Reprise target
I don't have much experience with RLM , but managed to crack a few apps with the pubkey injection method.
But one app, I am unable to crack and is giving me a real hard time! On startup the original program displays "bad signature in license error" and then a warning message "This software needs a license to run" Here is a rundown of my work: 1) -found and patched the pubkey inside rlm1112.dll. -extracted the LICENSE_TO_RUN string - build rlmsign with the new pubkey and LICENSE_TO_RUN string - signed a new license, and replaced original rlm1112.dll with the patched one On startup the program first displays a warning message " rlm1112.dll is corrupt or missing" Then a warning message "This software needs a license to run", (i.e no bad signature in license error) - I have tried to find where the checksum calculation is done inside the program, but I am unable to find the location - checking the return of rlm_checkout yields the correct result (i.e. eax+48 yields 00 00 00 00). This checkout is also confirmed by rlm_license_stat which yields 00 00 00 00 in eax. - since rlm_checkout is O.K. but the program doesn't run, there must be an additional check. - I traced program execution after rlm_checkout, but am unable to find where this check is done. 2) - Ran the program with the original rlm1112.dll, and modified the results of rlm-checkout on runtime - On startup the program displays the warning message "This software needs a license to run", (i.e no bad signature in license error) 3) - I found an additional license key inside "XX.Foundation.License.bpl (i.e XX_internal ) which I patched with my own signature, but this also yields the same result as in 1) I really need some help, and any tips are appreciated. rgds |
i had same trouble, maybe rlm.exe or isvname.setneed patch
|
Thanks, I will look into this
|
you cannot patch the fils isvname.set because is encrypted. TRy to open it with an text editor..
You can patch the vendor.exe and of couse the rlm.exe |
thanks and I already noticed that isvname.set is encrypted, but I will give rlm.exe & vendor.exe a try.
nikkapedd, you mentioned in one of your posts that some new targets require besides pubkey injection also patching of the rlm_chekout routine. But if you you inject your own pubkey, rlm_checkout will yield the correct result, so why would you have to patch it? secondly, rlm_checkout does not yield "0" in eax but an address pointer to the checkout result, and the address is different on each run, so how can you patch this? rgds |
nikkapedd
I have been looking into the RLM license server, but there is one issue I really don't understand! 1) I build the demo RLM kit. 2) generated a new priv/pubkey pair. (pubkey length 226 bits) 3)Modified license_to_run.h with the LICENSE_TO_RUN and ISV info 4)Modified makefile with the ISV name 5)Rebuild the kit for ISV name. 6)Signed a license with rlmsign But then when I try to start the RLM server (i.e.) run rlm.exe I get the following error message 09/23 09:42 () *** The license to use RLM compiled *** 09/23 09:42 () *** into this server is not correct. *** 09/23 09:42 () *** *** 09/23 09:42 () *** Either the license is missing, *** 09/23 09:42 () *** it has expired, or it is entered *** 09/23 09:42 () *** incorrectly. *** 09/23 09:42 () *** *** 09/23 09:42 () *** License Checksum: 000000 *** When I debug rlm.exe, __rlm_verify returns 000001 in eax on first break (OK); But returns FFFFFF8A RLM_EH_BADPUBKEY -118 Error in public key on 2nd break. Any ide why this is happening? rgds rcer |
This issue really puzzles me!
I compared the keys and locations of the original, patched and build dll's, see below: rlm1112.dll_ORG: (offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build) (offset from base_02) key2: 30 81 DE 02 40-- (Identical for ORG & Patched) (offset from base_03) key3: 30 81 DF 02 40--(identified as pubkey by RLM_Helper) rlm1112.dll_patched: (offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build) (offset from base_02) key2: 30 81 DE 02 40-- (Identical for ORG & Patched) (offset from base_03) key3: 30 81 DF 02 40--(identified as pubkey by RLM_Helper) Injected a new 30 81 DF 02 40-- pubkey in this location rlm1112.dll_build: (using the new 30 81 DF 02 40-- pubkey) (offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build) (offset from base_02) key2: 30 81 DF 02 40--(Identical to pubkey3 from Patched) (offset from base_03) key3: 30 81 DE 02 40--(identified as pubkey by RLM_Helper) Identical to pubkey2 from ORG & Patched It appears that the build process inputs the new pubkey into location 2 instead of location 3 and for this reason the pubkey is identified as 30 81 DE 02 40-- instead of 30 81 DF 02 40-- !! Can anybody explain why this happens? rgds rcer |
Can anybody please give some feedback on my questions, because I really need your help
rgds rcer |
O.K
I fixed the problem with the rlm server, and ISV.exe now runs fine. problem was related to an incorrect LICENSE_TO_RUN signature rgds rcer |
Good story. Hope it could be written in a tourist.
|
Another pubkey patcher for RLM (in source!)
https://github.com/xiaolei0517/RLMPubkey there is some additional discussion here on this topic but not much https://www.52pojie.cn/thread-1243929-1-1.html |
Quote:
What's mean "incorrect LICENSE_TO_RUN signature"! regards. |
Quote:
RLMPubkey patch with key5 start rlm server,display WARNING: Bad signature: how to fixed the problem with the rlm server? rgds |
Hi all,
What options to set in license file to enable rlm.exe running on virtual machine ? 10/22 23:55 (rlm) The ISV server is running on the wrong host. 10/22 23:55 (rlm) 10/22 23:55 (rlm) This can happen if: 10/22 23:55 (rlm) The hostid of this machine doesn't match any license file 10/22 23:55 (rlm) - or - 10/22 23:55 (rlm) You are attempting to run the server on a virtual machine 10/22 23:55 (rlm) Check the ISV server debug log for the specific error |
add rlm_server_enable_vm feature to your license
|
All times are GMT +8. The time now is 11:12. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX