Alias/3 patch

Ginzanix

Member
Aug 28, 2019
32
49
18
Finally I have an Indy for old software Irix6.2 and 5.x test. I'd Install Alias6 with patch, application launch but give an error when load project , object or simply try to create a new project.
I had a look, and it seems my removing some licensing function calls completely caused the problem after Alias switched to dynamic libraries in v5.1. Now it's patched at a lower level, and seems to work. Please test out the various functions, and see if they work... At least file loading is OK now.


alias6a.PNG
 
  • Like
Reactions: kikems

kikems

Member
Jul 22, 2020
68
23
8
Spain
Ginzanix congratulations for your work with the patch v3 of Alias6a is awesome, all works very good. Tested with my Indy IRIX 5.3.
Model, render, animation all works very good. Maybe some part of app can fail but I'm not find until now.
This days I'll try more intensive testing. As always thanks for share your hard work with us and lets me play with this iconic and historial apps of CGI.

Alias6a_indy4600.jpeg
 
Last edited:
  • Like
Reactions: Elf

kikems

Member
Jul 22, 2020
68
23
8
Spain
I found 2 external apps of Alias6 unpatched. One is MS2 and the other one is LipSync or MotionSync ( I'm not remember now). This 2 apps was separate and independent modules from Alias6 executable. If you create the aldemo user during installation and later login, you can view the icons in desktop.
MS2 ( Motion System 2 ) was the app for make, edit and manage motion captures to characters.
Lipsync was a small tool for syncronize morphs or bones with an audio track.

This was small apps, I hope no need much additional work to patch.
 
Last edited:
  • Like
Reactions: indigofan

Ginzanix

Member
Aug 28, 2019
32
49
18
I've had a look at further patches, though I will only post it once it's finished, so there will not be too many versions...

Another interesting tidbit I found by accident, is that the Alias 6a software helpfile, actually includes a checksum valid "template" license (it is published there, so it can't hurt to repost here I guess): Axyz987uvw987tuvbcd456abc. Two other licenses are also provided in the helpfile, but they are not checksum valid.

The license passes the license checksum check, however fails due to incorrect software version and then wrong hostid. By patching those checks, it is possible to get some further info about the string though...

It seems the license was set to expire 95-07-12 07:00:00 (local time), and includes Alias Studio, with only the options "PowerTracer" and "Sega". This does not seem like a practical combination of features, so probably it was just meant as a template license string with a valid checksum, and not for any real use.

Regarding the software version, it seems Alias 6 checks for a license starting with "I", Alias 5 checks for "G", Alias 4 for "E", and by interpolation probably Alias 3 for "C" and Alias 2 for "A". This would mean that the template license is made for Alias 2, which again makes no sense, other than providing a checksum valid license in the manual which would fail on both the hostid and version checks.

The interesting thing is that you can relatively easily manipulate the template license and checksum... I will leave the discussion here at that, though someone more knowledgeable than me, could probably quite easily make a license generator...
 

Ginzanix

Member
Aug 28, 2019
32
49
18
I spent some time studying the license string data. I thought it would be easier to post this somewhere else, so for anyone interested, please see here:


This contains notes on how the encrypted string checksum is calculated, and how to manipulate it. It also explains how you can upgrade an older version license to a newer version (e.g. v4 to v6), while keeping your encrypted features/time/hostid data intact. I haven't been able to do much further with the encrypted data, though I hope someone else might have a look at it.

Finally I provide a table for viewing the obfuscated strings in older Alias binaries. A simple substition algorithm is used for "sensitive" strings, so that they are not immediately apparent when using a hex editor, Ghidra etc. Just use this table with windhex or similar hex editor which can use tables to read the strings. Naturally having all the "sensitive"/encryption related strings readable makes studying the code/error messages easier.

This is all meant for further study/research of some very very old licensing systems (25 or more years old!), and I can see no harm in posting, though feel free to delete if any objections...
 

Attachments

Last edited:

Ginzanix

Member
Aug 28, 2019
32
49
18
After lots and lots of tracing and dbx-work, through layers of obfuscation, I finally figured out the licensing, and how to make keys for Alias v6 and earlier. I still need to do some of it by hand, however I understand the process and just need to figure out which of the decrypted switches turn on/off which feature. It should be possible to implement an automatic key generator without too much trouble (the DES key is easily readable from within the software).

Basically the normal key type is 136 bits and contains, hostid/MAC, expiry and feature flags. This key would be encrypted by Alias using a standard DES encryption in (probably) CFB 1-bit mode. The encrypted result is then encoded to the limited license string charset, very similar to the base58 encoding (used for Bitcoin of all things), and this string would be provided to the user.

Currently I can make keys by patching the DES function argument in the software from 1 (decrypt) to 0 (encrypt). I then encode the unencrypted key I want to use (following a specific order of hostid, features etc.) using a modified base58 implementation (custom alphabet used by Alias, with certain similar characters removed). I then read the encrypted value which the software makes from memory (using dbx). Then the encrypted value is run through the modified base58 encoder again, to make the "user key". Finally I have to update the CRC (as explained in the document I provided above). When run with the original unpatched software (which decrypts the key).. it works!

(forget about the previously posted test license, it lacked several features. Here is a fully licensed PA6 for hostid 69123456).

alias6info.PNG
 
Last edited:

Ginzanix

Member
Aug 28, 2019
32
49
18
If you change the Hostid to 69123456 (using the setenv command if you have an Indy, or one of the software tools for this purpose for other SGIs, or edit it directly in NVRAM if using Mame), you can simply use the license string in the screenshot above when installing the software. So, no more patching needed. This should also work with all versions of Alias 6 (6.0, 6.0a 6.0b), so there is no more need for custom patches for each version...

I can also generate licenses for any specific hostid, but its a bit of work, so I prefer to try to make some kind of automated key generator... If someone has the skills to implement/program a command line DES encryptor in 1-bit CFB mode, and a simple character encoding scheme for IRIX, just PM me for the details needed...!
 

About us

  • Silicon Graphics User Group (SGUG) is a community for users, developers, and admirers of Silicon Graphics (SGI) products. We aim to be a friendly hobbyist community for discussing all aspects of SGIs, including use, software development, the IRIX Operating System, and troubleshooting, as well as facilitating hardware exchange.

User Menu