Serial checking using DLL

oxident · #1 01-16-2016, 09:29 PM

Hi!

I've been trying to understand how a particular target application checks for a valid serial number during installation. I was able to isolate the DLL which gets called (available here).

As far as I can tell, the installer calls to DLValidateSerialNumber_Var and passing pointers to the result code (0x00 if ok, 0x7d2 if not) but somehow, the algorithm is quite freaky.

I've already discovered that the total length of the serial needs to be exactly 22 characters and that it should start with FP90 but the rest remains unclear.

Is someone able to bring a little bit of light into this?

The target's full name is PTI FusionPro 9.3

butaktelco · #2 02-20-2016, 06:51 AM

the target using Blowfish encryptor for serial. follow below site for manage cryptographic
http://www.cryptopp.com

oxident · #3 03-01-2016, 02:28 AM

Thanks for this information. Very valueable!

May I ask how you've discovered this? None of the signature / pattern search tools I've tried are showing any evidence of a (known) crypto algorithm.

user1 · #4 03-01-2016, 08:58 AM

Don't forget good developer is a good RE. They protect at maximum possible sometimes insane scheme.... true not that many of this kind of people.

oxident · #5 03-01-2016, 11:38 AM

Quote:

Originally Posted by user1

They protect at maximum possible sometimes insane scheme....

So you mean, "security by obscurity"?

user1 · #6 03-02-2016, 10:01 AM

All possible methods are some that even try format your C: if emulator detected.

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode