Crack vt vx vy vz diagnostics
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
hi can somebody help me if this program can be cracked
- Attachments
-
- TOOL 1.png (3.03MiB)Viewed 114032 times
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Crack vt vx vy vz diagnostics
I see you have wireshark there. Fire that up and see if it connects to any servers when it tries to verify the license key. If not, it can probably be cracked without much issue.
Otherwise report back, it might still be possible but likely a little trickier to do.
Otherwise report back, it might still be possible but likely a little trickier to do.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
Hi i found this in wireshark
- Attachments
-
- 20160608_121503.jpg (5.11MiB)Viewed 113912 times
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
And found this
- Attachments
-
- 20160608_122944.jpg (7.04MiB)Viewed 113905 times
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
Am I looking in the correct spot at least ?
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Crack vt vx vy vz diagnostics
You're looking at the DNS request for their server. You can try looking at the response for that request and following the tcp stream for that IP address.
It really depends on what it's doing with that server. If you're lucky it's a badly implemented check that returns a static result. Then you can override DNS and set up a local server that always returns the correct response. But you probably won't be that lucky.
Anyway, chances are the check result isn't easily spoofed, in which case you'll have to bust out your debugger/disassembler and write a patch yourself. However it's likely not a simple patch since it verifies against their server. You'll probably have to reverse engineer much of the checking algorithm and figure out where and how you can patch it out.
It really depends on what it's doing with that server. If you're lucky it's a badly implemented check that returns a static result. Then you can override DNS and set up a local server that always returns the correct response. But you probably won't be that lucky.
Anyway, chances are the check result isn't easily spoofed, in which case you'll have to bust out your debugger/disassembler and write a patch yourself. However it's likely not a simple patch since it verifies against their server. You'll probably have to reverse engineer much of the checking algorithm and figure out where and how you can patch it out.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
thanks coolfire
736 10:21:16 AM 6/9/2016 4.2134624 VT VX VY VZ Body Diagnostics.exe envyouscustoms.com 10.0.0.20 HTTP HTTP:Response, HTTP/1.1, Status: Ok, URL: /Clients/ALDLVTVXVYVZBD/Initialize_IIBd338uhYGsw26.php {HTTP:179, TCP:175, IPv4:174}
i got this and i read it and found this in there
Frame: Number = 736, Captured Frame Length = 1517, MediaType = WiFi
+ WiFi: [Unencrypted Data] F.....P, (I) RSSI = 60 dBm, Rate = Unknown
+ LLC: Unnumbered(U) Frame, Command Frame, SSAP = SNAP(Sub-Network Access Protocol), DSAP = SNAP(Sub-Network Access Protocol)
+ Snap: EtherType = Internet IP (IPv4), OrgCode = XEROX CORPORATION
+ Ipv4: Src = 182.50.148.1, Dest = 10.0.0.20, Next Protocol = TCP, Packet ID = 25654, Total IP Length = 1453
- Tcp: Flags=...AP..., SrcPort=HTTP(80), DstPort=9722, PayloadLen=1413, Seq=1540237909 - 1540239322, Ack=1189994464, Win=31 (scale factor 0x9) = 15872
SrcPort: HTTP(80)
DstPort: 9722
SequenceNumber: 1540237909 (0x5BCE2A55)
AcknowledgementNumber: 1189994464 (0x46EDDFE0)
- DataOffset: 80 (0x50)
DataOffset: (0101....) 20 bytes
Reserved: (....000.)
NS: (.......0) Nonce Sum not significant
- Flags: ...AP...
CWR: (0.......) CWR not significant
ECE: (.0......) ECN-Echo not significant
Urgent: (..0.....) Not Urgent Data
Ack: (...1....) Acknowledgement field significant
Push: (....1...) Push Function
Reset: (.....0..) No Reset
Syn: (......0.) Not Synchronize sequence numbers
Fin: (.......0) Not End of data
Window: 31 (scale factor 0x9) = 15872
Checksum: 0x5038, Good
UrgentPointer: 0 (0x0)
TCPPayload: SourcePort = 80, DestinationPort = 9722
- Http: Response, HTTP/1.1, Status: Ok, URL: /Clients/ALDLVTVXVYVZBD/Initialize_IIBd338uhYGsw26.php
ProtocolVersion: HTTP/1.1
StatusCode: 200, Ok
Reason: OK
Date: Thu, 09 Jun 2016 00:21:16 GMT
Server: Apache
Cache-Control: max-age=3600
Expires: Thu, 09 Jun 2016 01:21:16 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
TransferEncoding: chunked
- ContentType: text/html
MediaType: text/html
HeaderEnd: CRLF
- chunkSize: 1128
Size: 1128
- ChunkPayload: HttpContentType = text/html
HtmlElement: 6rQMbCsSRSatI8KeJxUpxAaOWL1lY0oc5niY7ktRKLU2v6Vs2wUAY&TnCxFVB6GH8K28Bq2eKuV3hjP07VEYDIq&olAYDTzUsLqiWCIR19AsxKJPzwagC1X4J79K1VY0bod10eNGJBjhmrwrMR47lG6ZnQ3AJSvp16DHlbXvBZWutnzydE2inA8w0NcGLbCMRDMMQMurOhevgGMsSCooG29YB76B3ogZdrZ7t/mqW4WkU0OKUiLnhb
FooterEnd: CRLF
ChunkEnd: 0
FooterEnd: CRLF
736 10:21:16 AM 6/9/2016 4.2134624 VT VX VY VZ Body Diagnostics.exe envyouscustoms.com 10.0.0.20 HTTP HTTP:Response, HTTP/1.1, Status: Ok, URL: /Clients/ALDLVTVXVYVZBD/Initialize_IIBd338uhYGsw26.php {HTTP:179, TCP:175, IPv4:174}
i got this and i read it and found this in there
Frame: Number = 736, Captured Frame Length = 1517, MediaType = WiFi
+ WiFi: [Unencrypted Data] F.....P, (I) RSSI = 60 dBm, Rate = Unknown
+ LLC: Unnumbered(U) Frame, Command Frame, SSAP = SNAP(Sub-Network Access Protocol), DSAP = SNAP(Sub-Network Access Protocol)
+ Snap: EtherType = Internet IP (IPv4), OrgCode = XEROX CORPORATION
+ Ipv4: Src = 182.50.148.1, Dest = 10.0.0.20, Next Protocol = TCP, Packet ID = 25654, Total IP Length = 1453
- Tcp: Flags=...AP..., SrcPort=HTTP(80), DstPort=9722, PayloadLen=1413, Seq=1540237909 - 1540239322, Ack=1189994464, Win=31 (scale factor 0x9) = 15872
SrcPort: HTTP(80)
DstPort: 9722
SequenceNumber: 1540237909 (0x5BCE2A55)
AcknowledgementNumber: 1189994464 (0x46EDDFE0)
- DataOffset: 80 (0x50)
DataOffset: (0101....) 20 bytes
Reserved: (....000.)
NS: (.......0) Nonce Sum not significant
- Flags: ...AP...
CWR: (0.......) CWR not significant
ECE: (.0......) ECN-Echo not significant
Urgent: (..0.....) Not Urgent Data
Ack: (...1....) Acknowledgement field significant
Push: (....1...) Push Function
Reset: (.....0..) No Reset
Syn: (......0.) Not Synchronize sequence numbers
Fin: (.......0) Not End of data
Window: 31 (scale factor 0x9) = 15872
Checksum: 0x5038, Good
UrgentPointer: 0 (0x0)
TCPPayload: SourcePort = 80, DestinationPort = 9722
- Http: Response, HTTP/1.1, Status: Ok, URL: /Clients/ALDLVTVXVYVZBD/Initialize_IIBd338uhYGsw26.php
ProtocolVersion: HTTP/1.1
StatusCode: 200, Ok
Reason: OK
Date: Thu, 09 Jun 2016 00:21:16 GMT
Server: Apache
Cache-Control: max-age=3600
Expires: Thu, 09 Jun 2016 01:21:16 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
TransferEncoding: chunked
- ContentType: text/html
MediaType: text/html
HeaderEnd: CRLF
- chunkSize: 1128
Size: 1128
- ChunkPayload: HttpContentType = text/html
HtmlElement: 6rQMbCsSRSatI8KeJxUpxAaOWL1lY0oc5niY7ktRKLU2v6Vs2wUAY&TnCxFVB6GH8K28Bq2eKuV3hjP07VEYDIq&olAYDTzUsLqiWCIR19AsxKJPzwagC1X4J79K1VY0bod10eNGJBjhmrwrMR47lG6ZnQ3AJSvp16DHlbXvBZWutnzydE2inA8w0NcGLbCMRDMMQMurOhevgGMsSCooG29YB76B3ogZdrZ7t/mqW4WkU0OKUiLnhb
FooterEnd: CRLF
ChunkEnd: 0
FooterEnd: CRLF
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
i have found all this info wire shark would only show 4 things
- Attachments
-
- crack.png (270.74KiB)Viewed 113293 times
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Crack vt vx vy vz diagnostics
Well you can see it's doing two HTTP requests, one GET and one POST. It's plain http rather than https, so at least you're lucky so far. It's now time to look at what exactly these two http requests are and what their responses are. (This is why I said "follow tcp stream" in relation to wireshark, since that is the option in wireshark that will show you the exact conversation of request/response between this application and the server.
Particularly pay attention to the server's responses; Are they the same each time? Is there a clear meaning to them? Does it change depending on the product key you try? Basically the idea is to figure out if you can figure out what a response for a valid key should look like, since if you can figure that out, you can intercept the http request and just always provide that 'key valid' response.
Particularly pay attention to the server's responses; Are they the same each time? Is there a clear meaning to them? Does it change depending on the product key you try? Basically the idea is to figure out if you can figure out what a response for a valid key should look like, since if you can figure that out, you can intercept the http request and just always provide that 'key valid' response.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
i did the follow tcp stream some of the code changes with each response with different key codes
not sure if it can be cracked or not
not sure if it can be cracked or not
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
i found this key
not sure what its for
not sure what its for
- Attachments
-
- Untitled.png (189.51KiB)Viewed 112977 times
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
do you think you can look at it tell me if its possible sorry to ask
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Crack vt vx vy vz diagnostics
My guess would be it's some hashed/encoded representation of the product key you're entering. But the interesting part is the server's response to this. What does that look like, and does it change with different product keys?
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
here is my save file from wire shark
- Attachments
-
- tcp stream.rar
- (22.76KiB)Downloaded 1761 times
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Crack vt vx vy vz diagnostics
The data being sent back and forth looks somewhat like base64 encoded data, but the charset is slightly off. In short; don't know. You could try and figure it out I suppose. But it might be time to get the decompilers out and see what data it's sending, and how it's encoding it. Maybe also how it's decoding the results it gets from the server.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts:11
- Joined:Tue Jun 07, 2016 3:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
what decompiler software do you recommend for that thanks
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Crack vt vx vy vz diagnostics
IDA pro is pretty much the industry standard but it's pretty expensive to get a license, you can get a 30 day trail though. Ollydbg is a pretty common free alternative.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts:3
- Joined:Fri Dec 09, 2016 6:10 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Crack vt vx vy vz diagnostics
Did you have any luck with this?