foxthree
April 28th, 2002, 19:37
Hello Fellow RCEs:
I'm playing around with CrypKey protection. I've patched the Site Key Gen and it is cool
(hi peterg 
). However, I wish to understand more... 
I installed a new CrypKey protected soft (I think CK 5.4) on Win2K and it gave me a strange error about the "License Server not available" or some thing like that. I knew (from prev. exp.) that "CrypKey License Server" Service must be running for this app to avoid this error. But then I think, wth, let's fix this bug and I find that all I need to do is to patch a few bytes (precisely 5) in CKI32H.dll (SecurityProc exported function btw) to avoid that error and the apps runs and runs and runs .... 
There is not even an authorization check!!!
My question is: Does anybody know what the CKI32H.dll does or is meant for?
BTW, just a line of thought:
Why don't we just hook all the exported calls in CRYPXXE.DLL and redirect it to our own proc and wreak havoc from there? (I haven't tried this but I will shortly) This way we can return any valid value for any API by passing CrypKey *UNIVERSALLY*
Of course the ckChallenge must be patched manually though?
Has anybody had any experience with this?
Thanks.
Signed,
-- FoxThree
I'm playing around with CrypKey protection. I've patched the Site Key Gen and it is cool
(hi peterg ). However, I wish to understand more... I installed a new CrypKey protected soft (I think CK 5.4) on Win2K and it gave me a strange error about the "License Server not available" or some thing like that. I knew (from prev. exp.) that "CrypKey License Server" Service must be running for this app to avoid this error. But then I think, wth, let's fix this bug
and I find that all I need to do is to patch a few bytes (precisely 5) in CKI32H.dll (SecurityProc exported function btw) to avoid that error and the apps runs and runs and runs .... There is not even an authorization check!!!
My question is: Does anybody know what the CKI32H.dll does or is meant for?
BTW, just a line of thought:
Why don't we just hook all the exported calls in CRYPXXE.DLL and redirect it to our own proc and wreak havoc from there? (I haven't tried this but I will shortly) This way we can return any valid value for any API by passing CrypKey *UNIVERSALLY*
Of course the ckChallenge must be patched manually though?
Has anybody had any experience with this?
Thanks.
Signed,
-- FoxThree