EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-21-2017, 05:15
foil foil is offline
Friend
 
Join Date: Feb 2017
Posts: 9
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 7
Thanks Rcvd at 1 Time in 1 Post
foil Reputation: 0
Question Keygenning Help

Hi guys,

Alright, so I'm wanting to try to keygen an application for the first time, and I am reaching out to ask if anybody would like to help me out with it?
This program is *mostly* written in .NET, I have unpacked it and am able to reflect the source.
I have found private keys that it uses for signing, etc..

I'm guessing that this is something easy to do - with the information that I have gotten out of the source, but I've never dealt with keygenning before.

Would anybody on here like to work with me privately and possibly give me some pointers/hints/tips/etc?
This is a Point of Sale (POS) system software that I'm working with, by the way.

Thank you all!
Reply With Quote
  #2  
Old 11-27-2017, 23:35
JMP-JECXZ JMP-JECXZ is offline
Friend
 
Join Date: Mar 2017
Posts: 8
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 5 Times in 2 Posts
JMP-JECXZ Reputation: 0
what the problem if you are able to reflect the source ?
Reply With Quote
  #3  
Old 11-28-2017, 13:17
chicknsoup chicknsoup is offline
Friend
 
Join Date: Sep 2013
Posts: 27
Rept. Given: 2
Rept. Rcvd 8 Times in 2 Posts
Thanks Given: 6
Thanks Rcvd at 15 Times in 9 Posts
chicknsoup Reputation: 8
The easiest way is to modify the source and make it an internal keygen (let the nag screen show the real key/serial instead of the incorrect key message).
Reply With Quote
The Following User Says Thank You to chicknsoup For This Useful Post:
Stingered (12-30-2017)
  #4  
Old 12-04-2017, 09:25
psgama psgama is offline
Friend
 
Join Date: Jul 2014
Posts: 72
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 8
Thanks Rcvd at 46 Times in 24 Posts
psgama Reputation: 3
Exactly what chcknsoup has said. Find the key check routine, and make it spit out a key in a messagebox or something using reflexil. I've done this many times.

You can also take the reflected source code and paste it into Visual studio to create a keygen. If you reverse the Key validation procedure, it is generally pretty easy to create a keygen.

For Example:

Private Function BuildHash() As String
Dim s As String = ("CEPE2015" & TextBox1.Text)
Dim provider As New MD5CryptoServiceProvider
Dim bytes As Byte() = Encoding.UTF32.GetBytes(s)
bytes = provider.ComputeHash(bytes)
Dim builder As New StringBuilder
Dim num As Integer = 1
Dim num2 As Byte
For Each num2 In bytes
Select Case num
Case 1
builder.Append(num2.ToString("x4").ToLower)
Exit Select
Case 2
builder.Append(num2.ToString("x3").ToLower)
Exit Select
Case 3
builder.Append(num2.ToString("x2").ToLower)
Exit Select
Case 4
builder.Append(num2.ToString("x1").ToLower)
Exit Select
End Select
num += 1
If (num > 4) Then
num = 1
End If
Next
Return builder.ToString
End Function
Reply With Quote
  #5  
Old 12-07-2017, 05:44
foil foil is offline
Friend
 
Join Date: Feb 2017
Posts: 9
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 7
Thanks Rcvd at 1 Time in 1 Post
foil Reputation: 0
Sorry for the extremely delayed response, guys!
I appreciate all of your input, and I will look into just working with the source within Visual Studio.
I'll let ya know how it turns out, or if I have any more questions!

Thank you all
Reply With Quote
  #6  
Old 12-07-2017, 10:34
psgama psgama is offline
Friend
 
Join Date: Jul 2014
Posts: 72
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 8
Thanks Rcvd at 46 Times in 24 Posts
psgama Reputation: 3
Post an external link to installer if you want a look taken. I am finished with project I was working on, and am not "friend" of forum so cannot download internal link
Reply With Quote
The Following User Says Thank You to psgama For This Useful Post:
foil (01-26-2018)
  #7  
Old 01-26-2018, 02:07
foil foil is offline
Friend
 
Join Date: Feb 2017
Posts: 9
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 7
Thanks Rcvd at 1 Time in 1 Post
foil Reputation: 0
Alright, so I can't get this figured out, haha..
I'm going to post the DLL that has all of the functions within it - would you guys be able to take a look at it, and point me in the right direction?

The DLL is written in .NET and can be reflected without an issue.
I have imported the DLL and even recompiled it, but I can't seem to be able to generate or validate my own keys with the knowledge that I have.

Thank you all

Code:
http://f0il.com/bvVisionRegistration.dll

Last edited by foil; 01-26-2018 at 06:59.
Reply With Quote
  #8  
Old 01-26-2018, 15:12
surferxyz surferxyz is offline
Friend
 
Join Date: Jan 2005
Location: Planet Earth
Posts: 54
Rept. Given: 0
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 27 Times in 9 Posts
surferxyz Reputation: 8
I did not look at your target, but you said you found the private keys used to sign the license? How? Its unlikely you really found them, they shouldn't be embedded in the application.
Reply With Quote
  #9  
Old 01-27-2018, 09:46
T-rad T-rad is offline
Friend
 
Join Date: May 2016
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 1 Time in 1 Post
T-rad Reputation: 0
looking at the validation code it looks to be a custom crc is used and only a few chars of the serial are actually checked. I did not really go into it as the installer was not shared so there is no way to debug and confirm any findings (at least for me)
Reply With Quote
  #10  
Old 01-27-2018, 11:32
foil foil is offline
Friend
 
Join Date: Feb 2017
Posts: 9
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 7
Thanks Rcvd at 1 Time in 1 Post
foil Reputation: 0
@surferxyz - I could be totally wrong about the private keys that I had found (it may be related to something else?), but if you look in the dll, you will see reference to 'private key', and it has a key that is used to sign something used during validation.

@T-Rad - I can post the installer, if you would like to take a look! Any help is definitely appreciated.. I own a real license for this application, and am just trying to tackle this for fun I guess.

Thank you guys
Reply With Quote
  #11  
Old 01-27-2018, 13:58
T-rad T-rad is offline
Friend
 
Join Date: May 2016
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 1 Time in 1 Post
T-rad Reputation: 0
installer would help. by the way, how long is the actual key
Reply With Quote
  #12  
Old 01-28-2018, 23:23
foil foil is offline
Friend
 
Join Date: Feb 2017
Posts: 9
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 7
Thanks Rcvd at 1 Time in 1 Post
foil Reputation: 0
Quote:
Originally Posted by T-rad View Post
installer would help. by the way, how long is the actual key
No problem, I'll get it uploaded tonight for you when I get home!

The way that their key system works is:
  • Each store has a 7-digit long 'location code'
  • A unique 'location name'
  • Store address
  • Customer name
  • Licensing period (generally 1 or 2 years in length)
  • and finally which products (modules) are enabled with the license purchased

The key is 25 digits in length - 5 digits, hyphen, 5 digits, hyphen, etc.. alphanumeric, all uppercase, ie:
ABC12-ABC23-A1B1C-ABCD1-XYZ34

The key is generated on a php page on their website, and uses the info listed above to hash it all together.

Thank you

image of php page that generates the key:
Code:
http://f0il.com/key.png
edit: here is the link to the installer, password is exetools
It will extract everything into c:\install
Code:
http://f0il.com/vision.zip
I'm not sure that you will be able to get to the registration part, however.. it relies on a MSSQL back-end, and a location code must be set within the database before any module can be ran. The registration page is within the POSSetup.exe though!
If you need, I can setup a remote session with you to check it out on a working machine, because it's a pain in the ass to get setup from scratch!

Last edited by foil; 01-28-2018 at 23:37. Reason: added link to installer
Reply With Quote
  #13  
Old 02-02-2018, 11:18
T-rad T-rad is offline
Friend
 
Join Date: May 2016
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 1 Time in 1 Post
T-rad Reputation: 0
cant install so no joy on debugging it.
'POSSetup.exe' appears to be compiled in VB6.
I dont think 'bvVisionRegistration.dll' is for the program serial check.
If it is, it does not compare against anything entered in the registeation process (according to your pic) except maybe the expiry date.
It might be for a supporting dll or ocx or something.
It checks a variable length serial for a custom CRC in 2 different locations (based on the length of the serial entered), followed by a table lookup and a base2 convertion that only is valid if it is all 0's. It does a bunch of crap in between but thats more or less the gist of the serial.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 15:13.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX