Page 1 of 2 12 LastLast
Results 1 to 15 of 25

Thread: public-key based Delphi components protection: SLockPK

  1. #1

    public-key based Delphi components protection: SLockPK

    here is the component:
    h**p://www.crypto-central.com/slock/slock_pk.html

    and it is used by this baby(Beyond Compare 2.0):
    h**p://www.scootersoftware.com/bc20beta.exe

    I have not figure out how to patch it.
    :DWARNING: Shareware authors are reading your detailed discussions without paying you!:D

  2. #2
    Lbolt99
    Guest

    sounds interesting

    I saw someone talking about this in one of the usenet groups.. basically the general consensus there is that ASPR and SlockPK are the best protectors..

    Found them by doing a search for ASprotect on google groups (dejanews for the old-schoolers , just for kicks when I was bored, just to see what people were talking about..

    found lots of bragging about asprotect and all cracks etc stopping after the authors switched. Downloaded most of them (helpjotter, system cleaner, handy productions stuff, etc), no problem cracking

    Is ASPR really that hard? that it stops most crackers in their tracks?

    Found SlockPK discussion too. several people were praising it.

    Going to take a look at it this weekend. BTW where are you stuck at? were you able to get it unpacked? (Not sure if it's even a "packer" like ASPR")

    BTW one funny thread I found was one titled "Playing dirty" in the alt.comp.shareware.authors newsgroup. Aparantly Alexey has been promoting asprotect by emailing ppl recommending other protections (armadillo, etc) and sending them the crack
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    hehe, interesting about Alex

    I have read the documents of SLockPK and the header file "slock.hpp" in its SDK. This header file reveals most of the secrets. The EXE hash calculation is done in GetHashSelf( ) and it may be defeated just like what I did with CommView 3.0. The certificate check is in CheckProtectionCore( ). I will try to patch this with a disassembling of slock.obj.

    If the shareware author puts a key in the certificate, then use this key to decrypt some code/data in their software(just as what Alex does), it may be hard to defeat without a valid certificate.
    :DWARNING: Shareware authors are reading your detailed discussions without paying you!:D

  4. #4
    goatass
    Guest
    I took a quick look at this program and it doesn't look too bad. It uses RSA for the certificates. The values you see in the license file are encoded in some lame coder. The best thing is that the certificate builder is written in Delphi so with DeDe you can decompile it and figure out everything they do pretty easily.

    I'm gonna look at it some more today when I get the chance.

    goatass
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    goatass
    Guest
    OK, after looking more into it it's not as lame as I initially thought. The entries in the file are encrypted with RC4, some with a static password and some with the hash of the username as the password. It uses RSA 384 I think for the certificates. I have to do some more work to figure out how it generates the public key and understand the RNG it uses.

    Solomon, how did you get the SDK? can I get a copy of it from you?

    goatass
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    thx goatass for your help.

    It is RSA-1024 mentioned in their web page. The trial version of this component can be d/l from their web for free. But the certificate builder itself in this trial will not work without a valid certificate.

    There is sth wrong with my ISP, so I will lose connection to this forum for a few weeks.
    :DWARNING: Shareware authors are reading your detailed discussions without paying you!:D

  7. #7
    goatass
    Guest
    ok I knew it was the stronger RSA, I can never figure out how many bits it is. When I get some more time I'll continue working on it. If anyone else with more crypto knowledge would like to help us out that would be great.

    goatass
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Now Beyond Compare v2.0 is successfully patched. No need to reverse the algo, just patch the 30-day time check
    :DWARNING: Shareware authors are reading your detailed discussions without paying you!:D

  9. #9
    Lbolt99
    Guest

    looks interesting

    I just downloaded it, this looks pretty interesting. As goatass said, it loads into Dede (!!)
    Last edited by Lbolt99; August 5th, 2002 at 21:10.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    gutica
    Guest

    Lightbulb Some remarks

    Well, I look at SlockPk sometimes ago (some program I use is protected with it). Basicly, You need to patch return values from CheckProtection (I think CheckProtectionCore too) to get appropiate values (don't remember values, think 3 - registered). In their help file (SlockPK) there are explanation of functions they use. So just study functions they use in program and patch values they return. It's for simple programms, I didn't find programms which encrypt portion of code with SlockPK, so I can't talk about reversing them.
    Greets !
    Gutica
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815
    Holy cow a resurrection of the dead !

    Speaking of Beyond Compare, my company uses it for everything nowdays..

    -nt

  12. #12
    gutica
    Guest

    Talking Nice

    Ha, ha, ha .. Nice Nikola Tesla (well, my favorite scientist, also from my motherland). To correct my previous post, CheckProtection return value 3 if RegistrationCertificate found. GetStatus return 3 if You are registered, GetExtendedStatus return 7 if registration certificate is found and application is registered, Isregistered same as GetStatus, and so on ... Yes, there are more functions (methods, properties) which You can examine, but why attack protection where is strongest (decode and encode certificate) instead of weakest point ?
    Greets to all,
    Gutica
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    SKiLLa
    Guest
    just defeated a (PECompact 2.x +) SLockPK 3.0 protected tool and yes, it's easy ... couldn't find the obvious 'CheckProtection' names, but the license-status IDs are all over the place The author's website also talks about 'protects program integrity', but I haven't noticed that

    Just patching in some fixed '3' status and NOPping some routines was quite painless ...thought I'd inform you guys about it, since I also found some topics/sites rating it 'as good as ASPRotect' and that's absolutely not the case.

    PS: 2nd resurrection for this thread
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    The_Elysian
    Guest
    Hello fellow-reversers! First post and alreadt a question:

    I am also trying to break a slockpk protected target, but I can't find the mentioned function names anywhere. Can you tell me how to find where to find references to these function?

    Thanks a lot!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    SKiLLa
    Guest
    Well I don't have my notes here and my target also didn't have the obvious function-names mentioned earlier in this thread, but as a hint:

    Look for functions (calls) which return [EAX] (AL ?) = 1, I believe 1 is 'non-expired trial', 2 is 'expired trial', '3 = registered'. Please also note that there are 'extended statuses with the range [1, 7]. Don't recall which is the 'goodboy' status in that case (7 ?).

    There is this obvious routine with a loop modifying & comparing EAX & EBX (from just above 0 (000 0xxx) to just below 0 (= FFFF Fxxx) the whole time, it's quite different from most other code. If you spot that routine you know you're close.

    Perhaps I still have my notes somewhere at home, just let me know if you want them
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. App using SLockPK
    By ok777777 in forum The Newbie Forum
    Replies: 6
    Last Post: April 15th, 2007, 12:05
  2. An unusual driver based Time-trial protection
    By Kayaker in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: March 12th, 2005, 01:50
  3. Internet based protection
    By nimadismal in forum The Newbie Forum
    Replies: 3
    Last Post: January 22nd, 2005, 01:25
  4. Electronic components
    By Silver in forum Off Topic
    Replies: 8
    Last Post: October 30th, 2004, 12:21
  5. java third party components debugging
    By ramin_rad2000 in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: April 24th, 2004, 19:22

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •