darkking Posted September 18, 2006 Report Posted September 18, 2006 /* Name: NsT - Windows Genuine Advantage Validation Patch (1.5.532.0) Copyright: [N]eo [S]ecurity [T]eam Author: HaCkZaTaN Date: 20060606 Version: 0.5 Disclamer: This info is provided ONLY as a Proof-Of-Concept, so the author and all nst members can not be responsability of the use that you take with this PoC. USE IT AT YOUR OWN RISK!Description: This patch is designed as a PoC of a bypass method which demostrate, the easly way to get free updates just patching some bytes to the dll that certificates the MS Windows Copy. Updated To 1.5.532.0*/#include <fcntl.h>#include <stdio.h>#include <unistd.h>#include <string.h>typedef struct bytepair BYTEPAIR;struct bytepair{ long offset; unsigned char old; unsigned char new;};static const BYTEPAIR byte_pairs[6]={ {0x303BA, 0x90, 0x8B}, {0x303BB, 0x90, 0x85}, {0x303BC, 0x6A, 0x60}, {0x303BD, 0x00, 0xFF}, {0x303BE, 0x58, 0xFF}, {0x303BF, 0x90, 0xFF},};int main(){ unsigned short i; int LegitCheckControl; unsigned char check; printf("n& #092;t?????????????????????????????????????????????????????????????n" "& #092;t????????????????????????????????????????????????????????????n" "t?? ??n" "t?? [N]eo [S]ecurity [T]eam - [N][S][T] ??n" "t?? Windows Genuine Advantage Validation Patch ??n" "t?? Version 0.5 ??n" "t?? ??n" "t?? LegitCheckControl.dll ??n" "t?? *** For Version: *** ??n" "t?? -> 1.5.532.0 ??n" "t?? ??n" "t?? ??????? ??????? ???? ?? ?? ???? ???????????????? ??n" "t?? ??? ???? ?? ?? ??? ?? ??? ??? ??? ?? ?? ?? ??? ??n" "t?? ??? ? ??? ?? ?? ??? ?? ??? ??? ?? ??? ??n" "t?? ??? ? ??? ?? ?? ??? ???? ??? ??? ?? ??? ??n" "t?? ??? ? ???? ?? ??? ????? ??? ??? ?? ??? ??n" "t?? ??? ? ??? ?? ??? ??? ??? ??? ?? ??? ??n" "t?? ??? ? ??? ?? ??? ?? ??? ??? ??? ?? ??? ??n" "t?? ??? ??? ?? ?? ??? ? ?? ??? ??? ???? ??? ??n" "t?? ??? ?? ??? ??? ??? ??? ??n" "t?? ???? ??? ???? ???? ???? ???? ??n" "t?? ??n" "t?? This is my last work as NST member ??n" "t?? Dedicated to all my Teammates: ??n" "t?? ??n" "t?? [ HaCkZaTaN ..... ] ??n" "t?? [ Paisterist ..... ] ??n" "t?? [ Daemon21 ..... ] ??n" "t?? [ Link ..... ] ??n" "t?? [ K4P0 ..... ] ??n" "t?? [ g30rg3_x ..... ] ??n" "t?? ??n" "t?? [ [url]http://www.neosecurityteam.net[/url] ] ??n" "t?? [ [url]http://www.neosecurityteam.info[/url] ] ??n" "t?? ??n" "& #092;t?????????????????????????????????????????????????????????????n" "t ????????????????????????????????????????????????????????????nn"); getchar(); printf("Verifying LegitCheckControl.dll..."); LegitCheckControl = open("LegitCheckControl.dll", O_RDWR); if(LegitCheckControl == -1) { printf(" FAILn"); perror("LegitCheckControl.dll"); getchar(); return 1; } else printf(" DONEn"); printf("Validating LegitCheckControl.dll..."); for(i = 0; i < 3; i++) { if((lseek(LegitCheckControl, byte_pairs[i].offset,SEEK_SET) == -1)) { perror(" ! lseek"); getchar(); return 1; } if((read(LegitCheckControl,&check,1) != 1)) { perror(" ! read"); getchar(); return 1; } if(check != byte_pairs[i].old) { fprintf(stderr, "n -> There is a problem validating the DLL, Seems to be Already Patched or Version Not Supportednn -> Aborting..."); getchar(); return 1; } } printf(" DONEn"); printf("Applying patch..."); for(i=0; i<6; i++) { if((lseek(LegitCheckControl, byte_pairs[i].offset,SEEK_SET) == -1)) { perror(" ! lseek"); getchar(); return 1; } if((write(LegitCheckControl, &byte_pairs[i].new, 1) != 1)) { perror(" ! write"); getchar(); return 1; } } printf(" DONEn"); close(LegitCheckControl); printf("Patch Completed!!!nEnjoy The Updates :)n"); printf("nHit Any Key to Exit"); getchar(); return 0;}Credits: HaCkZaTaN Quote
