Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   WinLicense HWID Information (https://forum.exetools.com/showthread.php?t=18887)

c9er 08-06-2018 22:18

WinLicense HWID Information
 
Hi All,

I am not new to reverse engineering but I haven't dealt with WinLicense before. I want to know if HWID check is simply a comparison check of HWID stored in license with current HWID or is correct HWID required to further decrypt the protected code? It would be great if any of the experienced members can shed some light on this.

chants 08-06-2018 22:45

Dear Friend, You did not mention your version which is quite important to this particular packing tool. Also try the nice search feature of the forum using keywords such as winlicense, hwid or hw-id and you find things such as:
Quote:

https://forum.exetools.com/showthread.php?t=18607
Probably you will quickly find tools and tutorials supporting your line of inquiry that go into all the details you need.

GIV's tutorial:
Quote:

https://tuts4you.com/e107_plugins/download/download.php?view.3540
LCF-AT's tutorial:
Quote:

https://tuts4you.com/e107_plugins/download/download.php?view.3526

ZeNiX 08-07-2018 10:35

1. correct HWID is not required to further decrypt the protected code
2. HWID check is not simply a compassion check. It is checked DWORD by DWORD. So I assume it has x8 checks.

c9er 08-07-2018 16:43

@chants

I have already gone through those tutorials. I was able to successfully use the LCF-AT script (1.4) on bundled crackmes. My current target is using " Themida/Winlicense(2.X)[-]" as per DiE version 2.0. I have a valid license file which was generated for different HWID. LCF-AT script is able to break at the correct nag message but then it fails to find any HWID compare checks. Subsequently the program closes itself after failed HWID check.

I have set a script breakpoint at FOUND_RIGHT_MESSAGE (Line 10726) and script beaks there. After that I can see that it tries to find the HWID compare check. After that it jumps to NO_MORE_CMPS (Line 10830) and executes the command "esto" and the program terminates with exit code 2.

Any ideas about why it's failing to find the correct check? I can share the program and regkey.dat file privately if somebody wants to take a look himself. It is not a commercial program and contains only a single executable file. Any pointers in the right direction will be appreciated.


All times are GMT +8. The time now is 15:49.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX