Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Flexlm ECC (https://forum.exetools.com/showthread.php?t=18914)

rcer 08-27-2018 23:21

Flexlm ECC
 
I am trying to reverse a flexlm protected program which uses ECC.
I Managed to find the seeds and features, build lmcrypt, and patched l_pubkey_verifyl
However the program refuses to run, and crashes every time, so I assume that it uses some form of CRC check, and crashes because this value has changed due to patching.
What is the general approach to defeat the CRC check?

user1 08-28-2018 02:40

how about you show us how to in a tutorial?

someone will help if you serious.

rcer 08-28-2018 19:55

Not sure what you mean with show us how to in a tutorial?
Do you want me to write a tutorial on how to extract the encryption seeds & patching of l_pubkey_verify??

user1 08-29-2018 01:58

yes please do. not worry 90% are just persons of scripts and automated tool olly plugins.

if very private ask one VIP to move your complete tutorial to VIP area.

long time I not seen such one.

ahmadmansoor 08-29-2018 13:24

is your target x64?

rcer 08-30-2018 02:46

Yes the target is x64

rcer 08-30-2018 22:24

fishing of encryption seeds, and patching of l_pubkey_verify is common knowledge, so no need to write a tutorial:)

rcer 08-31-2018 22:30

ahmadmansoor ,

why did you ask if my target is x64?

user1 09-01-2018 03:44

if that common show us !

I want see basic instinct again, reloaded !

eAGLe_eYe 09-01-2018 04:31

Simple,In common way catch CRC checking routine and modify asm code for jmp.

rcer 09-01-2018 16:18

Understood, but I have never dealt with CRC checking routines, so can you give me a hint as how do I find the dll or executable which checks the CRC?

eAGLe_eYe 09-02-2018 03:59

Quote:

Originally Posted by rcer (Post 114625)
Understood, but I have never dealt with CRC checking routines, so can you give me a hint as how do I find the dll or executable which checks the CRC?

search all Exitprocess call in exe with olly,bookmarks all call,run exe its stop on exitprocess call.its most likely your crc check routine.

ahmadmansoor 09-02-2018 13:01

Quote:

Originally Posted by eAGLe_eYe (Post 114629)
search all Exitprocess call in exe with olly,bookmarks all call,run exe its stop on exitprocess call.its most likely your crc check routine.

First, it is an x64 target so ollyDbg will not work ;) , you need x64dbg.
did you check if it is packed -if yes you will see that the target has many calls out of the .text section with many anti-debug checks -
what you need ( as I remember) is dll inject and huck some API before you use HW-BP to bypass anti-debug, then you apply ur patches.

rcer 09-02-2018 17:29

Well it looks that I have a lot of studying to do, and learn about anti-debug checks, API hooking and dll injecting, because i don't have a clue:D

ahmadmansoor 09-02-2018 17:52

Can you mention your target name?
Because I already have a target with same protection, I hope it not same yours :)


All times are GMT +8. The time now is 17:51.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX