PDA

View Full Version : Wise installation system and script decompilation


LaptoniC
November 25th, 2001, 17:43
I am trying to decompile wise installation scripts.I know most of the functions prototypes parameters etc.I decompiled Oxbuttons v6.0b htxx://www.opaquesoftware.com Here is my decompilation
Code:

Rem Oxbutton Test Script
Rem Oxbutton Test Script
Rem Oxbutton Test Script
Set Variable SERIALKEY to 111
Set Variable SOURCEKEY to 962
Set Variable ALT_SERIALKEY to 441
Set Variable ALT_SOURCEKEY to 938
Set Variable ALT_KEY to %ALT_SERIALKEY%
Set Variable KEY to %SERIALKEY%
Rem Main script body starts here
Prompt "Enter Serial number" Variable LIC
Rem Divide Serial number to two pieces starting from 7 th position
Parse String "%LIC%" into CTLNO and REGID
Set Variable ORDCHAR to Mid$(REGID,1,1)
If ORDCHAR Equals "T" then
Get System Information into DATE
Set Variable DATE to Concat$(Mid$(DATE,7,2),Mid$(DATE,1,2))
Set Variable CHECK to Mid$(REGID,2,4)
If DATE Greater Than "%CHECK%" then
Display Message "bad"
Set Variable REGID to
End
End
Set Variable TMP to 0
Set Variable TMP2 to 0
Set Variable COUNT to 0
Set Variable REGID_LEN to Len(REGID)
While COUNT Less Than "%REGID_LEN%" loop
Set Variable ORDVALUE to 0
Set Variable ORDCHAR to Mid$(REGID,(COUNT+1),1)
Rem There is 1Bh at the end of this function but I dont know the meaning of it.
Set Variable ALL_CHARS to 0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
Set Variable ORDVALUE to Instr("%ALL_CHARS%","%ORDCHAR%"+47
Rem These are in the script two times but it doesnt make any difference
/* Set Variable ALL_CHARS to 0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
/* Set Variable ORDVALUE to Instr("%ALL_CHARS%","%ORDCHAR%"+47
Set Variable TMP to TMP+((COUNT+1)*(KEY+ORDVALUE))
Set Variable TMP2 to TMP2+((COUNT+1)*(ALT_KEY+ORDVALUE))
Set Variable COUNT to %COUNT%
End
Set Variable TMP to KEY * 10000-(TMP+(TMP*10))
Set Variable TMP2 to ALT_KEY * 10000-(TMP2+(TMP2*10))
If CTLNO Length Equal To "7" then
If TMP Equals "%CTLNO%" then
Set Variable RESULT to TRUE
Else
If TMP2 Equals "%CTLNO%" then
Set Variable RESULT to TRUE
End
End
EndIf RESULT Equals "TRUE" then
Set Variable REG to RS
Set Variable PASSWORD to TRUST-1
End

Protection is like this.
This guys doesnt belive Wise own password system.As you know you can unpack files with e_wise and similar tools.However you will be surprised when you unpack files.Unpacked files named *.eox are crypted.So when you enter correct serial program unpack crypted files and decrypt it with oxcd.dll oxdfiles function.In the script below information is present
seg000:3C9B aTempOxcd_dll_0 db '%TEMP%\oxcd.dll',0
seg000:3CAB aOxdfiles db 'oxDFiles',0
seg000:3CB4 a41Compdir_2123 db '41%COMPDIR%\*.*',0Dh,0Ah ;indir 41 isnt important here
seg000:3CB4 db '2123984',0Dh,0Ah ;Key
seg000:3CB4 db '21-1',0Dh,0Ah ;parameter
seg000:3CB4 db '41%XNAME%',0 ;outdir
seg000:3CDE db 32h ; 2

So it seems to calling like
call oxDfiles,offset indir,2123984,offset parameter,offset outdir

I have tried to load dll and call this function but it didnt worked.In previous version I made a bruteforcer which was able to find decryption key within 1 sec.(Key space is limited to FFFh you will see if you dissamble oxcd.dll)
However this bruteforcer didnt worked on this version.Maybe they crypted several times I dont know.
According to this script 4355594T123 or 4377572123 passes this checks however when I enter one of these serials and I choose full version option it doesnt works.If you have any information about wise installation script please help me.Sorry for my english and long post but I want to show that I indeed worked on this and I got stuck

In the attached zip file you will find below files

Lap_oxbut.wse --> decompiled script of orginal setup
Lap_oxbut.bin --> binary of above one
script.bin --> original script binary.
wisescript.txt --> some information about wise scripts

Note:If you dont have wise unpacker you can unpack files via running setup with /x parameter.Password is TRUST-1

Thanks for reading this.I will appreciate any help.

LaptoniC
November 25th, 2001, 17:50
Ooopps forgot to attach