View Single Post
  #4  
Old 08-07-2018, 16:43
c9er c9er is offline
Guest
 
Join Date: May 2018
Posts: 2
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
c9er Reputation: 0
@chants

I have already gone through those tutorials. I was able to successfully use the LCF-AT script (1.4) on bundled crackmes. My current target is using " Themida/Winlicense(2.X)[-]" as per DiE version 2.0. I have a valid license file which was generated for different HWID. LCF-AT script is able to break at the correct nag message but then it fails to find any HWID compare checks. Subsequently the program closes itself after failed HWID check.

I have set a script breakpoint at FOUND_RIGHT_MESSAGE (Line 10726) and script beaks there. After that I can see that it tries to find the HWID compare check. After that it jumps to NO_MORE_CMPS (Line 10830) and executes the command "esto" and the program terminates with exit code 2.

Any ideas about why it's failing to find the correct check? I can share the program and regkey.dat file privately if somebody wants to take a look himself. It is not a commercial program and contains only a single executable file. Any pointers in the right direction will be appreciated.
Reply With Quote