Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-15-2015, 11:44
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 131
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
Reprise target

I don't have much experience with RLM , but managed to crack a few apps with the pubkey injection method.
But one app, I am unable to crack and is giving me a real hard time!
On startup the original program displays "bad signature in license error" and then a warning message "This software needs a license to run"
Here is a rundown of my work:
1) -found and patched the pubkey inside rlm1112.dll.
-extracted the LICENSE_TO_RUN string
- build rlmsign with the new pubkey and LICENSE_TO_RUN string
- signed a new license, and replaced original rlm1112.dll with the patched one
On startup the program first displays a warning message " rlm1112.dll is corrupt or missing" Then a warning message "This software needs a

license to run", (i.e no bad signature in license error)
- I have tried to find where the checksum calculation is done inside the program, but I am unable to find the location
- checking the return of rlm_checkout yields the correct result (i.e. eax+48 yields 00 00 00 00). This checkout is also confirmed by

rlm_license_stat which yields 00 00 00 00 in eax.
- since rlm_checkout is O.K. but the program doesn't run, there must be an additional check.
- I traced program execution after rlm_checkout, but am unable to find where this check is done.

2) - Ran the program with the original rlm1112.dll, and modified the results of rlm-checkout on runtime
- On startup the program displays the warning message "This software needs a license to run", (i.e no bad signature in license error)

3) - I found an additional license key inside "XX.Foundation.License.bpl (i.e XX_internal ) which I patched with my own signature, but this also

yields the same result as in 1)

I really need some help, and any tips are appreciated.

rgds
Reply With Quote
  #2  
Old 09-16-2015, 11:55
disauto disauto is offline
Friend
 
Join Date: May 2011
Posts: 83
Rept. Given: 14
Rept. Rcvd 13 Times in 10 Posts
Thanks Given: 10
Thanks Rcvd at 10 Times in 6 Posts
disauto Reputation: 13
i had same trouble, maybe rlm.exe or isvname.setneed patch
Reply With Quote
  #3  
Old 09-17-2015, 08:58
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 131
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
Thanks, I will look into this
Reply With Quote
  #4  
Old 09-17-2015, 22:42
nikkapedd nikkapedd is offline
VIP
 
Join Date: Mar 2011
Location: Somewhere In Europe
Posts: 242
Rept. Given: 275
Rept. Rcvd 150 Times in 64 Posts
Thanks Given: 177
Thanks Rcvd at 215 Times in 92 Posts
nikkapedd Reputation: 100-199 nikkapedd Reputation: 100-199
you cannot patch the fils isvname.set because is encrypted. TRy to open it with an text editor..
You can patch the vendor.exe and of couse the rlm.exe
Reply With Quote
  #5  
Old 09-18-2015, 08:50
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 131
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
thanks and I already noticed that isvname.set is encrypted, but I will give rlm.exe & vendor.exe a try.

nikkapedd, you mentioned in one of your posts that some new targets require besides pubkey injection also patching of the rlm_chekout routine. But if you you inject your own pubkey, rlm_checkout will yield the correct result, so why would you have to patch it?
secondly, rlm_checkout does not yield "0" in eax but an address pointer to the checkout result, and the address is different on each run, so how can you patch this?

rgds
Reply With Quote
  #6  
Old 09-24-2015, 21:26
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 131
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
nikkapedd

I have been looking into the RLM license server, but there is one

issue I really don't understand!

1) I build the demo RLM kit.
2) generated a new priv/pubkey pair. (pubkey length 226 bits)
3)Modified license_to_run.h with the LICENSE_TO_RUN and ISV info
4)Modified makefile with the ISV name
5)Rebuild the kit for ISV name.
6)Signed a license with rlmsign

But then when I try to start the RLM server (i.e.) run rlm.exe I get

the following error message

09/23 09:42 () *** The license to use RLM compiled ***
09/23 09:42 () *** into this server is not correct. ***
09/23 09:42 () *** ***
09/23 09:42 () *** Either the license is missing, ***
09/23 09:42 () *** it has expired, or it is entered ***
09/23 09:42 () *** incorrectly. ***
09/23 09:42 () *** ***
09/23 09:42 () *** License Checksum: 000000 ***

When I debug rlm.exe, __rlm_verify returns 000001 in eax on first

break (OK);
But returns FFFFFF8A RLM_EH_BADPUBKEY -118 Error in public key on

2nd break.

Any ide why this is happening?

rgds
rcer
Reply With Quote
  #7  
Old 09-26-2015, 13:01
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 131
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
This issue really puzzles me!

I compared the keys and locations of the original, patched and build dll's, see below:


rlm1112.dll_ORG:

(offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build)
(offset from base_02) key2: 30 81 DE 02 40-- (Identical for ORG & Patched)
(offset from base_03) key3: 30 81 DF 02 40--(identified as pubkey by RLM_Helper)

rlm1112.dll_patched:

(offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build)
(offset from base_02) key2: 30 81 DE 02 40-- (Identical for ORG & Patched)
(offset from base_03) key3: 30 81 DF 02 40--(identified as pubkey by RLM_Helper) Injected a new 30 81 DF 02 40--

pubkey in this location

rlm1112.dll_build: (using the new 30 81 DF 02 40-- pubkey)

(offset from base_01) key1: 30 81 DF 02 41 --(Identical for ORG, Patched & Build)
(offset from base_02) key2: 30 81 DF 02 40--(Identical to pubkey3 from Patched)
(offset from base_03) key3: 30 81 DE 02 40--(identified as pubkey by RLM_Helper) Identical to pubkey2 from ORG &

Patched


It appears that the build process inputs the new pubkey into location 2 instead of location 3 and for this reason

the pubkey is identified as 30 81 DE 02 40-- instead of 30 81 DF 02 40-- !!

Can anybody explain why this happens?
rgds

rcer
Reply With Quote
  #8  
Old 09-28-2015, 08:30
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 131
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
Can anybody please give some feedback on my questions, because I really need your help

rgds
rcer
Reply With Quote
  #9  
Old 09-30-2015, 08:34
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 131
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
O.K
I fixed the problem with the rlm server, and ISV.exe now runs fine.

problem was related to an incorrect LICENSE_TO_RUN signature


rgds
rcer
Reply With Quote
The Following User Says Thank You to rcer For This Useful Post:
niculaita (02-21-2018)
  #10  
Old 02-20-2018, 21:40
banch banch is offline
Friend
 
Join Date: Sep 2005
Posts: 160
Rept. Given: 11
Rept. Rcvd 11 Times in 4 Posts
Thanks Given: 54
Thanks Rcvd at 21 Times in 16 Posts
banch Reputation: 12
Good story. Hope it could be written in a tourist.
Reply With Quote
  #11  
Old 01-22-2021, 21:56
opcode8 opcode8 is offline
Friend
 
Join Date: Jan 2021
Location: USA west coast, but exploring options
Posts: 1
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 8
Thanks Rcvd at 2 Times in 1 Post
opcode8 Reputation: 0
Another pubkey patcher for RLM (in source!)

https://github.com/xiaolei0517/RLMPubkey

there is some additional discussion here on this topic but not much
https://www.52pojie.cn/thread-1243929-1-1.html
Reply With Quote
The Following 2 Users Say Thank You to opcode8 For This Useful Post:
barukai (01-23-2021), tom324 (04-08-2021)
  #12  
Old 02-08-2021, 13:27
geophylika geophylika is offline
Friend
 
Join Date: Feb 2009
Posts: 53
Rept. Given: 1
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 4
Thanks Rcvd at 7 Times in 4 Posts
geophylika Reputation: 7
Quote:
Originally Posted by rcer View Post
O.K
I fixed the problem with the rlm server, and ISV.exe now runs fine.

problem was related to an incorrect LICENSE_TO_RUN signature


rgds
rcer
How do u fixed the "WARNING: Bad signature:~~`~" error!
What's mean "incorrect LICENSE_TO_RUN signature"!

regards.
Reply With Quote
  #13  
Old 02-09-2021, 11:03
geophylika geophylika is offline
Friend
 
Join Date: Feb 2009
Posts: 53
Rept. Given: 1
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 4
Thanks Rcvd at 7 Times in 4 Posts
geophylika Reputation: 7
Quote:
Originally Posted by rcer View Post
O.K
I fixed the problem with the rlm server, and ISV.exe now runs fine.

problem was related to an incorrect LICENSE_TO_RUN signature


rgds
rcer
Use HELPERV24 EXTRACH rlm.exe and damon.exe PUBLIC KEY,IT DISPLAY pubilic key1-key2-key3-key4-key5,but it can't patch.
RLMPubkey patch with key5
start rlm server,display WARNING: Bad signature:

how to fixed the problem with the rlm server?

rgds
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
About Reprise License Manager swlepus General Discussion 2 11-27-2011 07:15


All times are GMT +8. The time now is 08:46.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )