Clicklocker Unpacker is a free DRM removal utility which automatically extracts the original unprotected file from a Clicklocker protected application, ebook, image, or video.
Download:
Download:
Showing posts with label Software. Show all posts
Showing posts with label Software. Show all posts
Thursday, July 13, 2017
Wednesday, July 12, 2017
Base64 Tool
Base64 Tool is a simple freeware utility that allows you to base64 encode AnsiStrings, WideStrings, and hexadecimal values as well as decode them to their original format.
Features:
- Encode ASCII/AnsiStrings to Base64
- Encode Unicode/WideStrings to Base64
- Decode Base64 to Hex, Unicode, or Ansistring
- Decode Base64 to a file
- Download and Decode or Encode a URL
Download:
Sunday, June 26, 2016
Bypassing Protections: Exploiting Activation to Access Sensitive Data
Welcome to part 2 of the Bypassing Protections series. In this part, we will be looking at an application which uses online activation to verify a license key and activate the software. After activation, the server allows the user to upload their sensitive data to the server, using their registration information as authentication. In this tutorial, we will look into creating an activator which will allow us to bypass the online activation and access the sensitive data that other users have uploaded. Before we begin, I am obligated to say that this tutorial is provided for informational purposes only. By reading this tutorial, you agree not to use the information in this tutorial to hack the server or pirate the application of the software author. As last time, I will not mention the name of the software in this post, but will include pictures which will allow you to determine which software this tutorial was based upon.
To begin this tutorial, we will first try to find the license verification routine. Let's start the target up in ollydbg and attempt to register it with a random name and serial. In this example, I will be using the author's name and '123456' as a license key.
After clicking okay and the nag appears, let's pause ollydbg and follow the call stack back into the application code. After a few steps, we will arrive here:
It appears that this is the verification routine at first glance. Let's set a breakpoint on Function labeled "GenerujKluczProdukti..." and attempt to register again. After the breakpoint, we can step inside and look around. Inside this routine, we notice there is a loop that appears to be replacing the characters in our name which are greater than >=$80 with their numerical/ordinal value in a &#ordinal; format.
We can recreate this function in delphi like this:
After this routine, the application takes an MD5 hash of our name, extracts every other character from the hash, and inserts dashes every 5 characters.
We can generate a key in delphi like this:
I will publish the getMD5 code later which uses the CryptoAPI.
Now that we can generate a valid serial, we can look into the online activation. Following the jump past the nag routine, we begin preparing the url to verify our key with the server. At this point, I advise disconnecting the internet or blocking the application with the firewall. After scrolling down, we can see a string which says [RETURN:OK]. Below this, there is JLE. If we bypass this jump by setting EAX=0, our application will believe the server verified our serial as legitimate.
Let's toggle a breakpoint on CMP EAX, -1 and allow the program to attempt to activate. Once we break here, immediately set EAX to 0. Now, we will begin storing our information in the registry. The activation data is stored in HKEY_CURRENT_USER\Software\Classes\.p k c d o c 2(remove spaces) in the following string values:
o1= encrypted name
k1= encrypted serial
v1= encrypted version
wk= server result (0)
Each value with the exception of wk(sever result) is encrypted with with the following algorithm.
This routine encrypts each individual character of the name, key, and version number. It then converts the encrypted character, which is a WORD(16 bits unsigned) to a number string(inttostr) and adds it to a numerical string separated by a space. We can recreate the routine in this fashion:
The result of this routine is then added to the registry. We can do this in delphi using the TRegistry unit.
Now, we can use this activator to activate the application with any name we please, without having to verify it online. Now that the application is registered to the author of the software, we can now access any tournament data he has stored on the server.
This is due to the fact that the server grants access to information stored on the server by using the username and license key for authentication.
Since there is only one possible license key for each licensed user, and the name of each user is published with their tournament results, we can simply activate the software with their name to gain access to their data. This is a serious flaw which I tried to bring to the attention of the author, but he ignored every email I attempted to send him.
