Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   dot net - how to create keygen using program's code (https://forum.exetools.com/showthread.php?t=13585)

Maltese 06-14-2011 14:13
dot net - how to create keygen using program's code
 
This is a two fold question. I have a program that uses a hardware ID fingerprint, and then checks against a serial#. I was successful using NET Reflector with Deblector to discover the correct serial#.

However, it would be a real pain to load Reflector on every PC and then manually see the correct serial#. Would have to set bp manually as well 1st time around.

Is there a utility that could run independently that could monitor the serial? Or is there an easy way to copy the contents of the program to create a keygen?

Program finally uses: mscorlib -> System -> String -> Base Types -> op_Equality(String, String) : Boolean

TIA

congviet 06-14-2011 14:47
If the program is not protected or encoded, we rely on code generated to write the keygen, or you can learn the principle of creating the correct code sequences, and then write a program code to create reasonable.
Or You post the code generate the correct serial to here or main program

SystemeD 06-14-2011 16:14
If you don't mind software updates you can patch the program to accept all serials and deploy cracked version of the program. Probably it would be a 1-byte crack.
Another option would be to code a loader for the application to fish and save the correct serial.
Personally I would go for a keygen. You can easily use decompiled .NET code to create the keygen.

Maltese 06-15-2011 02:17
Looking for quick way out. After you put in generic serial #, the program checks for a OP_EQUALITY. Is there a way to send the text to a basic MessageBox pop-up?

If so, what routine? I'll start searching now.

Maltese 06-15-2011 03:47
Found the solution.

I tricked the program into pop-ing up a MessageBox::Show(string). W00T!

Original Code
Code:
    IL_005b:  /* 03  |                  */ ldarg.1
    IL_005c:  /* 08  |                  */ ldloc.2
    IL_005d:  /* 28  | (0A)000027      */ call      bool [mscorlib]System.String::op_Equality(string,
                                                                                                string)
I had to NOP out the ldarg.1 (bad serial I typed in) so MessageBox call would not crash.

ldloc.2 held proper serial#.

Then I byte changed the 27 to 25 (which is the reference location of MessageBox used elsewhere in the program (looking at IL dump).

So now the code reads:
Code:
    IL_005b:  /* 00  |                  */ nop
    IL_005c:  /* 08  |                  */ ldloc.2
    IL_005d:  /* 28  | (0A)000025      */ call valuetype [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string)
Viola. No need for keygen. Just let the program pop out the answer for you.

congviet 06-15-2011 09:02
Inline patch is simple--> ok
But you must to enter a serial manual into that program.
With keygen, you can copy and paste serial direct to program.
In other way, it also brings the results you want. So your problem is resolved.


All times are GMT +8. The time now is 10:01.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX