Reply to post:

Sysadmin cracked military PC’s security by reading the manual

Anonymous Coward
Anonymous Coward

At my work we used to have an application that needed to be installed on almost all of our PCs. It used a licensing mechanism that had a license server that needed an encrypted list of the MAC addresses of each PC. We would have to call the vendor with a new MAC address each time we replaced a PC, and they would remote in and add the encrypted MAC to the license server. It was a huge pain in the backside. We had plenty of licenses, more than we actually had PCs.

So, one day after having to deal with replacing a couple of PCs, I decided to look into how their licensing worked under the hood. There was a dll named exlicense.dll, Not very well hidden! It turns out that the dll exported only two functions: InstallLicense() and CheckLicense(). The CheckLicense() function simply returned TRUE or FALSE, depending on if the license server said the license was valid or not. It took me less than 10 minutes to build my own exlicense.dll that always returned TRUE. I also implemented the InstallLicense() function in case it got called from somewhere. I even patched the installer to use my dll.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019