WinLicense HWID Information

[ZeNiX]

1. correct HWID is not required to further decrypt the protected code
2. HWID check is not simply a compassion check. It is checked DWORD by DWORD. So I assume it has x8 checks.

[c9er]

@chants

I have already gone through those tutorials. I was able to successfully use the LCF-AT script (1.4) on bundled crackmes. My current target is using " Themida/Winlicense(2.X)[-]" as per DiE version 2.0. I have a valid license file which was generated for different HWID. LCF-AT script is able to break at the correct nag message but then it fails to find any HWID compare checks. Subsequently the program closes itself after failed HWID check.

I have set a script breakpoint at FOUND_RIGHT_MESSAGE (Line 10726) and script beaks there. After that I can see that it tries to find the HWID compare check. After that it jumps to NO_MORE_CMPS (Line 10830) and executes the command "esto" and the program terminates with exit code 2.

Any ideas about why it's failing to find the correct check? I can share the program and regkey.dat file privately if somebody wants to take a look himself. It is not a commercial program and contains only a single executable file. Any pointers in the right direction will be appreciated.