How to Crack App by Self-Keygen 后续

在上一篇《How to Crack App by Self-Keygen》中,通过打印内存获取到了Serial,但是如何得到Keygen算法,还没有继续分析。下面具体分析Keygen算法。

0x1代码分析

已知道licenseForEmailAddress:withSecret:为产生Serial的函数。代码如下

000000000006175b         push       rbp                                         ; Objective C Implementation defined at 0x2a2da8 (instance method), DATA XREF=0x2a2da8
000000000006175c         mov        rbp, rsp
000000000006175f         push       r15
0000000000061761         push       r14
0000000000061763         push       r13
0000000000061765         push       r12
0000000000061767         push       rbx
0000000000061768         sub        rsp, 0x38
000000000006176c         mov        rbx, rcx
000000000006176f         mov        r13, rdx
0000000000061772         mov        r15, rsi
0000000000061775         mov        r12, rdi
0000000000061778         mov        r14, qword [_objc_retain_25b300]
000000000006177f         mov        rdi, r13                                    ; argument "instance" for method _objc_retain
0000000000061782         call       r14                                         ; _objc_retain
0000000000061785         mov        qword [rbp+var_30], rax
0000000000061789         mov        rdi, rbx                                    ; argument "instance" for method _objc_retain
000000000006178c         call       r14                                         ; _objc_retain
000000000006178f         mov        qword [rbp+var_40], rax
0000000000061793         mov        rax, qword [_OBJC_IVAR_$_HSLicense.initialized]
000000000006179a         cmp        byte [r12+rax], 0x0
000000000006179f         jne        loc_6184b

00000000000617a5         mov        rdi, qword [objc_cls_ref_NSString]          ; argument "instance" for method _objc_msgSend
00000000000617ac         mov        rsi, qword [0x2c0af0]                       ; @selector(stringWithUTF8String:), argument "selector" for method _objc_msgSend
00000000000617b3         lea        rdx, qword [0x1e648d]                       ; "XXX.m"
00000000000617ba         call       qword [_objc_msgSend_25b2e8]                ; _objc_msgSend
00000000000617c0         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
00000000000617c3         call       imp___stubs__objc_retainAutoreleasedReturnValue
00000000000617c8         mov        rbx, rax
00000000000617cb         test       rbx, rbx
00000000000617ce         lea        rdi, qword [cfstring__Unknown_File_]        ; @"<Unknown File>"
00000000000617d5         cmovne     rdi, rbx                                    ; argument "instance" for method _objc_retain
00000000000617d9         call       qword [_objc_retain_25b300]                 ; _objc_retain
00000000000617df         mov        r14, rax
00000000000617e2         mov        qword [rbp+var_38], r15
00000000000617e6         mov        r15, qword [_objc_release_25b2f8]
00000000000617ed         mov        rdi, rbx                                    ; argument "instance" for method _objc_release
00000000000617f0         call       r15                                         ; _objc_release
00000000000617f3         mov        rdi, qword [objc_cls_ref_NSAssertionHandler] ; argument "instance" for method _objc_msgSend
00000000000617fa         mov        rsi, qword [0x2c0af8]                       ; @selector(currentHandler), argument "selector" for method _objc_msgSend
0000000000061801         call       qword [_objc_msgSend_25b2e8]                ; _objc_msgSend
0000000000061807         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
000000000006180a         call       imp___stubs__objc_retainAutoreleasedReturnValue
000000000006180f         mov        rbx, rax
0000000000061812         mov        rsi, qword [0x2c0b00]                       ; @selector(handleFailureInMethod:object:file:lineNumber:description:), argument "selector" for method _objc_msgSend
0000000000061819         lea        rax, qword [cfstring_License_has_not_been_initialized_] ; @"License has not been initialized."
0000000000061820         mov        qword [rsp+0x60+var_60], rax
0000000000061824         mov        r9d, 0xa7
000000000006182a         xor        eax, eax
000000000006182c         mov        rdi, rbx                                    ; argument "instance" for method _objc_msgSend
000000000006182f         mov        rdx, qword [rbp+var_38]
0000000000061833         mov        rcx, r12
0000000000061836         mov        r8, r14
0000000000061839         call       qword [_objc_msgSend_25b2e8]                ; _objc_msgSend
000000000006183f         mov        rdi, r14                                    ; argument "instance" for method _objc_release
0000000000061842         call       r15                                         ; _objc_release
0000000000061845         mov        rdi, rbx                                    ; argument "instance" for method _objc_release
0000000000061848         call       r15                                         ; _objc_release

