Thanks all the guys who have been trying to help. I have just did it (or better say hacked it :-)
In short, there is really a KEY in the registry. I couldn't locate it because it wasn't under the path of the software name. After I copied that KEY (and with some programming knowledge), it works like magic.
Here are my steps.
I did a few researches, and a lot more google searches. I started with this site teaching How to get the serial number of a program with OllyDbg.
However, I found it is a Microsoft Visual C# / Basic .NET in PEiD.
I couldn't debug my .exe by OllyDbg. Told by this site:
Olly isn't the answer here, because its a .Net program. So use google
in order to find the program that will help ya.
First, I came upon .NET decompiler. It is a good tool. After my first inspection into the source code, I located the critical method btnOK_Click()
which is the point for checking the UserKey. Sadly, the method content is masked by // trial
in .NET decompiler (wtf) as it isn't a freeware, and it costs 399 USD (not less for me). And more, I don't have confident that it is guaranteed to get the UserKey after purchasing the .NET decompiler. (it's my first time anyway)
Then I moved on to other free alternatives, such as ILSpy (free) and .NET Reflector (14-day trial).
I finally could inspect the btnOK_Click
method:
private void btnOK_Click(object sender, EventArgs e)
{
this.pbcUserKey = Strings.Trim(this.txtUserKey1.Text + this.txtUserKey2.Text + this.txtUserKey3.Text + this.txtUserKey4.Text);
this.pbcUserKey = Strings.LSet(Strings.Trim(this.pbcUserKey), 16);
try
{
this.createUserKey = modCommon.XxGetUserID(ref this.pbcUserKey);
if (this.createUserKey)
{
MyProject.Forms.FrmLauncher.strUserID = this.pbcUserKey;
}
}
catch (Exception expr_86)
{
ProjectData.SetProjectError(expr_86);
Application.Exit();
ProjectData.ClearProjectError();
}
this.Close();
}
Simply, pbcUserKey
is the UserKey we input, and what is it going to be compared against? It is passed into the methed modCommon.XxGetUserID()
:
[DllImport("XXGetUserkey.dll", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
public static extern bool XxGetUserID([MarshalAs(UnmanagedType.VBByRefStr)] ref string userID);
Another hurdle came up. It is an external method and we couldn't browse its source. We only know the way to go further forward should be XXGetUserkey.dll
. Trust me I have inspected this DLL for million times, and I had no luck. (I couldn't find IL Disassembler from M$ btw) Should you have any tools to view/disassemble/decompile DLLs, your contribution will be highly appreciated!
I started thinking the entire flow again. Originally I wanted to use OllyDbg to dubug the program, not decompile. I hope if I could find a tool which actually debugs .NET programs, I could inspect the registers and memory locations to see what my input is compared against (like what it said in the very first web link). That's why I started finding ".NET debugger", and I didn't bother to try other decompiler like dotPeek or others mentioned here. However, other than the M$ official debugging tool, I couldn't find any others.
For here, I presume official tools lack cracking abilities. Is this true? Are there any evil .NET debugger out there? (I need NAMES - #gangsters mode)
Facing a dead end, I started finding another route. Now we couldn't get the UserKey by debugging nor decompiling right a way. What if skipping the verifying process?
In the decompiled source code, I found XxGetUserID()
is used by prfBeforeLoad()
, in addition to btnOK_Click()
. Then I finally got some luck in prfBeforeLoad()
:
private bool prfBeforeLoad()
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\XX-1234-12345678", false);
bool flag = false;
string left;
if (registryKey == null)
{
left = "";
}
else
{
left = Conversions.ToString(registryKey.GetValue("YY-11112222"));
}
// ...
bool flag2 = modCommon.XxGetUserID(ref left);
// ...
}
I looked into HKEY_CURRENT_USER\Software\XX-1234-12345678
and found the key XX-1234-12345678
and the value 123456789ABCDEF0
. After simply adding this pair of key and value into the corresponding place in the registry in computer B, it works like magic - without asking a word about the UserKey again - of course, it is how it is coded. B-)
Bonus track:
123456789ABCDEF0
is actually the UserKey. Entering the same Key in the GUI activates the software, having the same effect as altering the registry.
All in all:
This time I am only lucky enough that the UserKey is stored plainly in the registry and I happened to find its path in the source code (as I presume this is just a simple software). Yet there are many high hurdles that I couldn't jump over:
If the Key is combined/encrypted with the computer key (e.g. MAC address), my simple approach would fail.
If the Key is not stored in registry, nor appear in the codes, for example it is retrieved online, for now I still cannot debug .NET executable, it would be impossible to get the user key.
Although I can decompile and view the source of .NET programs, the Microsoft Visual C++ 6.0 DLL is still in mystery.
Here are some more (may be useful) web links:
Cracking a Simple Application (ByPass Login) - directly getting the Key from the source code (assembly code) in fact. It just provided a screenshot, but didn't mention the name of the tool.
Cracking program made on VB.NET / C# / Delphi / MC++ / Oxygene / F# - making keygen by inspecting the source code in .NET Reflector. Copy the line of authentication to generate the key.
Cracking .NET DLL’s for Amateurs [1] and [2] - quite brief but a good simple tutorial. .NET Reflector couldn't open my XXGetUserkey.dll
. Said in PEiD it is Microsoft Visual C++ 6.0 DLL which might be the reason.
You can't request the user key from the company? – Dave – 2014-07-31T07:34:31.133
I will try. But I cannot approach them at the moment. Thanks for comment. – midnite – 2014-07-31T07:45:11.330
Saving the key is essential; without you're in trouble similar to loosing the door key to your home. You need to contact the provider. Also note that e.g. Adobe keeps track of where you have installed the software - you need to "uninstall" with their methods to be able to reinstall on another computer. The same style of uninstall is used by more SW-companies. – Hannu – 2014-07-31T07:56:15.780
That software is from a small non-major company. I am sure it is an offline software. Thanks for comment and reminder. – midnite – 2014-07-31T08:01:11.890