for(x = 0; x < fileSize; x++)
{
buffer[x] ^= 0x4F;
buffer[x] -= 0x16;
}
it was simply an xor with 4F, and a subtract 16h. I guess it keeps the prying eyes out, but that's about all. They had written the code to DO this feat of software engineering in C, so they could have just as easily have used one of the REAL encryption functions from openssl or something. Anyway, it gets worse. What this file is, is the code for the GUI, in LUA! Yes, I know some video games do some things in LUA, but if you can write the C code to decrypt your file, and call the LUA interpreter to handle it, you should be able to spend the 20 minutes it would take to learn how to do the rest of the GUI in C++ under MFC. It's not the most involved GUI in the world. It's really rather simple. Since this company is still in business I can't point you to the program, or their site, but trust me. The main app has about 6 buttons on it, and none of them does anything involved. So, back to the story. We now know what's going on, so I whip up a quick application to read their file, and spit out an unencrypted version of it for my perusal. And it has the string table, and fun things like that. A function that gets info about your machine for pseudo-finger printing so that they can *in theory* lock the application to your computer. Function to check to see if you have a license file, to read it in. To check that your serial number in the license file is valid, etc. All the things that you would expect. So, I look at their code to handle the license file. Here are the steps:
open file
read in file, up to 100 bytes!
open file
read in file, up to 100 bytes!
grab the 1st 4 bytes. (Yes, only 4).
Build a string from the last 4 digits of your fingerprint code. (9 - digit 3) (9 - digit 1) (9 - digit 4) (9 - digit 2)
Compare this generated code to the code that you entered. Oh also compare it to the fixed value 4475.
If either of these matches, LICENSE IS GOOD! FULL VERSION!
*FACEPALM* They had a reasonable idea going along, and then 4 digits? Seriously? Backdoor code left in by the developer? WHY? And in LUA, where any jackleg can come along, decrypt the file, and see your original source. Just pathetic!
****UPDATE****
I did a little more digging, and the situation gets a little MORE pathetic. I thought about this, and considered "Maybe they know nothing about C, and this was their only way to make a product! They found some code online that let them embedded a LUA VM, and launch their code, and the load/decrypt was all that they could muster." In which case, I can kinda understand their suckage. Not so kemosabe. As they like to say in the NFL, "Upon further review". I spent a few minutes digging into the application that launches their script. It's not JUST a launcher! It contains a library of functions in a custom namespace that they call from inside their LUA script. What really triggered this, is I was curious to find out how their "Machine ID" function worked. So, they have the chops to develop an entire library of utility functions in C, on windows AND Mac! Yet they can't be bothered to develop a GUI in something other than LUA. And, as I typed that last sentence, it hit me. This is the worlds lamest cross-platform application. Develop the GUI once in LUA, write stock C code, compile it on windows, and mac, and ship it. OK, well, moving on. So where DOES this vaunted Machine ID come from? Why from here: "SELECT ReleaseDate FROM Win32_BIOS" I should check the Mac version, since this facility isn't available on the Mac. Stay tuned. This could be epic!
****UPDATE****
I did a little more digging, and the situation gets a little MORE pathetic. I thought about this, and considered "Maybe they know nothing about C, and this was their only way to make a product! They found some code online that let them embedded a LUA VM, and launch their code, and the load/decrypt was all that they could muster." In which case, I can kinda understand their suckage. Not so kemosabe. As they like to say in the NFL, "Upon further review". I spent a few minutes digging into the application that launches their script. It's not JUST a launcher! It contains a library of functions in a custom namespace that they call from inside their LUA script. What really triggered this, is I was curious to find out how their "Machine ID" function worked. So, they have the chops to develop an entire library of utility functions in C, on windows AND Mac! Yet they can't be bothered to develop a GUI in something other than LUA. And, as I typed that last sentence, it hit me. This is the worlds lamest cross-platform application. Develop the GUI once in LUA, write stock C code, compile it on windows, and mac, and ship it. OK, well, moving on. So where DOES this vaunted Machine ID come from? Why from here: "SELECT ReleaseDate FROM Win32_BIOS" I should check the Mac version, since this facility isn't available on the Mac. Stay tuned. This could be epic!
1 comment:
You can probably guess the author's ATM pin code.
Post a Comment