Log in

View Full Version : Key generating, computer ID, etc.


Le-Fay
January 14th, 2005, 06:37
Hello there fellow reversers,
I'm a programmer and I have some experience in encryption but merely non in reversing. so bear with me...
I came across a software I want to reverse engineer.
The thing is that, when you install the software it generates a unique ID specific to the computer. what I is to find how this ID is generated.
I have no idea where to start. can I place a breakpoint on the ID I know it'll generate for my machine?
The software is a .NET form application, is it possible to decompile it (it should be ...). is it likely that the installer is also a .NET application?

Thanks,
Le-Fay.

TBone
January 14th, 2005, 08:01
Few people seem to use totally home-grown installers these days. Usually it's some version of Installshield, Wise, etc. If you can determine which type it is, you can probably find a lot of specific information here just by searching on the installer system's name.

But in more direct answer to your question, whether it's .NET or not, you should be able to decompile/debug it like any other program. If you know roughly when the installer generates the ID, there's lots of ways you could break near the generation routine with a debugger and try to analyze what it does. For example, maybe when it's done generating the ID, it displays it in a dialogue box. Try breaking on the dialogue box and then follow the call stack up. Of course, a good decompiler can be even more helpful sometimes with regards to that kind of analysis.

Le-Fay
January 14th, 2005, 08:27
Hi TBone, thank you for the quick reply.
The installer is some version of Installshield as you said.
The ID isn't displayed on the screen but I have a reason to believe it is saved on a file named "LIC.DAT" encrypted in some way.
As for debugging I have access to SoftIce, can you give me a hint as for what kind of break point will be a good idea?

Hero
January 15th, 2005, 00:07
If you installed VS .NET,You can find an internal decompiler in the SDK of VS .NET directory.
I don't use it too much,But perhaps be a help.

sincerely yours

Solomon
January 15th, 2005, 00:22
Use a disassembler, then try to find "LIC.DAT" in the dead-list. Or use CreateFileA/_lopen as breakpoint. Some progs use GetVolumeInformationA to get the disk volume serial to generate the computer IDs, some use "CPUID" instruction, some use the BIOS strings in Windows registry.

Quote:
[Originally Posted by Le-Fay]Hi TBone, thank you for the quick reply.
a file named "LIC.DAT"