Crack vt vx vy vz diagnostics

If it doesn't fit anywhere else, it will fit here.
Post Reply
wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Crack vt vx vy vz diagnostics

Post by wisey86 » Tue Jun 07, 2016 5:07 am

hi can somebody help me if this program can be cracked
Attachments
TOOL 1.png
TOOL 1.png (3.03 MiB) Viewed 108542 times

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Crack vt vx vy vz diagnostics

Post by Cool_Fire » Tue Jun 07, 2016 4:27 pm

I see you have wireshark there. Fire that up and see if it connects to any servers when it tries to verify the license key. If not, it can probably be cracked without much issue.

Otherwise report back, it might still be possible but likely a little trickier to do.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Re: Crack vt vx vy vz diagnostics

Post by wisey86 » Tue Jun 07, 2016 9:22 pm

Hi i found this in wireshark
Attachments
20160608_121503.jpg
20160608_121503.jpg (5.11 MiB) Viewed 108422 times

wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Re: Crack vt vx vy vz diagnostics

Post by wisey86 » Tue Jun 07, 2016 9:34 pm

And found this
Attachments
20160608_122944.jpg
20160608_122944.jpg (7.04 MiB) Viewed 108415 times

wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Re: Crack vt vx vy vz diagnostics

Post by wisey86 » Wed Jun 08, 2016 11:44 am

Am I looking in the correct spot at least ?

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Crack vt vx vy vz diagnostics

Post by Cool_Fire » Wed Jun 08, 2016 1:48 pm

You're looking at the DNS request for their server. You can try looking at the response for that request and following the tcp stream for that IP address.

It really depends on what it's doing with that server. If you're lucky it's a badly implemented check that returns a static result. Then you can override DNS and set up a local server that always returns the correct response. But you probably won't be that lucky.

Anyway, chances are the check result isn't easily spoofed, in which case you'll have to bust out your debugger/disassembler and write a patch yourself. However it's likely not a simple patch since it verifies against their server. You'll probably have to reverse engineer much of the checking algorithm and figure out where and how you can patch it out.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Re: Crack vt vx vy vz diagnostics

Post by wisey86 » Wed Jun 08, 2016 8:12 pm

thanks coolfire

736 10:21:16 AM 6/9/2016 4.2134624 VT VX VY VZ Body Diagnostics.exe envyouscustoms.com 10.0.0.20 HTTP HTTP:Response, HTTP/1.1, Status: Ok, URL: /Clients/ALDLVTVXVYVZBD/Initialize_IIBd338uhYGsw26.php {HTTP:179, TCP:175, IPv4:174}

i got this and i read it and found this in there

Frame: Number = 736, Captured Frame Length = 1517, MediaType = WiFi
+ WiFi: [Unencrypted Data] F.....P, (I) RSSI = 60 dBm, Rate = Unknown
+ LLC: Unnumbered(U) Frame, Command Frame, SSAP = SNAP(Sub-Network Access Protocol), DSAP = SNAP(Sub-Network Access Protocol)
+ Snap: EtherType = Internet IP (IPv4), OrgCode = XEROX CORPORATION
+ Ipv4: Src = 182.50.148.1, Dest = 10.0.0.20, Next Protocol = TCP, Packet ID = 25654, Total IP Length = 1453
- Tcp: Flags=...AP..., SrcPort=HTTP(80), DstPort=9722, PayloadLen=1413, Seq=1540237909 - 1540239322, Ack=1189994464, Win=31 (scale factor 0x9) = 15872
SrcPort: HTTP(80)
DstPort: 9722
SequenceNumber: 1540237909 (0x5BCE2A55)
AcknowledgementNumber: 1189994464 (0x46EDDFE0)
- DataOffset: 80 (0x50)
DataOffset: (0101....) 20 bytes
Reserved: (....000.)
NS: (.......0) Nonce Sum not significant
- Flags: ...AP...
CWR: (0.......) CWR not significant
ECE: (.0......) ECN-Echo not significant
Urgent: (..0.....) Not Urgent Data
Ack: (...1....) Acknowledgement field significant
Push: (....1...) Push Function
Reset: (.....0..) No Reset
Syn: (......0.) Not Synchronize sequence numbers
Fin: (.......0) Not End of data
Window: 31 (scale factor 0x9) = 15872
Checksum: 0x5038, Good
UrgentPointer: 0 (0x0)
TCPPayload: SourcePort = 80, DestinationPort = 9722
- Http: Response, HTTP/1.1, Status: Ok, URL: /Clients/ALDLVTVXVYVZBD/Initialize_IIBd338uhYGsw26.php
ProtocolVersion: HTTP/1.1
StatusCode: 200, Ok
Reason: OK
Date: Thu, 09 Jun 2016 00:21:16 GMT
Server: Apache
Cache-Control: max-age=3600
Expires: Thu, 09 Jun 2016 01:21:16 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
TransferEncoding: chunked
- ContentType: text/html
MediaType: text/html
HeaderEnd: CRLF
- chunkSize: 1128
Size: 1128
- ChunkPayload: HttpContentType = text/html
HtmlElement: 6rQMbCsSRSatI8KeJxUpxAaOWL1lY0oc5niY7ktRKLU2v6Vs2wUAY&TnCxFVB6GH8K28Bq2eKuV3hjP07VEYDIq&olAYDTzUsLqiWCIR19AsxKJPzwagC1X4J79K1VY0bod10eNGJBjhmrwrMR47lG6ZnQ3AJSvp16DHlbXvBZWutnzydE2inA8w0NcGLbCMRDMMQMurOhevgGMsSCooG29YB76B3ogZdrZ7t/mqW4WkU0OKUiLnhb
FooterEnd: CRLF
ChunkEnd: 0
FooterEnd: CRLF

wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Re: Crack vt vx vy vz diagnostics

Post by wisey86 » Wed Jun 08, 2016 10:09 pm

i have found all this info wire shark would only show 4 things
Attachments
crack.png
crack.png (270.74 KiB) Viewed 107803 times

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Crack vt vx vy vz diagnostics

Post by Cool_Fire » Thu Jun 09, 2016 5:14 am

Well you can see it's doing two HTTP requests, one GET and one POST. It's plain http rather than https, so at least you're lucky so far. It's now time to look at what exactly these two http requests are and what their responses are. (This is why I said "follow tcp stream" in relation to wireshark, since that is the option in wireshark that will show you the exact conversation of request/response between this application and the server.
Particularly pay attention to the server's responses; Are they the same each time? Is there a clear meaning to them? Does it change depending on the product key you try? Basically the idea is to figure out if you can figure out what a response for a valid key should look like, since if you can figure that out, you can intercept the http request and just always provide that 'key valid' response.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Re: Crack vt vx vy vz diagnostics

Post by wisey86 » Thu Jun 09, 2016 10:14 am

i did the follow tcp stream some of the code changes with each response with different key codes

not sure if it can be cracked or not

wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Re: Crack vt vx vy vz diagnostics

Post by wisey86 » Thu Jun 09, 2016 10:17 am

i found this key
not sure what its for
Attachments
Untitled.png
Untitled.png (189.51 KiB) Viewed 107487 times

wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Re: Crack vt vx vy vz diagnostics

Post by wisey86 » Thu Jun 09, 2016 12:09 pm

do you think you can look at it tell me if its possible sorry to ask

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Crack vt vx vy vz diagnostics

Post by Cool_Fire » Thu Jun 09, 2016 8:30 pm

My guess would be it's some hashed/encoded representation of the product key you're entering. But the interesting part is the server's response to this. What does that look like, and does it change with different product keys?
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Re: Crack vt vx vy vz diagnostics

Post by wisey86 » Fri Jun 10, 2016 2:33 am

here is my save file from wire shark
Attachments
tcp stream.rar
(22.76 KiB) Downloaded 1414 times

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Crack vt vx vy vz diagnostics

Post by Cool_Fire » Thu Jun 16, 2016 7:30 pm

The data being sent back and forth looks somewhat like base64 encoded data, but the charset is slightly off. In short; don't know. You could try and figure it out I suppose. But it might be time to get the decompilers out and see what data it's sending, and how it's encoding it. Maybe also how it's decoding the results it gets from the server.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

wisey86
n00b
Posts: 11
Joined: Tue Jun 07, 2016 3:59 am

Re: Crack vt vx vy vz diagnostics

Post by wisey86 » Sun Jun 19, 2016 9:36 am

what decompiler software do you recommend for that thanks

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Crack vt vx vy vz diagnostics

Post by Cool_Fire » Sun Jun 19, 2016 1:20 pm

IDA pro is pretty much the industry standard but it's pretty expensive to get a license, you can get a 30 day trail though. Ollydbg is a pretty common free alternative.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

evilstuie
n00b
Posts: 3
Joined: Fri Dec 09, 2016 6:10 pm

Re: Crack vt vx vy vz diagnostics

Post by evilstuie » Mon Dec 12, 2016 8:31 am

Did you have any luck with this?

Post Reply