Skip to content

re-ws.pl

ReverseEngineering WorkStation

  • Home
  • Tutorials
  • Random
  • About

Tag: Windows

[Import]How to bypass Secure Download Manager while downloading from Dreamspark

Posted on September 4, 2017 - December 11, 2017 by Kamil (aka. v3l0c1r4pt0r)

NOTE: This post was imported from my previous blog – v3l0c1r4pt0r.tk. It was originally published on 1st June 2014.

NOTE2: As people are reporting, THIS METHOD DOES NOT WORK anymore. Also I don’t have access to Imagine, so I would not be able to provide any help. Therefore, this article is left only for historic purposes, or for those that have some SDC files downloaded, when it was still valid and have valid decryption keys.

About a month or so ago I had an urgent need to download a copy of Microsoft Windows from Dreamspark. Unfortunately I haven’t Windows installed then so had to do this using Linux. After successful transaction I was given a link to SDX file and program called SDM. It looked that it would be easy. But it wasn’t. Program that I was encouraged to download was archive with .pkg extension. As I discovered few minutes later it was OS X application package. So the next step was to try to download Windows version and try to execute it with help of Wine. It failed. Then I tried to find some tips on the Net. I found a few other people having the same problem. Some of them could download using Wine and some not. For me there was only one solution: do it myself. As you probably guessed that way was a (almost) full success.

Solution

If you already have SDC file please do not skip since you probably still don’t have a key needed to unpack the file. The first step is to open SDX file in your favorite text editor. You will see a link. Open it in a web browser. Now you need to get to page source. The way it can be done depends on your web browser. Now we need to find few strange values in the code. The easiest way to achieve this is to search for keyword ‘edv*’ where * is the number of file you want to download counting from 1 (they are on ‘Items’ list on page you opened). Now you need to copy somewhere values of the following variables: ‘oiopu*’, ‘oiop*’, ‘fileID*’ (*-see above). The last one we need is ‘dlSelect*’ but for that one you need to search cause it is in a different place. Now you can build URL that will let you to file containing two interesting values: file URL and decryption string. This URL’s format is:

http://[SDXdomain]/WebStore/Account/SDMAuthorize.ashx?oiopu=[oiopu]&f=[fileID]&oiop=[oiop]&dl=[dlSelect]

Now you should see XML file that looks similar to this:

<information>
 <oiopua>01234abcd-0123-4567-890a-0123456789ab</oiopua>
 <edv>0123456789^^0123456789QwErTyUiOpAsDfGhJkLzXc0123456789QwErTyUiOpAsDfGhJkLzXc12345678</edv>
 <linkAvailable>1</linkAvailable>
 <errorTextKey/>
 <invokeExternalDownload>0</invokeExternalDownload>
 <fileUrl><![CDATA[http://software.dreamspark.com/dreamspark/ENGLISH/SDCfileName.sdc]]></fileUrl>
</information>

The last step here will be downloading file from fileUrl and saving edv value in file. The important thing is that the file with a key should be named exactly as SDC file with addition of ‘.key’ suffix.

Update:

I’ve just discovered that things are getting a bit different when the file size exceeds 2.0 GB. In that case Dreamspark is splitting file in two or more files. That situation could be easily recognized, because sdc file name’s suffix is: ‘.01.sdc’. In that case you need to try to download file which URL differs by only that one digit, ie. ‘.01.sdc’, ‘.02.sdc’, ‘.03.sdc’. When you encounter last file it should have smaller size than the rest and incrementing that number by one should give you BlobNotFound error.

After downloading all the files they just need to be joined into one. It can be easily achieved with dd, ie.

dd if=pl_windows_7_professional_with_sp1_x64_dvd_u_676944.02.sdc >> pl_windows_7_professional_with_sp1_x64_dvd_u_676944.01.sdc

and then optionally

dd if=pl_windows_7_professional_with_sp1_x64_dvd_u_676944.03.sdc >> pl_windows_7_professional_with_sp1_x64_dvd_u_676944.01.sdc

After that you will get sdc file prepared to unpack.

Unpacking SDC

Now since you have SDC file you can start unpacking it. The previous part was, at least for me, very easy. The problem started when I tried to discover how the file is stored in that container. But don’t worry, I’ve written simple program to do it for you. As of now (1st June) it is still in really early alpha stage and have lot of constraints. It is able to unpack containers that contains only one file packed, doesn’t create any directories, cannot verify file’s checksum and probably few other problems I don’t remember or don’t know about.

If you were searching a bit in the Internet, you probably found out that someone cracked that container in the past. Unfortunately Microsoft changed format since then. It is also possible that in response to this article it will be changed again. To make it a bit harder for them to block my software I’m publishing source code on github and after the process of reverse engineering is finished will write second article describing how things works under the hood and describe sdc file format.

But let’s get back to unpacking. Now you need to download xSDM from github. The newest version can be downloaded by typing

git clone https://github.com/v3l0c1r4pt0r/xSDM.git

in your terminal (of course you need to have git installed). Nevertheless I advice you to download newest tagged release. You can do this by clicking on releases on project page and then choosing the one on the top (or first beta/stable if any) and clicking on “tar.gz”. tar.gz can be unpacked by typing

tar -zxvf xSDM-[tag-name].tar.gz

into console. Then get into xSDM directory by typing

cd xSDM

(or your release directory) and compile the program by standard

./configure
make
make install

where installation is optional. Now to unpack your file you just need to type

src/xsdm [path-to-your-sdc-file]

And that’s it, you should now be able to open file you downloaded. As mentioned above the program is in very early alpha so I cannot guarantee that it will work in any case. If you will encounter any problems feel free to open issue on project page at github.

Posted in TutorialsTagged Dreamspark, English, Linux, Reverse Engineering, SDC, SDM, Windows44 Comments

[Import][Delphi] Wyświetlanie stanu za pomocą ProgresBar’a

Posted on September 4, 2017 - September 7, 2017 by Kamil (aka. v3l0c1r4pt0r)

NOTE: This post was imported from my previous blog – v3l0c1r4pt0r.tk. It was originally published on 19th April 2012.

Wydaje się, że jest to proste zadanie: wystarczy umieścić na formie kontrolkę, pozmieniać nieco style i gotowe. Niestety praktyka wygląda zupełnie inaczej. Każdy, kto chciał to osiągnąć w Windowsie Vista lub 7 pewnie wie, że nowe paski postępu jednym szczegółem uniemożliwiają wykonanie tego tak prosto. Dzieje się tak, ponieważ pasek postępu przy włączonym Aero jest animowany i w żaden udokumentowany sposób nie da się owej animacji wyłączyć.

Microsoft oczywiście zaleca, aby zamiast standardowego ProgressBar’a użyć coś, co nazywa ‘Meter’. I tu pojawia się kolejny problem, bo o tym rozwiązaniu wzmianka znajduje się jedynie w tym przewodniku, nie ma natomiast żadnego opisu, jak takie coś można osiągnąć w praktyce a jedynym programem, w którym można zobaczyć jak takie coś działa jest Eksplorator Windows. Niestety podejrzenie w jaki sposób jest to wykonane od strony kodu jest dla większości praktycznie niewykonalne (nie można podejrzeć styli kontrolki za pomocą programów takich jak WinDowse więc jedynym sposobem byłaby dekompilacja). Na szczęście jest jeden trick umożliwiający wykonanie kontrolki przypominającej microsoftowy meter. Jak w każdym obejściu problemu tak i tu jest niestety jeden haczyk: po zmianie skórki np. na Klasyczny Windows, bądź też przy próbie zastosowania go w starszych wersjach Windows nie zobaczymy nic. Wymusza to więc zastosowanie dwóch kontrolek: dla Windows Vista/7 – tej, którą zajmę się za chwilę oraz standardowego ProgressBar’a dla starszych Windowsów.

Sam kod nie jest ani trudny do użycia, ani też jego napisanie nie stanowiło większego problemu. Przedstawia się on następująco:

var:tRECT;
theme:HTHEME;
Progress:integer;
begin
  Progress:=50;
  theme := OpenThemeData(Handle,'PROGRESS');
  if theme<>0 then
  begin
    SetRect(r,0,0,25,100);
    DrawThemeBackground(theme,Form1.Canvas.Handle,11,2,r,nil);
    SetRect(r,0,Progress,25,100);
    DrawThemeBackground(theme,Form1.Canvas.Handle,6,4,r,nil);
    CloseThemeData(theme);
  end;
end;

Jak widać dwukrotnie została użyta funkcja DrawThemeBackground: pierwszy raz rysuje ona tło, za drugim razem została użyta do narysowania paska postępu, który w tym wypadku został ustawiony na połowie maksymalnej wartości, a ponieważ pasek ma wysokość równą 100 nie było konieczności stosowania żadnych dodatkowych funkcji do przeliczania tej wartości. Zamiast Form1.Canvas lepiej byłoby użyć komponentu TPaintBox, ewentualnie możnaby wtedy nieco zmodyfikować kod tak, aby wypełniał cały komponent co ułatwiłoby późniejsze modyfikacje. Kod należy wkleić do zdarzenia OnPaint używanego komponentu. Jeżeli powyższy przykład jest dla kogoś niejasny bądź nie wie do czego służą poszczególne argumenty odsyłam do opisów poszczególnych funkcji w bibliotece MSDN: OpenThemeData, SetRect, DrawThemeBackground oraz CloseThemeData. Do funkcji DrawThemeBackground można przekazać także inne wartości (parametry 3 i 4) używając wartości podanych tutaj.
Dla mnie jednak próbowanie wszyskich wartości nie było zbyt wygodne, napisałem więc prosty program umożliwiający szybkie przejrzenie wszyskich elementów, które można użyć. Program ten można ściągnąć stąd i nie zaliczam go do projektów, ponieważ nie zamierzam wprowadzać do niego żadnych poprawek.

Posted in TutorialsTagged Aero, Delphi, polski, WindowsLeave a comment

Tags

Android assembly busybox C CAN can-hacking cc-factory cmake compiler docker Dreamspark electronics English gcc hacking hardware JavaCard JCOP kernel KiCAD library Linux PC PCB pinout PKI polski programming Python radio Raspberry Pi Reverse Engineering RTL-SDR SDC SDM SDR smart card software tor tty UART UEFi Windows X.509 Xperia Pro

Recent Posts

  • PHP build for use bundled in Android applications
  • Running graphical apps inside Docker containers
  • Plugin architecture demo for Python projects
  • Authorizing adb connections from Android command line (and making other service calls from cli)
  • How to recover torrent from rtorrent meta files

Recent Comments

  • pomi on Playing with GF-07 GPS device
  • pomi on Playing with GF-07 GPS device
  • Hamdy Abumgata on Playing with GF-07 GPS device
  • Mousum Gogoi on Playing with GF-07 GPS device
  • Eason on Sniffing USB traffic with DSLogic logic analyzer into pcap file

Categories

  • News
  • Random
  • Reversing LKV373A
  • Setting up new v3 Hidden Service with ultimate security
  • Tutorials
  • Uncategorized
  • Understanding JCOP

Links

  • Me @ github
  • LKV373A Wiki
  • DevTomek

Archives

  • December 2024
  • November 2024
  • May 2024
  • July 2023
  • October 2022
  • August 2022
  • July 2021
  • June 2021
  • May 2021
  • December 2020
  • November 2020
  • October 2020
  • August 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • July 2019
  • February 2019
  • November 2018
  • October 2018
  • June 2018
  • May 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • September 2017

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Proudly powered by WordPress | Theme: micro, developed by DevriX.