Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #31  
Old 04-20-2010, 03:42 PM
bassem_16 bassem_16 is offline
Senior Member
 
Join Date: Feb 2010
Posts: 66
Default

Sorry my bad didnt check after attaching here

Here it is on 4shared

Code:
http://www.4shared.com/file/bMjRyGjc/lic.html
Reply With Quote
  #32  
Old 04-21-2010, 06:38 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Yes, looks like several new features have been added since I looked at it. All features now gives M[1FFF.0.0.3FF] but the rest of the approach is the same. They have removed a specific Test button from lic.exe, so whether that means testing is now automatic or not done, I do not know. The table of Descriptors has moved to offset 0x6E720 in the file, but otherwise protection is the same.

Here is result :

Git
Attached Images
File Type: jpg lic2.jpg (59.8 KB, 115 views)
Reply With Quote
  #33  
Old 04-21-2010, 06:50 AM
bassem_16 bassem_16 is offline
Senior Member
 
Join Date: Feb 2010
Posts: 66
Default

great to know this at least i can say im on the right track
and yes the all feature is given as you wrote [1FFF.0.0.3FF] which will be replaced by CB 03 in the reg file

But Im a bit confused here, if I will emulate this with mkey, then the registry key will have all information (time, features ..etc)
now the software will check this at the launch time and in normal days will increment and decrement some counters

Here with the registry, the counters will not be altered as i believe so what i need is mainly stop as well these counters and the time bomb and reverse lic algo to know relation between PID and dongle ..etc

Also I believeI should save the lic when done so a password should be written, so if succefuly reversed the lic, i should enter this pass and now lic is saved with the required configuration right?
Reply With Quote
  #34  
Old 04-21-2010, 07:25 AM
sparpacillon sparpacillon is offline
Senior Member
 
Join Date: Aug 2007
Posts: 210
Default

interesting info as always git. working now on a valid license dump.
i'll post results as soon as i have something
@and in normal days will increment and decrement some counters
into the key (so your dump) the app will not increment or decrement nothing
Reply With Quote
  #35  
Old 04-21-2010, 01:27 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

sparpacillon - don't post the working license here, I could obviously already do that, but I want bassem to be able to learn.

bassem - you are not making any sense. Watch lic.exe carefully. If you change ANYTHING including the time bomb date, number of days left to run, etc, the PID will also change. The Descriptor for algo cell 0x14 is directly related to the PID by the method I showed you earlier. So, use lic.exe to create all the setting exactly as you want them. Choose dates, options etc however you like. When you have done that, look at PID. Make logical AND of PID and the number 3. Multiply the result by 9. The answer you have is a number between 0 and 27. In fact, it must be 0, 9, 18 or 27. Use this number as an index into the array of numbers I posted. Swap the nibbles, then set the most significant bit of this DWORD and the value is now the Descriptor for cell 0x14. So, now take all the numbers from lic.exe screen and put into MK Reg file. All dates are stored as number of days since 1 JANUARY 1990. Also, put new descriptor into reg file. Enter reg file to registry. Close lic.exe, restart emulator, restart lic.exe - you should see all you new values. Run app - it should now work fine with all options that you enabled working. As for MK writing values, it will write to the registry but not to the reg file. If it does not write to the registry, read the MK manual and look at the Option string. You may have to change something, I do not know, I do not use MK.

A note about Endianism (byte sex). Numbers are stored as follows :

Code:
1 byte  0x28        :    28
2 byte  0x1234      :    34, 12
4 byte  0x12345678  :    78, 56, 34, 12
That's it. If I tell you any more I may as well just give you the reg file and then nobody learns anything.

Git

Last edited by Git : 04-23-2010 at 01:19 PM.
Reply With Quote
  #36  
Old 04-21-2010, 02:26 PM
sparpacillon sparpacillon is offline
Senior Member
 
Join Date: Aug 2007
Posts: 210
Default

Git i learned the lesson..
i will post only progresses of licensing routines understanding.
Reply With Quote
  #37  
Old 04-21-2010, 02:27 PM
besoeso besoeso is offline
Senior Member
 
Join Date: Dec 2008
Posts: 118
Default

@Git

Hi Git,

Your words:

"I do not use MK"

¿What emul do you to use?

I thinking for write to the registry.
Reply With Quote
  #38  
Old 04-21-2010, 04:03 PM
gus gus is offline
Senior Member
 
Join Date: Nov 2007
Posts: 331
Default

besoeso :
possible use vusbus of "gamebit0"
Reply With Quote
  #39  
Old 04-21-2010, 04:32 PM
besoeso besoeso is offline
Senior Member
 
Join Date: Dec 2008
Posts: 118
Default

@gus;

Thanks friend.
Reply With Quote
  #40  
Old 04-21-2010, 09:50 PM
kiki kiki is offline
Senior Member
 
Join Date: Jun 2007
Posts: 186
Default

@Git
Thanks, useful info to learn my RE skill.

br

EDIT:
OK it Work!

Last edited by kiki : 04-22-2010 at 11:55 PM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.