A way that this authentication flaw could be fixed is to remove the md5 license scheme and make the serial number for each user generated at random. That way, there are trillions, if not an infinite number of possible serial numbers for each user. This way, if I activated the application in the manner above, using a serial I generated at random, it would be next to impossible for me to generate the exact key issued by the author, thus, causing the authentication to fail. The author could also add a second layer of authentication for accessing the online data which required the user to create an account on the server with their email and password.
I want to thank you for reading and following along with this tutorial. If you have any questions, feel free to ask them below. Until next time, happy reversing.
To begin this tutorial, we will first try to find the license verification routine. Let's start the target up in ollydbg and attempt to register it with a random name and serial. In this example, I will be using the author's name and '123456' as a license key.
It appears that this is the verification routine at first glance. Let's set a breakpoint on Function labeled "GenerujKluczProdukti..." and attempt to register again. After the breakpoint, we can step inside and look around. Inside this routine, we notice there is a loop that appears to be replacing the characters in our name which are greater than >=$80 with their numerical/ordinal value in a &#ordinal; format.
We can recreate this function in delphi like this:
After this routine, the application takes an MD5 hash of our name, extracts every other character from the hash, and inserts dashes every 5 characters.
I will publish the getMD5 code later which uses the CryptoAPI.
Now that we can generate a valid serial, we can look into the online activation. Following the jump past the nag routine, we begin preparing the url to verify our key with the server. At this point, I advise disconnecting the internet or blocking the application with the firewall. After scrolling down, we can see a string which says [RETURN:OK]. Below this, there is JLE. If we bypass this jump by setting EAX=0, our application will believe the server verified our serial as legitimate.
o1= encrypted name
k1= encrypted serial
v1= encrypted version
wk= server result (0)
Each value with the exception of wk(sever result) is encrypted with with the following algorithm.
The result of this routine is then added to the registry. We can do this in delphi using the TRegistry unit.
Now, we can use this activator to activate the application with any name we please, without having to verify it online. Now that the application is registered to the author of the software, we can now access any tournament data he has stored on the server.
This is due to the fact that the server grants access to information stored on the server by using the username and license key for authentication.
A way that this authentication flaw could be fixed is to remove the md5 license scheme and make the serial number for each user generated at random. That way, there are trillions, if not an infinite number of possible serial numbers for each user. This way, if I activated the application in the manner above, using a serial I generated at random, it would be next to impossible for me to generate the exact key issued by the author, thus, causing the authentication to fail. The author could also add a second layer of authentication for accessing the online data which required the user to create an account on the server with their email and password.
I want to thank you for reading and following along with this tutorial. If you have any questions, feel free to ask them below. Until next time, happy reversing.
Friday, June 17, 2016
Incredimail Password Recovery Tool
Incredimail Password Recovery Tool can recover all of your Incredimail passwords from your email passwords, to your incredimail account. It is 100% free for non-commercial use.
Download:
For use in a commercial environment, use the donate button to donate $5 for each computer on which it is installed.
Monday, June 1, 2015
String Xoring Utility 1.0
String Xoring Utility 1.0 is an application that will xor encrypt a text string, output it in an array format, and generate a decryption routine for both C++ and Delphi. This will help a programmer hide sensitive strings in their code. Since this will prevent the encrypted text from showing up in string references, this will make reverse engineering slightly more difficult.
Download:
https://mega.co.nz/#!AlUFyAzQ!2EMpQdIUraxsU8b_v3L-S_j5QmFV3dBkg3A0Oo8J2tM
Source:
https://mega.co.nz/#!slcUjIYS!sl0EKHmdUjXOBTOYrQEpeM4zkw44Vix8aG9v11qcxnU
Sample Programs + Source:
https://mega.co.nz/#!AokSXSZK!zUjQgfpTqng6h1uqcd2XMlwaRb3XY7ViLrZih2XZ9Ds
The program is 100% free and open source. However, if used for commercial purposes, a small donation would be greatly appreciated, though not required.
Saturday, May 23, 2015
Random Serial Generator 1.0
Random Serial Generator 1.0 is a simple application that allows you to generate a random serial number for testing license algorithms or implementing them into your own application.
Features:
1. Predefined Character Sets: A-Z, a-z, 0-9, 0-F, 0-f, 0-9 + A-Z, 0-9 + a-z, and 0-9, A-Z, + a-z.
2. Define a Custom Character Set.
3. Input length in either Decimal or Hexadecimal format.
4. Insert Dashes in Insert or Replace Mode.
I did not add any size limits on the input length, so use large numbers with caution.
VirusTotal Scan (100% Clean):
https://www.virustotal.com/en/file/eb970e0cd75d0324f9ef3b81ad1198377e08ac82b3f51f0222183dc8d6815ac3/analysis/1432434294/
Download:
https://mega.co.nz/#!x18TRabY!9eKZ4H7FyJ8Lt6xz9uBj8s2yZwEZy55AbLvuqtyrT98Source Code:
https://mega.co.nz/#!c1UwVYQZ!VQVLdrfRDfnDnOB7_DHtXPNjlAKgEobxXbpN7mFEkSk
This software is 100% free and open source. It comes with no warranty.
Icon borrowed from: http://www.iconarchive.com/show/aeon-icons-by-kyo-tux/Sign-LogOff-icon.html
Saturday, May 9, 2015
Hashing Utility Extended 1.0
Hashing Utility Extended 1.0 is an extended version of Hashing Utility 2.0 which supports 77 types of character encoding sets and 14 types of hash encoding schemes.
Supported hash algorithms:
SHA1
SHA256
SHA384
SHA512
MD2
MD4
MD5
HAVAL(ALL)
RIPEMD128
RIPEMD160
RIPEMD256
RIPEMD320
Supported String Encoding:
ANSI
US-ASCII
UNICODE
UNICODEFFFE
ISO-8859-1
ISO-8859-2
ISO-8859-3
ISO-8859-4
ISO-8859-5
ISO-8859-6
ISO-8859-7
ISO-8859-8
ISO-8859-9
ISO-8859-13
ISO-8859-15
WINDOWS-874
WINDOWS-1250
WINDOWS-1251
WINDOWS-1252
WINDOWS-1253
WINDOWS-1254
WINDOWS-1255
WINDOWS-1256
WINDOWS-1257
WINDOWS-1258
UTF-7
UTF-8
UTF-32
UTF-32BE
SHIFT_JIS
GB2312
KS_C_5601-1987
BIG5
ISO-2022-JP
ISO-2022-KR
EUC-JP
EUC-KR
MACINTOSH
X-MAC-JAPANESE
X-MAC-CHINESETRAD
X-MAC-KOREAN
X-MAC-ARABIC
X-MAC-HEBREW
X-MAC-GREEK
X-MAC-CYRILLIC
X-MAC-CHINESESIMP
X-MAC-ROMANIAN
X-MAC-UKRAINIAN
X-MAC-THAI
X-MAC-CE
X-MAC-ICELANDIC
X-MAC-TURKISH
X-MAC-CROATIAN
ASMO-708
DOS-720
DOS-862
IBM037
IBM437
IBM500
IBM737
IBM775
IBM850
IBM852
IBM855
IBM857
IBM00858
IBM860
IBM861
IBM863
IBM864
IBM865
CP866
IBM869
IBM870
CP875
KOI8-R
KOI8-U
Supported Hash Encoding:
HEX
BASE64
MODBASE64
BASE32
BASE58
UU
QP
URL
Q
B
URL_OAUTH
URL_RFC1738
URL_RFC2396
URL_RFC3986
Download:
https://mega.co.nz/#!ogcy3a4T!0D5SAMZ5mdeBJkTYYr7-GTivPMS77MRcWUL-HWE8g3s
Source:
https://mega.co.nz/#!ooUE0JQT!_peZ4Qw-C_xa42D8uuDalPsH-47FmunyMw8tus0_Wpg
This software uses the Chilkat Delphi Libraries:
http://www.chilkatsoft.com/delphiDll.asp
Subscribe to:
Posts (Atom)