Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-18-2018, 17:59
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is online now
Family
 
Join Date: Nov 2012
Posts: 228
Rept. Given: 64
Rept. Rcvd 142 Times in 49 Posts
Thanks Given: 198
Thanks Rcvd at 282 Times in 97 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
winlicense 2.1.x hwid bypass ?

Hi
how to bypass hwid of 2.1.x winlicense protected targets ?

i have valid license for other pc
Reply With Quote
  #2  
Old 01-20-2018, 01:32
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
Hi.
Take a look here:
https://tuts4you.com/e107_plugins/do....php?view.3526
Reply With Quote
  #3  
Old 01-20-2018, 01:52
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is online now
Family
 
Join Date: Nov 2012
Posts: 228
Rept. Given: 64
Rept. Rcvd 142 Times in 49 Posts
Thanks Given: 198
Thanks Rcvd at 282 Times in 97 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
Hi giv
my tagert don't run in win xp , how to use lcf-at script in other windows os ?
this is my target :
Code:
http://www.mediafire.com/file/i966h3230ml1n97/Xentry.rar
but when i using lcf-at script it show me license error !
may you help me ?
thanks

Last edited by Mahmoudnia; 01-23-2018 at 18:12.
Reply With Quote
  #4  
Old 01-20-2018, 23:31
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is online now
Family
 
Join Date: Nov 2012
Posts: 228
Rept. Given: 64
Rept. Rcvd 142 Times in 49 Posts
Thanks Given: 198
Thanks Rcvd at 282 Times in 97 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
friend giv , may you help me ?
Reply With Quote
  #5  
Old 01-23-2018, 14:47
MistHill MistHill is offline
Family
 
Join Date: Dec 2012
Posts: 31
Rept. Given: 12
Rept. Rcvd 42 Times in 13 Posts
Thanks Given: 26
Thanks Rcvd at 135 Times in 28 Posts
MistHill Reputation: 42
Bypass the WinLicense 2.4.6.0 HWiD Check

Xentry.exe(VeDoc calculator) is protected by WinLicense 2.4.6.0.
It can not run in Windows XP because it imports APIs from dwmapi.dll.

I played in Windows 7 with your valid license file regkey.dat:
  1. Set a hardware execution breakpoint at 0147CB7B(where ModuleBase is 00400000);
  2. F9, run. waiting for user32.MessageBoxEx(NULL, "This application has been registered to\r\nSkud1 - Private 2", "WinLicense", MB_ICONINFORMATION, 0);
  3. Click Ok in MessageBox, then it should land on the BP;
  4. At here, modify DWORD [0130A21D]=7CBDC03A;
  5. Clear the BP, F9. You are free to go!

It's so simple, so easy to bypass the HWiD Check! Sad for Oreans.

For more technical details, please refer to my post years ago at tuts4you Themida 2.2.6.0, in which attached a WinLicense 2.2.6.0 example.
Reply With Quote
The Following User Gave Reputation+1 to MistHill For This Useful Post:
Mahmoudnia (01-23-2018)
The Following 6 Users Say Thank You to MistHill For This Useful Post:
Mahmoudnia (01-23-2018), Newbie_Cracker (01-30-2018), niculaita (01-24-2018), NoneForce (01-24-2018), ontryit (01-24-2018), tonyweb (02-04-2018)
  #6  
Old 01-23-2018, 17:08
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is online now
Family
 
Join Date: Nov 2012
Posts: 228
Rept. Given: 64
Rept. Rcvd 142 Times in 49 Posts
Thanks Given: 198
Thanks Rcvd at 282 Times in 97 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
Hi MistHill
Thanks a lot off
may you tell me how to find "modify DWORD [0130A21D]=7CBDC03A" ?
thanks again
Reply With Quote
  #7  
Old 01-24-2018, 09:21
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by Mahmoudnia View Post
Hi giv
my tagert don't run in win xp , how to use lcf-at script in other windows os ?
this is my target :
Code:
http://www.mediafire.com/file/i966h3230ml1n97/Xentry.rar
...
thanks
The target is no longer available ... Could you please re-up it ?
I will also have a look
Reply With Quote
  #8  
Old 01-25-2018, 10:31
MistHill MistHill is offline
Family
 
Join Date: Dec 2012
Posts: 31
Rept. Given: 12
Rept. Rcvd 42 Times in 13 Posts
Thanks Given: 26
Thanks Rcvd at 135 Times in 28 Posts
MistHill Reputation: 42
@TechLord
Mahmoudnia's link still works.

@Mahmoudnia
It's a long story. Read my post at tuts4you for some hint.
In short, address 0130A21D is the Is_Registered_DWORD1.
1. It was initialized to FALSE (value 0x5B4E0215) at first.
2. Set to TRUE(value 0x7CBDC03A) if License File: RSA decryption and signature verification, decryptions for each fields and checksums all Okay. Else FALSE again, no go further.
3. Set to FALSE if HWiD not matches, error message, exit.
4. Decrypting each setions of the application, resolving imports, relocating, and so on.

What we do is find out the Is_Registered_DWORD1 address and TRUE/FALSE values, and patch it to TRUE at some place before the check.
Easy or difficult, depending on how much understanding for the Oreans' VM architecture.
Reply With Quote
The Following 2 Users Say Thank You to MistHill For This Useful Post:
TechLord (01-25-2018), tonyweb (02-04-2018)
  #9  
Old 01-25-2018, 11:59
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by MistHill View Post
@TechLord
Mahmoudnia's link still works.

....
Thank you for the reply but ...

I am getting this error message :

Quote:
https://imgur.com/a/sv4YH
Reply With Quote
  #10  
Old 01-25-2018, 21:44
MistHill MistHill is offline
Family
 
Join Date: Dec 2012
Posts: 31
Rept. Given: 12
Rept. Rcvd 42 Times in 13 Posts
Thanks Given: 26
Thanks Rcvd at 135 Times in 28 Posts
MistHill Reputation: 42
Quote:
Originally Posted by TechLord View Post
Thank you for the reply but ...

I am getting this error message :
Seems your ISP sucks.

Xentry.rar - OpenDrive
Reply With Quote
The Following 2 Users Say Thank You to MistHill For This Useful Post:
niculaita (01-26-2018), TechLord (01-25-2018)
  #11  
Old 01-26-2018, 09:24
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by MistHill View Post
Seems your ISP sucks.

Xentry.rar - OpenDrive
Thanks a lot for the upload !

No.. I don't think it's the ISP... I think that the file from Mahmoudnia's link is deleted... I am able to download other files from Mediafire without issues.

In any case thanks a lot once again for the upload

Cheers
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 20:26.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )