Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Reprise target (https://forum.exetools.com/showthread.php?t=17113)

rcer 09-15-2015 11:44

Reprise target
 
I don't have much experience with RLM , but managed to crack a few apps with the pubkey injection method.
But one app, I am unable to crack and is giving me a real hard time!
On startup the original program displays "bad signature in license error" and then a warning message "This software needs a license to run"
Here is a rundown of my work:
1) -found and patched the pubkey inside rlm1112.dll.
-extracted the LICENSE_TO_RUN string
- build rlmsign with the new pubkey and LICENSE_TO_RUN string
- signed a new license, and replaced original rlm1112.dll with the patched one
On startup the program first displays a warning message " rlm1112.dll is corrupt or missing" Then a warning message "This software needs a

license to run", (i.e no bad signature in license error)
- I have tried to find where the checksum calculation is done inside the program, but I am unable to find the location
- checking the return of rlm_checkout yields the correct result (i.e. eax+48 yields 00 00 00 00). This checkout is also confirmed by

rlm_license_stat which yields 00 00 00 00 in eax.
- since rlm_checkout is O.K. but the program doesn't run, there must be an additional check.
- I traced program execution after rlm_checkout, but am unable to find where this check is done.

2) - Ran the program with the original rlm1112.dll, and modified the results of rlm-checkout on runtime
- On startup the program displays the warning message "This software needs a license to run", (i.e no bad signature in license error)

3) - I found an additional license key inside "XX.Foundation.License.bpl (i.e XX_internal ) which I patched with my own signature, but this also

yields the same result as in 1)

I really need some help, and any tips are appreciated.

rgds

disauto 09-16-2015 11:55

i had same trouble, maybe rlm.exe or isvname.setneed patch

rcer 09-17-2015 08:58

Thanks, I will look into this

nikkapedd 09-17-2015 22:42

you cannot patch the fils isvname.set because is encrypted. TRy to open it with an text editor..
You can patch the vendor.exe and of couse the rlm.exe

rcer 09-18-2015 08:50

thanks and I already noticed that isvname.set is encrypted, but I will give rlm.exe & vendor.exe a try.

nikkapedd, you mentioned in one of your posts that some new targets require besides pubkey injection also patching of the rlm_chekout routine. But if you you inject your own pubkey, rlm_checkout will yield the correct result, so why would you have to patch it?
secondly, rlm_checkout does not yield "0" in eax but an address pointer to the checkout result, and the address is different on each run, so how can you patch this?

rgds

rcer 09-24-2015 21:26

nikkapedd

I have been looking into the RLM license server, but there is one

issue I really don't understand!

1) I build the demo RLM kit.
2) generated a new priv/pubkey pair. (pubkey length 226 bits)
3)Modified license_to_run.h with the LICENSE_TO_RUN and ISV info
4)Modified makefile with the ISV name
5)Rebuild the kit for ISV name.
6)Signed a license with rlmsign

But then when I try to start the RLM server (i.e.) run rlm.exe I get

the following error message

09/23 09:42 () *** The license to use RLM compiled ***
09/23 09:42 () *** into this server is not correct. ***
09/23 09:42 () *** ***
09/23 09:42 () *** Either the license is missing, ***
09/23 09:42 () *** it has expired, or it is entered ***
09/23 09:42 () *** incorrectly. ***
09/23 09:42 () *** ***
09/23 09:42 () *** License Checksum: 000000 ***

When I debug rlm.exe, __rlm_verify returns 000001 in eax on first

break (OK);
But returns FFFFFF8A RLM_EH_BADPUBKEY -118 Error in public key on

2nd break.

Any ide why this is happening?

rgds
rcer

rcer 09-26-2015 13:01

This issue really puzzles me!

