MasterUploader Posted September 5, 2009 Author Share Posted September 5, 2009 oooo:lol:ok,well ill take a look at the program soon myself:) Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 ok ill look at it:)but where are the hitmanpro.lic and key hidden?:)because i couldnt find them.lolwell it seems to work well:)and if it dosent expire you might aswell remove expiration dateI didn't understand,Did you test the patch?What is the result?(the expiration date is more harder to remove, this is why the patch is in beta version. I will do that) Link to comment Share on other sites More sharing options...
MasterUploader Posted September 5, 2009 Author Share Posted September 5, 2009 well i guess it works:)the experation date is still there,but it looks licensed,ill have to install again though totest it again,because ivejust un-installed it:D Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 well i guess it works:)the experation date is still there,but it looks licensed,ill have to install again though totest it again,because ivejust un-installed it:DThe expiration date shown have no impact. This date is encrypted in hitmanpro.lic. But the patch disable its usage.I will find the way to remove it. Link to comment Share on other sites More sharing options...
MasterUploader Posted September 5, 2009 Author Share Posted September 5, 2009 oh brilliant,can i ask you a question?how can you decrypt a lic.file or a reg.file:)?i need to know.lol Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 oh brilliant,can i ask you a question?how can you decrypt a lic.file or a reg.file:)?i need to know.lolThat is why I am requesting a program for encryption and decryption with possibility to choose by the menu the algorithm and cipher mode.The other way is to write (c++ or other) your own program for decrypt. (some examples are in the net, written in Java).But still you need the keys. Link to comment Share on other sites More sharing options...
MasterUploader Posted September 5, 2009 Author Share Posted September 5, 2009 ok,did jetico do the job? Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 ok,did jetico do the job?I am testing it. :gavel: Link to comment Share on other sites More sharing options...
MasterUploader Posted September 5, 2009 Author Share Posted September 5, 2009 @tonyblair ok:)anyways im trying to hack this software:http://www.blitztools.com/download.htmlits called Barcode Blitz :),so it hack it so it shows registered:)and all features are enalbled:)but,when i restart it,it says unregisterdd,and i have to register again and again to keep it registered.i had this problem when hacking malwarebytes,but that was becausea jump was going over the code i hacked and reversing it upon restart,but i tried to fix it that way again but no look.do you think you can take a look:D?and see why it wont stay registered. Link to comment Share on other sites More sharing options...
MasterUploader Posted September 5, 2009 Author Share Posted September 5, 2009 hello im back:Dtaking another look at that hitmanpro v3.5.hmm well i can get it to display the goood message easily!but it dosent give me coorporate activation etc!how did you activate the license?and how did you stop it from seeing the lic file?you reverse a jump so it stopped looking at it's info?oh and do you know what the .key file and .bin file are doing?lol,im going to dive deeper into this and take a good look,but just wanted to build on what you had already done!:D Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 hello im back:Dtaking another look at that hitmanpro v3.5.hmm well i can get it to display the goood message easily!but it dosent give me coorporate activation etc!how did you activate the license?and how did you stop it from seeing the lic file?you reverse a jump so it stopped looking at it's info?oh and do you know what the .key file and .bin file are doing?lol,im going to dive deeper into this and take a good look,but just wanted to build on what you had already done!:DHi bidibadboi,1-I didn't stop the program to see the lic file. (as I want to attack lic file)2- Now the pgm is cracked with the patch. And it works. But the more elegant way is to modify the expiry date inside the lic file. the program will be licensed for ever without the patch.3- .key file contain the crypto key4- .bin file is for the ads, that ugly Banner for "Caretaker Antispam" Link to comment Share on other sites More sharing options...
