19
Neve Pro Addon 激活分析
source link: https://www.taterli.com/6593/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
API REQUEST参数:
- license => 序列号
- item_name => 产品名
- url => 网站URL
- edd_action => 操作
API RESPONSE参数:
- success => 成功状态
- license => 有效性/取消激活
- item_name => 产品名,这个只能返回这种.
- key => 回报密钥,也是输入密钥.
- download_id => 下载ID,用于renew用途,生成renew_url.
- price_id => (未知)价格ID,这里才是区分授权版本,选项1-9,测试发现哪个数字都行.
- plan => (未知)套餐ID,程序里面虽然用了,但是实际上是可选参数,也没实际用途.
- expires => 过期时间,通过源码(Licenser.php)得知,过期前一天就算过期了.
- activations_left => 还可以授权的数量,程序中验证了是否无激活次数.
验证关键代码(Line 366,存在安全隐患):
提示:既然SSL验证为假,即伪造激活服务器,自签证书,修改系统host就可以一劳永逸~
激活URL范例:
https://store.themeisle.com/?license=fd000000000000000000000000000000&item_name=Neve Pro Addon&url=https://www.google.com&edd_action=activate_license
回报(正确):
{ "success": "true", "license": "valid", "item_name": "Neve Pro (Plugin)", "key": "fd005c34232376faa21a7af0b995bb96", "download_id": 8498318, "price_id": 5, "plan": 5, "expires": "2021-01-25 23:59:59", "activations_left": 29 }
回报(密钥无效):
{ "success": "true", "license": "invalid", "item_name": "Neve Pro (Plugin)" }
取消激活URL范例:
https://store.themeisle.com/?license=fd000000000000000000000000000000&item_name=Neve Pro Addon&url=https://www.google.com&edd_action=deactivate_license
回报:
{ "success": "true", "license": "deactivated", "item_name": "Neve Pro (Plugin)", "key": "fd005c34232376faa21a7af0b995bb96", "download_id": 8498318, "expires": "2021-01-25 23:59:59", "activations_left": 30, "price_id": 5, "plan": 5 } 既然知道这个了,岂不是可以伪造授权服务器? ----- 搞定:
插件(原版):
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK