Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 09-22-2014, 04:16 AM
appcrox appcrox is offline
Member
 
Join Date: Apr 2011
Location: Small country in the world, where coding is necessary.
Posts: 36
Question Understanding algorithm

Hi all!
I need to understand generating an activation key algorithm for my screen reader software, avaylable at:
ftp://ftp.freedomscientific.com/user...4ENU-32bit.exe
This software has dongle and internet license authorization placed in Program Files\Freedom Scientific\Activator\JAWS.cps
I have JAWS.cps file, but is not generated for my locking code.
I need help to understand the algorithm how to read this file, and I will be able to make a program for writing JAWS.cps file for any locking code.
If someone wants to help me to solve this issue, it is necessary to download jaws from the link above, and to copy the following content to notepad, and save it as JAWS.cps to Program Files\Freedom Scientific\Activator
Z3YTIX3Y8Q2W4WOCKRR7MLFSZCZPUCSIDHGR62Y6FIME3UNST2 O2IRMJYLDAPRNJMMEVFCA7OSM4RKVNSI9AZJINEOJTECROJOVW JIPDMDGMHZY5TMCMUTRPTZH## Dynamically installed.

Then, it is necessary to open Program Files\Freedom Scientific\JAWS\15.0\jfw.exe, or fsauth.exe from a debugger to see how program reads this file, and what the file contains.
I tryed to put a breakpoint on every reference to fopen import function, and I can get locking code from this file, but I cannot see how program extracts the information from it.
This file needs to contain locking code, 6 digit serial number, 20 digit authorization number, etc, but I do not know how it generates it, and the algorithm how is interpreted into characters.

Please help.

Best regards,
__________________
APP CRO X
Reply With Quote
  #2  
Old 09-22-2014, 05:24 AM
sverox sverox is offline
Senior Member
 
Join Date: Jan 2008
Posts: 80
Default

JAWS is Sentinel LM/RMS (as i know in past).
Post your cps file as is. I think forum wrap your string and cant be decoded.
Reply With Quote
  #3  
Old 09-22-2014, 05:54 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,236
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

Code:
Code Type [1]
Additive [1]
client_server_lock_mode [3]
holding_crit [1]
sharing_crit [0]
server_locking_crit1[00] = [0]
server_locking_crit1[01] = [0]
server_locking_crit1[02] = [0]
server_locking_crit1[03] = [0]
server_locking_crit1[04] = [0]
server_locking_crit1[05] = [0]
server_locking_crit1[06] = [0]
server_locking_crit1[07] = [0]
server_locking_crit1[08] = [0]
server_locking_crit1[09] = [0]
server_locking_crit1[10] = [0]
server_locking_crit2[00] = [0]
server_locking_crit2[01] = [0]
server_locking_crit2[02] = [0]
server_locking_crit2[03] = [0]
server_locking_crit2[04] = [0]
server_locking_crit2[05] = [0]
server_locking_crit2[06] = [0]
server_locking_crit2[07] = [0]
server_locking_crit2[08] = [0]
server_locking_crit2[09] = [0]
server_locking_crit2[10] = [0]
client_locking_crit[00] = [256]
client_locking_crit[01] = [0]
client_locking_crit[02] = [0]
client_locking_crit[03] = [0]
client_locking_crit[04] = [0]
client_locking_crit[05] = [0]
client_locking_crit[06] = [0]
standalone_flag [1]
out_lic_type [0]
clock_tamper_flag [1]
feature_name [00]
feature_version []
birth_day [1]
birth_month [0]
birth_year [1999]
death_day [31]
death_month [11]
death_year [2500]
num_servers [1]
server_lock_info1[00] = []
server_lock_info1[01] = []
server_lock_info1[02] = []
server_lock_info1[03] = []
server_lock_info1[04] = []
server_lock_info1[05] = []
server_lock_info1[06] = []
server_lock_info1[07] = []
server_lock_info1[08] = []
server_lock_info1[09] = []
server_lock_info1[10] = []
server_lock_info2[00] = []
server_lock_info2[01] = []
server_lock_info2[02] = []
server_lock_info2[03] = []
server_lock_info2[04] = []
server_lock_info2[05] = []
server_lock_info2[06] = []
server_lock_info2[07] = []
server_lock_info2[08] = []
server_lock_info2[09] = []
server_lock_info2[10] = []
nl_client_lock_info[00] = [27480]
nl_client_lock_info[01] = []
nl_client_lock_info[02] = []
nl_client_lock_info[03] = []
nl_client_lock_info[04] = []
nl_client_lock_info[05] = []
nl_client_lock_info[06] = []
num_keys[00] = [0001]
num_keys[01] = [1FFFFE]
num_keys[02] = [1FFFFE]
num_keys[03] = [1FFFFE]
num_keys[04] = [1FFFFE]
num_keys[05] = [1FFFFE]
num_keys[06] = [1FFFFE]
num_keys[07] = [1FFFFE]
num_keys[08] = [1FFFFE]
num_keys[09] = [1FFFFE]
num_keys[10] = [1FFFFE]
num_keys[11] = [1FFFFE]
num_keys[12] = [1FFFFE]
num_keys[13] = [1FFFFE]
num_keys[14] = [1FFFFE]
num_keys[15] = [1FFFFE]
num_keys[16] = [1FFFFE]
num_keys[17] = [1FFFFE]
num_keys[18] = [1FFFFE]
num_keys[19] = [1FFFFE]
num_keys[20] = [1FFFFE]
num_keys[21] = [1FFFFE]
num_keys[22] = [1FFFFE]
num_keys[23] = [1FFFFE]
num_keys[24] = [1FFFFE]
num_keys[25] = [1FFFFE]
num_keys[26] = [1FFFFE]
num_keys[27] = [1FFFFE]
num_keys[28] = [1FFFFE]
num_keys[29] = [1FFFFE]
num_keys[30] = [1FFFFE]
num_keys[31] = [1FFFFE]
num_keys[32] = [1FFFFE]
num_keys[33] = [1FFFFE]
num_keys[34] = [1FFFFE]
num_keys[35] = [1FFFFE]
num_keys[36] = [1FFFFE]
num_keys[37] = [1FFFFE]
num_keys[38] = [1FFFFE]
num_keys[39] = [1FFFFE]
num_keys[40] = [1FFFFE]
num_keys[41] = [1FFFFE]
num_keys[42] = [1FFFFE]
num_keys[43] = [1FFFFE]
num_keys[44] = [1FFFFE]
num_keys[45] = [1FFFFE]
num_keys[46] = [1FFFFE]
num_keys[47] = [1FFFFE]
num_keys[48] = [1FFFFE]
num_keys[49] = [1FFFFE]
num_keys[50] = [1FFFFE]
num_keys[51] = [1FFFFE]
num_keys[52] = [1FFFFE]
num_keys[53] = [1FFFFE]
num_keys[54] = [1FFFFE]
num_keys[55] = [1FFFFE]
num_keys[56] = [1FFFFE]
num_keys[57] = [1FFFFE]
num_keys[58] = [1FFFFE]
num_keys[59] = [1FFFFE]
num_keys[60] = [1FFFFE]
num_keys[61] = [1FFFFE]
num_keys[62] = [1FFFFE]
soft_limit [1FFFFE]
keys_per_node[00] = [1FFFFE]
keys_per_node[01] = [1FFFFE]
keys_per_node[02] = [1FFFFE]
keys_per_node[03] = [1FFFFE]
keys_per_node[04] = [1FFFFE]
keys_per_node[05] = [1FFFFE]
keys_per_node[06] = [1FFFFE]
num_subnets [0000]
site_lic_info[00] = []
site_lic_info[01] = []
site_lic_info[02] = []
site_lic_info[03] = []
site_lic_info[04] = []
site_lic_info[05] = []
site_lic_info[06] = []
share_limit [1FFFFE]
key_life_units [0000]
key_lifetime [00000005]
key_hold_units [0000]
key_holdtime [00000000]
num_secrets [0004]
secrets[00] = [NotUsed]
secrets[01] = [6L3B8HKBA4]
secrets[02] = [0SHDGQ43TP]
secrets[03] = [5ISYNP29WZ]
secrets[04] = []
secrets[05] = []
secrets[06] = []
vendor_info = [0|485006|250653]
licType [0]
trialDaysCount [0]
use_auth_code [0]
numeric_type [0]
conversion_time [00000000]
isRedundant [0]
majority_rule [0]
isCommuter [0]
commuter_max_checkout_days [0]
log_encrypt_level [4629]
elan_key_flag [7]
vendor_code [0000]
version_num [0]
licensing_crit [1]
meter_value [0]
num_features [0]
key_type [0]
capacity_flag [0]
capacity_units [0]
capacity [0]
grace_period_flag [0]
grace_period_calendar_days [0]
grace_period_elapsed_hours [2]
overdraft_flag [10]
overdraft_hours [0]
overdraft_users [0]
overdraft_users_isPercent [4]
local_request_lockcrit_flag [0]
local_request_lockcrit_required [1]
local_request_lockcrit_float [0]
__________________
... Either you work well or you work much ....
Reply With Quote
  #4  
Old 09-22-2014, 07:07 AM
appcrox appcrox is offline
Member
 
Join Date: Apr 2011
Location: Small country in the world, where coding is necessary.
Posts: 36
Default

JAWS.CPS is hosted at:
https://jumbo.iskon.hr/download/b2d1...9-3def92fbf313
Please explain me how to understand the algorithm, and how to get JAWS.cps as binary file back.
When I change locking code inline, fsauth says that program is authorized.

Best regards,
__________________
APP CRO X
Reply With Quote
  #5  
Old 09-22-2014, 09:09 AM
sverox sverox is offline
Senior Member
 
Join Date: Jan 2008
Posts: 80
Default

You not need understand algorithm.
This is licensed through Sentinel LM system. Find tools from Sentinel LM SDK - wlscgen.exe enough for you.
Make your own wlscgen for vendor ID.
Paste data from bfox decoding, and regenerate license.
Cross fingers and hope works.

Sentinel LM/RMS regeneration discused here, and in many other place google it.
Reply With Quote
  #6  
Old 09-22-2014, 09:37 AM
appcrox appcrox is offline
Member
 
Join Date: Apr 2011
Location: Small country in the world, where coding is necessary.
Posts: 36
Default

OK, but how to generate JAWS.cps from this tool?
__________________
APP CRO X
Reply With Quote
  #7  
Old 09-22-2014, 09:53 AM
kjms kjms is offline
Senior Member
 
Join Date: Aug 2009
Posts: 337
Default

try a file attached,
Wlscgen-7.3-UnDongled-VID-1215
PASS: Reteam
Reply With Quote
  #8  
Old 09-22-2014, 11:12 AM
appcrox appcrox is offline
Member
 
Join Date: Apr 2011
Location: Small country in the world, where coding is necessary.
Posts: 36
Default

Sorry, but I cannot download this file, because mega requires an decryption key.
__________________
APP CRO X
Reply With Quote
  #9  
Old 09-22-2014, 01:49 PM
appcrox appcrox is offline
Member
 
Join Date: Apr 2011
Location: Small country in the world, where coding is necessary.
Posts: 36
Default

Sorry, but I cannot download the attachment.
When I try link below, Mega requires to enter an encryption key.
Please, give me the correct link with an encryption key.
Best regards,
__________________
APP CRO X
Reply With Quote
  #10  
Old 12-25-2014, 06:44 PM
Kyoko Kyoko is offline
Member
 
Join Date: Aug 2011
Posts: 7
Default

Quote:
Originally Posted by kjms View Post
try a file attached,
Wlscgen-7.3-UnDongled-VID-1215
PASS: Reteam
What is download pass?
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.