MasterUploader Posted September 5, 2009 Author Share Posted September 5, 2009 ok cheers for the info,but how can i view the .lic file decrypted then:)?so then i can modify the expirary date:)plus how did you get it to licensed lol?because for me it will say registered,and except the key,but then it dosent change the free license thing:)so share with us your wisdom;)because this is a tougher app to crack:),and has a few things that will test those budding crackers:)such as me.lol. Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 ok cheers for the info,but how can i view the .lic file decrypted then:)?so then i can modify the expirary date:)plus how did you get it to licensed lol?because for me it will say registered,and except the key,but then it dosent change the free license thing:)so share with us your wisdom;)because this is a tougher app to crack:),and has a few things that will test those budding crackers:)such as me.lol.This app goes through a corridor with 3 gates. If the first door is closed then it lock itself.if the first door is open but the second is closed then it lock itself and if the 1st, 2nd are open and the 3rd is closedthan it lock itself and finally if all the 3 doors are open than it enable itself.1st door = is the lic file available?2nd door = what type of license does lic file contain (trial, commercial or unknown)?3rd door = Is the system clock inside the time boundaries defined in lic file (NotBefore time, and NotAfter time)? (ps: it is the NotAfter time that is displayed )So:1- We open the first door by accepting the trial activation (their server provides us with a lic file) Now the lic file exist2- We open the second door by forcing the choice of a commercial license type (thanks to a bypass patch where the decision is made) 3- we open the third door as follow : the app has two different letters to be posted for the decision maker (one specific for system time is out of boundaries, and one for the system time is inside the boundaries) expired letter and non expired letter. The action here is to make the expired letter the same as the non expired letter. Simply what ever the case it will send the same letter saying it is not expired.All these actions above do not need to decrypt the lic file (we don't care, we just open the doors)As I told you decrypting the lic is for a more elegant approach. But needs more knowledge in Encryption/Decryption.By the way: This app re-based itself in the memory each time you execute it. So the address of the code is always different from run to run.Now tell me did you succeed in breaking in the app, hook it and land in the app code with your debugger? Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 @bidibadboiOne more thing, It is very difficult to crack this app in a cold way (sleeping mode).I mean by that, just reading the disassemblycode. This app uses :1- switching tables (the important calls are made indirectly)2- it uses things like this : mov edx, [eax+28h] call edxSo we are unable to know what subroutine is called as the address is inside the register edx (coming from eax).The way to crack here is the in live way (I mean the program is running, so we can read the content of the registry). Link to comment Share on other sites More sharing options...
MasterUploader Posted September 5, 2009 Author Share Posted September 5, 2009 okok:)now we are going to dive deeper,thankyou for the help,hopefully ill return with a working crack:D Link to comment Share on other sites More sharing options...
MasterUploader Posted September 5, 2009 Author Share Posted September 5, 2009 ok well i dont understand what you mean:)i have landed in olly in these to places,were tthe badboy is generated,and somewhwere else im not sure of,somewhere i guess just were it is calculating the registration pattern!hmm can you explain further? Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 This calculate the number of days remaining :.text:009F4B69.text:009F4B69 loc_9F4B69:.text:009F4B69 55 push ebp.text:009F4B6A 8B EC mov ebp, esp.text:009F4B6C 83 EC 08 sub esp, 8.text:009F4B6F 83 E4 F8 and esp, 0FFFFFFF8h.text:009F4B72 DD 1C 24 fstp [esp+0Ch+var_C].text:009F4B75 F2 0F 2C 04 24 cvttsd2si eax, [esp+0Ch+var_C] .................. eax= number of remaining days.text:009F4B7A C9 leave.text:009F4B7B C3 retn.text:009F4B7B sub_9F4B60 endpHere it checks the number of days remaining:.text:00DA6A61 E8 FA E0 0C 00 call sub_E74B60.text:00DA6A66 89 45 A0 mov [ebp+var_60], eax.text:00DA6A69 8D 8D 24 FF FF FF lea ecx, [ebp+var_DC].text:00DA6A6F E8 BC A5 FB FF call sub_D61030.text:00DA6A74 83 7D A0 1F cmp [ebp+var_60], 1Fh 31 days .text:00DA6A78 7D 7F jge short loc_DA6AF if more than 31 days than bad boyAs you see the address is changing for each run. but you can find the code by searching with the bytes (E8 FA E0 0C 00 ..) ULTRAEDIT is good for that Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 This is a patch to have 29 days not counting down:.text:00DA6A61 E8 FA E0 0C 00 call sub_E74B60.text:00DA6A66 B8 1D 00 00 00 mov eax, 1D fixed 29 days (1D in hex = 29 decimal).text:00DA6A6B 89 45 A0 mov [ebp+var_60], eax.text:00DA6A6E 8D 8D 24 FF FF FF lea ecx, [ebp+var_DC].text:00DA6A74 E8 B7 A5 FB FF call sub_D61030.text:00DA6A79 90 NOPTell me when you found these codes Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 All your work should be around this main routine which is the heart of Hitman pro : Link to comment Share on other sites More sharing options...
MasterUploader Posted September 5, 2009 Author Share Posted September 5, 2009 i have to go to bed now,but ill be on tomorrow afternoon:)then ill crack this;) Link to comment Share on other sites More sharing options...
tonyblair Posted September 5, 2009 Share Posted September 5, 2009 i have to go to bed now,but ill be on tomorrow afternoon:)then ill crack this;)ok, it is the time to sleep too. :sleep: Link to comment Share on other sites More sharing options...
box Posted September 6, 2009 Share Posted September 6, 2009 I'm learning as well just by reading what you two wrote. Thanks again for sharing. I have met the master and he is named Tonyblair. :dance2: To tell the truth, I'm a little scare now knowing that nothing is safe from Tonyblair's cracking skills. :rolleyes: Link to comment Share on other sites More sharing options...
CODYQX4 Posted September 6, 2009 Share Posted September 6, 2009 I'm learning as well just by reading what you two wrote. Thanks again for sharing. I have met the master and he is named Tonyblair. :dance2: To tell the truth, I'm a little scare now knowing that nothing is safe from Tonyblair's cracking skills. :rolleyes:I kinda want to see box and tonyblair face off, as well as crack some of the most challenging softwares. Link to comment Share on other sites More sharing options...
elohelomg Posted September 6, 2009 Share Posted September 6, 2009 @elohelomgYou want to learn and have a help and guide to crack hitman pro yourself. You are welcome and this is the good place.I will give you tasks to achieve (step by step approach). we will move to the next task only if you pass the actual.Don't mind if I will call that Lessons.1st Lesson :As you know this program is a Win32 application (windows based, in contrary to a console base). The heart of this type of application is the "Message Loop".Microsoft definition:The system does not send input directly to an application. Instead, it places all mouse and keyboard input from the user into a message queue, along with messages posted by the system and other applications. The application must read the message queue, retrieve the messages, and dispatch them so that the window procedure can process them. Simply this means, you will interact with Hitman application through an interface, the "window" you see on you monitor. This window is an interface executed by your operating system and not by the application . If you break with your debugger when this interface is running you will land inside the code of your OS ( NTDLL.DLL, USER32.DLL ..). This is not what we want.We want to hook the code of the application itself with our debugger (after giving a dummy activation code and click the button "activate").Your first task is : Hook and stop Hitman application after it displays the following window. (you should land in Hitman codes)Tell me when you succeed to do this. Tony, i have NO idea what that means, and the sad part is, i read it like 15 times. I think im supose to load my debugger (im using ollydbg) on the window, not the app itself. Link to comment Share on other sites More sharing options...
tonyblair Posted September 6, 2009 Share Posted September 6, 2009 I'm learning as well just by reading what you two wrote. Thanks again for sharing. I have met the master and he is named Tonyblair. :dance2: To tell the truth, I'm a little scare now knowing that nothing is safe from Tonyblair's cracking skills. :rolleyes:@BoxThank you for your warm words.One thing is above all for me and that is respect. You are the master and I respect you and your wonderful work. So nothing to be scare about. I follow your rules "I do what I do for fun. And when I stop having fun, that's the day I pass the torch." :flowers: You will never find me in the net. This is the only place (NSANE.FORUMS) were I find fantastic friends (even if behind screens and keyboard). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.