Jump to content

***req** NinjaTrader 7 Crack


c0ol22

Recommended Posts

The new NT7 has more protection built into it that makes it harder to crack. To start with, they are using SSL encryption to pass the license information back and fourth between the client and the server.

There is also a key exchange that takes place with the license file and one other check that I just can't seem to pinpoint...

They have certainly made it harder to crack compared to version 6.5.

Link to comment
Share on other sites

  • 2 weeks later...

zeraw31,

 

You are right about the protections...

The key and counter-key from the site is there since the first beta's.

 

The fact that they use SSL is not a problem per-se, because with a local apache server or IIS and a locally generated certificate you can overcome that easily.

 

I have generated a certificate and the SSL part worked ok and I start to see the NT7 conversation with the web server.

 

The major problem is that they are validating unique information from there certificate, and that's something you can't copy...

 

So, I see in the log's an error that say that something like it seems that I'm not connected to ninjatrader.com or ninjatrader-support2.com :-)

 

The only way to overcome that is to patch the .exe or .dll to not validate the certificate....

 

But patching .exe or .dlls it's not my area of work, I'm more a web guy....

 

In fact I have a licensed copy of Ninja Trader, but I like the challenge. ;-)

Link to comment
Share on other sites

peterbefrica: It looks like we are both at the same stopping point then and I agree with everything that you said.

 

I have also generated an SSL cert and have watched the traffic go back and forth through wireshark. I even went so far as to name the certificate kinetick.com and have all of the same alternate names - basically making my certificate look as close as I could to theirs. Maybe they are checking the serial number or something... Since this check wouldn't technically be taking place at the network level, wireshark isn't picking it up. Process Monitor doesn't pick it up either. All I can see is that it tries to connect to www.ninjatrader-support2.com and then it fails over to www.ninjatrader.com and that's when the 'cannot validate license' error message appears.

 

I have written an asp page that overcomes the key/counter-key that is embedded inside of the license file. I'm sure you already have this too, but if not, let me know and I can PM it to you.

 

I'm not 100% certain but I think the Ninja assemblies are protected by Remotesoft. I too am just a 'web guy' and patching and injecting dlls are a little foreign to me.

 

I think we're close, just missing one more piece...

Link to comment
Share on other sites

Hi zeraw31,

 

You are right we are in the same point. You really are a "web guy" :-)

I also generated a cert the more close as possible (kinetick.com, etc), but I also think it's the serial number that is being validated inside the .dll (and I can't mimic the serial and other few info).

 

The key / counter-key was just so easy for us web guys... Just a simple man in the middle interception ... I'm using "php" but it might be pretty much the same you have.

 

Regarding the .dll I tried to enter a world that it's not mine :-) I tried to look into the .dll using the .net reflector sw and the filedisassembler and reflexil add-ins.

I discovered some interesting things, and tried to make some changes to the .dll, but I had some problems when trying to save... Reflexil can not write mixed mode assembly...

 

Ok, so I tried an hexeditor to make the changes in the place I thought were the correct ones, but then because the .exe seems to be validating the .dll (an hash ?!) it doesn't like my new dll. :-)

From what I read, I think I have to replace also an hash some where in the .dll and maybe in .exe also ... but I don't know ... this is really out of my league.

 

So, this is were I got stucked ... I stoped trying the .dll stuff because it really isn't my area, and because this is just an hobby. I'll get back to it when if I have more ideas and time...

Meanwhile if you manage to get any new ideas or find an expert in .net and .dll's just let me know how we can pass to the next phase. ;-)

Link to comment
Share on other sites

I dont know what you guys mean by SSL, its showing only as http to validate the key.

GET /tools/NtLicense.php?lc=@REG&ky=B6D4E7CA8141479C9AB632B7A4CBAC9E

But it needs something in the local server to generate a key to send back, but I dont see this as happening over SSL.

I cant get past the key how have you got past the key?

And also dont bother trying to modify dll because its encrypted and scrambled.

The only way I see to do that is to completely re write the files which is hard and takes ages.

Link to comment
Share on other sites

I think you not get the keys right, you cant just put any keys, its algorithm to generate keys.

Are you saying you have extracted the algo that generates keys in NT program?

And have it on other end to send right key?

You can have middleman intercept all you like, how you know if keys are right?

If they dont match it wont work.

For example NT send key 12345678 and it needs abcdefgh to be sent back.

Next time its something else, they have to match from the algo that generates them.

I think is nothing to do with SSL certificates just to validate the program to run locally.

Because only diff in the license file info being sent from 6.5 is the KEY

Edited by BulllDozer
Link to comment
Share on other sites

To start with, they are using SSL encryption to pass the license information back and fourth between the client and the server.

 

No they aren't look here its http traffic.

http://www.imgplace.com/viewimg137/1523/85ntlicensetraffic.png

Broker/data connection is SSL.

http://www.imgplace.com/viewimg441/9180/93zenfirehttps.png

Edited by BulllDozer
Link to comment
Share on other sites

Hi BullDozer,

 

The name couldn't fit you better... The way you write to us seems pretty much like a BullDozer. :-)

 

Relax... We are saying this stuff not to look brilliant it's just the way it is.

 

In what version of NT7 are you working ? Up till Beta 14 there were no SSL being used.

Starting in Beta 15 SSL started to be used...

 

But to be honest I haven't tested the more recent versions (it's now in Beta 21) so it might be different... but I don't think they will remove the SSL protection that it's the one that is the more difficult to overcome.

 

The .dll, I don't know if it is scrambled or not (it's not my area), but I do know that using the sw's I mentioned I do see certain functions and many other stuff and it's more or less clear were you have to make changes.

 

Regarding the key / counter-key I don't want to take the fun out of your discoveries, so I will only say that : "Why try to guess the algorithm when there are already someone that knows it ?! :-)"

Maybe someone that build the sw. :-))

Do you know what is a man in the middle attack ?

 

Ahahah.... Have a nice day. ;-)

Link to comment
Share on other sites

Hi I am relaxed.

I am not trying to do this for fun im doing it to get it working thats my objective.

So if you could be straight to the point it would be kind.

I dont get what you mean by "why try to guess the algorithm when there is already someone that knows it?"

"Maybe someone that built the software?"

What do you mean by this?

My question is, with Beta 14 as an example, have you tried to start it up using the local server license?

Using your key generation?Did it work?Can you try this?

If so, can you upload the key generation files?

Thankyou

Edited by BulllDozer
Link to comment
Share on other sites

My question is, with Beta 14 as an example, have you tried to start it up using the local server license?

Using your key generation?Did it work?Can you try this?

 

Both of us have tried starting up the software using our key 'grabbing' mechanism but it fails (not because of the key) but because there is another 'check' happening - we think that the software might be checking something inside of the SSL certificate.

 

We aren't 'generating' the keys, we are simply grabbing the 'generated' key from THEIR server. Think about it this way. What happens when you go to:

 

https://www.ninjatrader-support2.com/tools/NtLicense.php?lc=@SIM-DRBT-D593-40B1-AE74-C79F-715D-1952&ky=123456789012345678901234567890

 

It returns a license file, correct? Look inside of the license file and you'll see the key that THEY generated and you'll also see that the LicenseType is 'SimulationOnly'.

 

Think about it... all of the information is THERE. It's up to you what you do with it or how you 'change' it.

 

Please forgive me for not handing you the answer but this practically spells it out...

Link to comment
Share on other sites

zeraw, ok I know what you are saying, I am doing the same thing, you guys are just not getting what im saying.

I can get the key which is sent and the key which is sent back from their server this is no problem.

What im trying to tell you is, the keys are different each time, each time it gets the license file, either from NT server or our local server spoof.

The NT program itself is generating a random key its sending, based on an algorithm inside the program itself.

Which has to have another random generated key come back in the license packet, which has to match the previous key generated by the algo in NT.

You can not just capture the key it sends back the time you have it connected to the NT server, and put this in the license file, and use the local server spoof.

Because next time it sends a different key which has to match.

For example it send this key, 12345678 it sends back this key, 87654321, and they match so it verifies the packet.

Next time it checks it sends this key, 63526329 and send this one back 84731927.

So if you put the original key, 87654321, in the license file, this next time it checks it doesn't match the sent key!

And so on and so on.

1.We need to get the key structure from NT itself, the algorithm that generates the keys.

2.We need something in the local server which reads this key, generates another matching key and send it back in the license packet.

OR

3.Have to remove key checking from NT, which is very hard because the code is obfuscated and you have to re map from memory and re write most of it just to see everything to read it properly.

Edited by BulllDozer
Link to comment
Share on other sites

Both of us have tried starting up the software using our key 'grabbing' mechanism but it fails (not because of the key) but because there is another 'check' happening - we think that the software might be checking something inside of the SSL certificate.

 

It is sending a different key, it IS because of the key.

I have tested this 100 times with WPEpro., it gives http ok, but because the key is wrong it wont verify the license.

 

We aren't 'generating' the keys, we are simply grabbing the 'generated' key from THEIR server.

I know, so am I.

 

https://www.ninjatrader-support2.com/tools/NtLicense.php?lc=@SIM-DRBT-D593-40B1-AE74-C79F-715D-1952&ky=123456789012345678901234567890

 

It returns a license file, correct? Look inside of the license file and you'll see the key that THEY generated and you'll also see that the LicenseType is 'SimulationOnly'.

 

Next time it sends &ky183746352454536253839482514263, and expects a corresponding key to come back.

You are sending back the key for 123456789012345678901234567890

They are different keys!!

 

Think about it... all of the information is THERE. It's up to you what you do with it or how you 'change' it.

 

Please forgive me for not handing you the answer but this practically spells it out...

 

All the information is NOT there, they are different keys each time it checks.

It needs to generate the corresponding key for the next different one it sent.

I know the answer, ive already given it to you.

Link to comment
Share on other sites

Look 1 minute apart not even opened and closed NT7, and its sending different keys and getting different matching keys back.

 

GET /tools/NtLicense.php?lc=My License Key&ky=FFD3488DD2D242C89A17E4F4BE1E73A0 HTTP/1.1..Host: www.ninjatrader-support2.com....

 

HTTP/1.1 200 OK..Date: Wed, 15 Sep 2010 00:33:00 GMT..Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.13..X-Powered-By: PHP/5.2.13..Content-Length: 805..Content-Type: text/html....<?xml version="1.0" encoding="utf-16"?>.<LicenseData xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <EndDate>2097-12-31T00:00:00.0000000+00:00</EndDate>. <Id>My License key</Id>. <LicensedFeatures>. <LicensedFeature>BasicEntry</LicensedFeature>. <LicensedFeature>Charting</LicensedFeature>. <LicensedFeature>LiveTrading</LicensedFeature>. <LicensedFeature>DataConnection</LicensedFeature>. <LicensedFeature>SystemDevelopment</LicensedFeature>. </LicensedFeatures>. <LicensedProviders>. <Provider>Gain</Provider>. <Provider>Hosted</Provider>. </LicensedProviders>. <LicenseType>Regular</LicenseType>. <StartDate>2010-07-15T00:00:00.0000000+00:00</StartDate>. <Key>002EF5D31FD037F41CAF8F08838E5904</Key>..</LicenseData>.

 

GET /tools/NtLicense.php?lc=My License Key&ky=E5A4543C4594490DB8DCDD2E67AEC7E7 HTTP/1.1..Host: www.ninjatrader-support2.com........

 

HTTP/1.1 200 OK..Date: Wed, 15 Sep 2010 00:34:12 GMT..Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.13..X-Powered-By: PHP/5.2.13..Content-Length: 805..Content-Type: text/html....<?xml version="1.0" encoding="utf-16"?>.<LicenseData xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <EndDate>2097-12-31T00:00:00.0000000+00:00</EndDate>. <Id>My License Key</Id>. <LicensedFeatures>. <LicensedFeature>BasicEntry</LicensedFeature>. <LicensedFeature>Charting</LicensedFeature>. <LicensedFeature>LiveTrading</LicensedFeature>. <LicensedFeature>DataConnection</LicensedFeature>. <LicensedFeature>SystemDevelopment</LicensedFeature>. </LicensedFeatures>. <LicensedProviders>. <Provider>Gain</Provider>. <Provider>Hosted</Provider>. </LicensedProviders>. <LicenseType>Regular</LicenseType>. <StartDate>2010-07-15T00:00:00.0000000+00:00</StartDate>. <Key>646D0BFE0B6535A90A56F4A2C3B4E78D</Key>..</LicenseData>.

Link to comment
Share on other sites

I know the answer, ive already given it to you.

 

If you know the answer, then why does it sound like you aren't grasping the man in the middle concept?

 

I know fully well that the key changes each time. I made the NtLicense.php file that sits on my local server 'smart enough' to pull a 'SimulationOnly' license from www.ninjatrader-support2.com (with the corresponding 'different' key) and change it to a 'Regular' license and then send it back to the NT7 app. (Note that I said 'different' key).

 

It's really just basic ASP coding to accomplish this. If you want a reference, start looking into the MSXML2.DOMDocument model.

 

I really hope that this thread doesn't turn into an argument (because that's where it looks like it's headed). I'm hoping for some constructive ideas here...

 

If you insist on proof, here's what 'my' NtLicense.php returns for the following URLs:

 

https://www.ninjatrader-support2.com/tools/NtLicense.php?lc=@SIM-DRBT-D593-40B1-AE74-C79F-715D-1952&ky=FFD3488DD2D242C89A17E4F4BE1E73A0

 

Returns:

<LicenseData xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
<EndDate>2099-12-31T00:00:00.0000000+00:00</EndDate> 
<Id>@SIM-DRBT-D593-40B1-AE74-C79F-715D-1952</Id> 
<LicensedFeatures> 
	<LicensedFeature>AdvancedStrategyManagement</LicensedFeature> 
	<LicensedFeature>AutomatedTrading</LicensedFeature> 
	<LicensedFeature>BasicEntry</LicensedFeature> 
	<LicensedFeature>Charting</LicensedFeature> 
	<LicensedFeature>DataConnection</LicensedFeature> 
	<LicensedFeature>SuperDom</LicensedFeature> 
</LicensedFeatures> 
<LicensedProviders> 
 <Provider>Gain</Provider> 
 <Provider>Hosted</Provider> 
</LicensedProviders> 
<LicenseType>[b]Regular[/b]</LicenseType> 
<StartDate>2006-05-02T00:00:00.0000000+00:00</StartDate> 
 <Key>[b]002EF5D31FD037F41CAF8F08838E5904[/b]</Key> 
</LicenseData> 

 

and

https://www.ninjatrader-support2.com/tools/NtLicense.php?lc=@SIM-DRBT-D593-40B1-AE74-C79F-715D-1952&ky=E5A4543C4594490DB8DCDD2E67AEC7E7

 

Returns:

<LicenseData xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
<EndDate>2099-12-31T00:00:00.0000000+00:00</EndDate> 
<Id>@SIM-DRBT-D593-40B1-AE74-C79F-715D-1952</Id> 
<LicensedFeatures> 
	<LicensedFeature>AdvancedStrategyManagement</LicensedFeature> 
	<LicensedFeature>AutomatedTrading</LicensedFeature> 
	<LicensedFeature>BasicEntry</LicensedFeature> 
	<LicensedFeature>Charting</LicensedFeature> 
	<LicensedFeature>DataConnection</LicensedFeature> 
	<LicensedFeature>SuperDom</LicensedFeature> 
</LicensedFeatures> 
<LicensedProviders> 
 <Provider>Gain</Provider> 
 <Provider>Hosted</Provider> 
</LicensedProviders> 
<LicenseType>[b]Regular[/b]</LicenseType> 
<StartDate>2006-05-02T00:00:00.0000000+00:00</StartDate> 
 <Key>[b]646D0BFE0B6535A90A56F4A2C3B4E78D[/b]</Key> 
</LicenseData> 

 

Note that 'SimulationOnly' has been changed to 'Regular' for the LicenseType.

 

I'm trying to help you figure this out so please keep that in mind when you reply to me.

Link to comment
Share on other sites

Yes you are getting the key it sends back from NT servers, intercepting it and transfer the right key back to the program right?

With the license changed to regular.

So if you can do this then what is the problem?You can change it to multibroker live right?

So could you upload the files to make it work as multibroker live?

I mean if you can change it to 'regular' you can change all the other things right?

Another problem with this is, the license checks for the indicators and systems from vendors.

As we have to block NT domains in host file.

Thanks

Link to comment
Share on other sites

Yes!! That's what I'm doing!

 

There is still something else that is being checked though because even if I leave it at 'SimulationOnly' (which I'm positive should work) it still bombs out. By me changing it to back to 'SimulationOnly' this guarantees that I'm generating a license file that is identical to what I would be pulling from NTs servers. I'm still convinced that we have the key exchange part figured out and that there is something else being checked here.

Edited by zeraw31
Link to comment
Share on other sites

it lists the providers under licensed features.

You know like,

<LicensedFeatures>

 

<LicensedFeature>AccountGroups</LicensedFeature>

 

<LicensedFeature>AutomatedTrading</LicensedFeature>

 

<LicensedFeature>AdvancedStrategyManagement</LicensedFeature>

 

<LicensedFeature>BasicEntry</LicensedFeature>

 

<LicensedFeature>Charting</LicensedFeature>

 

<LicensedFeature>ChartTrader</LicensedFeature>

 

<LicensedFeature>CreditManagement</LicensedFeature>

 

<LicensedFeature>DataConnection</LicensedFeature>

 

<LicensedFeature>LicenseManagement</LicensedFeature>

 

<LicensedFeature>LiveTrading</LicensedFeature>

 

<LicensedFeature>Server</LicensedFeature>

 

<LicensedFeature>SystemDevelopment</LicensedFeature>

 

<LicensedFeature>SuperDom</LicensedFeature>

 

<LicensedFeature>SuperDomRoyalties</LicensedFeature>

 

<LicensedFeature>TrackExecutions</LicensedFeature>

 

</LicensedFeatures>

 

<LicensedProviders>

 

<Provider>Gain</Provider>

 

<Provider>MBTrading</Provider>

 

<Provider>InteractiveBrokers</Provider>

 

<Provider>Patsystems</Provider>

 

<Provider>TrackData</Provider>

 

<Provider>CyberTrader</Provider>

 

<Provider>Photon</Provider>

 

<Provider>TradingTechnologies</Provider>

 

<Provider>FFastFill</Provider>

 

<Provider>RolfeAndNolan</Provider>

 

<Provider>Tda</Provider>

 

<Provider>Hosted</Provider>

 

</LicensedProviders>

 

<LicenseType>Regular</LicenseType>

 

It doesn't just say -ALL- it manually lists them and I guess with 7 there will be different ones than 6.5?

Link to comment
Share on other sites

Yes!! That's what I'm doing!

 

There is still something else that is being checked though because even if I leave it at 'SimulationOnly' (which I'm positive should work) it still bombs out. By me changing it to back to 'SimulationOnly' this guarantees that I'm generating a license file that is identical to what I would be pulling from NTs servers. I'm still convinced that we have the key exchange part figured out and that there is something else being checked here.

 

Yeah this is what im saying if you leave the NT domains open, not block them in host file, they can later send something through that messes it up this used to happen when people tried this MITM with 6.5

Link to comment
Share on other sites

Ok BullDozer, now that zeraw31 have helped you arrive to the point where we are stucked, can we advance and try to work to overcome the last step ?

 

Beta 14 is already solved, the problem is that the final NT7 version will be released with the most recent protections and I'm pretty sure that the problem is around the SSL.

 

Or do you want to keep using Beta 14 even after they release the new versions with corrections, etc ? It's already in Beta 21!

 

If you were able to sniff the traffic using wireshark, do the same now with a more recent version and check if you can still see everything open as before Beta 14.

 

Note - We are not trying to hide anything here, but if there isn't a final working version why should we be releasing intermediate work ?! There's no point in that. That will only make us loose time answering to questions like yours for something that it's not completly working. So, it's nothing against you.

 

I do hope that you can bring some valid contribution, but you must stop fighting us and start making an argument why you think it isn't related with the certificate and where is the additional protection in most recent releases.

Link to comment
Share on other sites

No we can't work to overcome the last step because its not the last step, the method you are using will never work, the machine must be blocked from NT servers, or it will never work.Beta14 is not already solved, because that method requires opening up access to NT servers, and also it is not multibroker live.Im ok with Beta 14, im sure there will be Beta 975.

But it needs to be a totally local fix with no access to NT servers.

I was not fighting with anyone just asking questions and making comments.

Link to comment
Share on other sites

Yeah this is what im saying if you leave the NT domains open, not block them in host file, they can later send something through that messes it up this used to happen when people tried this MITM with 6.5

 

I never heard of anyone needing to use any kind of man-in-the-middle exploit for NT 6.5 - there was no need to... it was simply a one-way check that could be easily overcome with basic XML request/response.

 

the method you are using will never work, the machine must be blocked from NT servers, or it will never work.

 

My hosts file is modified in the same way that it was for the NT 6.5 exploit so I am redirecting all of the NT domains to my local server. All of the magic happens within the NTLicense.php file... fundemental DNS stuff...

 

So, what happens when you go to:

 

https://www.ninjatrader-support2.com/tools/NtLicense.php?lc=@SIM-DRBT-D593-40B1-AE74-C79F-715D-1952&ky=FFD3488DD2D242C89A17E4F4BE1E73A0

 

and what happens when you go to:

 

https://64.38.21.160/tools/NtLicense.php?lc=@SIM-DRBT-D593-40B1-AE74-C79F-715D-1952&ky=FFD3488DD2D242C89A17E4F4BE1E73A0

 

The second entry skips the hosts file because there is no name to resolve.

Link to comment
Share on other sites

BullDozer are you kidding ?! You must be! :-)

 

Beta 14 is done with multibroker in it, end of talk! Follow zeraw31 indications and you will get there.

 

The process of going to NT servers is nice if you don't know how to modify the .dll and .exe files... If you know how to modify the files, I will be glad to read your explanation.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...