Log in

View Full Version : Netware 5.1


Lbolt99
July 12th, 2002, 19:22
Anyone ever look at Novell Netware stuff? I've got Netware 5.1 here, comes default with a 2 user license. There is hardly *anything* on the web about reversing netware. I did find a little discussion on Netware 4, however.

Brief synopis:

Netware systems use a small (10MB) DOS partition and the rest of the drive uses it's own Netware-propietary partition. System boots to DOS and runs a ~2.5mb SERVER.EXE file to bootstrap into the OS. Netware uses NLM's or "Netware Loadable Modules" comparable to DOS TSR's and Windows VxD's

Netware includes a debugger; you can debug whatever you want, unless it's flagged as a "hidden" NLM. There are two options for the flag: Normal, and Hidden. The only hidden NLM is license.nlm but changing it to normal is a one byte change

Ok that said, the SERVER.EXE file is the bootstrap, as I already mentioned, and then there are several system related NLM's concatenated onto the back (including license.nlm These are appended in a Linked List method.

Up to this point, things are similar between the SERVER.EXE files in Netware 4 and Netware 5 / 5.1

Starting in Netware 5, they compressed the license.nlm file with the Pkware Data Compression Library API. Basically, you can license the compression technology from Pkware and use it in whatever OS/platform you want to.

Analysis completed. My approach will be to decompress the license.nlm (I have several ideas on how to do this), paste back in, reindex the linked list.... and hope that the OS doesn't do direct hex offset access to the SERVER.EXE file.

As far as actually modifying the license.nlm, that's a whole nother story, and will leave to Part II. In the meantime, I'll report progess if I have any luck with this.

Lbolt99
July 16th, 2002, 01:09
Actually I meant to post this in the RSE General.. sorry for the mistake

I cannot move it,

Looks like no one is interested anyway, lol

Woodmann
July 16th, 2002, 01:25
Howdy,

I dont know about the others but I am
waiting for your follow up.

Are you stuck somewhere?

Peace, Woodmann

Lbolt99
July 16th, 2002, 01:53
Hi,

Haven't gotton stuck, just haven't had time It always seems that I'm juggling 5 or so different projects, each one getting just a little timeslice, lol.

I'm still researching the header format of the NLM files and the best way to decompress the license.nlm file, and save it.

I'm hoping that the license.nlm decompresses in a DOS environment, then I can just rip the asm code, make a few minor changes, and use Dumpexe to dump the exe code.. then rip off the dos exe header that dumpexe creates and replace with a fixed nlm header..

If it decompresses in the netware environment, I can probably still use the same general decompression asm code but probably have to make a few more changes so it'll run in a dos environment..

Or just write a netware dumper

But I doubt that's necessary. Old school crackers will remember Pklite, it was a very lame compressor, no anti-debug or other tricks.

Pklite is to UPX as Protect! EXE/COM is to ASprotect (well, not quite, ASprotect is much more advanced than and DOS encrypter ever was)