Been messing around with an older Windows label-making app called Label Maker AiO as a little reversing project and figured I’d post it here since I’m trying to get better at this stuff.
There are two versions I’m looking at right now (1.8.6 is the only version i have archived from long ago):
- v1.8.6
- v2.5 (found this on a still active site: https://labelmaker.cc/)
The app is basically abandoned from what I can tell, and I’m trying to understand how the licensing/check-in flow changed between versions. I do have a license saved locally, but the two versions seem to behave differently.
What I’ve noticed so far:
v1.8.6 appears to use Keygen:
POST to api.keygen.sh
Response comes back as valid=false / detail=does not exist
v2.5 appears to call:
https://labelmaker.cc/_/api/connect
That one returns:
No matching API endpoint
So it seems like the older version is checking against the old Keygen setup, while the newer version moved to a custom/web endpoint that doesn’t exist anymore.
I’m mainly trying to understand the structure of the app, how the request/response flow is handled, and whether there’s anything interesting to learn from comparing the two versions. It looks like a PyInstaller Python app, so I’m poking around the bundled files/resources and trying to map out what changed.
I’m going to upload the files to LimeWire so anyone curious can take a look.
Not asking for anyone to spoonfeed anything, just looking for general reversing advice:
- best way to compare the two builds
- useful tools/workflows for PyInstaller apps
- what areas would be worth inspecting first
- whether the failed endpoint behavior tells anything obvious
- any tips for documenting the flow cleanly
Still pretty new to posting this kind of stuff publicly, so figured this would be a good small project to learn from and get some feedback.
There are two versions I’m looking at right now (1.8.6 is the only version i have archived from long ago):
- v1.8.6
- v2.5 (found this on a still active site: https://labelmaker.cc/)
The app is basically abandoned from what I can tell, and I’m trying to understand how the licensing/check-in flow changed between versions. I do have a license saved locally, but the two versions seem to behave differently.
What I’ve noticed so far:
v1.8.6 appears to use Keygen:
POST to api.keygen.sh
Response comes back as valid=false / detail=does not exist
v2.5 appears to call:
https://labelmaker.cc/_/api/connect
That one returns:
No matching API endpoint
So it seems like the older version is checking against the old Keygen setup, while the newer version moved to a custom/web endpoint that doesn’t exist anymore.
I’m mainly trying to understand the structure of the app, how the request/response flow is handled, and whether there’s anything interesting to learn from comparing the two versions. It looks like a PyInstaller Python app, so I’m poking around the bundled files/resources and trying to map out what changed.
I’m going to upload the files to LimeWire so anyone curious can take a look.
Not asking for anyone to spoonfeed anything, just looking for general reversing advice:
- best way to compare the two builds
- useful tools/workflows for PyInstaller apps
- what areas would be worth inspecting first
- whether the failed endpoint behavior tells anything obvious
- any tips for documenting the flow cleanly
Still pretty new to posting this kind of stuff publicly, so figured this would be a good small project to learn from and get some feedback.