I compared the keys and locations of the original, patched and build dll's, see below:


rlm1112.dll_ORG:

(offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build)
(offset from base_02) key2: 30 81 DE 02 40-- (Identical for ORG & Patched)
(offset from base_03) key3: 30 81 DF 02 40--(identified as pubkey by RLM_Helper)

rlm1112.dll_patched:

(offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build)
(offset from base_02) key2: 30 81 DE 02 40-- (Identical for ORG & Patched)
(offset from base_03) key3: 30 81 DF 02 40--(identified as pubkey by RLM_Helper) Injected a new 30 81 DF 02 40--

pubkey in this location

rlm1112.dll_build: (using the new 30 81 DF 02 40-- pubkey)

(offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build)
(offset from base_02) key2: 30 81 DF 02 40--(Identical to pubkey3 from Patched)
(offset from base_03) key3: 30 81 DE 02 40--(identified as pubkey by RLM_Helper) Identical to pubkey2 from ORG &

Patched


It appears that the build process inputs the new pubkey into location 2 instead of location 3 and for this reason

the pubkey is identified as 30 81 DE 02 40-- instead of 30 81 DF 02 40-- !!

Can anybody explain why this happens?
rgds

rcer

rcer 09-28-2015 08:30

Can anybody please give some feedback on my questions, because I really need your help

rgds
rcer

rcer 09-30-2015 08:34

O.K
I fixed the problem with the rlm server, and ISV.exe now runs fine.

problem was related to an incorrect LICENSE_TO_RUN signature


rgds
rcer

banch 02-20-2018 21:40

Good story. Hope it could be written in a tourist.

opcode8 01-22-2021 21:56

Another pubkey patcher for RLM (in source!)

https://github.com/xiaolei0517/RLMPubkey

there is some additional discussion here on this topic but not much
https://www.52pojie.cn/thread-1243929-1-1.html

geophylika 02-08-2021 13:27

Quote:

Originally Posted by rcer (Post 102125)
O.K
I fixed the problem with the rlm server, and ISV.exe now runs fine.

problem was related to an incorrect LICENSE_TO_RUN signature


rgds
rcer

How do u fixed the "WARNING: Bad signature:~~`~" error!
What's mean "incorrect LICENSE_TO_RUN signature"!

regards.

geophylika 02-09-2021 11:03

Quote:

Originally Posted by rcer (Post 102125)
O.K
I fixed the problem with the rlm server, and ISV.exe now runs fine.

problem was related to an incorrect LICENSE_TO_RUN signature


rgds
rcer

Use HELPERV24 EXTRACH rlm.exe and damon.exe PUBLIC KEY,IT DISPLAY pubilic key1-key2-key3-key4-key5,but it can't patch.
RLMPubkey patch with key5
start rlm server,display WARNING: Bad signature:

how to fixed the problem with the rlm server?

rgds

tom324 10-23-2021 06:23

Hi all,
What options to set in license file to enable rlm.exe running on virtual machine ?

10/22 23:55 (rlm) The ISV server is running on the wrong host.
10/22 23:55 (rlm)
10/22 23:55 (rlm) This can happen if:
10/22 23:55 (rlm) The hostid of this machine doesn't match any license file
10/22 23:55 (rlm) - or -
10/22 23:55 (rlm) You are attempting to run the server on a virtual machine
10/22 23:55 (rlm) Check the ISV server debug log for the specific error

ketan 10-23-2021 07:08

add rlm_server_enable_vm feature to your license

tom324 10-24-2021 00:47

My target is Hightec compiler for TriCore.
Patching with RLMPubkey reports correct license in License manager.
But when actually trying to to compile - another level of protection activated.
scc.exe reports

Support consistency checker tool: internal error: 0xA0000037
Please contact <[email protected]>

../src/hello.c:1:0: error: error in support consistency checker
/*====================================================================
^
../src/hello.c:1:0: error: support consistency check failed
src/subdir.mk:18: recipe for target 'src/hello.o' failed
make: *** [src/hello.o] Error 1

Has anyone seen something like that in other RLM targets ?

ketan 10-24-2021 06:57

Could be any kind of custom check - license in a buffer (precomputed with original dsa priv.key), patched file integrity check etc etc.


All times are GMT +8. The time now is 11:01.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2022, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX