Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 01-16-2016, 09:29 PM
oxident oxident is offline
Member
 
Join Date: Jul 2011
Posts: 49
Question Serial checking using DLL

Hi!

I've been trying to understand how a particular target application checks for a valid serial number during installation. I was able to isolate the DLL which gets called (available here).

As far as I can tell, the installer calls to DLValidateSerialNumber_Var and passing pointers to the result code (0x00 if ok, 0x7d2 if not) but somehow, the algorithm is quite freaky.

I've already discovered that the total length of the serial needs to be exactly 22 characters and that it should start with FP90 but the rest remains unclear.

Is someone able to bring a little bit of light into this?

The target's full name is PTI FusionPro 9.3
Reply With Quote
  #2  
Old 02-20-2016, 06:51 AM
butaktelco butaktelco is offline
Senior Member
 
Join Date: Feb 2008
Posts: 71
Default

the target using Blowfish encryptor for serial. follow below site for manage cryptographic
http://www.cryptopp.com
Reply With Quote
  #3  
Old 03-01-2016, 02:28 AM
oxident oxident is offline
Member
 
Join Date: Jul 2011
Posts: 49
Default

Thanks for this information. Very valueable!

May I ask how you've discovered this? None of the signature / pattern search tools I've tried are showing any evidence of a (known) crypto algorithm.

Last edited by oxident : 03-01-2016 at 04:55 AM.
Reply With Quote
  #4  
Old 03-01-2016, 08:58 AM
user1 user1 is offline
Senior Member
 
Join Date: Jun 2011
Posts: 292
Smile

Don't forget good developer is a good RE. They protect at maximum possible sometimes insane scheme.... true not that many of this kind of people.
__________________
dongle backup
Reply With Quote
  #5  
Old 03-01-2016, 11:38 AM
oxident oxident is offline
Member
 
Join Date: Jul 2011
Posts: 49
Default

Quote:
Originally Posted by user1 View Post
They protect at maximum possible sometimes insane scheme....
So you mean, "security by obscurity"?
Reply With Quote
  #6  
Old 03-02-2016, 10:01 AM
user1 user1 is offline
Senior Member
 
Join Date: Jun 2011
Posts: 292
Exclamation

All possible methods are some that even try format your C: if emulator detected.
__________________
dongle backup
Reply With Quote
  #7  
Old 03-07-2016, 11:14 AM
butaktelco butaktelco is offline
Senior Member
 
Join Date: Feb 2008
Posts: 71
Default

actually, your file is compression file. can extract using compression utility.
after extract has 3 files inside. you can find blowfish.dll

some hint to accomplish:
get sample license, then do encrypt/decrypt using blowfish.dll

br
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.