Intro:
Synergy is a great program, marketed and sold by a company called Symless. It's like a network KVM w/ drag&drop files and clipboard support so you can use multiple computers at once. Point being, it also supports SSL encryption - but not for free.Theres a Basic license for $19 (which from what I can tell does exactly nothing extra from what you already get without paying)
And a Pro license for $29. Pro gives full SSL (TLS through OpenSSL) AES-256 bit security for your connections. AES256-GCM-SHA384 TLSv1.2
You can't even download the free version from their website anymore. But it is Open Source @ https://github.com/symless/synergy-core
EDIT: They have since moved to calling it "Synergy-Core" as Open Source to distinguish from the paid.
It doesnt matter whether you download binaries somewhere (current version is 1.88 stable as of this writing), or compile it yourself (pretty difficult) - because it ends up installing essentially an unregistered, not activated version without SSL.
But we can fix that.... (without even tampering with the program file)!
Reading the Code:
Since the source code is public, we can reverse engineer their pointless activation scheme. To reverse engineer it, start by heading to the source: https://github.com/symless/synergy-core/You can look through the source code and you will find this;
https://github.com/symless/synergy-core/blob/master/src/lib/shared/SerialKey.cpp#L126 = The SerialKey::toString() definition neatly shows us the basic format of the key.
https://github.com/symless/synergy-core/blob/master/src/lib/shared/SerialKey.cpp#L226 = The SerialKey::parse() function actually has an example key in the comments, and is showing the validation routine.
This is what we can gather: a string needs to begin and end with a { } and has 8 semi-colon ; seperated fields (or 9 but we dont want that one - thats for starting a trial of pro). For the last two fields we put 0 for unlimited.
Such as :
{v1;pro;YOURNAME;#userLimit#;EMAIL;BUSINESSNAME;0;0}
However you cant just paste that in, it needs to be encoded into hex....
Cracking the Code:
I've made it easy, automatic, non-intrusive, anonymous, and not sketchy at all. Visit this online C++ compiler and hit the "RUN" button to run the code (in the cloud) that I've created, (based on the source code). The code runs in the cloud not your machine and is totally safe. Feed it any values you want for name/email - they dont even have to be real!:Activation Key Number Generator Script Serial for Synergy http://cpp.sh/3mjw3
NOW you can paste that Hex code in. Voila, its activated.
Afterword:
You should still donate the company some money when you get the chance so they can continue to provide this great software AND keep it open source.Note= both machines need to have the license key for SSL handshaking to work, and they both need to be on the same version (or close). The OpenSSL accept fingerprint window will pop up, thats how you know its working.
Proof of Concept Picture:
https://puu.sh/w9y0h/b67ecae2fb.png
Theres no way they can know, I checked. Unless they read this :) If they do, PM me.
197 comments:
Post a Comment