Alice Averlong🏳️‍⚧️Feb 1, 2024

there's nothing more fun, as a reverse engineer, then checking into a DLL to see about cracking it (it's been out of support since the Clinton administration, so I have to) and just seeing "validate_license" as an exported symbol.

GEE I WONDER WHERE I SHOULD START LOOKING

Show threadAlice Averlong🏳️‍⚧️
maybe next time they can just put in a validate_serial_number and check_if_serial_number_is_correct function
Feb 1, 2024 at 3:22amWeb
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024

oh great it's right next to a string buffer labeled "verify_password"

I'm sure that'll come in handy

Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024

oh my god

I think this is even easier than I thought.

So the function looks basically like this:
validate_authorization_code (serial_number, expiration_date, max_users, authorization_code), right?

and it takes the serial number and expiration_date and max_users and confirms the authorization_code matches some hash or something to make sure it fits those serial numbers and expiration_date and max_users

Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
now a sensible way to do this would be to combine all these values into some complex hashing function and return if it matches some algorithm
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024

a less sensible way to do this would be to have validate_authorization_code be implemented like this:

correct_authorization_code = generate_authorization_code(serial, expiration, max_users);
return strcmp(correct_authorization_code, authorization_code) == 0;

Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
GUESS WHICH ONE THEY DID?
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
so I don't really even need to crack this. I can just use their own code to generate my own serial numbers.
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
or to be more specific: I can just make up my own serial numbers (69420 it is!) and then generate an authorization code that says that's a valid serial
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024

the authorization_code generator has an "encrypt" parameter that does some simple XORing

this code passes 0 for it, so that's not even turned on

Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
time to hack a DLL in a hexeditor!
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
this DLL would be better if it had more 0x90s in it
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
bah. my code is crashing in the DLL before I even modify it. troublesome. I'll need to do more spelunking
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
it'd be nice if this DLL worked on anything newer than NT4.
it'd be a lot easier to debug if I could just run it on something more modern
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
I got it to run something modern. It turns out the DLL refuses to load if you don't have a config file in the right place.
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
And I was hoping I could cheat and make the control panel do my work for me, but it turns out it does some extra validation. Boo
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024

the most infuriating thing in computers is when you have a program that does X, so you modify it, and it still does X. so you modify it more, and it still does X. so you change a bunch of stuff, and it still does X.

AM I MAKING CHANGES OR NOT? STOP IGNORING ME

Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024

these punks put in a specific check for the "add serial number authorization" dialog changing the serial number.
So you're allowed to add more users, extend expiration date, but not change your base serial.

mean. time to add more 0x90s

Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
hey look now my serial number is 123
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
maybe I should run a poll on tumblr to find out what the funniest 32bit unsigned integer is
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
I'm pretty sure it doesn't save your authorization code.
so if you hack it to accept an incorrect authorization code, it'll write a new config file with the requested serial/users/expiry, and then you don't need to have hacked it anymore. you just need that config file
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
anyway I've now got a config file that says my serial is 12345, I can have up to 9,999 simultaneous users, and it won't expire for another 7,975 years
Show threadAndrewFeb 1, 2024
@foone 32 consecutive 2-option polls? or one 4,294,967,296-option poll?
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
@cinebox it limits you to 10 (or 12?) options per poll, so... It's too early to do math.
Show threadDr. D'narFeb 1, 2024
@foone I propose 0b10110000'00001011'11110000'00001101
Show threadJamesBFeb 1, 2024
@foone we all know it's 0x80087355
Show threadMax KaehnFeb 1, 2024
@foone that would not be 0x1BAD1DEA
Show threadDDRFeb 1, 2024
@foone Is it just a very long radio list of all the options and you pick one?
Show threadVeNTFeb 1, 2024
@foone wait, tumblr is still going?
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024
@VeNT I am PRIMARILY a tumblr poster, so I certainly hope so!
Show threadRay—Golden Retriever Whisperer—🔝InsightsFeb 1, 2024
@foone I’m partial to 0xdeadbeef
Show threadLJNielsenDk      Feb 1, 2024
@foone I'm not sure what the age is of tumblr users but if they've used pocket calculators it'll probably turn out to be 5318008 or some variation thereof.
Show threadBruce PrestonFeb 1, 2024
@foone The swankiest is 0xF0CACC1A
Show threadMister DaveFeb 1, 2024
@foone 0x45
Show threadYesterday's RoseFeb 1, 2024
@foone
0x0A0A0A0A
(A very very cakly laughter indeed.)
or of you're trying to hold the laughter in
0xFFFFFFFF
(But that's fucking futile. If it gets to that, there will be an investigation.)
Show threadghosttieFeb 1, 2024
@foone 8008135
Show threadEniko (moved ➡ gamedev.place)Feb 1, 2024
@foone it's 0xACAB1312
Show threadΣ(i³) = (Σi)²Feb 2, 2024
@foone [posting at 10am]: 0xDECAFBAD
Show threadThe Oracle WokStationFeb 1, 2024
@foone I am a MAN not a NUMBER!!!
Show threadkajer :notverified:Feb 1, 2024

@wokstation @foone

Nice!

I did a keygen with ollydbg so many years ago... Part of the hash was a string berating you for cracking the software.

Another used a unlabeled gpg function to verify the license text file was legit. But the check wasn't as elegant as the license file. They ran gpg and checked for an exit state of 0. Meaning, if you replace gpg with echo in the base OS, all licenses were valid now. :D

Show threadBrian SwetlandFeb 1, 2024
@foone I spent an hour or two once trying to figure out why only every other build I made seemed to change the target device behaviour... until I finally realized that I had a *second* device plugged into the same machine (sitting behind the monitor) and every time I did a reboot/reflash the tooling was latching on to the opposing device... oops
Show threadNixieFeb 1, 2024
@swetland @foone Reminds me of that time my changes to a microcontroller firmware were doing NOTHING.
Took me longer than I will admitt to realize I was saving the changes in a different .hex file in another folder, but programming the same other .hex over and over.
Show threadDLSFeb 1, 2024
@Nixie @swetland @foone variants on modify this, execute that bite me all the time.
Show threadMufasaFeb 1, 2024

@foone

Its more infuriating when you realize the reason nothing changes is because you've been looking at the wrong location for changes or updating the wrong location.

Show thread@[email protected]Feb 1, 2024
@foone Did you make sure that you're compiling to the same file that you're trying to run?
Show threadcurtmackFeb 1, 2024
@foone Just remember ICCE (pronounced like "ice" but you hold the "c" sound for just long enough to be distracting): if you change the code and it doesn't change the behavior of your program, verify the code you're changing is Included/Imported, Called, Compiled, and Executed.
Show threadcurtmackFeb 1, 2024
@foone
Included: Are editing the original source file, or a copy of it? Is it even being included?
Called: Is the function you're editing being called, or is a similar function called instead?
Compiled: Is the edited source file part of your Makefile? Did you recompile after making changes? If a remote server is involved, have you copied the new changes?
Executed: Is the newly compiled code what you're actually running, or are you running an installed version of the binary?
Show threadThe Oracle WokStationFeb 1, 2024
@foone not running and decoding different tabs, are you? done that before! "WHY aren't you pinging "BOOP" like I told you..? OH! I wasn't telling YOU, I was telling this one here..."
Show threadBruce PrestonFeb 1, 2024
@foone Usually at that point, I discover I've been saving my changes to the wrong place and just running the original over and over.
Show threadNixieFeb 1, 2024
@foone Not gonna lie, I was expecting the phrase "am I a joke to you" somewhere in there. 😅😅
Show threadNoamFeb 1, 2024
@foone The worst is when it's because I'm editing typescript and I forgot to run `yarn watch` to compile on save
Show threadsnapmanFeb 1, 2024
@foone the PEBKAC analog, PEBKAM (problem exists between keyboard and monitor, or "is this even hooked up???")
Show threadMatthew FlintFeb 1, 2024
@foone
That happened to me today.
I had two git branches checked out. Was editing the code in one, but running the other.
I am an idiot.
Show threadvfigFeb 1, 2024
@foone this is true of so much software!
Show threadsrslypascalFeb 1, 2024

@foone : "You can be anything you want!"

69420 : "Okay, I want to be a serial number…"

Show threadjoel cretanFeb 1, 2024
@foone you could also patch the DLL to just return true from that function immediately
Show threadAlice Averlong🏳️‍⚧️Feb 1, 2024

@kaced yeah but then I would have to redistribute the hacked DLL

far more fun to leave it alone and just generate my own serials

Show thread𝓢𝔂𝓭𝓷𝓮𝔂 <3   Feb 1, 2024
@foone this sparked my curiosity about what piece of software this is
Show threadSteve SyfuhsFeb 1, 2024
@foone the odds of them just returning a boolean-ish value is ever increasing
Show threadKit BashirFeb 1, 2024
@foone have you got dev_license_key too?