150.95.9.225 licensing5.soluslabs.net   150.95.9.225 licensing6.soluslabs.net   伪授权站2   150.95.9.221 soluslabs.com   150.95.9.221 www.soluslabs.com   150.95.9.221 licensing1.soluslabs.net   150.95.9.221 licensing2.soluslabs.net   150.95.9.221 licensing3.soluslabs.net   150.95.9.221 licensing4.soluslabs.net   150.95.9.221 licensing5.soluslabs.net   150.95.9.221 licensing6.soluslabs.net   伪授权站3(需要专用激活码SVMTL-88888-88888-88888-88888-88888-88888)   162.211.226.149     www.soluslabs.com   162.211.226.149     soluslabs.com   162.211.226.149     licensing1.soluslabs.net   162.211.226.149     licensing2.soluslabs.net   162.211.226.149     licensing3.soluslabs.net   162.211.226.149     licensing4.soluslabs.net   162.211.226.149     licensing5.soluslabs.net   162.211.226.149     licensing6.soluslabs.net   

使用方法

vi etc/hosts   

将上述任意一个 复制进去即可

防止投诉

据说 SolusVM 的主控端还是会偷偷地往法国 OVH 的一个机器发包,非域名,IP 直连请求,可以尝试通过 tcpdump 抓取这个 IP 然后做 iptables 限制访问。

我这边是直接将 94.0.0.0/8 这个段全部封掉

iptables -I INPUT -s 94.0.0.0/8 -j DROP   

Shared via Inoreader