5aLIVE
June 29th, 2004, 05:56
Hello,
It's been a while since I've posted here, that's not to say I don't
visit every once in a while!
I have a couple of questions about an interesting program I would
like to reverse. I'm trying to learn as much as I can about how it works
before I attempt to make sense of any dead listings or debugging.
The app generates a unique hexadecimal ID based on some of the
computer hardware components, this is equivalent to a user name.
Passwords are validated based on this unique ID. Nothing new here
really.
I found that the exe has the magic constants P and Q as used in
RC5/6. So my initial thinking is that the computer ID and password
validation are based on one of these algos.
I reasoned that if I alter each constant by a digit this is likely to cause
the unique ID value to change or reject the validation of previously
valid passwords. No such effects were evident, the program just
performed as normal.
What I'd like to know is if my reasoning is correct and can is it safe to
assume that these algos are not used? It does seem odd that I
found a function header contain "RC5" in its name. Perhaps it has been
compiled into the code though not actually used?
The program in question acts as a client which on request loads a
second independent program (no network connectiom).
The second program in turn loads a DLL which acts on the the ID and
password in some way.
What I'd like to know here is how does the DLL knows where in the
memory space of the client will these variables will be stored.
Does it find the entry point of the client and use fixed offsets to
access the variables?
How would you implement this in C/C++ for example? This should aid
my understanding.
Thanks for reading my post.
It's been a while since I've posted here, that's not to say I don't
visit every once in a while!
I have a couple of questions about an interesting program I would
like to reverse. I'm trying to learn as much as I can about how it works
before I attempt to make sense of any dead listings or debugging.
The app generates a unique hexadecimal ID based on some of the
computer hardware components, this is equivalent to a user name.
Passwords are validated based on this unique ID. Nothing new here
really.
I found that the exe has the magic constants P and Q as used in
RC5/6. So my initial thinking is that the computer ID and password
validation are based on one of these algos.
I reasoned that if I alter each constant by a digit this is likely to cause
the unique ID value to change or reject the validation of previously
valid passwords. No such effects were evident, the program just
performed as normal.
What I'd like to know is if my reasoning is correct and can is it safe to
assume that these algos are not used? It does seem odd that I
found a function header contain "RC5" in its name. Perhaps it has been
compiled into the code though not actually used?
The program in question acts as a client which on request loads a
second independent program (no network connectiom).
The second program in turn loads a DLL which acts on the the ID and
password in some way.
What I'd like to know here is how does the DLL knows where in the
memory space of the client will these variables will be stored.
Does it find the entry point of the client and use fixed offsets to
access the variables?
How would you implement this in C/C++ for example? This should aid
my understanding.
Thanks for reading my post.