                     loc_6184b:
000000000006184b         mov        rdi, qword [objc_cls_ref_NSCharacterSet]    ; argument "instance" for method _objc_msgSend, CODE XREF=-[HSLicense licenseForEmailAddress:withSecret:]+68
0000000000061852         mov        rsi, qword [0x2c10f0]                       ; @selector(whitespaceAndNewlineCharacterSet), argument "selector" for method _objc_msgSend
0000000000061859         mov        rbx, qword [_objc_msgSend_25b2e8]
0000000000061860         call       rbx                                         ; _objc_msgSend
0000000000061862         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061865         call       imp___stubs__objc_retainAutoreleasedReturnValue
000000000006186a         mov        r15, rax
000000000006186d         mov        rsi, qword [0x2c10f8]                       ; @selector(stringByTrimmingCharactersInSet:), argument "selector" for method _objc_msgSend
0000000000061874         mov        rdi, r13                                    ; argument "instance" for method _objc_msgSend
0000000000061877         mov        rdx, r15
000000000006187a         call       rbx                                         ; _objc_msgSend
000000000006187c         mov        r14, rax
000000000006187f         mov        r12, qword [_objc_release_25b2f8]
0000000000061886         mov        rdi, qword [rbp+var_30]                     ; argument "instance" for method _objc_release
000000000006188a         call       r12                                         ; _objc_release
000000000006188d         mov        rdi, r14                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061890         call       imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061895         mov        r13, rax
0000000000061898         mov        qword [rbp+var_48], r13
000000000006189c         mov        rdi, r15                                    ; argument "instance" for method _objc_release
000000000006189f         call       r12                                         ; _objc_release
00000000000618a2         mov        r14, qword [objc_cls_ref_NSString]
00000000000618a9         mov        rsi, qword [0x2c1100]                       ; @selector(lowercaseString), argument "selector" for method _objc_msgSend
00000000000618b0         mov        rdi, r13                                    ; argument "instance" for method _objc_msgSend
00000000000618b3         call       rbx                                         ; _objc_msgSend
00000000000618b5         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
00000000000618b8         call       imp___stubs__objc_retainAutoreleasedReturnValue
00000000000618bd         mov        r15, rax
00000000000618c0         mov        rsi, qword [0x2c11d8]                       ; @selector(stringWithFormat:), argument "selector" for method _objc_msgSend
00000000000618c7         lea        rdx, qword [cfstring______27de28]           ; @"%@%@"
00000000000618ce         xor        eax, eax
00000000000618d0         mov        rdi, r14                                    ; argument "instance" for method _objc_msgSend
00000000000618d3         mov        rcx, r15
00000000000618d6         mov        r8, qword [rbp+var_40]
00000000000618da         call       rbx                                         ; _objc_msgSend
00000000000618dc         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
00000000000618df         call       imp___stubs__objc_retainAutoreleasedReturnValue
00000000000618e4         mov        r14, rax
00000000000618e7         mov        qword [rbp+var_50], r14
00000000000618eb         mov        rdi, r15                                    ; argument "instance" for method _objc_release
00000000000618ee         call       r12                                         ; _objc_release
00000000000618f1         mov        rdi, qword [objc_cls_ref_HSLicense]         ; argument "instance" for method _objc_msgSend
00000000000618f8         mov        rsi, qword [0x2c3c28]                       ; @selector(MD5String:), argument "selector" for method _objc_msgSend
00000000000618ff         mov        rdx, r14
0000000000061902         call       rbx                                         ; _objc_msgSend
0000000000061904         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061907         call       imp___stubs__objc_retainAutoreleasedReturnValue
000000000006190c         mov        r13, rax
000000000006190f         mov        rdi, qword [objc_cls_ref_NSMutableString]   ; argument "instance" for method _objc_msgSend
0000000000061916         mov        rsi, qword [0x2c07f0]                       ; @selector(string), argument "selector" for method _objc_msgSend
000000000006191d         call       rbx                                         ; _objc_msgSend
000000000006191f         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061922         call       imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061927         mov        r15, rax
000000000006192a         mov        rsi, qword [0x2c0898]                       ; @selector(length), argument "selector" for method _objc_msgSend
0000000000061931         mov        rdi, r13                                    ; argument "instance" for method _objc_msgSend
0000000000061934         call       rbx                                         ; _objc_msgSend
0000000000061936         mov        r14, rax
0000000000061939         test       r14, r14
000000000006193c         jle        loc_6199a

000000000006193e         mov        rax, qword [0x2c08c8]                       ; @selector(substringWithRange:)
0000000000061945         mov        qword [rbp+var_38], rax
0000000000061949         mov        r12, qword [0x2c1500]                       ; @selector(appendString:)
0000000000061950         inc        r14
0000000000061953         mov        qword [rbp+var_30], r15

                     loc_61957:
0000000000061957         lea        rdx, qword [r14-2]                          ; CODE XREF=-[HSLicense licenseForEmailAddress:withSecret:]+571
000000000006195b         mov        ecx, 0x1
0000000000061960         mov        rdi, r13                                    ; argument "instance" for method _objc_msgSend
0000000000061963         mov        rsi, qword [rbp+var_38]                     ; argument "selector" for method _objc_msgSend
0000000000061967         call       rbx                                         ; _objc_msgSend
0000000000061969         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
000000000006196c         call       imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061971         mov        r15, r13
0000000000061974         mov        r13, rax
0000000000061977         mov        rdi, qword [rbp+var_30]                     ; argument "instance" for method _objc_msgSend
000000000006197b         mov        rsi, r12                                    ; argument "selector" for method _objc_msgSend
000000000006197e         mov        rdx, r13
0000000000061981         call       rbx                                         ; _objc_msgSend
0000000000061983         mov        rdi, r13                                    ; argument "instance" for method _objc_release
0000000000061986         mov        r13, r15
0000000000061989         call       qword [_objc_release_25b2f8]                ; _objc_release
000000000006198f         dec        r14
0000000000061992         cmp        r14, 0x1
0000000000061996         jg         loc_61957

0000000000061998         jmp        loc_6199e

                     loc_6199a:
000000000006199a         mov        qword [rbp+var_30], r15                     ; CODE XREF=-[XXLicense licenseForEmailAddress:withSecret:]+481

                     loc_6199e:
000000000006199e         mov        rdi, qword [objc_cls_ref_HSLicense]         ; argument "instance" for method _objc_msgSend, CODE XREF=-[HSLicense licenseForEmailAddress:withSecret:]+573
00000000000619a5         mov        rsi, qword [0x2c3c30]                       ; @selector(hyphonate:everyX:), argument "selector" for method _objc_msgSend
00000000000619ac         mov        ecx, 0x6
00000000000619b1         mov        rdx, qword [rbp+var_30]
00000000000619b5         call       rbx                                         ; _objc_msgSend
00000000000619b7         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
00000000000619ba         call       imp___stubs__objc_retainAutoreleasedReturnValue
00000000000619bf         mov        r14, rax
00000000000619c2         mov        rsi, qword [0x2c3c38]                       ; @selector(rangeOfString:options:), argument "selector" for method _objc_msgSend
00000000000619c9         lea        rdx, qword [cfstring___279de8]              ; @"-"
00000000000619d0         mov        ecx, 0x4
00000000000619d5         mov        rdi, r14                                    ; argument "instance" for method _objc_msgSend
00000000000619d8         call       rbx                                         ; _objc_msgSend
00000000000619da         mov        rsi, qword [0x2c1518]                       ; @selector(substringToIndex:), argument "selector" for method _objc_msgSend
00000000000619e1         mov        rdi, r14                                    ; argument "instance" for method _objc_msgSend
00000000000619e4         mov        rdx, rax
00000000000619e7         call       rbx                                         ; _objc_msgSend
00000000000619e9         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
00000000000619ec         call       imp___stubs__objc_retainAutoreleasedReturnValue
00000000000619f1         mov        r15, rax
00000000000619f4         mov        rdi, r14                                    ; argument "instance" for method _objc_release
00000000000619f7         mov        r12, qword [_objc_release_25b2f8]
00000000000619fe         call       r12                                         ; _objc_release
0000000000061a01         mov        rsi, qword [0x2c1488]                       ; @selector(uppercaseString), argument "selector" for method _objc_msgSend
0000000000061a08         mov        rdi, r15                                    ; argument "instance" for method _objc_msgSend
0000000000061a0b         call       rbx                                         ; _objc_msgSend
0000000000061a0d         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061a10         call       imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061a15         mov        r14, rax
0000000000061a18         mov        rdi, r15                                    ; argument "instance" for method _objc_release
0000000000061a1b         call       r12                                         ; _objc_release
0000000000061a1e         mov        rdi, qword [rbp+var_30]                     ; argument "instance" for method _objc_release
0000000000061a22         call       r12                                         ; _objc_release
0000000000061a25         mov        rdi, r13                                    ; argument "instance" for method _objc_release
0000000000061a28         call       r12                                         ; _objc_release
0000000000061a2b         mov        rdi, qword [rbp+var_50]                     ; argument "instance" for method _objc_release
0000000000061a2f         call       r12                                         ; _objc_release
0000000000061a32         mov        rdi, qword [rbp+var_40]                     ; argument "instance" for method _objc_release
0000000000061a36         call       r12                                         ; _objc_release
0000000000061a39         mov        rdi, qword [rbp+var_48]                     ; argument "instance" for method _objc_release
0000000000061a3d         call       r12                                         ; _objc_release
0000000000061a40         mov        rdi, r14                                    ; argument "instance" for method imp___stubs__objc_autoreleaseReturnValue
0000000000061a43         add        rsp, 0x38
0000000000061a47         pop        rbx
0000000000061a48         pop        r12
0000000000061a4a         pop        r13
0000000000061a4c         pop        r14
0000000000061a4e         pop        r15
0000000000061a50         pop        rbp
0000000000061a51         jmp        imp___stubs__objc_autoreleaseReturnValue
                        ; endp

先看下面这一步。

00000000000618c0         mov        rsi, qword [0x2c11d8]                       ; @selector(stringWithFormat:), argument "selector" for method _objc_msgSend
00000000000618c7         lea        rdx, qword [cfstring______27de28]           ; @"%@%@"
00000000000618ce         xor        eax, eax
00000000000618d0         mov        rdi, r14                                    ; argument "instance" for method _objc_msgSend
00000000000618d3         mov        rcx, r15
00000000000618d6         mov        r8, qword [rbp+var_40]
00000000000618da         call       rbx                                         ; _objc_msgSend
00000000000618dc         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
00000000000618df         call       imp___stubs__objc_retainAutoreleasedReturnValue
00000000000618e4         mov        r14, rax
00000000000618e7         mov        qword [rbp+var_50], r14
00000000000618eb         mov        rdi, r15                                    ; argument "instance" for method _objc_release
00000000000618ee         call       r12                                         ; _objc_release
00000000000618f1         mov        rdi, qword [objc_cls_ref_HSLicense]         ; argument "instance" for method _objc_msgSend
00000000000618f8         mov        rsi, qword [0x2c3c28]                       ; @selector(MD5String:), argument "selector" for method _objc_msgSend
00000000000618ff         mov        rdx, r14
0000000000061902         call       rbx                                         ; _objc_msgSend

此段代码将输入的邮箱和SecretKey拼接,然后进行MD5加密。也就是MD5加盐(MD5+Salt,增强MD5安全)。接着,有如下代码。

loc_6199e:
000000000006199e         mov        rdi, qword [objc_cls_ref_HSLicense]         ; argument "instance" for method _objc_msgSend, CODE XREF=-[HSLicense licenseForEmailAddress:withSecret:]+573
00000000000619a5         mov        rsi, qword [0x2c3c30]                       ; @selector(hyphonate:everyX:), argument "selector" for method _objc_msgSend
00000000000619ac         mov        ecx, 0x6
00000000000619b1         mov        rdx, qword [rbp+var_30]
00000000000619b5         call       rbx                                         ; _objc_msgSend
00000000000619b7         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
00000000000619ba         call       imp___stubs__objc_retainAutoreleasedReturnValue
00000000000619bf         mov        r14, rax
00000000000619c2         mov        rsi, qword [0x2c3c38]                       ; @selector(rangeOfString:options:), argument "selector" for method _objc_msgSend
00000000000619c9         lea        rdx, qword [cfstring___279de8]              ; @"-"
00000000000619d0         mov        ecx, 0x4
00000000000619d5         mov        rdi, r14                                    ; argument "instance" for method _objc_msgSend
00000000000619d8         call       rbx                                         ; _objc_msgSend
00000000000619da         mov        rsi, qword [0x2c1518]                       ; @selector(substringToIndex:), argument "selector" for method _objc_msgSend
00000000000619e1         mov        rdi, r14                                    ; argument "instance" for method _objc_msgSend
00000000000619e4         mov        rdx, rax
00000000000619e7         call       rbx                                         ; _objc_msgSend
00000000000619e9         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
00000000000619ec         call       imp___stubs__objc_retainAutoreleasedReturnValue
00000000000619f1         mov        r15, rax
00000000000619f4         mov        rdi, r14                                    ; argument "instance" for method _objc_release
00000000000619f7         mov        r12, qword [_objc_release_25b2f8]
00000000000619fe         call       r12                                         ; _objc_release
0000000000061a01         mov        rsi, qword [0x2c1488]                       ; @selector(uppercaseString), argument "selector" for method _objc_msgSend
0000000000061a08         mov        rdi, r15                                    ; argument "instance" for method _objc_msgSend
0000000000061a0b         call       rbx                                         ; _objc_msgSend
0000000000061a0d         mov        rdi, rax                                    ; argument "instance" for method imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061a10         call       imp___stubs__objc_retainAutoreleasedReturnValue
0000000000061a15         mov        r14, rax
0000000000061a18         mov        rdi, r15                                    ; argument "instance" for method _objc_release
0000000000061a1b         call       r12                                         ; _objc_release
0000000000061a1e         mov        rdi, qword [rbp+var_30]                     ; argument "instance" for method _objc_release
0000000000061a22         call       r12                                         ; _objc_release
0000000000061a25         mov        rdi, r13                                    ; argument "instance" for method _objc_release
0000000000061a28         call       r12                                         ; _objc_release
0000000000061a2b         mov        rdi, qword [rbp+var_50]                     ; argument "instance" for method _objc_release
0000000000061a2f         call       r12                                         ; _objc_release
0000000000061a32         mov        rdi, qword [rbp+var_40]                     ; argument "instance" for method _objc_release
0000000000061a36         call       r12                                         ; _objc_release
0000000000061a39         mov        rdi, qword [rbp+var_48]                     ; argument "instance" for method _objc_release
0000000000061a3d         call       r12                                         ; _objc_release
0000000000061a40         mov        rdi, r14                                    ; argument "instance" for method imp___stubs__objc_autoreleaseReturnValue
0000000000061a43         add        rsp, 0x38
0000000000061a47         pop        rbx
0000000000061a48         pop        r12
0000000000061a4a         pop        r13
0000000000061a4c         pop        r14
0000000000061a4e         pop        r15
0000000000061a50         pop        rbp
0000000000061a51         jmp        imp___stubs__objc_autoreleaseReturnValue
                        ; endp

此段代码调用hyphonate:everyX:函数,将加密后的32位MD5字符串,截取前面30位,然后分割成5段,用“-”连接起来,并转大写uppercaseString,作为最终的Serial。

0x2 Keygen

由以上分析,得到Keygen算法描述。

1.A = MD5(email+secretkey)
2.B = A.subStringWithRange(0,30);
3.Serial = B.splitWithLength(6).jointBy("-")

设输入的email 为:xx@qq.com(这里隐去了SecretKey),则MD5字符串为:
B9D3C9816381FC5AA075B626C7564D01,
前30位子串为:
B9D3C9816381FC5AA075B626C7564D
分割成5段得到序列号为:
B9D3C9-816381-FC5AA0-75B626-C7564D

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 人面猴
    序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 204,921评论 6 478
  • 死咒
    序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 87,635评论 2 381
  • 救了他两次的神仙让他今天三更去死
    文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 151,393评论 0 338
  • 道士缉凶录:失踪的卖姜人
    文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 54,836评论 1 277
  • 港岛之恋(遗憾婚礼)
    正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 63,833评论 5 368
  • 恶毒庶女顶嫁案:这布局不是一般人想出来的
    文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 48,685评论 1 281
  • 城市分裂传说
    那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 38,043评论 3 399
  • 双鸳鸯连环套:你想象不到人心有多黑
    文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 36,694评论 0 258
  • 万荣杀人案实录
    序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 42,671评论 1 300
  • 护林员之死
    正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 35,670评论 2 321
  • 白月光启示录
    正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 37,779评论 1 332
  • 活死人
    序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 33,424评论 4 321
  • 日本核电站爆炸内幕
    正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 39,027评论 3 307
  • 男人毒药:我在死后第九天来索命
    文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 29,984评论 0 19
  • 一桩弑父案,背后竟有这般阴谋
    文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,214评论 1 260
  • 情欲美人皮
    我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 45,108评论 2 351
  • 代替公主和亲
    正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 42,517评论 2 343

推荐阅读更多精彩内容

  • How to Crack App by Self-Keygen
    本次练习破解注册码使用的是一款商业软件,所以没有提供下载地址。这里简记为xxx.app。运行后,有注册Licens...
    Mr_Xiao阅读 387评论 0 1
  • 幸福实修09班毕业啦!
    有这么一群人,她们知道自己想要什么,她们知道怎么做可以实现自己的目标,并且为此去实实在在、脚踏实地地做出来! 今天...
    自在如我是阅读 114评论 0 0
  • 2017-10-24
    想象中没有你的我
    最忌讳谈未来阅读 68评论 0 1
  • 好男人就在身边
    冒着浓浓的冬意,一路西行,抵达贵州西江。在观景台上凭栏俯视,苗寨古城一览无遗,当地苗族居民傍山而居,层层叠叠,一条...
    挎刀走天涯阅读 627评论 0 6
  • 知识的利率该如何提高
    之前没有把握住机会,真的只是因为没有“早知道”吗?如果把你再次放到当时那个时间点,你就看得懂,抓得住并且能长期抓得...
    笑飞飞阅读 185评论 0 1