I spent a few minutes yesterday looking at it, the drm's not obfuscated in any way, part of it is in c# and part of it is c++. it sends a http request to *some ip*:5534/service.asmx (which I redirected to localhost by adding a loopback adapter), and it wants a response similar to
C:
Response.ContentType = "text/xml";
Response.StatusCode = 200;
string errorCode = "0";
string errorMessage = "";
string activated = "true";
string destroyed = "false";
string maxActivations = "1337";
string activationCount = "1";
string licUpgradeId = "1";
string licKey = "1337133713371337";
string res = $"<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"><soap:Body><GetStatusResponse xmlns=\"http://demo.eleckey.net/\"><GetStatusResult><ErrorCode>{errorCode}</ErrorCode><ErrorMessage>{errorMessage}</ErrorMessage><ActivationMode>0</ActivationMode><Activated>{activated}</Activated><Destroyed>{destroyed}</Destroyed><MaxActivation>{maxActivations}</MaxActivation><ActivationCount>{activationCount}</ActivationCount><LicUpgradeID>{licUpgradeId}</LicUpgradeID><LicenseKey>{licKey}</LicenseKey></GetStatusResult></GetStatusResponse></soap:Body></soap:Envelope>";
return Content(res);
but once that is finished, the c++ portion of the drm complains about the license being invalid (or whatever..) and I was too lazy to tryhard in IDA to find what it exactly checks. all of the exports in the c# portion of the drm (Deactivation.exe and Phsrv.dll) are named functions in the c++ dll (ekc6420.dll or ekc3220.dll)
if I had a valid key I could use to activate it and sniff the packets I'd probably be able to fake a valid response, but oh well.
I used dnspy for exploring the c# part of the drm, and ida for c++ bits
source for the web app in attachments (.net core 3)
