Lucky guesses can pay off sometimes (GWizard)

Have you ever used a SWF decompiler? Remember when Newgrounds was a thing?

Either way for whatever reason, a popular program “GWizard” is built on the Adobe AIR platform, whatever that is.

The program acts as a machinists’ calculator. It can calculate feeds and speeds for many MANY materials, cutter geometries, machine setups, and machining operations. It has a good reference drill chart, fastener dimensions, G-codes and more.

What it doesn’t do very well is licensing. Just use bob’s e-mail bob@cnccookbook.com and you’re set until 2050.

See below for TCP streams. Can you block this program with windows firewall? Sure. Can you redirect api.cnccookbook.com to a server you control? Sure. GWizardE is a different story, but that is another post for another time. Continue reading “Lucky guesses can pay off sometimes (GWizard)”

Lucky guesses can pay off sometimes (GWizard)

Runtime patching of MPRESS packed executable disables license checks (Gearotic Motion)

Using software, like taxes, is inevitable. Paying for software, unlike taxes, is optional.
Sometimes changing one bit out of millions can make all the difference.

That is what we will do today.

Target: Gearotic Motion 2 Development version

Tools:

Background:

GM2 is an executable packed by MPRESS. I was unable to dump it using standard means, the resource table was intact but the program was pulling invalid default settings for text box entries. Instead of dumping the executable correctly, I chose to make a loader application that patched the application after it finished unpacking itself.

The loader application serves the purpose of spawning our target, suspending execution at a certain point, and injecting a patcher dll. It may be possible using readprocessmemory/writeprocessmemory, but the loader includes code for the patcher dll.

I modified the loader/patcher code to run correctly and to accept parameters via the command line. Code can be provided upon request. Continue reading “Runtime patching of MPRESS packed executable disables license checks (Gearotic Motion)”

Runtime patching of MPRESS packed executable disables license checks (Gearotic Motion)