Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-06-2018, 22:18
c9er c9er is offline
Guest
 
Join Date: May 2018
Posts: 2
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
c9er Reputation: 0
Lightbulb WinLicense HWID Information

Hi All,

I am not new to reverse engineering but I haven't dealt with WinLicense before. I want to know if HWID check is simply a comparison check of HWID stored in license with current HWID or is correct HWID required to further decrypt the protected code? It would be great if any of the experienced members can shed some light on this.

Last edited by c9er; 08-07-2018 at 14:06. Reason: Typo
Reply With Quote
  #2  
Old 08-06-2018, 22:45
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,053 Times in 478 Posts
chants Reputation: 48
Dear Friend, You did not mention your version which is quite important to this particular packing tool. Also try the nice search feature of the forum using keywords such as winlicense, hwid or hw-id and you find things such as:
Quote:
https://forum.exetools.com/showthread.php?t=18607
Probably you will quickly find tools and tutorials supporting your line of inquiry that go into all the details you need.

GIV's tutorial:
Quote:
https://tuts4you.com/e107_plugins/download/download.php?view.3540
LCF-AT's tutorial:
Quote:
https://tuts4you.com/e107_plugins/download/download.php?view.3526
Reply With Quote
  #3  
Old 08-07-2018, 10:35
ZeNiX's Avatar
ZeNiX ZeNiX is offline
Administrator
 
Join Date: Feb 2009
Posts: 732
Rept. Given: 177
Rept. Rcvd 773 Times in 259 Posts
Thanks Given: 213
Thanks Rcvd at 885 Times in 242 Posts
ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899
1. correct HWID is not required to further decrypt the protected code
2. HWID check is not simply a compassion check. It is checked DWORD by DWORD. So I assume it has x8 checks.
Reply With Quote
The Following User Says Thank You to ZeNiX For This Useful Post:
tonyweb (08-11-2018)
  #4  
Old 08-07-2018, 16:43
c9er c9er is offline
Guest
 
Join Date: May 2018
Posts: 2
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
c9er Reputation: 0
@chants

I have already gone through those tutorials. I was able to successfully use the LCF-AT script (1.4) on bundled crackmes. My current target is using " Themida/Winlicense(2.X)[-]" as per DiE version 2.0. I have a valid license file which was generated for different HWID. LCF-AT script is able to break at the correct nag message but then it fails to find any HWID compare checks. Subsequently the program closes itself after failed HWID check.

I have set a script breakpoint at FOUND_RIGHT_MESSAGE (Line 10726) and script beaks there. After that I can see that it tries to find the HWID compare check. After that it jumps to NO_MORE_CMPS (Line 10830) and executes the command "esto" and the program terminates with exit code 2.

Any ideas about why it's failing to find the correct check? I can share the program and regkey.dat file privately if somebody wants to take a look himself. It is not a commercial program and contains only a single executable file. Any pointers in the right direction will be appreciated.
Reply With Quote
Reply

Tags
hwid, winlicense

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
winlicense 2.1.x hwid bypass ? Mahmoudnia General Discussion 10 01-26-2018 09:24


All times are GMT +8. The time now is 20:53.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )