 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
#11
12-16-2009, 04:44 AM
|
|||
|
|||
nice explanation bball0002 ,) yep sure u have to nop the jumps too and as said i used ida and ultraedit .. or winhex whatever ,) and then i just looked how it checks it license ..fixed that classes and coded a little keygen thats all ,)
Last edited by sirp : 12-16-2009 at 05:01 AM. 
|
|
#12
12-16-2009, 11:53 AM
|
|||
|
|||
|
example (dump with comments and so on):
Quote:
@sirp: Does your keygen generate a key for the license at starting, too? The 12345.hlc file ist only for registering an hardware component! I think I am too stupid for it :-( Maabe I should try it with an smaller file to get some routine. sirp, can you send me the keygen or the algorithm for licensing? did you get my private message - here in forum? And how do I find out the "unused" lines in the hex editor? Last edited by ingomauser : 12-17-2009 at 03:35 AM.
|
|
#13
12-17-2009, 04:52 PM
|
|||
|
|||
|
Ok, ingomauser, in this example method (a fatformat header):
1B 30 02 00 62 00 00 00 04 00 00 11 00 00 02 7B 33 00 00 04 28 80 00 00 0A 0A 06 73 81 00 00 0A 0B 07 6F 82 00 00 0A 20 1A 57 00 00 6A 6F 83 00 00 0A 00 07 20 80 3E 00 00 6F 84 00 00 0A 73 85 00 00 0A 0C 02 7B 10 00 00 04 08 28 86 00 00 0A 6F 78 00 00 0A 00 06 6F 87 00 00 0A 00 07 6F 88 00 00 0A 00 00 DE 05 26 00 00 DE 00 00 2A Red = Codesize Orange = End of method header After the "11"", the 00 00 ... etc would be your method body. Since, in your case 2B02 would come directly after the "11" in most of the methods, I figured it would be better to search for the "11" too because then there would be a better chance of you removing the invalid branch instead of some other random value outside of the method section. Knowing how to get around a Dot Net PE File in a hex editor is great for beating any kind of protection.
|
|
#14
12-17-2009, 04:54 PM
|
|||
|
|||
|
How did you find out the algorithm for this (12345 --> nYTh3D+2haPJyJKe3/3vyA==)?
Last edited by Git : 12-17-2009 at 06:10 PM.
|
|
#15
12-17-2009, 05:01 PM
|
|||
|
|||
|
thx bball0002!
In meantime I tried to write a simple .NET file with and without Babel obfuuscated and then I tried to disassemble it. Ok, the 112b02 are only the br.s IL 0004 lines before "unused" but there are a lot of more "unused" with br.s IL 0044 for example.also 2b04 2b05 2b08... I tried to replace all of this but I couldn't open file in reflector. Other guy patched two bytes (method of license-input) and the appz came up. Then I copied the license file 12345.hlc with the content from sirp to the directory and the appz worked 100%. After this I als otried to replace the patched .exe with the original and the appz worked further more. Now it would be fine to know how the algorithm works (12345 --> nYTh3D+2haPJyJKe3/3vyA==) to be able to generate for every ID a correct license file.
|
|
#16
12-18-2009, 11:51 AM
|
|||
|
|||
|
u could try whoknows new tool on this ,)
http://www.reteam.org/board/showthread.php?t=2160
|
|
#17
01-13-2010, 06:44 PM
|
|||
|
|||
|
Quote:
|
|
#20
01-15-2010, 06:08 AM
|
|||
|
|||
|
guys
 plz dont msg me caus the keygen source i did it kinda one the fly .. didnt take long time .. and dunno where i put the source ..sorry but as said if u patch that nasty wrong opcode stuff u see the source u just have to collect the used methods and use em in your gen app
|
Linear Mode
