Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   Reverse Code Engineering (http://www.reteam.org/board/forumdisplay.php?f=23)
-   -   Understanding algorithm (http://www.reteam.org/board/showthread.php?t=7268)

appcrox 09-22-2014 04:16 AM

Understanding algorithm
 
Hi all!
I need to understand generating an activation key algorithm for my screen reader software, avaylable at:
ftp://ftp.freedomscientific.com/user...4ENU-32bit.exe
This software has dongle and internet license authorization placed in Program Files\Freedom Scientific\Activator\JAWS.cps
I have JAWS.cps file, but is not generated for my locking code.
I need help to understand the algorithm how to read this file, and I will be able to make a program for writing JAWS.cps file for any locking code.
If someone wants to help me to solve this issue, it is necessary to download jaws from the link above, and to copy the following content to notepad, and save it as JAWS.cps to Program Files\Freedom Scientific\Activator
Z3YTIX3Y8Q2W4WOCKRR7MLFSZCZPUCSIDHGR62Y6FIME3UNST2 O2IRMJYLDAPRNJMMEVFCA7OSM4RKVNSI9AZJINEOJTECROJOVW JIPDMDGMHZY5TMCMUTRPTZH## Dynamically installed.

Then, it is necessary to open Program Files\Freedom Scientific\JAWS\15.0\jfw.exe, or fsauth.exe from a debugger to see how program reads this file, and what the file contains.
I tryed to put a breakpoint on every reference to fopen import function, and I can get locking code from this file, but I cannot see how program extracts the information from it.
This file needs to contain locking code, 6 digit serial number, 20 digit authorization number, etc, but I do not know how it generates it, and the algorithm how is interpreted into characters.

Please help.

Best regards,

sverox 09-22-2014 05:24 AM

JAWS is Sentinel LM/RMS (as i know in past).
Post your cps file as is. I think forum wrap your string and cant be decoded.

BfoX 09-22-2014 05:54 AM

Code:

Code Type [1]
Additive [1]
client_server_lock_mode [3]
holding_crit [1]
sharing_crit [0]
server_locking_crit1[00] = [0]
server_locking_crit1[01] = [0]
server_locking_crit1[02] = [0]
server_locking_crit1[03] = [0]
server_locking_crit1[04] = [0]
server_locking_crit1[05] = [0]
server_locking_crit1[06] = [0]
server_locking_crit1[07] = [0]
server_locking_crit1[08] = [0]
server_locking_crit1[09] = [0]
server_locking_crit1[10] = [0]
server_locking_crit2[00] = [0]
server_locking_crit2[01] = [0]
server_locking_crit2[02] = [0]
server_locking_crit2[03] = [0]
server_locking_crit2[04] = [0]
server_locking_crit2[05] = [0]
server_locking_crit2[06] = [0]
server_locking_crit2[07] = [0]
server_locking_crit2[08] = [0]
server_locking_crit2[09] = [0]
server_locking_crit2[10] = [0]
client_locking_crit[00] = [256]
client_locking_crit[01] = [0]
client_locking_crit[02] = [0]
client_locking_crit[03] = [0]
client_locking_crit[04] = [0]
client_locking_crit[05] = [0]
client_locking_crit[06] = [0]
standalone_flag [1]
out_lic_type [0]
clock_tamper_flag [1]
feature_name [00]
feature_version []
birth_day [1]
birth_month [0]
birth_year [1999]
death_day [31]
death_month [11]
death_year [2500]
num_servers [1]
server_lock_info1[00] = []
server_lock_info1[01] = []
server_lock_info1[02] = []
server_lock_info1[03] = []
server_lock_info1[04] = []
server_lock_info1[05] = []
server_lock_info1[06] = []
server_lock_info1[07] = []
server_lock_info1[08] = []
server_lock_info1[09] = []
server_lock_info1[10] = []
server_lock_info2[00] = []
server_lock_info2[01] = []
server_lock_info2[02] = []
server_lock_info2[03] = []
server_lock_info2[04] = []
server_lock_info2[05] = []
server_lock_info2[06] = []
server_lock_info2[07] = []
server_lock_info2[08] = []
server_lock_info2[09] = []
server_lock_info2[10] = []
nl_client_lock_info[00] = [27480]
nl_client_lock_info[01] = []
nl_client_lock_info[02] = []
nl_client_lock_info[03] = []
nl_client_lock_info[04] = []
nl_client_lock_info[05] = []
nl_client_lock_info[06] = []
num_keys[00] = [0001]
num_keys[01] = [1FFFFE]
num_keys[02] = [1FFFFE]
num_keys[03] = [1FFFFE]
num_keys[04] = [1FFFFE]
num_keys[05] = [1FFFFE]
num_keys[06] = [1FFFFE]
num_keys[07] = [1FFFFE]
num_keys[08] = [1FFFFE]
num_keys[09] = [1FFFFE]
num_keys[10] = [1FFFFE]
num_keys[11] = [1FFFFE]
num_keys[12] = [1FFFFE]
num_keys[13] = [1FFFFE]
num_keys[14] = [1FFFFE]
num_keys[15] = [1FFFFE]
num_keys[16] = [1FFFFE]
num_keys[17] = [1FFFFE]
num_keys[18] = [1FFFFE]
num_keys[19] = [1FFFFE]
num_keys[20] = [1FFFFE]
num_keys[21] = [1FFFFE]
num_keys[22] = [1FFFFE]
num_keys[23] = [1FFFFE]
num_keys[24] = [1FFFFE]
num_keys[25] = [1FFFFE]
num_keys[26] = [1FFFFE]
num_keys[27] = [1FFFFE]
num_keys[28] = [1FFFFE]
num_keys[29] = [1FFFFE]
num_keys[30] = [1FFFFE]
num_keys[31] = [1FFFFE]
num_keys[32] = [1FFFFE]
num_keys[33] = [1FFFFE]
num_keys[34] = [1FFFFE]
num_keys[35] = [1FFFFE]
num_keys[36] = [1FFFFE]
num_keys[37] = [1FFFFE]
num_keys[38] = [1FFFFE]
num_keys[39] = [1FFFFE]
num_keys[40] = [1FFFFE]
num_keys[41] = [1FFFFE]
num_keys[42] = [1FFFFE]
num_keys[43] = [1FFFFE]
num_keys[44] = [1FFFFE]
num_keys[45] = [1FFFFE]
num_keys[46] = [1FFFFE]
num_keys[47] = [1FFFFE]
num_keys[48] = [1FFFFE]
num_keys[49] = [1FFFFE]
num_keys[50] = [1FFFFE]
num_keys[51] = [1FFFFE]
num_keys[52] = [1FFFFE]
num_keys[53] = [1FFFFE]
num_keys[54] = [1FFFFE]
num_keys[55] = [1FFFFE]
num_keys[56] = [1FFFFE]
num_keys[57] = [1FFFFE]
num_keys[58] = [1FFFFE]
num_keys[59] = [1FFFFE]
num_keys[60] = [1FFFFE]
num_keys[61] = [1FFFFE]
num_keys[62] = [1FFFFE]
soft_limit [1FFFFE]
keys_per_node[00] = [1FFFFE]
keys_per_node[01] = [1FFFFE]
keys_per_node[02] = [1FFFFE]
keys_per_node[03] = [1FFFFE]
keys_per_node[04] = [1FFFFE]
keys_per_node[05] = [1FFFFE]
keys_per_node[06] = [1FFFFE]
num_subnets [0000]
site_lic_info[00] = []
site_lic_info[01] = []
site_lic_info[02] = []
site_lic_info[03] = []
site_lic_info[04] = []
site_lic_info[05] = []
site_lic_info[06] = []
share_limit [1FFFFE]
key_life_units [0000]
key_lifetime [00000005]
key_hold_units [0000]
key_holdtime [00000000]
num_secrets [0004]
secrets[00] = [NotUsed]
secrets[01] = [6L3B8HKBA4]
secrets[02] = [0SHDGQ43TP]
secrets[03] = [5ISYNP29WZ]
secrets[04] = []
secrets[05] = []
secrets[06] = []
vendor_info = [0|485006|250653]
licType [0]
trialDaysCount [0]
use_auth_code [0]
numeric_type [0]
conversion_time [00000000]
isRedundant [0]
majority_rule [0]
isCommuter [0]
commuter_max_checkout_days [0]
log_encrypt_level [4629]
elan_key_flag [7]
vendor_code [0000]
version_num [0]
licensing_crit [1]
meter_value [0]
num_features [0]
key_type [0]
capacity_flag [0]
capacity_units [0]
capacity [0]
grace_period_flag [0]
grace_period_calendar_days [0]
grace_period_elapsed_hours [2]
overdraft_flag [10]
overdraft_hours [0]
overdraft_users [0]
overdraft_users_isPercent [4]
local_request_lockcrit_flag [0]
local_request_lockcrit_required [1]
local_request_lockcrit_float [0]


appcrox 09-22-2014 07:07 AM

JAWS.CPS is hosted at:
https://jumbo.iskon.hr/download/b2d1...9-3def92fbf313
Please explain me how to understand the algorithm, and how to get JAWS.cps as binary file back.
When I change locking code inline, fsauth says that program is authorized.

Best regards,

sverox 09-22-2014 09:09 AM

You not need understand algorithm.
This is licensed through Sentinel LM system. Find tools from Sentinel LM SDK - wlscgen.exe enough for you.
Make your own wlscgen for vendor ID.
Paste data from bfox decoding, and regenerate license.
Cross fingers and hope works.

Sentinel LM/RMS regeneration discused here, and in many other place google it.

appcrox 09-22-2014 09:37 AM

OK, but how to generate JAWS.cps from this tool?

kjms 09-22-2014 09:53 AM

try a file attached,
Wlscgen-7.3-UnDongled-VID-1215
PASS: Reteam

appcrox 09-22-2014 11:12 AM

Sorry, but I cannot download this file, because mega requires an decryption key.

appcrox 09-22-2014 01:49 PM

Sorry, but I cannot download the attachment.
When I try link below, Mega requires to enter an encryption key.
Please, give me the correct link with an encryption key.
Best regards,

Kyoko 12-25-2014 06:44 PM

Quote:

Originally Posted by kjms (Post 38096)
try a file attached,
Wlscgen-7.3-UnDongled-VID-1215
PASS: Reteam

What is download pass?


All times are GMT -4. The time now is 02:58 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.