Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-18-2004, 21:23
*RemedY* *RemedY* is offline
Family
 
Join Date: Sep 2003
Posts: 115
Rept. Given: 18
Rept. Rcvd 72 Times in 30 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 3 Posts
*RemedY* Reputation: 72
ICELicense - no idea where to start

Hi there,

did anyone ever come across a program protected by ICELicense? I am currently working on a prog called PentaSuite 7.1. After installing it, I tried to load it in Olly but Olly crashed immidiately. Furthermore my browser crashed if i opened a thread in Ollyforum when there was the word "Olly" in the topic. Moreover I was not able to attach to the running process - Olly crashed again. As a workaround I renamed every occurance of Olly within the OLLYDBG.EXE to 0lly (its a zero). I found that hint at woodmans. After this renaming-effort (the .exe + plugins), I was able to start debugging. I found out that this prog is protected by ICELicense. I searched the web and found this site:
hxxp://www.ionworx.com/IceLicense.html
They claim to be as good as noone else. Are they really? As I am not able to break within the prog, I ask if someone knows where to start with this. Any hint is greatly apprechiated.

Best regards
*RemedY*

edit: They say on their website that these License-System uses encryption with eliptic curves. The private-key is stored inside the application. The secret one remains at the developers. I found the public-key and a trial-license in the code. The trial-license is for user/company trial/trial. Is it possible to compute the secret-key out of the public-key together with the license? Just the way as one would do it with RSA. Thanks again

Last edited by *RemedY*; 09-18-2004 at 22:23.
Reply With Quote
  #2  
Old 09-18-2004, 23:54
crc32
 
Posts: n/a
Quote:
Originally Posted by *RemedY*
Hi there,
They claim to be as good as noone else. Are they really? As I am not able to break within the prog, I ask if someone knows where to start with this. Any hint is greatly apprechiated.
first it would be good to get the full version witch comes with some source, there is a release somewhere.

as for olly etc. it uses FindWindow (IIRC), and the string are encrypted inside the app.
Quote:
Originally Posted by *RemedY*
edit: They say on their website that these License-System uses encryption with eliptic curves. The private-key is stored inside the application. The secret one remains at the developers. I found the public-key and a trial-license in the code. The trial-license is for user/company trial/trial. Is it possible to compute the secret-key out of the public-key together with the license? Just the way as one would do it with RSA.
yes this is right it uses ECElGamal (it uses FGInt and its ECElGamal implementation -> hxxp://triade.studentenweb.org/GInt/gint.html), and you can calculate Private from Public key if u let ur app run for a couple of years

there might be a chance to find private key another way since it uses (also IIRC cause it some time since i last checked) time + the LicenceIssuer name or something to seed the KeyGenerator...

another method would be to simply patch publickey.

however since almost all IceLicense protected apps i've seen dont use the antidebugging/antipatching features cracking it mostly only involes a patching a flag.
Reply With Quote
  #3  
Old 09-19-2004, 05:58
*RemedY* *RemedY* is offline
Family
 
Join Date: Sep 2003
Posts: 115
Rept. Given: 18
Rept. Rcvd 72 Times in 30 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 3 Posts
*RemedY* Reputation: 72
Hi,

Quote:
however since almost all IceLicense protected apps i've seen dont use the antidebugging/antipatching features cracking it mostly only involes a patching a flag.
Unfortunally this one uses the anti-patching feature. If I modify the exe, the prog cries that it has been modified and tells you that you have to restore the original-executable. At the moment I am looking for the place where the check is done because I think that playing with the crypto-stuff that is needed for a valid licensefile is way beyond my horizon (at least with the skills I have up to now). So patching is the only way (for me) to kill the beast. The prog doesnt check itself by using CreateFileA or CreateFileW, so maybe the check is done in memory. We will see.

Regards *RemedY*
Reply With Quote
  #4  
Old 10-26-2004, 05:47
Android
 
Posts: n/a
Dear *RemedY*,
I also got stuck with this protection.
I don't have any clue how to defeat it and it also terminates DeDE.
Please share what you have found about it .
Also if there is any tutorial I would appreciate it.
Thanks in advance.
Best Regards,
Android.
Reply With Quote
  #5  
Old 10-27-2004, 03:53
*RemedY* *RemedY* is offline
Family
 
Join Date: Sep 2003
Posts: 115
Rept. Given: 18
Rept. Rcvd 72 Times in 30 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 3 Posts
*RemedY* Reputation: 72
Hi Android,

unfortunally I must tell you, that I was not able to go any further as I was at the time of my first post about this issue .
Some people I know (and I think they are a bit more experienced than me) tried to defeat ICELicense - and they failed also. Up to now I found no tutorial whatsoever on this topic. Its really sad, because I am of the opinion that more and more apps coded in Delphi are protected with stuff from ionworx. It seems to be as strong as ionworx claimed it to be.
Sorry that I cant help you more than this.

