crack_learning
Inactive
Offline
Posts: 6
Thank You
-Given: 0
-Receive: 22
|
|
« Reply #13 on: August 19, 2022, 09:29:06 21:29 » |
|
Hi to all,
First of all, I am very new here to this forum. So hopfully the post I in the right section.
For Fusion 360 I have something, that might help. The post will be little bit longer, with some story how I came to it. For the very short version just look at the end of my post, however in my longer version there will be also some usefully information.
Long version: So, I have been using Fusion 360 for my CNC machine. Nice SW, they started with nearly no limitations. One of my pain was when they introdouced the limit, that the CNC machine will use slow movements between two points. So instead of G0 they will generate G1 and with the last feed. So if the last feed was a slow one with 300mm/min then you could grow your beard until the machine reaches its new position. This was a no go. So I tried to open up xdbg64 and started to analyse the thing. I have a Personal license, because I am not a startup. And of course I do not want to cheat and lieing them about this. So instead I manipulate the SW. Ok maybe at this point lieing would be a better option. So I have opened up xdbg64 and started to search after the point in the disassembly code where they decide, which speed they will take. Let me point out here, that the whole stuff is about 4 Gigabyte big. But they put a small hint, in the emitted G Code. Some text with: When using Fusion 360 for Personal use, bla bla bla... So this text is very easy to find. Once I found it in IronCore10.dll, I started to look around. And found some conditions before it. To be honest, I think I have just changed them randomly, to see if one of them would change the output in the desired way. And yes it was. Basically after you find the text, there is a call before it, and before the call there is a conditional jump. Change them to a simple jmp.
While this was working, I had still one small problem. There was a limitation, that tool change is not allowed. This was harder to find, because it pops up a window, and the text if of course localised. So finding the text does not helped instantly. Since I found this more than a year ago, I do not remember exactly how I found the root of this check. I know I debuged a lot. A lot of lot. Really. Sometimes I just try, to see what kind of functions are there. And in that DLL, there was one that was called usingMultipleTools. So I put a breakpoint in it, and checked if that gets hit if I post my G code. And it was. So then I came to this point in the DLL, where it checks if multiple tools are being used by calling this function and testing the returned value in RAX. And then I changed the jne to a jmp, and it was not bugging me any more.
Actually this two where quite easy to find. But then one day, they introdouced a limitation, to only allow to have 10 sheets opened. Before I start to crack anyting, I first try to figure out, how I would do a feature like this. I would store this value on the server, and whenever the user tries to open more then 10 sheets, the server would deny it. So it seemd to be an impossible crack. But I gave a try. Sadly I did not made a record, where and how to crack this limitation. The first reason was, I found an easier way. The second is, I would not remote the feature, I could just increase the limit to 47, becaus there was very little space in the code to change, and this was the best I could achive. Some other register had this value and I changed the testing to this other register. So lets turn to the next change, which made this any way outdated. And to be honestly, I can live with 10 active sheets.
So I was thinking, of if the made the sheet checking on the remote side. Maybe the license checking and evaluation of the feature is also made on the client side. Actually, if they did it so, they are just amaterus. I mean, sorry. Normally you do it on the server side, and just send the client the list of available features. And you make lot of the features running on the server side, so the user only gets some interface to it. But actually, lot of the features are really running on the user side. Like the Active sheet number checking, and there is a feature where you can optimize the placement of some parts. Also with a full license all of the previous anying stuffs are removed from the G code post processing. To be honest, this was crack was way to easy. I started to check the functions names in the dlls to see if there is something with licensing. I debuged here also a lot, until I have realized, that it makes no sense to understand how they get a license, or how the verify it. I started to concentrate me on the point where they got the license and try to see which one the got. So I found a couple of functions. Debuging them, lead me to isHobbystLicense. This was a very small function, that checks some ram variable and returns true or false. Way to easy. I changed it, and it was giving me everything free.
Getting the cracks was way to easy, compared to the size of the binary files. And sometimes even myself did not belived, that it is possible. I mean, they cleary do not bother to protect their SW. But there are still some open points. Until there is no crack for it, they wont change this protection. Now there is it. And I really wonder that could it be that I made it first? I think no, but nobody made it public. But now, they definitly will do something about this. So the crack is only short lasting. So what can we do about it? I am working on an offline version. To be honest, I already had one. But I lost it. And I did not made any notices about where and what I had to change. It is like, I do it, and change it here and there. Everything is in my mind. But after 4 weeks I completly forget it. Like it never happend. For the offline version, I had a small fight with the VM Virtual machine. Since when I disable the ethernet, it behaves a little bit strange, it does not return the MAC address any more. While I think a real ethernet HW would still return it. So I had to fix this. Then I had problem, that after a while the stuff wanted to go online. And after a while the local stored authentication became outdated and wanted to go online. As I told, I fixed this (cracked), but lost it. I started to do it agin on a newer version. But, to be honest, as long as they do not change something in a way it becomes for me uncrackable or to anoying, I am not really motivated to do this.
During my debugging, I found also some intresting stuffs. Sadly no record is available here. And while it was nice, I completly forget where I did the crack. But I found the place where they evaluate if a given menupoint should be visible, disabled (gray out), enabled but with a small icon one it (like extension). And I played with it. Some extra buttons where coming up. Supporting some kind of SW Tests or so. Was intresting. Also the info that basically they can turn every (really every) feature to become dependent on a license type. So it is not like, they just implemented some key features depending on a license. They can basically put every small feature on a license.
Beside the off line version, I have something to activate some extensions. Not qutie sure, if that one is still working, I did not used it a long time ago.
Why is there no crack.exe available? Why I gave a small instruction how to crack it and not the binary? Guys, sorry, it would be nice to do this. But it makes no sense. There are some weeks when they updated this SW nerly every week. I had my SW running on one day. Milling with my CNC machine. Next day, it was updated. And all the cracks are lost. (doing 4gig update on an SSD, than you Autodesk for killing my disk). So a crack would not make any sense, because one it is done, after a week it becomes useless. So do it by hand.
Short version: HobbystLicense (i think this makes every feature available) Make a copy of nubase10.dll Open it with x64dbg Find the function isHobbystLicense there is a je instruction. Change it to a jmp. Save it. Overwrite the old file. Every time Fusion 360 is doing an update you must redo the change. I would say, this will work as long, as they do not notice people are using it. So maybe 6 months, and they will notice it, that people crack and change the whole licensig. So if possible do not use this. Or only use this crack if you are offline Now you have a hobbyst license.
Just removing anoying G code stuffs: ironcore10.dll backup and so. xdbg64 Find the text: When using Fusion 360 for personal use Text is references only at one place in the file. There is a call before it couple of instruction before it. Before the call there is a je instruction. Change this to a jmp Then find the function usingMultipleTools, there is a reference to it. After the function call, there is a test al,al and a jne. Change this to a jmp. Now no popup is coming because of multiple tool usage. And G0 is used for fast movement.
|