WinLicense v3.1.3.0 x86 (All Protection Options)

[boot]

1 hour ago, Sean Park - Lovejoy said:

test this

1 hour ago, Sean Park - Lovejoy said:

it is possible to bypass

Spoiler

Winlicense Test_Unpacked.zip

[New Year - New Mind]

14 minutes ago, boot said:

  Hide contents

Winlicense Test_Unpacked.zip 16.78 kB · 0 downloads

@boot Wow, I acknowledge that you are actually greater than me.

May I ask you to show how to bypass the HWID lock of this with an invalid key file?

Regards.

sean.

Edited June 7, 2024 by Sean Park - Lovejoy

[New Year - New Mind]

11 hours ago, Sean Park - Lovejoy said:

@boot Wow, I acknowledge that you are actually greater than me.

May I ask you to show how to bypass the HWID lock of this with an invalid key file?

Regards.

sean.

@boot Please. post the how-to video for us to learn.

Regards.

sean.

Edited June 8, 2024 by Sean Park - Lovejoy

[jackyjask]

kindly asking to do p2p talk in PM

 

[New Year - New Mind]

9 minutes ago, jackyjask said:

kindly asking to do p2p talk in PM

 

@jackyjask If you can do it, can you send me a message?

Regards.

sean.

[New Year - New Mind]

19 hours ago, boot said:

  Hide contents

Winlicense Test_Unpacked.zip 16.78 kB · 2 downloads

@boot I want to bypass this target. so I really need your help.

At least, can you tell me the "cmp x,x" addresses of this target to bypass the HWID lock?

Regards.

sean.

[New Year - New Mind]

17 hours ago, Sean Park - Lovejoy said:

@boot I want to bypass this target. so I really need your help.

At least, can you tell me the "cmp x,x" addresses of this target to bypass the HWID lock?

Regards.

sean.

@boot Please, review this post.

Regards.

sean.

[New Year - New Mind]

@boot Did you unpack this target without bypassing the HWID lock?

Regards.

sean.

[New Year - New Mind]

On 6/5/2024 at 5:56 PM, Sean Park - Lovejoy said:

Can anyone bypass this HWID protected application with a fake license key file? It is the WinLicense v.3.1.3.0 x64.

Winlicense Test.zip 4.8 MB · 16 downloads

Regards.

sean.

@boot I tried and tried to bypass this target. but I can not do it without other's help.

So I really beg your help. How do I do to bypass this target?

Many thanks in advance.

Regards.

sean. 

[New Year - New Mind]

For this package, I did it.

 

Winlicense 3.1.3 Test x64.zip

 

However, @boot I couldn't do it for this package. give me your hand please.

 

Many thanks in advance.

Regards.

sean.

[New Year - New Mind]

On 6/9/2024 at 12:06 AM, Sean Park - Lovejoy said:

@boot I want to bypass this target. so I really need your help.

At least, can you tell me the "cmp x,x" addresses of this target to bypass the HWID lock?

@boot Help~! The addresses please.

I have the exception error.

Regards.

sean.

 

Edited June 11, 2024 by Sean Park - Lovejoy

[New Year - New Mind]

I did it too.

View this youtube video for the solution.

 

Regards.

sean.

Edited June 11, 2024 by Sean Park - Lovejoy

[iamwho]

thanks @Sean Park - Lovejoy for your tutorial

[BOSCH]

On 6/11/2024 at 1:05 PM, The Binary Expert said:

I did it too.

View this youtube video for the solution.

 

Regards.

sean.

someone who shares his solutions.

Κeep up your good work.

[ivan_brono]

Hi

I have a file when i want to open with exeinfo pe i get this result:
"Themida - Winlicense v3.0.0.0 - 3.0.8.0 ( ! nstd stub ! )"

and  i want to open this exe file to see its code
can anyone help me please??

thanks

[lengyue]

 

Provide a KeyGen sample.

 

 

Edited February 2 by lengyue

[boot]

It is worth mentioning that this example does not require KeyGen - you can try and even bypass it without a valid KeyFile. As I mentioned before,

Quote

https://forum.tuts4you.com/topic/44976-the-enigma-protector-x64-v74-hwid-lock/#findComment-224102

Those who boast about "KeyGen" but do not provide effective solutions are useless besides wasting forum space and questioner's time.

Although some of the code in winmm.dll you provided has been intentionally virtualized, the general logic is as follows:

winmm.dll

1. Hook addr_va1 = 0x00B5C19E

2. Modify byte 0x89 of addr_va2 = 0x0055B63E

Quote

02 81 80 83 18 BA 14 B1 D6 E3 08 67 BD FD 42 D8 6B A7 F1 B1 E3 FF 3F DC 68 BC E8 A9 A8 A2 4E 7C
F4 7A 9B 93 96 B2 F2 CC F3 52 76 22 78 B8 7A 6A A1 D5 04 6D F1 67 48 E3 18 72 1E C5 74 72 AF CB
1A 90 C5 42 64 37 FD CD EA A4 7B C0 22 21 A2 50 DF E2 E7 23 C8 2F D7 04 6A 84 5E 82 83 82 2B 7E
09 02 81 B7 1D 43 37 74 6D 86 B3 DE EA 16 CE 8A D5 A9 F5 C4 4E 00 65 8B F1 94 E2 26 08 44 0F 5B
A7 0D 2B 02 03 01 00 01 00

3. Modify the 0x10A byte of addr_va3 = 0x0065F8B8

Quote

02 82 01 00 BD D9 F2 83 EA 14 E6 32 E2 31 C2 24 F6 94 98 01 83 11 28 1D 53 A4 4F 68 13 55 6C ED
0F 27 02 BF 60 40 10 23 43 2E 74 4A F1 41 31 AE E2 06 CA 7D E8 8F 2E 8C A5 E7 1E 69 A6 5E D8 61
E5 C3 0D 21 D6 EF D7 0A E9 9A 7A C1 B2 B7 BB BE 99 CC 99 F1 DD 16 78 30 0A 60 9E 42 91 4B BB 5D
5F FA 40 AE 14 A7 4F DF 28 68 FF B7 A6 88 91 BC A4 9B 9E B8 F5 A2 1B F4 50 AF 90 6B 2D 33 AE A6
77 A6 C0 9F 20 C7 D6 93 0D 37 28 85 30 E5 5A 71 50 5E 14 27 72 87 FC 95 E1 7E B8 A1 38 C1 B6 4F
98 E9 C0 8B 90 F6 F5 31 E2 5E 77 CA 92 75 57 EC B0 E2 20 11 B3 39 98 D9 5D E0 44 F5 77 B7 D6 8F
26 5C 6F 91 63 BD 6A 54 04 5A F3 C0 A0 BE 46 06 E6 6E 6A 10 E4 B8 1D A9 17 28 80 2F E7 25 2C 12
08 A0 D9 47 56 C1 B0 5E D2 33 D5 FF D9 3E 38 DF 63 FF 2A 4F 23 A9 C5 5B 0F 26 51 1D 92 F9 ED A6
C5 36 1B 6F 02 03 01 00 01 00

4. Remove the hook of addr_va1

KeyGen.exe

Generate a KeyFile file using WL's built-in SDK example, which already includes the replaced public key.

And then achieve the effect of generating keyFiles ourselves.

[kuazi GA]

2 hours ago, boot said:

值得一提的是，此示例不需要 KeyGen - 您可以尝试甚至在没有有效 KeyFile 的情况下绕过它。正如我之前提到的，

虽然您提供的winmm.dll中的部分代码已经被有意虚拟化，但总体逻辑如下：

动态链接库

1. 钩住 addr_va1 = 0x00B5C19E

2.修改addr_va2的字节0x89 = 0x0055B63E

3.修改addr_va3的0x10A字节=0x0065F8B8

4.去掉addr_va1的钩子

密钥生成器

使用WL内置的SDK示例生成KeyFile文件，其中已经包含了替换后的公钥。

然后达到自己生成keyFiles的效果。

 

5 hours ago, lengyue said:

 

提供一个 KeyGen 示例。

 

  密钥生成工具 1.44 MB · 7 次下载

Great learning example.

[kuazi GA]

Without using a hijack patch, example prompt

.

[lengyue]

1

Edited February 3 by lengyue

[boot]

22 minutes ago, lengyue said:

Offer a solution? Don't overthink it, be able to find solutions from examples yourself. Only the incompetent would consider it a boast. I didn't encrypt the public key, nor did I bother to. I didn't even encrypt Licensehash.

😁 I'm not asking you to share your src or tuts/offer a solution. But your reply in my topic

Quote

https://forum.tuts4you.com/topic/44125-winlicense-v3130-x86-all-protection-options/page/4/#findComment-224170

are these useful? No - absolutely not.

Only one sentence, one picture, and one RAR package.

Even more unfortunately, some files in your RAR package are deliberately VM some code snippets. What can the downloaders learn from your RAR package? Besides the analysis reply I provided, which downloader provided an effective analysis reply?

In this topic, you're just trying to get attention by showing-off that you can do this with some deliberately modified files that don't have any useful information.
We're here to learn and share knowledge. If you don't want to share, that's fine. No need to brag, but if you do, I don't mind.

In addition, this topic would like to give special thanks to @TRISTAN Pro for selflessly sharing his tutorials and knowledge.

[lengyue]

You can you up, No can no BB

Edited February 3 by lengyue

[boot]

2 minutes ago, lengyue said:

Yeah, showing off. If you can show it off, I'll applaud you.

As I mentioned before,

Quote

but if you do, I don't mind.

But please don't make similar replies in my topic, it just wastes the time of the questioner the downloader and the forum resources.

[lengyue]

1

Edited February 3 by lengyue

[New Year - New Mind]

2 hours ago, boot said:

😁 I'm not asking you to share your src or tuts/offer a solution. But your reply in my topic

are these useful? No - absolutely not.

Only one sentence, one picture, and one RAR package.

Even more unfortunately, some files in your RAR package are deliberately VM some code snippets. What can the downloaders learn from your RAR package? Besides the analysis reply I provided, which downloader provided an effective analysis reply?

In this topic, you're just trying to get attention by showing-off that you can do this with some deliberately modified files that don't have any useful information.
We're here to learn and share knowledge. If you don't want to share, that's fine. No need to brag, but if you do, I don't mind.

In addition, this topic would like to give special thanks to @TRISTAN Pro for selflessly sharing his tutorials and knowledge.

Where is  the @TRISTAN Pro's tutorial?

Regards.

sean.