lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <IL1DVY$8AC3399034AF0D7F57FF16A3841F83EE@laposte.net>
Date: Thu Aug 11 03:36:36 2005
From: m.mohr at laposte.net (M. Mohr)
Subject: WGA patch for LegitCheckControl.dll

I'm not sure this got through the first time, so I'll resend
it.  Sorry if there is a dupe.

/*
  Name: Windows Genuine Advantage Validation Patch
  Copyright: NeoSecurityTeam
  Author: HaCkZaTaN <hck_zatan@...mail.com>
  Date: 31/07/05 21:42
  Description: LegitCheckControl.dll (1.3.254.0)

  [N]eo [S]ecurity [T]eam [NST]? - http://www.neosecurityteam.net/
  Irc.GigaChat.Net #uruguay

  ----------------------------------------------------------------

  Code cleanup and input validation by Arashi
  Original code from:
 
http://dkcs.void.ru/index.php?module=exploits&FullArticle=exploits/380

*/

#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>

typedef struct bytepair BYTEPAIR;

struct bytepair
{
  long offset;
  unsigned char old;
  unsigned char new;
};

static const BYTEPAIR byte_pairs[3]= {
  {0x2BE98, 0x8B, 0x33},
  {0x2BE99, 0x45, 0xC0},
  {0x2BE9A, 0xD8, 0x90},
};

int main() {
  unsigned short i;
  int LegitCheckControl;
  unsigned char check, ver[10];

  printf("\n\n\n\nLegitCheckControl.dll 1.3.254.0 WGA
validation patch.\n\n"
	 "Code cleanup and validation by Arashi\n"
	 "Author: HaCkZaTaN <hck_zatan@...mail.com>\n"
	 "?[N]eo [S]ecurity [T]eam [NST]\n"
	 "  - http://www.neosecurityteam.net/\n"
	 "  - Irc.GigaChat.Net #uruguay\n\n"
	 "-----------------------------------------------------\n\n");

  printf("Verifying LegitCheckControl.dll...\n");

  LegitCheckControl = open("LegitCheckControl.dll", O_RDWR);

  if (LegitCheckControl == -1) {
    perror("LegitCheckControl.dll");
    return 1;
  }
  else printf("  * LegitCheckControl.dll opened succesfully.\n");

  if((lseek(LegitCheckControl,0xD2A0,SEEK_SET) == -1)) {
    perror("  ! lseek");
    return 1;
  }
  if((read(LegitCheckControl,&ver,10) != 10)) {
    perror("  ! read");
    return 1;
  }
  if(strncmp(ver, "1.3.0254.0", 10)) {
    fprintf(stderr, "  ! Invalid version
information\n\nAborted.\n");
    return 1;
  }
  else printf("  * Version information is confirmed.\n");

  for(i=0;i<3;i++) {
    if((lseek(LegitCheckControl, byte_pairs[i].offset,
SEEK_SET) == -1)) {
      perror("  ! lseek");
      return 1;
    }
    if((read(LegitCheckControl,&check,1) != 1)) {
      perror("  ! read");
      return 1;
    }

    if(check != byte_pairs[i].old) {
      fprintf(stderr, "  ! Unable to verify patch
bytes.\n\nAborted.\n");
      return 1;
    }
  }

  printf("  * LegitCheckControl.dll validated.\n\nApplying
patch...\n");

  for(i=0;i<3;i++) {
    if((lseek(LegitCheckControl, byte_pairs[i].offset,
SEEK_SET) == -1)) {
      perror("  ! lseek");
      return 1;
    }
    if((write(LegitCheckControl, &byte_pairs[i].new, 1) != 1)) {
      perror("  ! write");
      return 1;
    }
  }

  close(LegitCheckControl);

  printf("Patch complete.\n\n\n");

  return 0;
}


Acc?dez au courrier ?lectronique de La Poste : www.laposte.net ; 
3615 LAPOSTENET (0,34?/mn) ; t?l : 08 92 68 13 50 (0,34?/mn)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