Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-31-2014, 00:47
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
[C++, WinAPI] Enigma HWID patcher with hardware breakpoints

Hey guys,
 
This is a small project I did for a friend some time ago, basically it's a DLL you inject into an engima process (by loader, or by inline) and it will put a hardware breakpoint somewhere and write a new HWID.
 
Attached the full source code, you have to manually find the HWID patch offset, but for someone who works with Enigma often this should be no problem...
 
Little hint:
Code:
0044F168  ^\75 A7           JNZ SHORT test1.0044F111
0044F16A    85F6            TEST ESI,ESI
0044F16C  /-7E 25           JLE SHORT test1.0044F193            ; This is the patch place.
0044F16E  | 8D45 EC         LEA EAX,DWORD PTR SS:[EBP-0x14]
0044F171  | 66:83E3 0F      AND BX,0xF
0044F175  | 0FB7D3          MOVZX EDX,BX
0044F178  | B9 04F24400     MOV ECX,test1.0044F204              ; ASCII "ABCDEF1234567890- \t\r\n"
0044F17D  | 8A1411          MOV DL,BYTE PTR DS:[ECX+EDX]
0044F180  | E8 0F25FCFF     CALL test1.00411694
0044F185  | 8B55 EC         MOV EDX,DWORD PTR SS:[EBP-0x14]
0044F188  | 8B0F            MOV ECX,DWORD PTR DS:[EDI]
0044F18A  | 8BC7            MOV EAX,EDI
0044F18C  | E8 3726FCFF     CALL test1.004117C8
0044F191  | EB 23           JMP SHORT test1.0044F1B6
0044F193  \-8B07            MOV EAX,DWORD PTR DS:[EDI]
0044F195    E8 E225FCFF     CALL test1.0041177C
0044F19A    85C0            TEST EAX,EAX
 
As a bonus there is two extra functions: dputs and dprintf, just puts and printf, but they will output debug strings (so you can use DbgView to get logging information).
 
Greetings,
 
Mr. eXoDia
Attached Files
File Type: rar enigma_hwid.rar (179.7 KB, 107 views)
Reply With Quote
The Following 15 Users Gave Reputation+1 to mr.exodia For This Useful Post:
ahmadmansoor (07-31-2014), alekine322 (08-08-2014), besoeso (07-31-2014), chessgod101 (08-02-2014), Computer_Angel (08-08-2014), Kla$ (07-31-2014), MarcElBichon (07-31-2014), mdj (08-01-2014), Notmex (08-05-2014), quygia128 (08-01-2014), SLV (07-31-2014), taos (08-01-2014), WilliamElts (08-04-2014), ZeNiX (07-31-2014)
The Following User Says Thank You to mr.exodia For This Useful Post:
2lht_love (01-01-2024)
  #2  
Old 07-31-2014, 11:50
ZeNiX's Avatar
ZeNiX ZeNiX is offline
Administrator
 
Join Date: Feb 2009
Posts: 732
Rept. Given: 177
Rept. Rcvd 773 Times in 259 Posts
Thanks Given: 213
Thanks Rcvd at 885 Times in 242 Posts
ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899
This has been an old problem not solved by Enigma Protector.
We can always locate and modify the HWID easily.

I hope Vladimir can solve this issue soon.

For WinLicense, there are additional checksums on the HWID.
For VMProtect, it is difficult to locate the HWID.
Reply With Quote
The Following 2 Users Gave Reputation+1 to ZeNiX For This Useful Post:
mdj (08-01-2014), taos (08-01-2014)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Enigma 4 2015 HWID Jhonjhon_123 General Discussion 0 11-24-2015 11:42


All times are GMT +8. The time now is 16:29.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )