Thread: dll serial fishing/patching help needed(easy)
View Single Post
  #4  
Old 10-08-2004, 19:29
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
  
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
Hello Wassim ,

"for obvious reasons, I'm trying to reverse the 3rd option (serial licensing)"
Hmm.... I wouldn't be so sure. Why do you think that serial validation could be easier than dongle or FlexLM reversing? Let's see:

1. Dongle.
A pitty you didn't precised which one. Sentinel and Hasp are kind of toys to crack. Wibu, Marx are harder. Suppose you will crack it. What you gain by reversing the dongle verification scheme? A lot. First of all, you control the application and its future version (almost for sure) because dongle protection, usually, means the same protection for next years. So, only very little work is required when next version are relased (look at the masters in emulation - Paradox, they immediately relase next versions of titles protected with dongles)

2. FlexLM.
This is a well known license system with some tutorials available on the net, explaining its internals. Also it has the most easiest license verification scheme I ever saw. It's like with the hardware key - if someone bought FlexLM to protect his software then, almost for sure, he will use it in next versions, because of standard and costs (FlexLM is not dedicated to small developers). FlexLM doesn't change very deep, althought it can become modified in the future.

2. Serial validation.
Again: pitty that you didn't precised which algorithm it uses (or at least you suppose). AES candidates and its approved schemes (Rijndael, RSA, ECC) so far are impossible to reverse if there is no hole in the generation/validation engine (like the last PNG weakness in Armadillo). Of course, you can crack it, but then, in the next version of the software, you can encounter completely new protection. But let's assume you will be able to reverse its scheme and create a keygenerator. What next? Software developers will change the algorithm (if they are wise) in the next version, making it even harder to crack.

Of course, key generators or single key generation are very good solutions, but if you ask me - not in this case. So, isn't it a paradox that serial validation doesn't have to be the easiet one?

Other people: please watch my words before commenting this post. Thanks.

Regards.
Last edited by dyn!o; 10-08-2004 at 19:31.
Reply With Quote