nHi,

I have a question concerning a particular keygen by X-FORCE for Autodesk Maya 2010. (Not sure if I should post it or if someone able to answer my question has access to it by him-/herself)

Normally I wouldn't think twice about it, but since they put "NO LAME DLL PATCHING" I began to wonder what and why their "Mem Patch" was.

Can anyone figure out what this memory patch does exactly? Disable some online check, let's you chose whatever SERIAL number to go with the req/auth code?

I suppose technicly it's right that there is no DLL patching (or patching on any files), but what can they be patching in memory for this registration scheme?


Any light you can shed on the matter is greatly appreciated,

- James

PS: I tried debugging the keygen without being able to make much sense of the Mem Patch runtime (not that I'm surprised as I have no precise idea what's suppose to happen).

Why don't you run some live action reversing utilities on it? I'd suggest as a start Sysinternals Process Monitor, Sysinternals VMMap, TopToBottomNT by Russell Osterlund.

A quick search yields an .nfo that says something like "open Activation screen, open keygen, click on Mem Patch". A few things to try:

Run Process Monitor before you open the keygen and see if it accesses any registry keys or files related to the target. Clear the screen and check the logging again when you click on Mem Patch.

Monitor the target with VMMap before clicking on Mem Patch. Refresh after Mem patching and choose to Show Changes. If you're lucky, the changes may point out the memory patching region.

Use TopToBottom to view the mem regions you think might have changed. You can copy/paste sections into before/after files and do a bin comparison with a hex editor.

There are probably some other tricks you could use, such as before/after VMWare snapshots, etc.

(and No, you can't post the keygen here)

Kayaker

Great ideas, thanks a lot!


- James

These should help:
http://www.woodmann.com/collaborative/tools/Category:Memory_Data_Tracing_Tools

Thanks, I'll give them all a go tonight when I'm off work.

Or there's the boring old fashioned direct method of breaking on WriteProcessMemory

As far as i remember and as long as nothing changed completly the calculation of the maya serial was somehow connected to a small virtual machine and matrix computation.

for sure this is not a easy target if you recently started cracking...

OHPen: it has changed in autodesk 2010 suite, but wether it's easier or harder I can't say. I'm not trying to keygen maya, I just wanted to investigate what the memory patch did. Thanks for the insight

Hmmm, X-Force did the same thing for Autodesk Motion Builder 2010. Does this mean no more local Ethernet IP address in .aw file for cracking Autodesk Software ?

You need to ask autodesk for a license file if you want/need it, so yes... In a way, I guess. You don't need an aw file (probably they've switched to a semi-custom flexlm system).