Recently I found an old Microsoft fingerprint scanner and wanted to toy around with it. I found an SDK that works with it, but the company has since retired it and is no longer selling licenses. Despite my constant begging and nagging, they just won't do it, and instead want me to buy their new SDK, which doesn't work with my old hardware.
The way the licensing works is, you get assigned a product key, and then you need to activate that product key using their tool. It sends a request to the server with the product key and your mac address, and the server would then check to make sure the key is licensed, and then return a license key, which looks like a public RSA key:
-------------HEADER-------------
ltxuOGODQBUhyhauXio2kKzJEUUkktpy
oTWcQ2dI83Vy1c6s55qTm1jMQeB0zCxR
8Qdu8cH1Ir3Hnassy1aXpTkJrGVDXZYd
hJ600N4CKYnc1hGO+LUVyQr1uiDLsMtz
H/DHJrCDk1fush4+IQnazkKXSB9E+vaK
IWkkhwheozWqZzMEnHcek5R4FxXQQd+l
2No5hO0FhDUTbutSK1Ux6xXFRbY6CfOb
Qj+azVfMumQTiPhZhjc7kbj+EAxs5W5s
UWg1nvEpGGFkDbuL7taRp1/uuT3sqdf0
rVlxDex2SdFazmuMZh6xw3fGydahII4R
qZMmbOAv8pAK4Bhxj1XK4Q==
-------------FOOTER-------------
That key is then saved in a text file in the SDK directory. When you start your application and run the Initialize function, it checks to see whether that file exists, and whether the key is legit.
To bypass this protection, I think I just need to find the bit of code that checks to see if the key is legit, and force it to compare against some static value (e.g. 0). I'm having a bit of trouble understanding what the code does though, so I'm willing to pay someone who has knowledge in this area to both patch the DLL, and then explain to me what was patched - a text file with comments is fine.
I will provide the SDK installation kit. I have attached the decompiled bit of code that I believe is responsible for enforcing the licensing protection.
Hello bosscube,
It sounds like an interesting challenge and very good fit. I have great experience with reverse engineering, so it will be done in a very professional way.
Please share that DLL and let me know when you are OK to discuss. Thank you.
Best regards,
-Mike
Hi,
I am interested in your project. I can only patch the dll file, if it is not protected or obfuscated with any high quality protection or obfuscation tool.