Lucky guesses can pay off sometimes (GWizard)

Have you ever used a SWF decompiler? Remember when Newgrounds was a thing?

Either way for whatever reason, a popular program “GWizard” is built on the Adobe AIR platform, whatever that is.

The program acts as a machinists’ calculator. It can calculate feeds and speeds for many MANY materials, cutter geometries, machine setups, and machining operations. It has a good reference drill chart, fastener dimensions, G-codes and more.

What it doesn’t do very well is licensing. Just use bob’s e-mail bob@cnccookbook.com and you’re set until 2050.

See below for TCP streams. Can you block this program with windows firewall? Sure. Can you redirect api.cnccookbook.com to a server you control? Sure. GWizardE is a different story, but that is another post for another time.

POST /api/v3/checkin HTTP/1.1
Referer: app:/GWizard.swf
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, text/plain;q=0.8, text/css, image/png, image/jpeg, image/gif;q=0.8, application/x-shockwave-flash, video/mp4;q=0.9, flv-application/octet-stream;q=0.8, video/x-flv;q=0.7, audio/mp4, application/futuresplash, */*;q=0.5, application/x-mpegURL
x-flash-version: 15,0,0,223
Content-Type: text/xml; charset=utf-8
Content-Length: 235
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/15.0
Host: api.cnccookbook.com
Connection: Keep-Alive
Cookie: __utma=155454441.1542381114.1363214930.1363217596.1363219882.3

<checkinRequest>
<userId>NLYTTSVSWONYDIONGTY1111111111111111111111111111111</userId>
<appName>GWizard</appName>
<appVersion>2.54</appVersion>
<location>XXX UNKNOWN XXX</location>
<cookiesAuth>0</cookiesAuth>
</checkinRequest>

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Thu, 27 Nov 2014 19:43:45 GMT
Content-Type: text/xml; charset=utf-8
Connection: keep-alive
Expires: Thu, 27 Nov 2014 19:43:45 GMT
Content-Length: 837
Cache-Control: no-cache, private, no-store
Pragma: no-cache
X-Lift-Version: 2.5

<?xml version=”1.0″ encoding=”UTF-8″?>
<checkinResponse>
<status>0</status> <msg>ok</msg> <userName>
Bob Warfield
</userName><provisions>
<provision><name>GWE</name><value></value><startDate>02/01/2013</startDate><endDate>03/02/2013</endDate></provision><provision><name>GWCS</name><value></value><startDate>10/22/2010</startDate><endDate>10/21/2013</endDate></provision><provision><name>GWCL</name><value>3</value><startDate>01/01/2000</startDate><endDate>01/01/2050</endDate></provision><provision><name>GWC</name><value></value><startDate>09/01/2009</startDate><endDate>03/15/2011</endDate></provision><provision><name>logo</name><value>1</value><startDate>01/01/2000</startDate><endDate>01/01/2050</endDate></provision>
</provisions>
</checkinResponse>

POST /api/v3/checkout HTTP/1.1
Referer: app:/GWizard.swf
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, text/plain;q=0.8, text/css, image/png, image/jpeg, image/gif;q=0.8, application/x-shockwave-flash, video/mp4;q=0.9, flv-application/octet-stream;q=0.8, video/x-flv;q=0.7, audio/mp4, application/futuresplash, */*;q=0.5, application/x-mpegURL
x-flash-version: 15,0,0,223
Content-Type: text/xml; charset=utf-8
Content-Length: 206
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/15.0
Host: api.cnccookbook.com
Connection: Keep-Alive
Cookie: __utma=155454441.1542381114.1363214930.1363217596.1363219882.3

<checkoutRequest>
<userId>NLYTTSVSWONYDIONGTY1111111111111111111111111111111</userId>
<appName>GWizard</appName>
<appVersion>2.54</appVersion>
<location>XXX UNKNOWN XXX</location>
</checkoutRequest>

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Thu, 27 Nov 2014 19:44:01 GMT
Content-Type: text/xml; charset=utf-8
Connection: keep-alive
Expires: Thu, 27 Nov 2014 19:44:01 GMT
Content-Length: 149
Cache-Control: no-cache, private, no-store
Pragma: no-cache
X-Lift-Version: 2.5

<?xml version=”1.0″ encoding=”UTF-8″?>
<checkoutResponse>
<status>0</status> <msg>ok</msg>
</checkoutResponse>

Advertisements
Lucky guesses can pay off sometimes (GWizard)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s