Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 09-09-2011, 05:40 AM
DotNetResearcher2 DotNetResearcher2 is offline
Member
 
Join Date: Sep 2011
Posts: 6
Default Help with a library

Hi, I'm usually OK with patching basic .Net libraries. Would someone mind taking a look at this:

http://bit.ly/nOrQjy

Their licensing uses a basic numeric key, for example, a trial key for the main library looks like this:

0448029948982417264361964

You call a method on a LicensingManager to register this key, you then have to make subsequent calls to unlock the various features of the library.

They also use unprintable characters, string and control flow obfuscation, and it makes my head hurt.

Would I be better to patch it? Or keygen it? What techniques would you use?

Cheers
Reply With Quote
  #2  
Old 09-09-2011, 06:09 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Seriously, why do you make it so hard for anyone to help you? It is you who needs help, so...

1) Please be so kind and write product name you are talking about - someone might be already familiar with it. GDPicture.NET in this case.
2) Noone is going to download 70MB and install the entire component suite, just to look at one DLL and answer your question. If you upload DLL in question on some file sharing portal, someone might take a look..
3) Please post information from DNiD and ProtectionID - it should be able identify the protection in question.

After you've done your homework, you might expect someone else to look at it. Until then - you're on your own.

Cheers,
kao.
Reply With Quote
  #3  
Old 09-09-2011, 06:30 AM
DotNetResearcher2 DotNetResearcher2 is offline
Member
 
Join Date: Sep 2011
Posts: 6
Default

Apologies Kao, having mentioned specific product names in the past, they had been removed by other members.

Yes, the product is GDPicture.Net, the latest version.

Main library is here:

http://depositfiles.com/files/h6uamvl7m

Protected using DotFuscator.

The string encryption isn't particularly hard to get around, but the control flow, the obfuscated names and deciphering how the licensing works I'm finding tricky.
Reply With Quote
  #4  
Old 09-09-2011, 06:53 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Thanks, much better!

If I was going to attack such a product, I would go for keygen, as protection is really trivial. SAE (Simple Assembly Explorer) can deobfuscate strings and partially fix code-flow of serial check routine. Then it's just a matter of analysing it and making a valid key.

Also, you can look at some product which uses registered version of this lib and "borrow" serial number from that product.
Reply With Quote
  #5  
Old 09-09-2011, 06:56 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

See my friend kao ! that's why we don't like noobs who don't even bother to use google or do some research before spamming these forums with repeated questions...

I just woke up in a good mood today and I decided to help :P !
I will post the deobfuscated version for you, but next time please try to do some searching first :|

http://www.mediafire.com/?8ontfh8hoh0fdbc

this was done using a popular and public tool called SAE :O
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #6  
Old 09-09-2011, 06:57 AM
DotNetResearcher2 DotNetResearcher2 is offline
Member
 
Join Date: Sep 2011
Posts: 6
Default

Quote:
Originally Posted by kao View Post
SAE (Simple Assembly Explorer) can deobfuscate strings and partially fix code-flow of serial check routine. Then it's just a matter of analysing it and making a valid key.
Not used that tool before, will give it a look.

Quote:
Originally Posted by kao View Post
Also, you can look at some product which uses registered version of this lib and "borrow" serial number from that product.
Such an obvious point I had completely overlooked it

Many thanks
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.