Hey all...Alright, I personally think that the MFR project was a great success, and I'd say that it:

Showed the value of a new tool that many of us were new to, DeDe.

Gave an introduction to us about Delphi, a language many of us are new to

Gave another opportunity to locate, and understand algorythms!

Alright, now on to the next project, and beyond...I personally think that, while many have stated that going beyond the "patch" and "keygen" topics is "too advanced" for a newbie,I rather disagree for the sole reason that the purpose of this project forum is to teach newbies like me, and have progression! Now, i'm not saying we shoudl move to unpacking/dongles etc. right *now*, but I am saying that, we should start moving on to more diverse things, I do think that MFR was a step up in difficulty from MovingPix, and similarly the next project we do should be a "step up" from MFR...And after that, and maybe 1 more, we should move on to more advanced topics such as unpacking, dongles, and other things. We will however need considerable guidance from more experienced reversers...But isnt that the whole purpose of these forums?

ANy feedback would be appreciated!

This newbie is a real newbie. I did not have any luck with MFR project. I couldn't patch it or figure the calculation scheme. The posts were of little help to me and I came away with the impression that the majority of the posts were from intermediate to advanced reversers. So I would like to see two projects run at the same time. Something for the true newbie and something for the more advanced. I think we have to give consideration to the real beginners here and the people who participate on the board could sure assist in "bringing us along"

Hmm..Thats a pretty good idea. After all, it isn't necessary for you to actually *work* on both projects, and the more advanced newbies could give help to the less advanced newbies on the "real newbie" project.
And Raven, as for MFR, I'm sure you'll udnerstand one the essay gets posted.

Laterz

Alright, additionally I thinnk i found a program that would make a good project, because I couldnt make heads or tails of it

www.execsoft.com

The DiskKeeper trial version...If the moderators, or more advanced reversers wanna take a look at it , that would be cool. (I posted this on the main forum a good while back, just reposting it here where I Think it belongs)

Hi, Just a couple of thoughts

Well Thrax, I was willing to give Diskeeper 6 a look, but after going through all the user profile/survey BS required to get to the d/l area (Pleassse give direct links , I found out it was 9.42Mb for 95/98/Me and 11.7Mb to include NT/2000. Wow, nice try but I think this might deter some people from giving it a shot as a project. If anyone IS interested, the direct link is at

http://www.execsoft.com/trialware/diskeeper/download.asp

Raven58 - Not a problem. The purpose of this board is to make sure everyone learns something and progresses. Go with the questions if you have problems, the only stupid question is the one not asked. However, don't forget that this Project area is to supplement, not replace, basic lessons you can and should get elsewhere as well by reading, reading, reading and trying other tuts. The more you get under your belt from written tuts, simply in being more comfortable reading/tracing through code, the more you'll get out of these interactive projects I would think.

Just to make sure that you DO get something positive out of this last project, where did you run into problems? Not necessarily at what address, but perhaps conceptually or at what step in the process? Feel free to share your thoughts. Call it a post-game discussion

Regards,

Kayaker

Heh...Kayaker I suppose your right, somehow it totally evaded me that the file was so large And sorry about the link too. And Raven: Just to give you some more insight as to the process i personally followed with this:

Right, *many* people suggested that I set a breakpoint on HMEMCPY in SoftICE, and hit F12 a lot and eventually find my way back to the code. Well two things, first off thats fairly inefficient, and I"ve never like hmemcpy,second of all im using Windows NT so it wouldnt have worked anyway ;D

Thankfully, there is a wonderful progrma out there called DeDe which "decompiles" Delphi programs! So I ran and downloaded that, and decompiled MFR...(I believe you can grab it at ht*p://protools.cjb.net) Anyway, I decompiled the program (fairly self explanatory on how to do this) and clicked on the "Procedures" tab inside Delphi. Looking in the left column, I selected the "Register" heading. Under that, in the other column were a list of procedures. Two of them caught my eye. "SetRegistered", which looked like a procedure which would be called in order to "Set" the program into its "Registered" mode after correct information was entered---but i wanted to go further back and find the true routine for calculating a serial. The other procedure that caught my eye was "ebNameChange", or something along those lines (can't remember the exact name). I looked in there, and it looked fairly suspicious so I set a breakpoint on the location given there in Soft-ICE. I traced through a lot of calculations, an enormous loop, and at the end, following the 'RET' instruction, wound up right after a call. I noticed a few lines down a call followed by a conditional jump....Hm...So I popped up W32DASM, and went to that jump. I used a hex editor then to reverse it, and it gave me the "Registered" message! Alright cool...But then upon restarting the program, again it was unregistered. Now in this sort of case it usually means there are serial checks called from various locations. To find out where all the locations it was getting called from were, I fired up w32dasm, loaded up the program, and went to the Calculation call, the address of which I got from DeDe (procedure ebNameChange). It said there that it was called from two locations---One of which I had made the patch shortly after. I then went to the *OTHER* location from which this function was called, and saw that the same sort of conditional jump was there as well! So I patched that one as well, and voila, I entered some bogus data, restarted the program, and it was Registered!!!

So now I wanted to find the calculation routine and actually understand it...
I restored the old backup of the un-patched program and unregged the problem by deleting the "Name" and "Company" entries from the mfr.ini file in the directory. I then once again set my breakpoint in Soft-ICE, and started tracing...I saw a really long table being pushed to the stack right before the call to the calc. routine was made, which looked interesting. inside the call, I saw a couple values being moved to various registers---Namely, '01' to BL, 46h to esp+5, and '01' to esp+4. After this, there was a Loop which performed *the* calculation routine which I won't describe here...If you read the posted keygen code in the other posts, you will understand it though I hope.

Alright, I hope this helps you if you have any more questions just ask

Opera 4.05 seems rather good...Its one of those programs where you find the *area* that the *crack* is in, but you just cant pinpoint it....I started workin on it today, and if anyone is interested I think its a good project....

No thanks. I've already got 4.01 }>

Sorry, just a test. I keep getting CGI errors when trying to make a new post

______________________________________
I"ve been trying to crack it for some days now. Can you give me some hints?

thanks

______________________________________
I"ve been trying to crack it for some days now. Can you give me some hints?

thanks