Quest for Information [Archive] - RCE Messageboard's Regroupment

View Full Version : Quest for Information

peterg70

June 5th, 2002, 04:19

I am almost fearing asking this but I will ask even If flamed all the way to hell.

I have a product which is currently protected with a security system called everlock. I can easily remove the checking routine from the program if required but this isn't what I want to do.

the protection software stores the number of licenses for each product in a .sys file. What I wish to do is to add more licenses and more products to file.

A few notes.
there is a move software (to move the license)
There is a reset software to reset the licenses.

I believe I have found the section of code relating to adding licenses back to existing products but am looking for other product names.

I have a feeling they are encoded inside the .sys file.

So what i am looking for is information on the protection system (tutes or docs) (NOT a crack)
Or possibly the format of the .sys file or a decoder for the .sys files

If needed please flame and I will ammend as required.

PS. I have read the posting rules

peterg70
(fingers crossed)

foxthree

June 5th, 2002, 14:06

Hi PeterG:

Hmmm ... you're being too cautious I think. But anyways, only the paranoid survive

. Cool, now IDA should disassemble .sys files - I think. Atleast 4.15 does. However, you better be sure that the .sys is really a .sys. Some time back, I saw this pathetic protection in which a binary file was named as .sys to "pretend" to be a driver. Alas, I was taken for a while until I opened it in Ultra-Edit

Check it out and if it is really .sys try IDA.

Hope this helps.

Signed,
-- FoxThree

peterg70

June 5th, 2002, 23:58

Foxthree

Old chinese saying
"Its better to be cautious than flamed"

Sorry to mislead you but the .sys file is a key license file rather than a program .sys file.

Its is typically only 1 to 2k long but is encrypted. Was hoping to find information on how the whole everlock system works.

If there isn't any I'll have to start doing some long nights ;-)

peterg70

ZenLoren

June 6th, 2002, 05:24

Hi

http://www.woodmann.net/fravia/everlock.htm

If u already know about it pls skip.
regards
Loren

peterg70

June 6th, 2002, 10:36

ZenLoren thanks for the link

but have already seen Tomboys Part I. Am wondering if Part II exists somewhere (its not on fravia mirror)

That tute is able to read the disk information to make it a master disk again.

I am trying to attack the E*.sys file by decoding it and adding more products to this sys file.

peterg70

Syrus

June 8th, 2002, 22:14

Heya!

If i remember well i saw some articles about everlock at
hxxp://www.anticrack.de

hope that helps =)

peterg70

June 9th, 2002, 03:02

Syrus

Thanks for the info but same articles as the ones here.

Okay status report. I have found the decoding routine and am currently deciphering what each byte means and does.

What I am gonna need is a simple front end that will allow me to add new items to the .sys file and update the checksums and other bits as appropriate.

What do you guys recommend??

peterg