Jump to content
Tuts 4 You

[unpackme]WLUnpackme

mm10121991

By mm10121991
in UnPackMe

 Share

Recommended Posts

mm10121991

mm10121991

Posted
Posted (edited)

hello

this is a new winlicense 2.1.3 unpackme with HWID lock

but not like other because of ring 0 licensing management

good luck on it

WLK.rar

Edited by mm10121991
LCF-AT

LCF-AT

Posted
Posted

Hi,

here my unpacked and a Inline file.If the unpacked file does not work on your system maybe then run the other InLine file.Just test and tell whether its working for you.

PS: The InLine file also need the WLK.dat in the same folder to run.

greetz

WLkeygenme HWID RISC Unpacked and InLinePatched x2.rar

  • Like 5
mm10121991

mm10121991

Posted
  • Author
Posted

wow nice work !!

how did you that ??

i thought all licensing management is moved to ring0

i didn't thought that it will be solved at least not so fast like this since ring0 protections are always quite hard

nice work again LCF-AT.

quosego

quosego

Posted
Posted (edited)

It's easy. There aren't any antidumps. And my old methods work fine.


005B7734 509591BE ¾‘•P	 should be 	 333370D5	 is_reg dword_1
00416737 098B42B9 ¹B‹.		 Is_reg dword_2

Set them when the VM checks for correct licensing. @

006E0134						 ^\E9 9786FFFF			 JMP 006D87D0

It's not moved to ring0.. It's still where it used to be..

My VM interpreter output:


CMP ECX,EDX					 || EAX; 00000106, ||| ECX; 509591BE, ||| EDX; 333370D5, ||| EBX; FF926301,				 // As you can see the correct value is 333370D5
CMP ECX,EDX					 || EAX; 00000106, ||| ECX; 098B42B9, ||| EDX; 2A3B16EF, ||| EBX; FF926101,				 // Checks which error occured. (HWID in this case) if it passes this'll be skipped.
CMP ECX,EDX					 || EAX; 00000106, ||| ECX; 098B42B9, ||| EDX; 41B0E024, ||| EBX; FF925E01,
CMP ECX,EDX					 || EAX; 00000106, ||| ECX; 098B42B9, ||| EDX; 4B89D694, ||| EBX; FF925C01,

Attached is a proper inline not using a loader. And only a 3 dword patch which is at the ep so people can investigate it. It does require the license. Also removed the EP obfuscation for clarity. Also it doesn't crash if the license is removed.

regards,

q.

inline.rar

Edited by quosego
  • Like 2
  • 11 years later...
lovejoy226

lovejoy226

Posted
Posted (edited)
On 9/30/2012 at 11:45 PM, quosego said: 
005B7734 509591BE ¾‘•P	 should be 	 333370D5	 is_reg dword_1
00416737 098B42B9 ¹B‹.		 Is_reg dword_2

Set them when the VM checks for correct licensing. @ 

006E0134						 ^\E9 9786FFFF			 JMP 006D87D0

 

Hello, everyone.

Does anyone know how to find is_reg dword_1 and is_reg dword_2 addresses?

Many thanks in advance.

Regards.

sean.

Edited by windowbase
editing some words.
  • Like 2
lovejoy226

lovejoy226

Posted
Posted
On 2/4/2024 at 6:51 AM, windowbase said:

Hello, everyone.

Does anyone know how to find is_reg dword_1 and is_reg dword_2 addresses?

Many thanks in advance.

Regards.

sean.

View this video that shows you how to bypass hardware id lock of this application.

 

Regards.

sean.

  • Like 1
  • 7 months later...
kuazi GA

kuazi GA

Posted
Posted (edited)
On 2024/2/11 at AM4点03分, The Binary Expert said:

观看此视频,了解如何绕过此应用程序的硬件 ID 锁。

 

问候。

肖恩。

Actually, there's also a quick bypass: just modify a single byte from 00 to 01, no need to check

Edited by kuazi GA
  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...