Jump to content
Kdn

How do they stop serial key fishing?

Recommended Posts

Kdn

Hi all,

 

I have an app that checks a serial number (offline) against a name and email address. I have a valid serial number for the app and I wanted to find where it does the comparison, however putting in the name and email with a wrong serial key and stepping through the function line by line I never see the real serial popup. I do see about 20 strings that are all the same length get generated but none are valid. I also see my fake serial show up.

 

Logically it must be generated and compared right so how do they hide the real serial from the debugger? 

Share this post


Link to post
Share on other sites
CybotX
56 minutes ago, Kdn said:

Hi all,

 

I have an app that checks a serial number (offline) against a name and email address. I have a valid serial number for the app and I wanted to find where it does the comparison, however putting in the name and email with a wrong serial key and stepping through the function line by line I never see the real serial popup. I do see about 20 strings that are all the same length get generated but none are valid. I also see my fake serial show up.

 

Logically it must be generated and compared right so how do they hide the real serial from the debugger? 

 

Lets say for example, if you take a valid serial , pass each char through a hash table, break the hash into pieces , encrypt each piece and put them into separate module. And you decide to compare each part decrypted on fly part by part.. You'll never see a complete serial as you expect.

  • Like 1
  • Upvote 2

Share this post


Link to post
Share on other sites
Kdn
14 hours ago, CybotX said:

 

Lets say for example, if you take a valid serial , pass each char through a hash table, break the hash into pieces , encrypt each piece and put them into separate module. And you decide to compare each part decrypted on fly part by part.. You'll never see a complete serial as you expect.

Fair comment I know they can make it very difficult for us but even in that scenario wouldn't there still need to be a comparison of does 564=564 for example? Even if 564 used to be something completely different?

 

I guess my real question is does the serial have to be contained in a memory register or can it be held elsewhere? In my case the file is a single DLL so moving modules is not an option here

 

 

Thanks for your comments!

Share this post


Link to post
Share on other sites
CybotX
3 hours ago, Kdn said:

Fair comment I know they can make it very difficult for us but even in that scenario wouldn't there still need to be a comparison of does 564=564 for example? Even if 564 used to be something completely different?

 

I guess my real question is does the serial have to be contained in a memory register or can it be held elsewhere? In my case the file is a single DLL so moving modules is not an option here

 

 

Thanks for your comments!

 

separate module is a scenario example, that i mentioned in  the very first phrase of the sentence. Not necessarily your serial has to contain as static data in registers or even be in the stack unless you are lucky and that the developers would be too lame to put it as : 564 == 564. One cannot always expect 564 == 564, if that happens that will be your lucky day .A DLL can be composed of multiple routines you can split the serial key into and compare the split parts instead to avoid direct comparison  .

 

not necessarily you have to directly check : does 564 == 564 .

you can compare the serial like this : if  md5Hash(564) == 1728efbda81692282ba642aafd57be3a  then serial is correct

 

(Lets assume your original serial is 564. But 564 is never stored in the program codes as a static data, what is store is a hash of 564 which is: 1728efbda81692282ba642aafd57be3a) . Now this is a secret, the stupid cracker doesn't know about it. All he will see in the disassembler is this big giant number. Not 564.

 

Enter your serial : 123 

 

Serial check  Routine: 

md5Hash(123) = 202cb962ac59075b964b07152d234b70

md5Hash(123) ≠ 1728efbda81692282ba642aafd57be3a  : Message Box "serial is not correct ."

 

How would you even know what is 1728efbda81692282ba642aafd57be3a ??

You should enter '564' as a serial to get : 1728efbda81692282ba642aafd57be3a 

 

 

Another lame way checking it as below, just as example, it doesn't has to be like this:

You can very much compare 564 like this ::

Condition 1:  if 1st char (is 5 from left side == 7-2 from right side then) GoTo Condition 2

Condition 2:  if 3rd char (is 4 from right side == 2+2 from left side) GoTo Condition 3:

Condition 3: if 2nd char (is 6 from left == 6 from right)

 

if all the above three conditions met your serial is correct. And you never have to directly check : does 564 == 564 .


 

  • Like 3
  • Thanks 1
  • Upvote 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

Guidelines