Best regards
*RemedY*
Reply With Quote
  #6  
Old 10-27-2004, 13:36
peleon peleon is offline
Friend
 
Join Date: Sep 2003
Posts: 174
Rept. Given: 0
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
peleon Reputation: 7
Hi!

I had a look at IceLicense long time ago and I can say that it's a weak protection. For example, the trial can be reseted just removing a registry key (easy detectable with regmon).

It might look hard to crack because it behaves like a ZIP password protected application. So, if you dont know the key, you dont know which code will be decrypted, but as soon as you have a valid key you can easily dump the decrypted blocks and easily reconstruct the original program.

I dont think that this kind of "ZIP-password protectors" are much useful, becuase they only suit when you release your program with disabled functions (that will be decrypted with valid license)...when you want to release a full demo of your program, that kind of protection is useless.

I dont know 100% latest version of IceLicense...so, If I'm wrong in anything I said, tell me please

Regards.
Reply With Quote
  #7  
Old 10-27-2004, 19:31
redbull redbull is offline
Friend
 
Join Date: Mar 2004
Posts: 160
Rept. Given: 17
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 6 Times in 6 Posts
redbull Reputation: 5
I uploaded a full version with source code to the ftp server

"/pub/ICE.License.v2.08/ICE License 208 Full SRC.zip" (5,900 KB)
Reply With Quote
  #8  
Old 10-30-2004, 07:45
Android
 
Posts: n/a
Hello every body,
Thanks for your help.
What I have found is just a Signature file for IDA supporting IceLcense.
To be honest,I don't know how to use this signature file properly.
I need help in this case to be able to use IDA and this signature together for cracking.

In fact,I want to crack a software which is protected by IceLicense .
My problem is that when I unpack the program all the menus and buttons will be disabled.
It checks 2 things to fo do.
1-CRC32
2-MD5
As you know Icelicense uses 2 kinds of cryptos for integrity check of the original file.(CRC32 and MD5)

As for CRC3 protection I have found a jump here

006EA9A7

But as for MD5 I couldn't find anything useful.

I want to know if you can help me and teach me how to use the signature to defeat the last protection of disabling.

There is another protection which terminates softwares like DeDE and SoftIce.
I also want to defeat it.



The program I'm talking about is here.

h**p://www.pishgamsoft.com/Products-CoLock-En.htm

Thanks in advance.
Best Regards,
Android.
Attached Files
File Type: rar IceLicense.rar (4.6 KB, 31 views)
Reply With Quote
  #9  
Old 10-30-2004, 17:12
peleon peleon is offline
Friend
 
Join Date: Sep 2003
Posts: 174
Rept. Given: 0
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
peleon Reputation: 7
redbull, thanks for the file.

Attached you have the trial crack for that version.

Regards.
Attached Files
File Type: rar ionworxkill.rar (878 Bytes, 20 views)
Reply With Quote
  #10  
Old 11-04-2004, 00:31
0KRam
 
Posts: n/a
Tutorial

I wrote a tutorial about Icelicense (the protected program was Winlive Pro 4.5).
Unfortunately, I think it is a quite old version, in fact the application was released in 2003..
Attached Files
File Type: rar Icelicense by 0KRam.rar (176.1 KB, 46 views)
Reply With Quote
  #11  
Old 11-07-2004, 00:27
ivanov ivanov is offline
uninvited_guest
 
Join Date: Aug 2004
Location: Lubljana
Posts: 178
Rept. Given: 58
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 43
Thanks Rcvd at 13 Times in 11 Posts
ivanov Reputation: 3
The author of Icelicense is here:

hxxp: // board.anticrack. de/viewtopic.php?t=1141&highlight=icelicense

If I were you, I will ask him for a favor! :-)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Where to start? cybercoder General Discussion 2 10-30-2012 17:56
writing my own OS.....where to start from?? loman General Discussion 33 06-29-2004 18:09


All times are GMT +8. The time now is 18:32.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )