Log in

View Full Version : Understanding Maya 2010 keygen


james
August 16th, 2009, 17:08
nHi,

I have a question concerning a particular keygen by X-FORCE for Autodesk Maya 2010. (Not sure if I should post it or if someone able to answer my question has access to it by him-/herself)

Normally I wouldn't think twice about it, but since they put "NO LAME DLL PATCHING" I began to wonder what and why their "Mem Patch" was.

Can anyone figure out what this memory patch does exactly? Disable some online check, let's you chose whatever SERIAL number to go with the req/auth code?

I suppose technicly it's right that there is no DLL patching (or patching on any files), but what can they be patching in memory for this registration scheme?


Any light you can shed on the matter is greatly appreciated,

- James

PS: I tried debugging the keygen without being able to make much sense of the Mem Patch runtime (not that I'm surprised as I have no precise idea what's suppose to happen).

Kayaker
August 17th, 2009, 01:42
Why don't you run some live action reversing utilities on it? I'd suggest as a start Sysinternals Process Monitor, Sysinternals VMMap, TopToBottomNT by Russell Osterlund.

A quick search yields an .nfo that says something like "open Activation screen, open keygen, click on Mem Patch". A few things to try:

Run Process Monitor before you open the keygen and see if it accesses any registry keys or files related to the target. Clear the screen and check the logging again when you click on Mem Patch.

Monitor the target with VMMap before clicking on Mem Patch. Refresh after Mem patching and choose to Show Changes. If you're lucky, the changes may point out the memory patching region.

Use TopToBottom to view the mem regions you think might have changed. You can copy/paste sections into before/after files and do a bin comparison with a hex editor.

There are probably some other tricks you could use, such as before/after VMWare snapshots, etc.

(and No, you can't post the keygen here)

Kayaker

james
August 17th, 2009, 02:01
Great ideas, thanks a lot!


- James

dELTA
August 17th, 2009, 03:06
These should help:
http://www.woodmann.com/collaborative/tools/Category:Memory_Data_Tracing_Tools

james
August 17th, 2009, 04:41
Thanks, I'll give them all a go tonight when I'm off work.

Kayaker
August 17th, 2009, 07:40
Or there's the boring old fashioned direct method of breaking on WriteProcessMemory

OHPen
August 17th, 2009, 12:01
As far as i remember and as long as nothing changed completly the calculation of the maya serial was somehow connected to a small virtual machine and matrix computation.

for sure this is not a easy target if you recently started cracking...

james
August 26th, 2009, 05:43
OHPen: it has changed in autodesk 2010 suite, but wether it's easier or harder I can't say. I'm not trying to keygen maya, I just wanted to investigate what the memory patch did. Thanks for the insight

SSlEvIN
August 26th, 2009, 11:37
Hmmm, X-Force did the same thing for Autodesk Motion Builder 2010. Does this mean no more local Ethernet IP address in .aw file for cracking Autodesk Software ?

james
August 26th, 2009, 15:34
You need to ask autodesk for a license file if you want/need it, so yes... In a way, I guess. You don't need an aw file (probably they've switched to a semi-custom flexlm system).