Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   ckinfo+ rev.1 (https://forum.exetools.com/showthread.php?t=16705)

raduga_fb 03-25-2015 05:35

ckinfo+ rev.1
 
1 Attachment(s)
I made some modifications & corrections.

* Mistyped constants are corrected.
* New section (0x10000 size) for inline code & constant pairs is added to keep compatibility back.
* inline codes written to address 045B000.
* constants are written to address 045B600.

I have just replaced the constant pairs in previous release. It means, I did not keep the original constant pairs which were using for old versions. This
time, the program is diverted at 3 places to new codes & constants. Now, it works for all versions (up to 7.8).

The new section size is quite enough for future modification & addition.

0040388D CMP DWORD PTR DS:[EBX],20 <- first constant pairs
00403890 JB 004037D6
00403896 MOV EAX,DWORD PTR SS:[ESP+20]
0040389A INC DWORD PTR DS:[EAX]
0040389C CMP DWORD PTR DS:[EAX],20
0040389F JB 004037D0 <- second constant pairs
004038A5 POP EDI <- could not be decrypted

004038A5 JMP 0045B0CA <- divert it to our new code


@control_1: ; 45b0ca
cmp byte ptr [@counter], 2 <- for future version purpose
jne @f
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn
@@:
push eax
xor eax,eax
mov al, byte ptr [@counter] <- counter
add eax, 1
mov byte ptr [@counter], al <- increase it
pop eax
mov dword ptr [eax], 0 <- we will try with new constants. therefore, set it to zero
jmp 004037D0 <- try again


When ckinfo cannot decrypt, we diverted it here and counter is set to 1.

Now, it is time to use new constants ->

00402DC3 CMP EAX,60000003 <- divert it -> JMP 0045B0FA
00402DC8 JNE SHORT 00402DD3
00402DCA MOV EDI,DWORD PTR DS:[ECX*4+43F008] <- one of constant pairs
00402DD1 JMP SHORT 00402E01
...


@part_2: ; 45b0fa
cmp eax, 60000003 ; original code
jne @table_6

@table_5:
cmp byte ptr [@counter], 0 ; is counter set ?
jne @f ; yes, use new constant
MOV EDI,DWORD PTR DS:[ECX*4+43F008] ; no, use old
JMP 00402E01
@@:
mov edi, 045e756 ; new constant pairs
imul ecx, ecx, 2C ; distance between constants
jmp @goback_2 ;


@goback_2:
sub edi, ecx ; find the new constant
JMP 00402E01 ; go to original code

There are totally 8 constant tables. Just, look to new codes for details.

I would like to thank to "thewd" again for awesome tool "ckinfo". It is designed perfectly, therefore it deserves to be inlined / saved for new versions of Crypkey as much as I can :-)

Regards,

raduga_fb
March 25, 2015

backdoor_b 08-14-2015 07:51

Could someone upload to another server? uploaded.to or mediafire.

thanks in advance

psgama 09-23-2015 08:32

Yes, May someone please upload to another server. This tool is fantastic! I just wish I could download it from here rather than another server.

b30wulf 09-24-2015 03:05

there must be probably a good reason why this tool is not uploaded on public server.
Deserve to download it

bigears 09-24-2015 06:49

Can download this tool from lavteam.org, free to register.

Quote:

Originally Posted by b30wulf (Post 101969)
there must be probably a good reason why this tool is not uploaded on public server.
Deserve to download it

What a shame this community has become this way...

psgama 09-24-2015 13:45

b30wulf, I appreciate your contributions, I have the original tool and ckinfo+ just not the new revision that is posted here.

I also have one of the first programs that used crypkey protection. A program called Flowcheck, written by Kenonic Controls. Which was purchased by Emerson. The protection was poorly implemented in Flowcheck, and can be completely removed with a single byte patch.

I understand where you are coming from with your post saying "Deserve to download it" I try to contribute where I can, and I do contribute on other message boards with help for others to patch programs for learning. plcforumn.uz.ua is one of these boards. Unfortunately, there are much more skilled contributors to this forum then myself and I am still learning.

Cheers

FnZnL! 09-24-2015 19:46

the people here deserves "sharing"

Code:

http://www.mirrorcreator.com/files/0ZZM4MAK/

b30wulf 09-24-2015 21:43

My point is not to be selfish, when I say deserve to download, I want to force you learn and contribute. I love this community very very much and seeing how its growing with script kiddies that wait for ready made solutions im sick of thet.
Attachments have download access level for a good reason....

psgama 09-25-2015 13:39

b30wulf, I agree with you in that respect. My skill level is not nearly where the main contributors of this forumn are at. But I do try, and I do, occasionally succeed. I have learned much from this forumn.

I learned a lot about FlexLM, CrypKey, and Wibu Dongle. I've discovered tools like multikey, and ckinfo. I learned about .Net reflector from this site and others, and have succeeded in reversing licensing on a hardware device by forcing the software to Decrypt a license file locked to an SD card and display the decrypted XML for editing before encrypting it again. All using Reflector and Reflexil.

I was able to upgrade to bigger SD cards in my device in this way, as well as turn on options.

Unfortunately the projects I have worked on are for hobby only and specific to applications I use, so they are not very popular or worth sharing. I do respect the reversing community and the contributions they make.

Any way, this has gone off topic. Raduga_FB, Thank you for your contribution! It is appreciated.

rooky2000 10-24-2015 21:25

How to get option and level £¿

psgama 10-25-2015 09:36

It depends on the program you are reversing. It could be easy, or the option and levels could be dynamic, You must follow out the code and see what levels or options are being looked for.

daqstar 03-04-2016 11:48

Options and Levels
 
Quote:

Originally Posted by rooky2000 (Post 102595)
How to get option and level ��


It's quite easy to get these values.
When you run the program for the first time it creates the 3 License files,
and an ngn file which contains the User and Master Keys.
The SiteKey,
in particular,
gives you the Options and Levels,
so you have nothing to worry about.
It seems to be invisible these days so you need a program like
'everything'
to actually find and read it.
You now have all the info you need to create a ckinfo script to feed into
ckinfo
and create any SiteKey that you want.
But first you need a SiteCode which is particular to your PC
and generated by the program afresh
(it is time dated)
each time you want to create a new license.
It is now usually obfuscated,
so the only problem you have is deobfuscating the SiteCode!
There's the rub!


wassim_ 05-28-2017 19:36

@rooky2000
There used to be an IDA signature file for crypkey function, that would surely help you in placing bps on the right addresses to get the levels and options. I'm not sure if it has been recently updated though.

FoxB 06-04-2017 22:35

Ckinfo source will released at https://github.com/thewd-hub/source/

user1 06-06-2017 17:45

AccessData CodeMeter Dongle Emulator/v1.04 inside.


All times are GMT +8. The time now is 15:29.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX