Originally Posted by Kurapica
Can you post the MSIL code of the method here ? or maybe the exe itself would be better
The program is called Video Thumbnails Maker by Scorp
. It's donationware so it's a fairly harmless "target" as far as that goes.
Anyway, if you dotfuckscate the program to decode the encrypted strings and take a look at the IL code, the decoding method for the registration key is at [h.a() : string]. It checks the registry for the registration string and passes it to a decoder method and then returns the decoded string to the [f.a(int32) : string] method. I just nop'd out the decoding instructions and set h.a() to simply return the registry value at "HKCU\\Software\\SUU Design\\key" as is.
Digging around in the IL I determined that the decoded key must contain 6 elements delimited by the ';' char, with the 4th value being a number from 0-3 indicating the registration status of the program (0=common, 1=silver, 2=gold, 3=platinum).
I also noticed what looks like the key encryption method at h.a(String)... the author seemed to leave it in even though it is never called from within the app, so making a keygen should be fairly trivial.
Well, not to drag this out too long, my point is that I found several fairly easy ways to circumvent the protection for the specific app I was looking into. Notwithstanding, I'm still very interested to know if anyone knows of a good way or is aware of any good tools to easily modify/manipulate strings stored in the metadata streams of .net apps. A resource editor for stream data essentially. All of the resource editors I'm aware of only allow you to access/modify resources stored as part of the native/compiled part of the PE.
As always, any help/advice/nudge in the right direction is much appreciated (any good reference/documentation on interpreting metadata streams would be very helpful).