Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   winlicense 2.1.x hwid bypass ? (https://forum.exetools.com/showthread.php?t=18607)

Mahmoudnia 01-18-2018 17:59
winlicense 2.1.x hwid bypass ?
 
Hi
how to bypass hwid of 2.1.x winlicense protected targets ?

i have valid license for other pc

giv 01-20-2018 01:32
Hi.
Take a look here:
https://tuts4you.com/e107_plugins/do....php?view.3526

Mahmoudnia 01-20-2018 01:52
Hi giv
my tagert don't run in win xp , how to use lcf-at script in other windows os ?
this is my target :
Code:
http://www.mediafire.com/file/i966h3230ml1n97/Xentry.rar
but when i using lcf-at script it show me license error !
may you help me ?
thanks

Mahmoudnia 01-20-2018 23:31
friend giv , may you help me ?

MistHill 01-23-2018 14:47
Bypass the WinLicense 2.4.6.0 HWiD Check
 
Xentry.exe(VeDoc calculator) is protected by WinLicense 2.4.6.0.
It can not run in Windows XP because it imports APIs from dwmapi.dll.

I played in Windows 7 with your valid license file regkey.dat:
  1. Set a hardware execution breakpoint at 0147CB7B(where ModuleBase is 00400000);
  2. F9, run. waiting for user32.MessageBoxEx(NULL, "This application has been registered to\r\nSkud1 - Private 2", "WinLicense", MB_ICONINFORMATION, 0);
  3. Click Ok in MessageBox, then it should land on the BP;
  4. At here, modify DWORD [0130A21D]=7CBDC03A;
  5. Clear the BP, F9. You are free to go!

It's so simple, so easy to bypass the HWiD Check! Sad for Oreans.

For more technical details, please refer to my post years ago at tuts4you Themida 2.2.6.0, in which attached a WinLicense 2.2.6.0 example.

Mahmoudnia 01-23-2018 17:08
Hi MistHill
Thanks a lot off
may you tell me how to find "modify DWORD [0130A21D]=7CBDC03A" ?
thanks again

TechLord 01-24-2018 09:21
Quote:
Originally Posted by Mahmoudnia (Post 111957)
Hi giv
my tagert don't run in win xp , how to use lcf-at script in other windows os ?
this is my target :
Code:
http://www.mediafire.com/file/i966h3230ml1n97/Xentry.rar
...
thanks
The target is no longer available ... Could you please re-up it ?
I will also have a look :)

MistHill 01-25-2018 10:31
@TechLord
Mahmoudnia's link still works.

@Mahmoudnia
It's a long story. Read my post at tuts4you for some hint.
In short, address 0130A21D is the Is_Registered_DWORD1.
1. It was initialized to FALSE (value 0x5B4E0215) at first.
2. Set to TRUE(value 0x7CBDC03A) if License File: RSA decryption and signature verification, decryptions for each fields and checksums all Okay. Else FALSE again, no go further.
3. Set to FALSE if HWiD not matches, error message, exit.
4. Decrypting each setions of the application, resolving imports, relocating, and so on.

What we do is find out the Is_Registered_DWORD1 address and TRUE/FALSE values, and patch it to TRUE at some place before the check.
Easy or difficult, depending on how much understanding for the Oreans' VM architecture.

TechLord 01-25-2018 11:59
Quote:
Originally Posted by MistHill (Post 112017)
@TechLord
Mahmoudnia's link still works.

....
Thank you for the reply but ...

I am getting this error message :( :

Quote:
https://imgur.com/a/sv4YH

MistHill 01-25-2018 21:44
Quote:
Originally Posted by TechLord (Post 112018)
Thank you for the reply but ...

I am getting this error message :( :
Seems your ISP sucks.

Xentry.rar - OpenDrive

TechLord 01-26-2018 09:24
Quote:
Originally Posted by MistHill (Post 112031)
Seems your ISP sucks.

Xentry.rar - OpenDrive
Thanks a lot for the upload ! :)

No.. I don't think it's the ISP... I think that the file from Mahmoudnia's link is deleted... I am able to download other files from Mediafire without issues.

In any case thanks a lot once again for the upload :)

Cheers


All times are GMT +8. The time now is 12:02.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX