Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-28-2022, 19:21
Artic Artic is offline
Friend
 
Join Date: Jul 2014
Location: target folder
Posts: 106
Rept. Given: 53
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 157
Thanks Rcvd at 42 Times in 24 Posts
Artic Reputation: 15
Unhappy PACE iLokv3?

I have program with iLok 3 here (there are a lot of variations, most of the time audio plugins), let me list for the particular version, maybe somebody has a clue on how to attack and unpack/unpace it:

If you trace throught he binary, you somehow hit a trap and land into a Demo Auth window, which forces you to exit.
It was possible to not hit that trap with fine tuning ScyllaHide.

Then there are various export functions visible

GetPluginFactory --- this exists for all vst3 plugins
pace_license_challenge_callback
C2 00 00 (RET0)
pace_wrapping_ca
pace_wrapping_cz
pace_wrapping_d
pace_wrapping_fc
pace_wrapping_fi
pace_wrapping_ia
pace_wrapping_iz
Those 7 are dynamic, they are created on runtime.
OptionalHeader.AdressOfEntryPoint --- this is the entry point
Here it seems to construct adresses, as the imagebase is hardcoded, normal VST plugins doesnt seem to have this.

The Import table has a few extra pace specific intermodular calls,
for example:
__pace_license_change_callback those lead after the binary is run, those link to the C2 00 00 (RET0) from above. Maybe they can be used?

The only thing i have found so far was the SnD paper from 2009. (I guess most the stuff is kept private R2R, RET, etc)

(what a peverse resource wasting protector. have seen variants, where the non pace version is 3.7MB and the pace version is 12.7MB Insane)

Any help woud be awsome and maybe we discuss via PM.

PS: this looks like Metafortress.

Last edited by Artic; 12-28-2022 at 20:38. Reason: Added possible Ilok variant
Reply With Quote
Reply

Tags
authorization, cloud, ilok3, pace

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 03:13.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2022 )