ICELicense - no idea where to start
 

Hi there,

did anyone ever come across a program protected by ICELicense? I am currently working on a prog called PentaSuite 7.1. After installing it, I tried to load it in Olly but Olly crashed immidiately. Furthermore my browser crashed if i opened a thread in Ollyforum when there was the word "Olly" in the topic. Moreover I was not able to attach to the running process - Olly crashed again. As a workaround I renamed every occurance of Olly within the OLLYDBG.EXE to 0lly (its a zero). I found that hint at woodmans. After this renaming-effort ;) (the .exe + plugins), I was able to start debugging. I found out that this prog is protected by ICELicense. I searched the web and found this site:
hxxp://www.ionworx.com/IceLicense.html
They claim to be as good as noone else. Are they really? As I am not able to break within the prog, I ask if someone knows where to start with this. Any hint is greatly apprechiated.

Best regards
*RemedY*

edit: They say on their website that these License-System uses encryption with eliptic curves. The private-key is stored inside the application. The secret one remains at the developers. I found the public-key and a trial-license in the code. The trial-license is for user/company trial/trial. Is it possible to compute the secret-key out of the public-key together with the license? Just the way as one would do it with RSA. Thanks again

first it would be good to get the full version witch comes with some source, there is a release somewhere.

as for olly etc. it uses FindWindow (IIRC), and the string are encrypted inside the app.
yes this is right it uses ECElGamal (it uses FGInt and its ECElGamal implementation -> hxxp://triade.studentenweb.org/GInt/gint.html), and you can calculate Private from Public key if u let ur app run for a couple of years ;)

there might be a chance to find private key another way since it uses (also IIRC cause it some time since i last checked) time + the LicenceIssuer name or something to seed the KeyGenerator...

another method would be to simply patch publickey.

however since almost all IceLicense protected apps i've seen dont use the antidebugging/antipatching features cracking it mostly only involes a patching a flag.

Hi,

Unfortunally this one uses the anti-patching feature. If I modify the exe, the prog cries that it has been modified and tells you that you have to restore the original-executable. At the moment I am looking for the place where the check is done because I think that playing with the crypto-stuff that is needed for a valid licensefile is way beyond my horizon (at least with the skills I have up to now). So patching is the only way (for me) to kill the beast. The prog doesnt check itself by using CreateFileA or CreateFileW, so maybe the check is done in memory. We will see.

Regards *RemedY*

Dear *RemedY*,
I also got stuck with this protection.
I don't have any clue how to defeat it and it also terminates DeDE.
Please share what you have found about it .
Also if there is any tutorial I would appreciate it.
Thanks in advance.
Best Regards,
Android.

Hi Android,

unfortunally I must tell you, that I was not able to go any further as I was at the time of my first post about this issue :( .
Some people I know (and I think they are a bit more experienced than me) tried to defeat ICELicense - and they failed also. Up to now I found no tutorial whatsoever on this topic. Its really sad, because I am of the opinion that more and more apps coded in Delphi are protected with stuff from ionworx. It seems to be as strong as ionworx claimed it to be.
Sorry that I cant help you more than this.

Best regards
*RemedY*

Hi!

I had a look at IceLicense long time ago and I can say that it's a weak protection. For example, the trial can be reseted just removing a registry key (easy detectable with regmon).

It might look hard to crack because it behaves like a ZIP password protected application. So, if you dont know the key, you dont know which code will be decrypted, but as soon as you have a valid key you can easily dump the decrypted blocks and easily reconstruct the original program.

I dont think that this kind of "ZIP-password protectors" are much useful, becuase they only suit when you release your program with disabled functions (that will be decrypted with valid license)...when you want to release a full demo of your program, that kind of protection is useless.

I dont know 100% latest version of IceLicense...so, If I'm wrong in anything I said, tell me please ;)

Regards.

I uploaded a full version with source code to the ftp server

"/pub/ICE.License.v2.08/ICE License 208 Full SRC.zip" (5,900 KB)

Hello every body,
Thanks for your help.
What I have found is just a Signature file for IDA supporting IceLcense.
To be honest,I don't know how to use this signature file properly.
I need help in this case to be able to use IDA and this signature together for cracking.

In fact,I want to crack a software which is protected by IceLicense .
My problem is that when I unpack the program all the menus and buttons will be disabled.
It checks 2 things to fo do.
1-CRC32
2-MD5
As you know Icelicense uses 2 kinds of cryptos for integrity check of the original file.(CRC32 and MD5)

As for CRC3 protection I have found a jump here

006EA9A7

But as for MD5 I couldn't find anything useful.

I want to know if you can help me and teach me how to use the signature to defeat the last protection of disabling.

There is another protection which terminates softwares like DeDE and SoftIce.
I also want to defeat it.



The program I'm talking about is here.

h**p://www.pishgamsoft.com/Products-CoLock-En.htm

Thanks in advance.
Best Regards,
Android.

redbull, thanks for the file.

Attached you have the trial crack for that version.

Regards.

Tutorial
 

I wrote a tutorial about Icelicense (the protected program was Winlive Pro 4.5).
Unfortunately, I think it is a quite old version, in fact the application was released in 2003..

The author of Icelicense is here:

hxxp: // board.anticrack. de/viewtopic.php?t=1141&highlight=icelicense

If I were you, I will ask him for a favor! :-)