Hi,

i have an app which is protected by Interlok-LM. I'm totally new to that kind of protection sheme but i want to learn it.
It's difficult to find Tutorials about Interlok. I searched the Web but only found one fucking tut which is 4 years old.
I need some license file to start to victim-app so i have to find a way to create one or defeat to check-routine !!!!

So i have some questions in order to start with it:

1. Which kind of protection is Interlok LM ? Like FlexLM ?
2. Is there some common way to begin reversing Interlok ?
3. What have i look for, special dll's, sice detection, etc ?
4. Are there tut's for Interlok, URL ?
5. Are there different versions of Interlok LM ? How can i detect which version is used ?
6. Is this protection used together with dongles ?

Hope there is someone who can tell me a bit about Interlok. Really want to learn that stuff.

THX for your help,
OHPen

BTW. The App i try to reverse is called LiveStage Pro !

found 2 one is from Tsehp and the other is macilaci.
Don't you think its a hard start for newbies in this kind of protection?

Thx for your short reply

Sorry but i'm sick of serial fishing and patching.
I decided it's time to start new stuff and i choose Interlok.

The two essays on tsehp are worthless, i have a newer version than the described one and i'm using win2k.

It seems that there are not much people who are able to beat Interlok, and that's the point it becomes interessting to me

I only want to collect info about Interlok in order to try to beat it.
Maybe i'm not able to solve, but i have to try, you know.

So is there no one which have experience with new Interlok stuff ?
The threads on the board i've found are not very useful, so don't tell me to search the board for it

I don't know whether is very difficult or whether it takes long time to understand Interlok but i REALLY want to get that bitch.
But i still need help

See if you download the SDK first, as it'll come in mucho handy.

Sorry, don't understand what you mean !
Do you mean the Interlok LM SDK ?

yesh

Only can download the stuff if i have some customer-password, so i'm not able to.

@ Squidge :Have you ever dealt with Interlok ?

It seems you need to develope your searching skills...

Peace, Woodmann

Let me say first that I have kind of lost touch with my Pace reversing and would anticipate that there has been some significant changes in Version 4, but I can give you a great deal of information on "how it used to work" because I used to regularly remove it from my Mac music software over the years. Having said that much, the following should be considered with the following facts in mind: First Mac software used to work completely differently from PC software, in that the Code was in sections which were only loaded "as needed" by the program. In order for the program to know whether a section of code was "already" loaded or not, there was a "jump table" which indicated whether a section was loaded, and if loaded, where in memory it could be found, with the specific location of it's parts. This was true with the MAC software at least to version 8, but the new MAC software is apparently based upon a UNIX kernal and I haven't played with it in some time to see how it is organized.

What the older PACE protection code would attempt to do first is blow up the debugger. Obviously if you can't use the debugger, you aren't going to make much progress at studying the code. You had to find a way to prevent that from happening and one can assume that the current versions attempt the same thing. However on the MAC what they did was mess with something called the Vector table, which was where the MAC handled exceptions. They would reset the vector table to their own code and the MAC debugger would no longer work. Again I don't yet know if this is still used in MAC software and one could assume anti-debugger code on the PC side.

If one was able to keep the debugger going you could discover that the protection scheme wrapped the "real" code in a form of encryption, which was really just a checksum that started with a given value, usually "BEEFABAD" on the "encrypted" code sections. The checksum of the first code section was used on the "next" section until a checksum of all the section had been run. This "final" checksum was the one that was used to actually decript the code sections. What PACE would do was put this information in a specific memory location and then refer to the "decryption code" each time a code section was loaded into memory. If your debugger worked you could eventually find this code and write a program, or use part of theirs to decrypt the whole code sections and write them to disk with the decryption. One of the things they had done was patch the various procedures, equivilant to API's which handled reading and writing code sections and changing their attributes to attempt to prevent this very thing. It didn't work, at least for me, back then.

So what does all this have to do with the current version?? and on the PC?? for which they do at least sell software?? Maybe nothing and maybe a lot. Over all the years I studied and removed their protection system they did not change their basic system or process very often, although they would tweak it somewhat. Therefore, I would look for the following as a good start:

Is the code "encrypted" on the downloaded program or on disk, if you own it? If so, there is a good chance they are still using their old checksum method of "encryption", but I don't know now.

They will clearly have some anti-debugger code, because that is their mind set and, although it is possible that they have changed, they didn't over many years. MAC or PC, this is an effective to deter the faint of heart from further attempts, but it is only a first step.

Finally, reviewing the Interlok system, and I have downloaded their manuals, which are available from their web site, or at least were, they do have a dongle which can be used with the software, but I haven't seen one used and haven't attempted to analize one yet. Most MAC software and most PC music software, where PACE had it's market, still don't use donglels.

Like many other projects, this is one that I would like to return to, so if you have a target in mind, you might PM me and when I finish pushing this large rock up this hill I might be able to take a look at it.

Regards.