I have a program that has a very clever protection. It connects to a server to have various values calculated that the program uses. For instance the dimensions of some arrays are calculated by the server. There is no check anywhere to see if the values returned are correct, the program just uses them and then crashes or malfunctions as a result of any bad values.

The way I figure to crack this is to collect all enquiries sent to the server along with the responses. Then when I have enough responses I can either try to figure out the calculations done by the server or have a big table of possible responses and lookup from it the response each time the program makes an enquiry.

Now I would need two tools -

1. Something that acts as a proxy between the program and the webserver that records all inquiries and responses.

2. Then when I have all possible responses I need a webserver or script running on IIS that gives the response to the program.

Has someone made those already? I tried searching but no luck, which is weird since surely many programs must have this type of protection.

How about wireshark? Or fiddler?

http://fiddler2.com/fiddler2/

Have fun.

darkelf

No, nothing general purpose could do the job.

The program probably has hundreds of possible inquiry-responses so even just copy-pasting them to a txt file would be too much work.

And that would not solve the fake webserver part either.

Hmmm, you know fiddler? You have read it's documentation?
Actually it would solve your problem.
But maybe you will like this one more:

http://www.microsoft.com/downloads/details.aspx?familyid=d25ba362-c17b-4d80-a677-1faff862e629&displaylang=en

But I would recommend to code the server on your own. It's not that hard.
Be creative.

Regards

after looking at fiddler, yes you are right, I could probably write a script for it to save all inquiries and responses to text file. Still, a lot of work to learn its scripting language just for that.

I could probably just write a php script to do the same thing. (not that I know php either but how hard can it be...)

Any recommendation for a barebones webserver with sourcecode included?

Sorry, my crystal ball is still out for maintenance, so I'm currently unable to guess what programming languages you know

Well, I guess C# or VC++ would do. Since the changes to the webserver wouldnt be that big the language is not that important.

How hard is it to make a webserver than can coexist with IIS? That is, it would only intercept traffic from a specific application and otherwise pass it to IIS.

I'm asking because some cracks require IIS. Of course, it would be possible to make it using php or asp.net on top of IIS but the instructions for installing the crack would be too much for many noobs.