Marx Cryptobox Dongle

Hi guys,

I have a program protected by this dongle. Domgle driver name is mpiwin32.dll, it have stupid exports like "No Marx device attached", and so on. The problem is that mpiwin32.dll is created somewho by the main exe of the program. I have deleted all mpiwin32.dll from my computer, but when i launch the exe, it's creating in Documents and Settings\Administrator\Local Settings\Temp this dll. Created file name is not mpiwin32.dll, it's something like 985464687879454.tmp (every time it have a different number).

Any ideea how can I see if this dll is embeded in the main exe file? and if it is, how can I replace it with a cracked one?

Thanks for your help
balauru

[mtw]

It is probably saved in the exe as a resource in one of
the exe's or a file compressed/encrypted in the main programs
root dir. Might be the best way around this is to copy that
dll to the main prog dir and locate the code that loads
this dll, have it point to the main dir instead of the temp
dir and changed the random filename to the saved one,
then you can crack the dll.

[Git]

Balauru - you probably want to look for cbndll.dll in your system directory as the main cryptobox dll.

This was the only thread I could find here on this subject. Does anybody have any more info on the subject please?. IDA SIGs etc?

Git

[Zigmund]

Problem solution is quite simple, imho.
You should patch (mostly mpiwin32.dll is packed by UPX) mpiwin32.dll as you need and place it near executables that are using it...

there is also can be some crc checking, if that probgam generates mpiwin32.dll in Tem folder.



Does anyone know is all "standard" crypto algorithms hardware realised in dongle can be emulated with their software analogues? I mean...
using Rijndael with Marx dongle
nad only with mpiwin32.dll
will give same results?

Thanks.