2610

When I enter a key and press Activate License there is no error message to says its wrong. So when using W32dasm and Ollydbg I cant search for any strings etc so Im out of ideas.

Ive also tried wireshark to see if they program is going to any server but there is not any connections from it.

Thanks for any help!
Kevin

From the picture, that appears to be a dialog box. Search for the dialog box functions as your way in. If there are MANY of them, check the resources in your application for the number of THAT one, and find the code that references that particular one. You'll probably see it called as a modal, then when it returns, there could be code to read the entered values from the text boxes, and then you're staring at what it does with the data. If it writes it to a file, search for file reads. If it writes it to the registry, search for registry key reads. If it processes it immediately, there you are.

Im not sure what you mean and what to do. I also forgot to mention, inside Ollydbg there are messages like:

thanks for activation
your software will be unlocked now
click ok to continue

these are all in unicode and not ascii. there is no sign of any error messages but as stated the program doesn't give any when putting in a wrong serial.

hope this is of use

The computer ID the program has is 5.11-5871-3791-4654-E+ check the image

2611

One line in Ollydbg has this code which the @'s look like the computer id code hidden:

00401DF8 744E4000 DD SoundClo.00404E74 ; UNICODE "@@@@-@@@@-@@@@-@@@@-@@"

check this image, it has all the unicodes with the text saying 'thanks for activation' etc

http://i48.tinypic.com/2zgzxpi.jpg

. . .is that the dialog box is not named 'Registration'.

Instead, its called 'Login'

Are you saying that this computer ID and Activation code accesses data / verifies data from a remote server?

OR

That this program is a sort of a 'database' program that is being looked at?

If so, its quite a new ballgame.

Answer me a single question please: Once you enter the ID and activation successfully (example, say), will this dialog box ever popup again?

Have Phun

The software doesn't connect to any server, Ive tested it. So the serial must be inside the software. Once its activated I dont think this box will show again.

then I'd suggest you do what FrankRizzo said.

Have Phun

I have no clue what I'm doing to be honest lol If there is anyone who can help please let me know. Thanks

Open the app in Olly. Run it. Do whatever you have to do to get that Login screen up. Enter a name and serial, but before clicking OK, click on Olly window and pause it. Then select Debug-> Execute till user code. Olly will start running again. Now go to the dialog box and press OK. Olly will break at the code right past the showing of the dialog box. Now you can step into the code and find the registration check.

You can also do a search for intermodular calls (right click in disassembly window and choose "Search for" -> All intermodular calls. Find GetDlgItemTextA (or anything that sounds like this- getting text from a dialog). Right click this name in the intermodular calls window and select "Break on every call to ____" where ____ is the name of the call. Now run the app, enter your serial and hit OK. Olly should break right after getting the serial from the dialog box and right before performing any checking on it.

R4ndom

Hey R4ndom, thanks for the info.

Ive tried doing what you said and have no luck. I can't find anything like "GetDlgItemTextA" or similar I only get like 5 results which look like this:
Found intermodular calls, item 6
Address=00404BD9
Disassembly=CALL EAX
Destination=MSVBVM60.DllFunctionCall


Would there be any chance you could have a look at the program if I sent you a link? I am willing to pay $50 to the person who can crack this for me as I am in desperate need of it.

Thanks again

Yeah, go ahead and send it to me.

randomnetzley(at)yahoo(dot)com

Thanks man, email sent

50 bucks for a crack means the normal license cost is much higher.

Well I thought you were interested in learning a bit RCE.
If you are still interested then the mention of "MSVBVM60.DllFunctionCall" should mean that the program is written in VB6. You could search for SmartCheck (old but still work on a lot of VB applications because it seems some of the programmers out there have completely forgotten about it and continue to write programs that still allow them to be debugged by it) and use it alongside Ollydbg.

Cheers,
TemPoMat.

The cost is $130 for the program. I am interested in learning but its all new to me. If i got step by step instructions I would know how to manage it.
So do I need a program called SmartCheck now?

Thanks

You do know the app won't work unless you have an online account, right?

That doesn't make sense because I used Wireshark and Fiddler on it and the program doesn't make any out going connections.

Also when I emailed the company pretending to be a buyer etc, they said I had to send them the Computer ID and they would send me a password.

Ok your progi is written in VB6 compiled to P-Code, which makes debugging a bit slow, as you have to step through this incredible MSVBVM60.DLL.

At least I know how the Computer ID is calculated and it goes like this.

1. X1=GetVolumeInformationA(C:\) in my case X1=CE54B5EB
2. NEG X1 if HexValue(X) is negative->NEG(CE54B5EB)=31AB4A18
3. Convert X1 to decimal and then string -> X2="8833309208"
4. PreCat the string "5748" to X2 -> X3="57488833309208"
5. VarMul 89 with X3-> X4 = 89 x 57488833309208 =9684536836179986671
6. "5116461164519512" & X4 ->X5=51164611645195129684536836179986671
7. Take Left(X5,18) and display in the form @@@@-@@@@-@@@@-@@@@-@@

The problem is I missed where this value "5116461164519512" was generated and that means I have to start the whole debugging again.

Well the next step is to find out how the activation Key is generated from the computer ID.
Unfortunately it is very late were I live, so I have to stop and continue another time.

Cheers,
TemPoMat

Well you are right.
The applications tries to connect to the Internet for the log in, that is why it does not return to Olly when you hit CTRL-F9 in Olly and then click the "Activate License" button.

I don't understand why it doesn't show in Wireshark and Fiddler that its trying to connect

Looks like your getting somewhere already so next time you can have a bash at it I hope it goes well Thanks for all your help man

Alright Kholmes.

I told you before that it will be accessing a server -- simply because the box isn't titled Register, but Login. Anyways. . .

Also, I have to hand it to you. I didn't really see that crack request coming. It was pretty well disguised.

If I had, I would have told you we don't supply cracks on this forum. But then as someone above is ready to earn the money and crack it for you, it kind of serves no purpose for me to lecture you on the rules of this forum.

As for Kholmes, as it stands, it seems to me you're least interested in learning how to crack the program -- far more than you are in actually getting it cracked.

What a waste of time.

Have Phun

Did I miss something?

Since when do we fulfill crack requests here, let alone crack-on-demand?

I'm a bit perplexed.

Hi Darkelf and Aimless,

Sorry if what I had written implicates honouring a crack request.

I just wanted to see if I could help by checking the software and give him some clues to continue from there.

The only private messages exchanged between us was about the link and nothing else.

All other writings from me were posted here directly.

I actually thought he was interested in learning but looks like he is only after a finished solution.
This I know will be against the rules of the board, which has prompted me to stop posting anything further to this topic.

Personally I hate applications that phone home and have always given such "apps" a wide berth.

Regards,
TemPoMat

no mean to continue above discussion, but one point interests me:



i once wants to log such connection too. fiddler is of course, useless. it just a proxy. i don't try wireshark, but i did notice the outgoing connection with process monitor. but i can't seems to get good detail from it. just fyi, the connection was made with delphi's Indy.