Saturday, June 03, 2017

Synergy and Serial Number Activation Key for SSL security - Reverse Engineering the source code (easy)

Intro:

Synergy is a great program, marketed and sold by a company called Symless. It's like a network KVM w/ drag&drop files and clipboard support so you can use multiple computers at once. Point being, it also supports SSL encryption - but not for free.
Theres a Basic license for $19 (which from what I can tell does exactly nothing extra from what you already get without paying)
And a Pro license for $29. Pro gives full SSL (TLS through OpenSSL) AES-256 bit security for your connections. AES256-GCM-SHA384 TLSv1.2

You can't even download the free version from their website anymore. But it is Open Source @ https://github.com/symless/synergy-core
EDIT: They have since moved to calling it "Synergy-Core" as Open Source to distinguish from the paid.

It doesnt matter whether you download binaries somewhere (current version is 1.88 stable as of this writing), or compile it yourself (pretty difficult) - because it ends up installing essentially an unregistered, not activated version without SSL.

But we can fix that.... (without even tampering with the program file)!

Reading the Code:

Since the source code is public, we can reverse engineer their pointless activation scheme. To reverse engineer it, start by heading to the source: https://github.com/symless/synergy-core/
You can look through the source code and you will find this;

https://github.com/symless/synergy-core/blob/master/src/lib/shared/SerialKey.cpp#L126 = The SerialKey::toString() definition neatly shows us the basic format of the key.

https://github.com/symless/synergy-core/blob/master/src/lib/shared/SerialKey.cpp#L226 =  The SerialKey::parse() function actually has an example key in the comments, and is showing the validation routine.

This is what we can gather: a string needs to begin and end with a {  } and has 8 semi-colon ; seperated fields (or 9 but we dont want that one - thats for starting a trial of pro). For the last two fields we put 0 for unlimited.

Such as :
{v1;pro;YOURNAME;#userLimit#;EMAIL;BUSINESSNAME;0;0}

However you cant just paste that in, it needs to be encoded into hex....

Cracking the Code:

I've made it easy, automatic, non-intrusive, anonymous, and not sketchy at all. Visit this online C++ compiler and hit the "RUN" button to run the code (in the cloud) that I've created, (based on the source code). The code runs in the cloud not your machine and is totally safe.  Feed it any values you want for name/email - they dont even have to be real!:
Activation Key Number Generator Script Serial  for Synergy http://cpp.sh/3mjw3

NOW you can paste that Hex code in. Voila, its activated.

Afterword:

You should still donate the company some money when you get the chance so they can continue to provide this great software AND keep it open source.

Note= both machines need to have the license key for SSL handshaking to work, and they both need to be on the same version (or close). The OpenSSL accept fingerprint window will pop up, thats how you know its working.

Proof of Concept Picture:
https://puu.sh/w9y0h/b67ecae2fb.png

Theres no way they can know, I checked. Unless they read this :) If they do, PM me.

7 comments:

xamurtx said...

Thanks mate, that work!

Debanjan Paul said...

Hi, your code pages and links do not work.

Leshao Zhang said...

Thanks. They didn't even encrypt the activation key.

MrLithium said...

The links work now.

Whydontcha Rydeme said...

awesome work, I would like to donate to you, please do synergy 2.0.0 as well. When this program was first made it was always free, even ssh. This is ridiculous and wrong that they are charging 30$. All knowledge , all information should be free, to restrict access is to destroy humanity.

Ricardo said...

WFT are you ? Very Impressed! Thanks for your sharing.

Sophia Eisele said...

Hey Guys...
For license key of software for Pc , Mac, Android... You just Click Here...
software license key