View Single Post
Old 10-08-2008, 11:51 PM
ender ender is offline
Join Date: Oct 2008
Posts: 9

Originally Posted by Kurapica View Post
Can you post the MSIL code of the method here ? or maybe the exe itself would be better
The program is called Video Thumbnails Maker by Scorp. It's donationware so it's a fairly harmless "target" as far as that goes.

Anyway, if you dotfuckscate the program to decode the encrypted strings and take a look at the IL code, the decoding method for the registration key is at [h.a() : string]. It checks the registry for the registration string and passes it to a decoder method and then returns the decoded string to the [f.a(int32) : string] method. I just nop'd out the decoding instructions and set h.a() to simply return the registry value at "HKCU\\Software\\SUU Design\\key" as is.

Digging around in the IL I determined that the decoded key must contain 6 elements delimited by the ';' char, with the 4th value being a number from 0-3 indicating the registration status of the program (0=common, 1=silver, 2=gold, 3=platinum).

I also noticed what looks like the key encryption method at h.a(String)... the author seemed to leave it in even though it is never called from within the app, so making a keygen should be fairly trivial.

Well, not to drag this out too long, my point is that I found several fairly easy ways to circumvent the protection for the specific app I was looking into. Notwithstanding, I'm still very interested to know if anyone knows of a good way or is aware of any good tools to easily modify/manipulate strings stored in the metadata streams of .net apps. A resource editor for stream data essentially. All of the resource editors I'm aware of only allow you to access/modify resources stored as part of the native/compiled part of the PE.

As always, any help/advice/nudge in the right direction is much appreciated (any good reference/documentation on interpreting metadata streams would be very helpful).

if you build a man a fire he will be warm for a day; if you set a man on fire he will be warm for the rest of his life. :rolleyes:

Last edited by ender : 10-09-2008 at 03:33 AM.
Reply With Quote