Thread: Reprise target
View Single Post
Old 09-15-2015, 11:44
rcer rcer is offline
Join Date: Dec 2008
Posts: 133
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
Reprise target

I don't have much experience with RLM , but managed to crack a few apps with the pubkey injection method.
But one app, I am unable to crack and is giving me a real hard time!
On startup the original program displays "bad signature in license error" and then a warning message "This software needs a license to run"
Here is a rundown of my work:
1) -found and patched the pubkey inside rlm1112.dll.
-extracted the LICENSE_TO_RUN string
- build rlmsign with the new pubkey and LICENSE_TO_RUN string
- signed a new license, and replaced original rlm1112.dll with the patched one
On startup the program first displays a warning message " rlm1112.dll is corrupt or missing" Then a warning message "This software needs a

license to run", (i.e no bad signature in license error)
- I have tried to find where the checksum calculation is done inside the program, but I am unable to find the location
- checking the return of rlm_checkout yields the correct result (i.e. eax+48 yields 00 00 00 00). This checkout is also confirmed by

rlm_license_stat which yields 00 00 00 00 in eax.
- since rlm_checkout is O.K. but the program doesn't run, there must be an additional check.
- I traced program execution after rlm_checkout, but am unable to find where this check is done.

2) - Ran the program with the original rlm1112.dll, and modified the results of rlm-checkout on runtime
- On startup the program displays the warning message "This software needs a license to run", (i.e no bad signature in license error)

3) - I found an additional license key inside "XX.Foundation.License.bpl (i.e XX_internal ) which I patched with my own signature, but this also

yields the same result as in 1)

I really need some help, and any tips are appreciated.

Reply With Quote