Just Commited a Crime. Feels Good
2021-07-18 . Written by fishie
>Be Me
Lets jump right into it
i was looking for a html to image converter library. found one but its paid. but turns out it written in c#. which is the language im best at. so i look around a but more and found out that they offer a demo version. interesting. so i downloaded the demo mode and to my surprise there is no difference between demo and paid version. except for the license key. to use the demo you have to use the demo key they give. and if you pay they give a premium license. so i had a look at the demo license.
Reversing the Demo Key
4W9+bn19bn5ue2B+bn1/YH98YHd3d3c=so this is the demo key. see the = at the end. this hints that its base64 encoded. so what i do?
i decoded it and the decoded output turns out to be hex
e16f7e6e7d7d6e7e6e7b607e6e7d7f607f7c6077777777
ok so now we have a hex string which i then tried to convert into a string
�o~n}}n~n{`~n}`|`wwww
what the unholy fuck is that output. after some thinking i decided to decode using ASCII
and to my surprise it worked
!0 33 0 5.0 31.12.9999
to my surprise i actually have a human readable string infront of me. so what is this?
well by looking at the end of the string (31.12.9999) this looks like the expiry date of the license. since its a demo the year is set to the year 9999. cause the demo period is unlimited. the date seems to be in the format of Day.Month.Year
ok so we have the the date but that doesn't matter cause the date doesn't disable demo mode.
Decompiling and Rebuilding
next thing i did was look at the decompiled src. c# is pretty easy to decompile. except this src was obfuscated. yeah fuck me. i had no idea where to look but then it hit me. base64. they must be using a base64 decoder in the code to process the key. i was sure that there wasn't any cryptography algorithm in use cause it wasn't in the dependency. so i searched for FromBase64String that's the method to convert base64 string to text. and i found it the code that handles license key. after some rebuilding of the obfuscated code here is something i ended up remaking.2 enum classes which were mentioned.
then i realized what the first character of the string is for
!0 when you run the code it first checks for the ! and removes it and then checks what the next character does. 0 = demo 1 = customer 2 = company
so turns out it says 0 on my key cause im a demo user
public enum UserType
{
Demo,
Customer,
Company,
}
ok that was simple but what's the other 0 for? well turns out its for duration
!0 33 0 5.0 31.12.9999
0 = permanent 1=limited
since the demo is unlimited the duration is permanent
public enum Duration
{
Permanent,
Limited,
}
so what about the remining values? well i have no idea the 5.0 seems to be a version number and i have no idea what the 33 is supposed to mean. maybe its the key number doesn't really matter cause all it takes to trigger a valid license is to change the first 0 and you now have an unlimited premium key.
so what now
i don't know i just have to reverse the process and i can make my own keys.string -> acsii -> hex -> base64
that's all i have to do i guess?
but am i gonna? no. the library is pretty slow so it wont work for me. this was just me being bored and trying to improve my cracking skills.