Lbolt99
July 12th, 2002, 19:22
Anyone ever look at Novell Netware stuff? I've got Netware 5.1 here, comes default with a 2 user license. There is hardly *anything* on the web about reversing netware. I did find a little discussion on Netware 4, however.
Brief synopis:
Netware systems use a small (10MB) DOS partition and the rest of the drive uses it's own Netware-propietary partition. System boots to DOS and runs a ~2.5mb SERVER.EXE file to bootstrap into the OS. Netware uses NLM's or "Netware Loadable Modules" comparable to DOS TSR's and Windows VxD's
Netware includes a debugger; you can debug whatever you want, unless it's flagged as a "hidden" NLM. There are two options for the flag: Normal, and Hidden. The only hidden NLM is license.nlm but changing it to normal is a one byte change
Ok that said, the SERVER.EXE file is the bootstrap, as I already mentioned, and then there are several system related NLM's concatenated onto the back (including license.nlm
These are appended in a Linked List method.
Up to this point, things are similar between the SERVER.EXE files in Netware 4 and Netware 5 / 5.1
Starting in Netware 5, they compressed the license.nlm file with the Pkware Data Compression Library API. Basically, you can license the compression technology from Pkware and use it in whatever OS/platform you want to.
Analysis completed. My approach will be to decompress the license.nlm (I have several ideas on how to do this), paste back in, reindex the linked list.... and hope that the OS doesn't do direct hex offset access to the SERVER.EXE file.
As far as actually modifying the license.nlm, that's a whole nother story, and will leave to Part II. In the meantime, I'll report progess if I have any luck with this.
Brief synopis:
Netware systems use a small (10MB) DOS partition and the rest of the drive uses it's own Netware-propietary partition. System boots to DOS and runs a ~2.5mb SERVER.EXE file to bootstrap into the OS. Netware uses NLM's or "Netware Loadable Modules" comparable to DOS TSR's and Windows VxD's
Netware includes a debugger; you can debug whatever you want, unless it's flagged as a "hidden" NLM. There are two options for the flag: Normal, and Hidden. The only hidden NLM is license.nlm but changing it to normal is a one byte change

Ok that said, the SERVER.EXE file is the bootstrap, as I already mentioned, and then there are several system related NLM's concatenated onto the back (including license.nlm

Up to this point, things are similar between the SERVER.EXE files in Netware 4 and Netware 5 / 5.1
Starting in Netware 5, they compressed the license.nlm file with the Pkware Data Compression Library API. Basically, you can license the compression technology from Pkware and use it in whatever OS/platform you want to.
Analysis completed. My approach will be to decompress the license.nlm (I have several ideas on how to do this), paste back in, reindex the linked list.... and hope that the OS doesn't do direct hex offset access to the SERVER.EXE file.
As far as actually modifying the license.nlm, that's a whole nother story, and will leave to Part II. In the meantime, I'll report progess if I have any luck with this.