الفريق العربي للهندسة العكسية
محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - نسخة قابلة للطباعة

+- الفريق العربي للهندسة العكسية (https://www.at4re.net/f)
+-- قسم : منتديات الهندسة العكسية - Reverse Engineering Forums (https://www.at4re.net/f/forum-4.html)
+--- قسم : الأسئلة والإستفسارات، حلول المشاكل و تبادل الخبرات - Expert Exchange Newbie Questions Answers (https://www.at4re.net/f/forum-36.html)
+--- الموضوع : محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs (/thread-3002.html)

محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - R333T - 08-03-2022

السلام عليكم ورحمة الله وبركاته

امضيت ٨ ساعات محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs

لم استطع واليكم ما توصلت اليه :

البرنامج بلغة VB وهو غير محمي استعملت  dnSpy

الملف المسؤول على التسجيل هو  T$$ Foùnd@tion Libraries.dll تتبعته ب NET Reflector 

و function هي VerifyLicense

البرنامج يتصل API لتثبت من KEY

[صورة مرفقة: 1.png]

وفي المرة الثانية 


[صورة مرفقة: 2.png]

pcid :خليط بين رقم تسلسلي BIOD & BARD ID & CPU ID


[صورة مرفقة: 3.png]


هل من اقتراحات او مساعدة شكرا

RE: محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - the9am3 - 09-03-2022

وعليكم السلام ورحمة الله وبركاته 
اخي ابحث عن المصدر اظهار الشاشة المزعجة لاحد خصائص المدفوعة وبعدها عند ظهور شاشة المزعجة اضغط pause و اذهب الى call stack بعدها يمكنك ايجاد مكان الي يحدد ظهورها

RE: محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - R333T - 09-03-2022

فكرة جيدة  nice
ساجربها ايضا فكرت بصناعة fake API يقوم بارسال معلومات وهمية

[صورة مرفقة: Capture.png]

او ساتتبع parent callواتحقق ماهي ال object المطلوب

RE: محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - R333T - 09-03-2022

API محمية
لكن لاحظت هناك ملف الاعدادات
____.exe.config

تحدي صعب حقا
يجب عليا التعلم اولا

يوما ما اكسره باذن الله

RE: محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - samoray - 13-03-2022

This program has already been cracked by "Dr.Zero", you can find a cracked version available on the net.
anyway, it seems that he has recompiled some methods: see here for exemple the original method:
[align=left]// SelfService
// Token: 0x06000322 RID: 802 RVA: 0x000217AC File Offset: 0x0001F9AC
public static void DisplayLicense(ref Form inter)
{
    int num2;
    int num4;
    object obj;
    try
    {
        IL_00:
        int num = 1;
        if (LikeOperator.LikeString(Declarer.startPath, "*Debug", CompareMethod.Binary))
        {
            goto IL_1B;
        }
        IL_14:
        ProjectData.ClearProjectError();
        num2 = 1;
        IL_1B:
        num = 3;
        string text = string.Empty;
        IL_23:
        num = 4;
        string licenseType = Declarer.licenseType;
        if (Operators.CompareString(licenseType, "SG", false) != 0)
        {
            if (Operators.CompareString(licenseType, "PS", false) != 0)
            {
                if (Operators.CompareString(licenseType, "HM", false) != 0)
                {
                    if (Operators.CompareString(licenseType, "TM", false) != 0)
                    {
                        if (Operators.CompareString(licenseType, "EP", false) != 0)
                        {
                            IL_116:
                            num = 16;
                            text = SelfService.GetWord("trial_version");
                            goto IL_124;
                        }
                        IL_E3:
                        num = 14;
                        text = SelfService.GetWord("enter_license_main_cust").Replace("XXXX", Strings.Format(Conversions.ToInteger(Declarer.licensedPCs), "#,0"));
                        goto IL_124;
                    }
                    IL_B0:
                    num = 12;
                    text = SelfService.GetWord("team_license_main_cust").Replace("XXXX", Strings.Format(Conversions.ToInteger(Declarer.licensedPCs), "#,0"));
                    goto IL_124;
                }
                IL_A0:
                num = 10;
                text = SelfService.GetWord("home_license_main");
                goto IL_124;
            }
            IL_8E:
            num = 8;
            text = SelfService.GetWord("personal_license_main");
            goto IL_124;
        }
        IL_7C:
        num = 6;
        text = SelfService.GetWord("single_license_main");
        IL_124:
        num = 18;
        if (Operators.CompareString(inter.Name, "Main", false) != 0)
        {
            goto IL_22B;
        }
        IL_13E:
        num = 19;
        if (Declarer.licenseType.Length >= 1)
        {
            goto IL_1B5;
        }
        IL_14E:
        num = 20;
        MyProject.Forms.Main.lLicType.Text = SelfService.GetWord("buy_full");
        IL_16F:
        num = 21;
        MyProject.Forms.Main.lLicType.Cursor = Cursors.Hand;
        IL_18B:
        num = 22;
        MyProject.Forms.Main.lLicType.Font = new Font("Segoe UI", 15f, FontStyle.Underline, GraphicsUnit.Pixel);
        goto IL_211;
        IL_1B5:
        num = 24;
        MyProject.Forms.Main.lLicType.Text = text;
        IL_1CD:
        num = 25;
        MyProject.Forms.Main.lLicType.Cursor = Cursors.Default;
        IL_1E9:
        num = 26;
        MyProject.Forms.Main.lLicType.Font = new Font("Segoe UI", 15f, FontStyle.Regular, GraphicsUnit.Pixel);
        IL_211:
        num = 27;
        MyProject.Forms.Main.lLicType.Visible = true;
        goto IL_252;
        IL_22B:
        num = 29;
        MyProject.Forms.About.lLicenseType.Text = text.Replace("\n", " ");
        IL_252:
        goto IL_31C;
        IL_257:
        int num3 = num4 + 1;
        num4 = 0;
        @switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3);
        IL_2DD:
        goto IL_311;
        IL_2DF:
        num4 = num;
        @switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num2);
        IL_2EF:;
    }
    catch when (endfilter((obj is Exception) & (num2 != 0) & (num4 == 0)))
    {
        Exception ex = (Exception)obj2;
        goto IL_2DF;
    }
    IL_311:
    throw ProjectData.CreateProjectError(-2146828237);
    IL_31C:
    if (num4 != 0)
    {
        ProjectData.ClearProjectError();
    }
}[/align]
[align=left] [/align]
Plain text


and The modifid One:
[align=left]
// SelfService
// Token: 0x06000311 RID: 785 RVA: 0x0001EA38 File Offset: 0x0001CC38
public static void DisplayLicense(ref Form inter)
{
    if (!LikeOperator.LikeString(Declarer.startPath, "*Debug", CompareMethod.Binary))
    {
        ProjectData.ClearProjectError();
    }
    string text = string.Empty;
    Declarer.licenseType = "HM";
    Declarer.verifiedKey = false;
    Declarer.licCompany = "By DrZero";
    string licenseType = Declarer.licenseType;
    if (Operators.CompareString(licenseType, "SG", false) != 0)
    {
        if (Operators.CompareString(licenseType, "PS", false) != 0)
        {
            if (Operators.CompareString(licenseType, "HM", false) != 0)
            {
                if (Operators.CompareString(licenseType, "TM", false) != 0)
                {
                    if (Operators.CompareString(licenseType, "EP", false) != 0)
                    {
                        text = SelfService.GetWord("trial_version");
                    }
                    else
                    {
                        text = SelfService.GetWord("enter_license_main_cust").Replace("XXXX",
                        Strings.Format(Conversions.ToInteger(Declarer.licensedPCs), "#,0"));
                    }
                }
                else
                {
                    text = SelfService.GetWord("team_license_main_cust").Replace("XXXX", Strings.Format(Conversions.ToInteger(Declarer.licensedPCs), "#,0"));
                }
            }
            else
            {
                text = SelfService.GetWord("home_license_main");
            }
        }
        else
        {
            text = SelfService.GetWord("personal_license_main");
        }
    }
    else
    {
        text = SelfService.GetWord("single_license_main");
    }
    if (Operators.CompareString(inter.Name, "Main", false) == 0)
    {
        if (Declarer.licenseType.Length < 1)
        {
            MyProject.Forms.Main.lLicType.Text = SelfService.GetWord("buy_full");
            MyProject.Forms.Main.lLicType.Cursor = Cursors.Hand;
            MyProject.Forms.Main.lLicType.Font = new Font("Segoe UI", 15f, FontStyle.Underline, GraphicsUnit.Pixel);
        }
        else
        {
            MyProject.Forms.Main.lLicType.Text = text;
            MyProject.Forms.Main.lLicType.Cursor = Cursors.Default;
            MyProject.Forms.Main.lLicType.Font = new Font("Segoe UI", 15f, FontStyle.Regular, GraphicsUnit.Pixel);
        }
        MyProject.Forms.Main.lLicType.Visible = true;
    }
    else
    {
        MyProject.Forms.About.lLicenseType.Text = text.Replace("\n", " ");
    }
    ProjectData.ClearProjectError();
}[/align]
Plain text
you can study those modifications inorder to understand what was modified.
PS. the second method that has been modified is "LoadLicense" Method


// About
// Token: 0x0600012F RID: 303 RVA: 0x00005450 File Offset: 0x00003650
private void LoadLicense()
{
    if (!LikeOperator.LikeString(Declarer.startPath, "*Debug", CompareMethod.Binary))
    {
        ProjectData.ClearProjectError();
    }
    Declarer.licenseType = "HM";
    Declarer.verifiedKey = false;
    Declarer.licCompany = "By DrZero";
    if (Declarer.licenseType.Length > 0)
    {
        this.lLicensed.Text = SelfService.GetWord("licensed_to");
        if (General.InStrings(Declarer.licenseType, new string[] { "SG", "PS", "HM" }))
        {
            this.lCUName.Text = Declarer.licUser;
            if (this.lCUName.Text.Trim().Length < 1)
            {
                this.lCUName.Text = Declarer.licCompany;
            }
        }
        else if (General.InStrings(Declarer.licenseType, new string[] { "TM", "EP" }))
        {
            this.lCUName.Text = Declarer.licCompany;
            if (this.lCUName.Text.Trim().Length < 1)
            {
                this.lCUName.Text = Declarer.licUser;
            }
        }
        this.lCUName.Text = this.lCUName.Text.Replace("&", "&&");
        this.lCUName.ForeColor = Color.FromArgb(0, 174, 29);
        this.lLicenseType.ForeColor = Color.FromArgb(0, 174, 29);
    }
    else
    {
        this.lLicensed.Text = SelfService.GetWord("trial_version");
        this.lCUName.Text = SelfService.GetWord("d2fp_limit");
        this.lCUName.ForeColor = Color.FromArgb(243, 82, 37);
        this.lLicenseType.ForeColor = Color.FromArgb(243, 82, 37);
    }
    Form form = this;
    SelfService.DisplayLicense(ref form);
    ProjectData.ClearProjectError();
}
Plain text
:


RE: محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - R333T - 13-03-2022

i will compare methods...
thank you bro <3

? Do you testd it, 
note the old version so easy to fish the serial with classic method
 search nag AlertBox for bad msg BP, then the step throw until you track the stack so easy man  dance
but the new versions use APIs to test license like i said earlier  crazy
Huh

RE: محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - samoray - 13-03-2022

Very nice of you my bro,
thanks for breaking up the target.
it would be very helpful for the forum members to learn from you
do you think you can make a tutorial for this target and share it here.?


RE: محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - R333T - 13-03-2022

Yes of course, but the next Sunday inchaallah  happy

RE: محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - samoray - 13-03-2022

Just remember, THIS IS VERY IMPORTANT, in this field of RCE world, you have to be honest, and if you took any piece of code or idea from any reverser, just give him some credits in your tutorials, for exemple if you used any piece of code from Dr.Zero patching solution, just give him some credits in your tuts, or in your released patchs.
salam

RE: محاولة كسر البرنامج Dùpl1c@te F1le F1nder Plùs - R333T - 14-03-2022

Blush
Man at the night when I'm thinking how I will recorded the tutorials 1st think is mention you and DrZero on the intro  amazing

flower