Skip to content

Instantly share code, notes, and snippets.

@praswicaksono

praswicaksono/gist:dac438e1f501fae0917b

Last active July 3, 2023 15:51
Show Gist options
  • Save praswicaksono/dac438e1f501fae0917b to your computer and use it in GitHub Desktop.
Save praswicaksono/dac438e1f501fae0917b to your computer and use it in GitHub Desktop.
Download ZIP
AfterLogic Webmail Pro + Aurora Keygen
Raw
gistfile1.php
<?php
Class Keygen {
private $serial;
private function randChar($length = 8) {
$characters = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$string = '';
for ($p = 0; $p < $length; $p++) {
$string .= $characters[mt_rand(0, strlen($characters)-1)];
}
return $string;
}
public function getHashKey($version)
{
$return = base64_decode('NEpVVjNIU1dJVDU1R1I2UjJGUVhaQkxaRVA3NzFETllDTThNQUs5OQ==');
if (2 === $version) { // Webmail Pro
$return = base64_decode('MkZRWDNIU1c0SlVWSVQ1NUdSNlJBSzk5WkJMWkVQNzcxRE5ZQ004TQ==');
} else if (3 === $version) { // Aurora
$return = base64_decode('M0hTVzJGUVhaQkxaQ004TUFLOTlJVDU1RVA3NzFETllHUjZSNEpVVg==');
}
return $return;
}
public function divideByFour($version, $char)
{
$result = strpos($this->getHashKey($version), $char);
return (false !== $result) ? (int) floor($result / 4) : false;
}
public function generate($version = 2) {
if ($version == 2) {
$this->serial .= "WM700-";
} elseif ($version == 3) {
$this->serial .= "AU700-";
} else {
return "Error version not found";
}
$var = rand(0,9);
$var4 = $this->randChar(1);
while($this->divideByFour($version,$var4) % 2 == 0)
{
$var4 = $this->randChar(1);
}
$this->serial .= $this->randChar(27).$var4.'-'.$var;
$var2 = ($var * 7 + 7) % 10;
$this->serial .= $var2.rand(0,9).rand(0,9);
$var3 = $this->randChar(1);
while($this->divideByFour($version,$var3) != 0)
{
$var3 = $this->randChar(1);
}
$this->serial .= $var3.$this->randChar(4);
return $this->serial;
}
}
$obj = new Keygen();
// 2 for webmailpro and 3 for aurora
print_r($obj->generate(3));
@praswicaksono
Copy link
Author

Maybe a replay attack can be done by replacing KI.php and license file with an old one from : afterlogic/aurora-module-licensing@e30a52f#diff-a8b460e8fea5607a2b05effa9f6512e5271f1e26ca6ab7890c7eab58cfc1e54c

Or someone may develop a replacement from unobfuscated KI.php https://www.unphp.net/

Or create a new generator with a self-generated public/private key pair and replace modules/Licensing/classes/AU80.key

Wasted 2 hours on that, so better save all vectors

ps : If you like their product please send them some money if you are not poor like me :)

Unobfuscate is really just rename variable using hex editor, format the code and debug using xdebug. you just return correct array from KI.php

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment