[Link] Canvas + Kepserver [Reverse Engineering help needed]

[Str3atWarrior]

Here is a link for Canvas 3.30 by Eaton Cutler-Hammer :
http://plcforum.uz.ua//C ... 0.rar.html

You'll also need KepServer ePro (or any other version, tried and working with EX version cracked). Here is a link for ePro version :
http://plcforum.uz.ua//K ... r_ePro.rar

Code: Select all

http://plcforum.uz.ua//KEPServer_ePro.rar

Please note that Canvas is in Demo mode for 30 days, and KepServer ePro is also in demo mode that only allow you to run it for 2hrs before needing to reload it. I suggest installing EX version with cracked drivers, and just inject the Eaton Cutler-Hammer drivers if needed. I'm trying to do some reverse engineering on LicenseEPro.exe to build some kind of keygen for Canvas, but i've never done anything like that before. So if someone have some knowledge in reverse engineering, and would like to help, it'd be appreciated!

For thoses who don't know Canvas, it's kinda like Cimplicity by GE Fanuc, but i like this one more. It allows you to interact with lots of PLC brands by designing a workable interface over a computer. We have a registred version at my job and it simply rocks! We are managing lots of distants 90-30 with this. But i'm still kinda new to thic PLC and HMI world, and 1000$ a licence for Canvas and 2500$ a licence for KepServer is way too much for my budgets with the kids and wife

Have fun with this one!

[Str3atWarrior]

Found a way to transfert the key we had at shop into any computer without too much trouble. I'm still in the process of learning reverse engineering to make a keygen, and i will post it as soon as completed!

As far as i got, i now know for sure that they serial must be a 5 digit numerical for Canvas, so it souldn't be too much trouble. As for KepWare OPC - DX Application and KepWare OPC Server Application, no job have been done at the time to crack those. As soon as i'm done with Canvas, i will move to them one by one. But don't expect too much, never done that before

[Str3atWarrior]

So have anyone tried it yet? What do you think of it?

[Str3atWarrior]

Update 09/02/2010

The serial for Canvas, Kepserver and other is truly 5 numerical long. I've found a way to register all of them using a bruteforce program that try every possible combinaison. With my programmation laptop, i managed to get all the keys under 2 hours.

If someone is interested in the name of the application, please drop me a pm. I don't want to publicly tell how i've done this incase some Eaton Cutler-Hammer representative browse this forum and find a way to bypass this.

Str3atWarrior

[douyi]

Hi Str3atWarrior,

Do you mind PM your canvas key finder? I'm looking for it for a long time, thanks a lot!

Douyi

[Binary01]

Str3atWarrior...can i get a copy of kepserver/ I have been looking for it a long time..

[mytom123]

Str3atWarrior
Can i get a copy of kepserver, I have been looking for it a long time too.

[Wjmdtt]

Share the Eaton canvas Key, or panelmate software! Thank you!

[hakerbitz]

To make this software "work". Find on the Internet "Ida Pro Adv EditionTDM.exe". install it.

Open IDA. Hit New, open one of the files named "LicenseEPro.exe" usually at

C:\Program Files\Cutler-Hammer\Canvas 3.31\System\LicenseEPro.exe
C:\Program Files\Cutler-Hammer\Canvas PC Runtime v3.31\System\LicenseEPro.exe

leave the open options as default, hit yes for debug information
hit debugger-> select debugger-> Local Win32 -> press ok
Next to the file menu, Hit Jump -> Jump to address - >Type 409D6E ->click ok
it will bring your cursor to a line that reads mov ecx, [esp+8+Str]
Press F2, it will highlight the line in RED - Press F9 to run in debug mode
if you get a debugger warning Hit Yes.
Software registration will appear. hit initiate activation on all the options, and hit ok on the warnings,
Click a line with License temporary, leave activation key as 0 and hit apply activation.
The debugger will detect this and freeze the program,
It will show the valid activation key in the last 4 digits of the EAX register in hexadecimal.
write this down then press F9, and change tabs back to software registration, hit ok on invalid.
convert the 4 digit EAX hex value to decimal using calculator in programmer mode. or google it online
use this value as the activation key. if the debugger stops you again, just press f9 to continue.

mic drop