Quote:
Originally posted by alephz
1. Try CC from 'Help Me - CRC Check and FileSize Check' topic
h**p://w*w.exetools.com/forum/showthread.php?threadid=2385
2. RC5/6 was implemented in a lot libraries on the net.
|
Just a quick update, the cc tool confirmed that the exe had rc5, now knowing these offsets I was able to locate the subroutine.
Thanks alephz!
I have since found a string ref to RC4 too! I think the serial number is a rc4 key, and the content decryption is handled by RC6.
The app produces a unique system id number using API calls to GetSystemInfo, GetComputerNameA and GetVolumeInformationA.
This is to restrict a valid password to a single PC.
If your system ID changes, you are sent an new serial to unlock the content. Therefore, system ID is equivalent to a user name and the serial is the password.
So I think I am looking at some sort of RC4 keygen. Yikes!
I've got some more questions I'll try to answer myself before posting.
I'm new to reverse engineering, where do the hours go?
5Alive.