Leaderboard

Just wanted to post my solution here for anyone who might stumble upon this thread. GitHubGitHub - hekliet/tsrh-kgm: Keygen for TSRh TeaM Trial Key...Keygen for TSRh TeaM Trial KeygenMe #1. Contribute to hekliet/tsrh-kgm development by creating an account on GitHub.The 'keygen' provided in this repo is a simple command line program that takes a line of input (the username) from stdin and prints a regcode. It should compile anywhere. MSVC users might have to substitute getline with gets or something, I don't know. A keygen that looks pretty and plays music can be found here: https://hekliet.nekoweb.org/tsrh-kgm/tsrh-kgm1-keygen.zip It's a Win32 executable that also works in Windows x64 and was coded on Linux using MinGW. No video, sorry.

Unpacked. WL_unpacked.7z

Hi Codexplorer, First of all, I wanted to say a huge thank you for your work on the Unlicense project and for sharing your compiled version/updates. It’s an incredible resource for the community. I've been testing the tool on some specific WinLicense 3.x protected targets (specifically 32-bit/x86 binaries). While the tool works great on many samples, I encountered a few hurdles with recent Python/LIEF environments and x86 targets that might be worth looking into for a future improvement: LIEF Compatibility: Recent versions of LIEF (0.17+) seem to have changed some attributes (like MACHINE_TYPES moving to Header.MACHINE_TYPES) and now return section names as bytes instead of strings, causing TypeErrors in dump_utils.py. Frida RPC Stability on x86: I've noticed frequent TypeError: not a function errors during the setupOepTracing or enumerateModuleRanges calls when targeting x86 apps on Windows 10/11. This often leads to AccessViolation because the IAT resolution gets interrupted or fails to map correctly. Forced IAT/OEP: On some complex targets, adding a more robust "forced mode" for OEP and IAT (bypassing the Frida instrumentation if the user already knows the addresses) helped me get further, but a native implementation in your branch would be amazing. If you have any plans to optimize the x86 engine or update the dependencies handling for the newer LIEF versions, that would be a game-changer for those of us working on older automotive or industrial software. Thanks again for the hard work and for keeping this project alive! @CodeExplorer Hi Codexplorer, First of all, I wanted to say a huge thank you for your work on the Unlicense project and for sharing your compiled version/updates. It’s an incredible resource for the community. I've been testing the tool on some specific WinLicense 3.x protected targets (specifically 32-bit/x86 binaries). While the tool works great on many samples, I encountered a few hurdles with recent Python/LIEF environments and x86 targets that might be worth looking into for a future improvement: LIEF Compatibility: Recent versions of LIEF (0.17+) seem to have changed some attributes (like MACHINE_TYPES moving to Header.MACHINE_TYPES) and now return section names as bytes instead of strings, causing TypeErrors in dump_utils.py. Frida RPC Stability on x86: I've noticed frequent TypeError: not a function errors during the setupOepTracing or enumerateModuleRanges calls when targeting x86 apps on Windows 10/11. This often leads to AccessViolation because the IAT resolution gets interrupted or fails to map correctly. Forced IAT/OEP: On some complex targets, adding a more robust "forced mode" for OEP and IAT (bypassing the Frida instrumentation if the user already knows the addresses) helped me get further, but a native implementation in your branch would be amazing. If you have any plans to optimize the x86 engine or update the dependencies handling for the newer LIEF versions, that would be a game-changer for those of us working on older automotive or industrial software. Thanks again for the hard work and for keeping this project alive! @CodeExplorer

I was not able to download your firmware completely (Catbox seems to be having problems today) but I can give you some tips anyway. Step 1: It's unlikely that you've encountered a very unique hardware that has no existing tooling or documentation. Also a lot of hardware is made by the same OEM manufacturer in China and just sold under different brand names. So, use Google. Seriously. :) First few kilobytes of your firmware contain plenty of interesting and unique strings. Search for each one separately, or some combination of them. You're basically looking for the information about your hardware - CPU and system board manufacturer, addon boards, sensor information, and so on. You'll be amazed how much information a single search can provide. You could also search for the hardware make/model (which unfortunately you didn't tell us) or FCC ID. Step 2: Once you know the basic hardware information, use Google again. Look for tools and SDKs for the specific manufacturer/CPU. Use Google Translate to browse Chinese and Russian sites - they are a goldmine when it comes to hardware hacking and documentation. You should be able to find this github project. too. I didn't run the tool but a quick look at the source code tells me it should unpack your firmware with little to no modifications. Step 3: Load the unpacked firmware in Ghidra/IDA and start the actual reverse engineering process. :)

Bypassed the license check but unpack is too complicated. The imports are very heavy wrapped. Can do it but few hours manual work will need.

This one is an interesting sample. Code is really small, so it was stolen completely, thus it's hard to tell app code from protector code. Functional code is quite simple, just MessageBoxA. And that's it, it does nothing more. After showing the message box it starts freeing memory that definitely isn't app code. But for the sake of completeness let's get to the bottom of this. We have 8 more code bytes. And we have 1 reloc pointing there, meaning ExitProcess should perfectly fit in. Unpacked file attached with code, import and relocs restored and sections cut. unpacked.exe

This one is quite easy or easy protection options were chosen. Import isn't redirected. EP code is restored, sections are cut, resources rebuilt. Had to cut it in 2 parts. unpacked.part1.rar And part 2. unpacked.part2.rar