v10.1.0-b1
大约 3 分钟开发版开发日志破解记录
主题
- 由于没有找到
allow_lock_index_reason变量出处,所以直接写死了 XD
<!-- <div id="content" class="app-content"> -->
<a class="off-screen-toggle hide"></a>
<div class="hide" id="post_category"><a href="<?php echo BLOG_URL ?>"></a></div>
<main class="app-content-body <?php Content::returnPageAnimateClass($this); ?>">
<div class="hbox hbox-auto-xs hbox-auto-sm">
<div class="col center-part gpu-speed" id="post-panel">
<?php
$index_show = Utils::getExpertValue("index-title-show",true);
$desc_show = Utils::getExpertValue("index-desc-show",true);
?>
<?php Content::getNoticeContent(); ?>
<?php if ($index_show || $desc_show):?>
<header class="bg-light lter wrapper-md">
<?php if ($index_show) :?>
<?php $_GET['allow_lock_index_reason'] = ""; // todo noqa ?>
<h1 class="m-n font-thin text-black l-h"><?php $this->options->title(); echo $_GET['allow_lock_index_reason'] ? '<span class="superscript m-l-sm" data-toggle="tooltip" data-original-title="'. $_GET["allow_lock_index_reason"].'"><i data-feather="shield"></i></span>' :"";?></h1>
<?php // print_r($_GET); ?>- 由于
HAdmin.php文件被加密,故重写HAdmin.php - 由于
CoreInterface.php文件被加密,故重写CoreInterface.phpAjax.phpGetCode.phpStar.phpTime.php
<?php
/**
* HAdmin.php
* Author : Anonymous
* Date : 2025/05/20
* Version : 10.1.0
* Description: HANDSOME AUTH CRACKED
**/
if (!defined('__TYPECHO_ROOT_DIR__')) {
exit;
}
require_once("Settings.php");
class HAdmin {
public static function SettingsWelcome() {
Utils::initGlobalDefine(true);
echo Settings::useIntro() . Settings::checkupdatejs(). Settings::styleoutput();
echo Settings::initAll();
echo '<script src="' . STATIC_PATH . '/libs/jquery/jquery.min.js"></script>';
echo '<script src="' . STATIC_PATH . '/libs/mdui/mdui.min.js"></script>';
echo '<script src="' . STATIC_PATH . '/js/admin/admin.min.js"></script>';
}
}
?>- 添加
Request.php初始化Ajax.php
<?php
/**
* Request.php
* Author : Anonymous
* Date : 2025/05/21
* Version : 10.1.0
* Description: HANDSOME AUTH CRACKED
**/
if (!defined('__TYPECHO_ROOT_DIR__')) {
exit;
}
require_once("interface/Ajax.php");
require_once("Utils.php");
require_once("Content.php");
function themeInit($archive)
{
@mset("show_footer", 1);
@mset("post_content", 2);
@mset("typecho_content", true);
Database::initField();
Utils::initGlobalDefine();
Ajax::request();
if($_POST != null){
Ajax::post();
}
}
?>- 修改
CDN.php未使用变量 - 去除
base64加密字符串
<?php
/**
* CDN.php
* Author : Anonymous
* Date : 2025/05/20
* Version : 10.1.0
* Description: handsome configs
**/
class CDN_Config
{
const CRACKMODE = 1; // 是否开启破解模式,1为开启,0为关闭 (关闭后部分api将不可用)
const SPECIAL_MODE = 0; // 请勿修改该变量,否则可能会导致一些问题出现
const DEVELOPER_DEBUG = 0;// 开发者本地开发模式,请勿修改此变量,0为普通用户模式,1为开发者模式
const COMMENT_SYSTEM_ROOT = 0;
const COMMENT_SYSTEM_NONE = 3;
const COMMENT_SYSTEM_OTHERS = 2;
const COMMENT_SYSTEM_CHANGYAN = 1;
const version = "https://auth.ihewro.com/";
const debug = "https://auth.ihewro.com/auth/notice";
const HANDSOME_DEBUG_DISPLAY = 0; //1 开启handsome调试信息,0 关闭handsome调试信息显示
const not_support = "php缺少mbstring模块支持,请联系作者获取解决方案";
...- 去除
Utils.phpContent.phpScodeParse.php内base64加密字符串 - 疑似加密字段为授权用户特征码,故此保护用户信息
L-83 - xxxxxxxxxTSBVm4000000000M291OVNQxxxxxxxxx...
L-244 - xxxxxxxxxKFBFm4000000000aWZYcFRtxxxxxxxxx...
L-397 - xxxxxxxxxUJDLm4000000000Tnowb1pzxxxxxxxxx...
L-603 - xxxxxxxxxVCBZm4000000000ajJYYldMxxxxxxxxx...
L-811 - xxxxxxxxxEFAMm4000000000WXdlWUZkxxxxxxxxx...
L-869 - xxxxxxxxxRFSQm4000000000VEgwNFRNxxxxxxxxx...L-531 - xxxxxxxxxGJSLm4000000000Tnowb1pzxxxxxxxxx...
L-925 - xxxxxxxxxUXDOm4000000000Tnowb1pzxxxxxxxxx...L-90 - xxxxxxxxxFJSFm4000000000Tnowb1pzxxxxxxxxx...
L-226 - xxxxxxxxxTJCLm4000000000Tnowb1pzxxxxxxxxx...
L-266 - static $theme_version="xxxxxxxxxZJSBm4000000000Tnowb1pzxxxxxxxxx...""
L-563 - xxxxxxxxxTTRLm4000000000Tnowb1pzxxxxxxxxx...
L-661 - xxxxxxxxxUVSXm4000000000Tnowb1pzxxxxxxxxx...插件
- 引用,反向引用,音乐,等 API 接口均被加密
- 由于
CoreAction.php文件被加密,故重写CoreAction.phpConfigAction.phpContentGetAction.phpCrossAction.phpLinksAction.phpMetingAction.phpMultiUpload.php
{
"refer_list": [
{
"url": "http:\/\/example.com\/archives\/3\/",
"title": "xxx",
"content": "xxxxxxxxxx",
"isLock": false,
"lock": false,
"allow": true,
"allow_lock_reason": null,
"lastModified": "最后修改:xxx 年 xx 月 xx 日"
}
],
"used_list": [
{
"url": "http:\/\/example.com\/archives\/3\/",
"title": "xxx",
"content": "xxxxxxxxxx",
"isLock": false,
"lock": false,
"allow": true,
"allow_lock_reason": null,
"lastModified": "最后修改:xx 年 xx 月 xx 日"
}
]
}- 上述
Json便是CoreAction.php加密文件的输出结果,已在ContentGetAction.php进行粗略重写,所以并不完整
<?php
if (!defined('__TYPECHO_ROOT_DIR__')) {
exit;
}
require_once(dirname(__DIR__).'/cache/driver/controller/content_util.php');
class ContentGetAction extends Widget_Abstract_Contents implements Widget_Interface_Do{
public function __construct() {
$this->contentUtil = new ContentUtil();
}
public function action() {
$cid = $_GET['cid'];
$UsedCidList = $this->contentUtil->getUsedCidList($cid);
$ReferCidList = $this->contentUtil->getReferCidList($cid);
$output = array(
'refer_list' => $this->getBatchPostData($ReferCidList),
'used_list' => $this->getBatchPostData($UsedCidList)
);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($output, JSON_UNESCAPED_UNICODE);
}
private function getBatchPostData($cidArray) {
if (empty($cidArray)) {
return array();
}
$results = array();
foreach ($cidArray as $cid) {
if (is_numeric($cid) && $cid > 0) {
$postData = $this->getSinglePostData($cid);
if ($postData !== null) {
$results[] = $postData;
} else {
$results = array(
"refer_list" => [],
"used_list" => []
);
}
}
}
return $results;
}
private function getSinglePostData($cid) {
$db = Typecho_Db::get();
$options = Typecho_Widget::widget('Widget_Options');
try {
$post = $db->fetchRow(
$db->select()
->from('table.contents')
->where('cid = ?', intval($cid))
->where('type = ?', 'post')
->where('status = ?', 'publish')
);
if (!$post) {
return array();
}
$siteUrl = rtrim($options->siteUrl, '/');
$routingTable = $options->routingTable;
$postUrlPattern = $routingTable['post']['url'];
$permalink = $postUrlPattern;
$permalink = str_replace('[cid:digital]', $post['cid'], $permalink);
$permalink = str_replace('[slug]', $post['slug'], $permalink);
$permalink = str_replace('[year:digital:4]', date('Y', $post['created']), $permalink);
$permalink = str_replace('[month:digital:2]', date('m', $post['created']), $permalink);
$permalink = str_replace('[day:digital:2]', date('d', $post['created']), $permalink);
if (strpos($permalink, '[category]') !== false) {
$category = getPostFirstCategory($cid);
$permalink = str_replace('[category]', $category ? $category['slug'] : 'uncategorized', $permalink);
}
if (isset($options->rewrite) && $options->rewrite) {
$fullUrl = $siteUrl . $permalink;
} else {
$fullUrl = $siteUrl . '/index.php' . $permalink;
}
return array(
'title' => $post['title'],
'content' => strip_tags($post['text']),
'lastModified' => '最后修改:' . date('Y年m月d日', $post['modified']),
'url' => $fullUrl
);
} catch (Exception $e) {
return null;
}
}
}
?>