About the file of license product

Same scanner, different vulnerabilities

About the file of license product

A few days ago a user notified me that the Burp Bounty Pro extension was running an unsigned exe on his computer. This file seemed to extract information from the hardware, which led me to think that it was part of the licensing system of trying to extract a unique ID from the hardware, to control license activations

Upon further analysis, I have seen that this file is part of the licensing software that I use for Burp Bounty Pro:

If you download the .jar file of this licensing software that is published "License4J License Manager" at:

You can see that this binary is embedded in the jar "LICENSE4J-HardwareID-Viewer.jar". If you extract the contents of the .jar file, you can see the executable called "d.bfi" in:

\license4j-license-manager\HardwareID-Viewer\LICENSE4J-HardwareID-Viewer\com\license4j\resources

If you upload this file to https://www.virustotal.com/ you can see that it corresponds to the md5 of the file that this user uploaded to the same website:

In this analysis that does not detect anything malicious, you can see how the original name of the file is "diskid32.exe". Searching the internet, I have seen that it corresponds to the source code of this manufacturer:

As you can see, the output of this product and what you get running it on your machine is the same.

Website:

My computer:

As I think that directly dropping an unsigned exe file, even if it's not malicious, is not a good practice to get the unique identifiers of the hardware to manage licenses, and because of other problems that this licensing system has given me, I will soon switch to a more modern and reliable license product:

Thanks and sorry for the inconvenience.
Best regards.

Please Login to Comment.