dll serial fishing/patching help needed(easy)

[wassim_]

Hi guys.

I'm working on a program that can be licensed by three means:

Dongle
Flexlm (version 7.2)
a serial number

for obvious reasons, I'm trying to reverse the 3rd option (serial licensing).

What I've found is that the serial checking algo is in a dll that the main exe loads at runtime yet I can't break inside the dll using Bp GetDlgItem or Bp MessageBoxA in olly if I load the main exe and set breakpoints, so what should I do? where should I put my Bp to break on the serial checking algo?

Moreover, the Dll in question is not packed, yet a search referenced strings in olly doesn't show tha bad guy message so where could it be hiding? in intermodular calls?

Last question: An older version of this program stores the valid serial in a .ini file and checks it every time it runs, if I entered a fake serial in this ini, what kind of Bp should I use to break when the program loads this fake serial to check it out?

P.S: I'm using ollydebugger

Thank you in advance.

For these purposes you can use DLLBreakEx plugin by Epsylon3.
Otherwise, press ALT+E in Olly, double-click on the DLL. It will be an entry point. Put BP there and run the app.

[Crudd[RET]]

And as for breaking on the .ini file: CreateFile will prolly be called to retrieve the file handle and ReadFile to read the .ini file. An API guide could come in real handy.
Crudd [RET]

[dyn!o]

Hello Wassim ,

"for obvious reasons, I'm trying to reverse the 3rd option (serial licensing)"
Hmm.... I wouldn't be so sure. Why do you think that serial validation could be easier than dongle or FlexLM reversing? Let's see:

1. Dongle.
A pitty you didn't precised which one. Sentinel and Hasp are kind of toys to crack. Wibu, Marx are harder. Suppose you will crack it. What you gain by reversing the dongle verification scheme? A lot. First of all, you control the application and its future version (almost for sure) because dongle protection, usually, means the same protection for next years. So, only very little work is required when next version are relased (look at the masters in emulation - Paradox, they immediately relase next versions of titles protected with dongles)

2. FlexLM.
This is a well known license system with some tutorials available on the net, explaining its internals. Also it has the most easiest license verification scheme I ever saw. It's like with the hardware key - if someone bought FlexLM to protect his software then, almost for sure, he will use it in next versions, because of standard and costs (FlexLM is not dedicated to small developers). FlexLM doesn't change very deep, althought it can become modified in the future.

2. Serial validation.
Again: pitty that you didn't precised which algorithm it uses (or at least you suppose). AES candidates and its approved schemes (Rijndael, RSA, ECC) so far are impossible to reverse if there is no hole in the generation/validation engine (like the last PNG weakness in Armadillo). Of course, you can crack it, but then, in the next version of the software, you can encounter completely new protection. But let's assume you will be able to reverse its scheme and create a keygenerator. What next? Software developers will change the algorithm (if they are wise) in the next version, making it even harder to crack.

Of course, key generators or single key generation are very good solutions, but if you ask me - not in this case. So, isn't it a paradox that serial validation doesn't have to be the easiet one?

Other people: please watch my words before commenting this post. Thanks.

Regards.

[wassim_]

Hi dyn!o

It's been some time now that I'm trying with this program, I assumed the serial validation would be the easiest since I have no background at all in dongle cracking, I've tried and "collected" tutorials about dongle cracking, read them all but I'm afraid it's just too complicated for a non-dedicated reverser like me, I'm just reversing programs I'm personally interrested in i.e programs that are useful for my daily life and work...

As for flexlM, well to be honest I have no background in that area too, it just seems very time consuming to do all the reading and research all over again, I lack time and internet availabilty...

What you said is very correct, in fact it's the right strategy yet it requires some expertise in this field (dongles and flexlm) which I lack...

One more reason to follow the serial validation path is that an earlier release of the program was keygenerated and yes indeed the algo was updated in the current release yet the only difference between the old version and the new one is a dll! the serial verification algo is in this dll and that's where I'm trying to dig


I'll PM you about the program, if you're interrested in giving it a shot.

Thanks again for you're advices, It's very useful to have someone to put you on the right path instead of flaming you...

[dyn!o]

It was, and is, always my pleasure .

I know that people are afraid of dongles (and so did I) but it's like with a women:

if you won't try, you never know how boring she is

So, if we won't try few womens, but stay with the first one - we will never know if she was the right choice, also we will never have any collaction (anyway, I'm living with... my first women, thus I really don't know what I've won/lost ).

Best regards.