Foone🏳️⚧️
there's nothing more fun, as a reverse engineer, then checking into a DLL to see about cracking it (it's been out of support since the Clinton administration, so I have to) and just seeing "validate_license" as an exported symbol.
GEE I WONDER WHERE I SHOULD START LOOKING
Foone🏳️⚧️
the most infuriating thing in computers is when you have a program that does X, so you modify it, and it still does X. so you modify it more, and it still does X. so you change a bunch of stuff, and it still does X.
AM I MAKING CHANGES OR NOT? STOP IGNORING ME
pettter
@foone Did you make sure that you're compiling to the same file that you're trying to run?
Foone🏳️⚧️
And I was hoping I could cheat and make the control panel do my work for me, but it turns out it does some extra validation. Boo
Foone🏳️⚧️
it'd be nice if this DLL worked on anything newer than NT4.
it'd be a lot easier to debug if I could just run it on something more modern
Foone🏳️⚧️
I got it to run something modern. It turns out the DLL refuses to load if you don't have a config file in the right place.
Foone🏳️⚧️
bah. my code is crashing in the DLL before I even modify it. troublesome. I'll need to do more spelunking
Foone🏳️⚧️
time to hack a DLL in a hexeditor!
Foone🏳️⚧️
this DLL would be better if it had more 0x90s in it
Foone🏳️⚧️
the authorization_code generator has an "encrypt" parameter that does some simple XORing
this code passes 0 for it, so that's not even turned on
Foone🏳️⚧️
or to be more specific: I can just make up my own serial numbers (69420 it is!) and then generate an authorization code that says that's a valid serial
Foone🏳️⚧️
so I don't really even need to crack this. I can just use their own code to generate my own serial numbers.
Foone🏳️⚧️
GUESS WHICH ONE THEY DID?
Foone🏳️⚧️
now a sensible way to do this would be to combine all these values into some complex hashing function and return if it matches some algorithm
Foone🏳️⚧️
a less sensible way to do this would be to have validate_authorization_code be implemented like this:
correct_authorization_code = generate_authorization_code(serial, expiration, max_users);
return strcmp(correct_authorization_code, authorization_code) == 0;
Foone🏳️⚧️
oh my god
I think this is even easier than I thought.
So the function looks basically like this:
validate_authorization_code (serial_number, expiration_date, max_users, authorization_code), right?
and it takes the serial number and expiration_date and max_users and confirms the authorization_code matches some hash or something to make sure it fits those serial numbers and expiration_date and max_users
Foone🏳️⚧️
maybe next time they can just put in a validate_serial_number and check_if_serial_number_is_correct function
Foone🏳️⚧️
oh great it's right next to a string buffer labeled "verify_password"
I'm sure that'll come in handy
Foone🏳️⚧️
so I don't need to build a keygen or decode how the license file is "encrypted", I just need to distribute this config file that says you can keep using the program until the year 10k
Foone🏳️⚧️
YUP! Confirmed it does no license validation after loading a license from the config file.
I hacked out the checks on machine A, and told it to save my 12345/9999/9999 license, then copied that license file to machine B.
Machine B didn't complain and just accepts that the config file is correct.
Foone🏳️⚧️
anyway I've now got a config file that says my serial is 12345, I can have up to 9,999 simultaneous users, and it won't expire for another 7,975 years
Foone🏳️⚧️
the worst part is that the config file is named something like ".config"
perfectly normal filename, on unix. on NT4, windows won't let you create it, or rename to it
Foone🏳️⚧️
I'm pretty sure it doesn't save your authorization code.
so if you hack it to accept an incorrect authorization code, it'll write a new config file with the requested serial/users/expiry, and then you don't need to have hacked it anymore. you just need that config file
Foone🏳️⚧️
maybe I should run a poll on tumblr to find out what the funniest 32bit unsigned integer is
Foone🏳️⚧️
these punks put in a specific check for the "add serial number authorization" dialog changing the serial number.
So you're allowed to add more users, extend expiration date, but not change your base serial.
mean. time to add more 0x90s
Foone🏳️⚧️
hey look now my serial number is 123
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.