This tool patches trial versions of PACE iLok protected executables
and dynamic link libraries to not show any protection dialogboxes
originating from it's protection dll nor recieve input from the
ReadFile and RegOpenKeyExA Api's to it's protection DLL.
This results in the app never exitting it's trial and not showing
a dialogbox nag.
Why release a tool that in essence shows no particular amount of
skill? Simply because you should not allow your protection to be
manipulated like this. The tool is only compressed by upx so
anyone interested can have a look, it's not overly complex. Also
when researching a patched PE look when entering the PACE
protection dll (CALL EDI) for a jump and follow it, you'll end
up in the API Hooker, which is really all that's important in
this patch.
The tool makes use of the following weaknesses of PACE iLok;
(Perhaps they differ when different protection levels are used
but all PE's checked had these.)
-No decent crc on the PACE dll loader.
-No encryption of the PACE dll resources.
-No check on redirected API's.
-Making exploiting this all not that hard.
A crc check by the driver would make this patching instantly
useless. Anti-unpacking isn't everything.
NOTES ON USAGE;
The patcher hooks the GetProcAddress API, any firewall/OS or
other program that checks for this must be disabled.
If the patcher destroys your app, you should have made a backup.
We're not responsible for it's usage.
No idea what happens if it's used on custom implementations,
SDK, or anything else for that matter.
No comments:
Post a Comment