1. 服务器/VPS/主机用户Telegram电报群: https://t.me/openos
    黑群晖 Synology Telegram电报群: https://t.me/nasfan
    排除公告

Synology Surveillance Patcher 摄像头数量破解

本帖由 uniex2017-04-08 发布。版面名称:群晖 Synology DSM

  1. uniex

    uniex New Member

    注册:
    2017-04-08
    帖子:
    22

    附件文件:

    最后编辑: 2017-04-09
  2. uniex

    uniex New Member

    注册:
    2017-04-08
    帖子:
    22
    相关的连接
    https://github.com/gabonator/Work-i...nologySearchEngine/ApiExperiments/synogen.cpp
    代码:
    // Synology surveillance station license key generator
    //
    // update address of GenerateKey symbol in libsynoss_1.so:
    //   nm -D /var/packages/SurveillanceStation/target/lib/libsynoss_1.so | grep GenerateKey
    //
    // install gcc on synology machine:
    //   ipkg install crosstool-native optware-devel
    //
    // compile by calling:
    //   g++ synogen.cpp -ldl -o synogen
    //
    // run:
    //   ./synogen
    //
    // Do not misuse this tool, use it only for testing purposes and then delete the
    // key from your machine.
    //
    // How does this tool work? After entering license key in Key manager, disk station calls
    // function VerifyKey from libsynoss_1.so to validate new key. Every key is composed from
    // 4 bits determining how many cameras will be activated (1, 4, 8), unique 32 bit key and
    // remaining part of the sequence is just SHA1 hash of the previous part. Binary value of
    // this block is encoded into human readable form using this alphabet: 'BCDFGHJKMPQRTVWXY2346789'
    // Unique 32 bit number is in range <15000000, 20000000> for normal license or in range
    // <20000000, 20100000> for trial key. Every license is also sent with your diskstation
    // serial number to synology servers (synosurveillance.synology.com) to verify whether someone
    // is not already using this key.
    //
    // Some engineer at synology forgot to remove function GenerateKey from the libsynoss_1.so library
    // which takes two numbers (camera count and unique id) and generates the string with license key.
    // This is pretty funny fail from synology side, so instead of reverse engineering all the
    // bit manipulation done in VerifyKey function, we just call GenerateKey(8, random number, strCode)
    // to get valid activation code for 8 cameras. The GenerateKey function is not exported and cannot
    // be loaded using dlsym, but due to benefits of ELF shared objects and wrong linker configuration
    // we can determine the function's offset by calling nm -D command. This code was tested on
    // PowerPc based diskstations, but I have found function with the same name also on x86 synology
    // machine.
    
    #include <iostream>
    #include <string>
    #include <dlfcn.h>
    #include <link.h>
    
    const int nGenerateKeyRelativeAddr = 0x537dc;
    
    int main()
    {
      std::cout << "Synology license key generator by valky.eu" << std::endl;
    
      std::string arr[] = {
      "libpq.so.5",
      "libstdc++.so.5",
      "libsynosdk.so.4",
      "libcrypt.so.1",
      "libicui18n.so.22",
      "libicuuc.so.22",
      "libicudata.so.22",
      "libxml2.so.2",
      "libm.so.6",
      "libdl.so.2",
      "libpam.so.0",
      "libpthread.so.0",
      "librt.so.1",
      "libjson.so",
    
      "libsynobandwidth.so",
      "libsynowimax.so",
      "libcurl.so.4",
    
      "libdsm.so.4",
      "libsynoutils.so.1",
      "libsynoddnsclient.so",
      "libsynowimax.so",
      "libbackup.so",
      "libsynoacl.so",
      "libcurl.so.4",
      "libsynoldap.so.4",
      "libcrypto.so.1.0.0",
      "libssl.so.1.0.0",
      "libsynosmtp.so",
      "libjpeg.so.62",
      "libfindhost.so.1",
      "libncurses.so.5",
      "libsqlite3.so.0",
      "libsynodb.so",
      "/var/packages/SurveillanceStation/target/lib/libsynoss_1.so"
      };
    
    
      typedef void (*TGenerateKey)(int, int, std::string &);
      TGenerateKey GenerateKey;
    
      void* handle;
    
      for (int i=0; i<sizeof(arr)/sizeof(arr[0]); i++)
      {
        std::cout << "Loading library=" << arr << "...";
    
        handle = dlopen (arr.c_str(), RTLD_NOW | RTLD_GLOBAL);
    
        if (!handle)
        {
          std::cout << " Error" << std::endl;
          fputs (dlerror(), stderr);
          return 1;
        }
        std::cout << " Ok." << std::endl;
      }
    
      struct link_map *lm = (struct link_map*) handle;
      GenerateKey = (TGenerateKey)(lm->l_addr + nGenerateKeyRelativeAddr);
    
      for (int i=0; i<100; i++)
      {
        int nCameras = 8;
        int nKeyMin = 15000000;
        int nKeyMax = 20000000;
        int nKeyMaxTrial = 20100000;
        int nKey = nKeyMin + (rand() & 0xffff);
    
        std::string str;
        (*GenerateKey)(nKey, nCameras, str);
        std::cout << " Key = " << str << std::endl;
      }
    
      return 0;
    }
     
    已获得 cosmo145liukevinSonand6 的点赞。
  3. uniex

    uniex New Member

    注册:
    2017-04-08
    帖子:
    22
    还有一个方法
    1,安装好Surveillance Station
    2,再停用Surveillance Station(重要)
    3,再用SSH/Telnet登录DSM,把附件文件解压后上传到
    4,重启NAS
    5,再启动Surveillance Station
     

    附件文件:

    由版主最后编辑: 2017-04-09
    已获得 张pengmp11208todachuy2406另外1人的点赞。
  4. HumanCaviar

    HumanCaviar New Member

    注册:
    2017-04-25
    帖子:
    1
    对不起,我不会说中文。 非常感谢你的8.0.1补丁,它的效果很好。 可以帮我补丁8.0.2吗? 我找不到正确的偏移在'违-规-软-件-R'outined
     
  5. Fran

    Fran New Member

    注册:
    2017-05-07
    帖子:
    1
    為什麼沒有權限複制到target
     
  6. hui6900

    hui6900 New Member

    注册:
    2017-05-08
    帖子:
    2

    1.png

    复制一份文件夹就有权限替换了。然后把原始的文件夹重命名一下。
     
    最后编辑: 2017-05-09
  7. sanchichao

    sanchichao New Member

    注册:
    2017-06-04
    帖子:
    2
  8. hui6900

    hui6900 New Member

    注册:
    2017-05-08
    帖子:
    2
    替换文件破解,一般都是需要相同版本号替换的。
     
  9. wiruzdk

    wiruzdk New Member

    注册:
    2017-07-02
    帖子:
    3
    im not linux expert wich command should i use to copy that folder
     
  10. wiruzdk

    wiruzdk New Member

    注册:
    2017-07-02
    帖子:
    3
    fik det til at virke, men er der alligevel for at få den nye version arbejder på at?