![]() Let me introduce you to the amazing world of: □ frida□ So now what? Dynamic Instrumentation - Native apps They all use some kind of licensing solution that has signatures and encryptions n stuff that make network-based cracking as hard as “regular” cracking (hooking/patching n stuff). How would you know that ultimate needs a is_network_license to false - while trial does not?įrom all the programs that I’ve cracked, I’ve never found one that does a “simple enough” network call to check the license. Compilers have gone mental with optimization and understanding a C++ object through reversing is it’s own mountain. These might seem like easy problems but, let me tell you, they’re definitely not. But for some reason it doesn’t work - data are encoded elsewhere as well? Maybe if you change trial to premium? Or to ultimate? Why are there both strings inside the app? Is that case sensitive? Instead of 2 that the expiration date is set you try after bypassing the signature check of course. ![]() But the most problematic aspect is identifying the required structure that the app expects. In all of such encounters the request and response are signed and sometimes even encrypted. In my experience following this route has not been fruitful. The app sends some computer based fingerprint with the license key to the licensing server and expects a structured response that describes the kind of license that we have. There’s a pretty good chance that right now you’ve found already a solid entrypoint. Maybe the license is used to generate another string to obfuscate it over the wire
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |