View Full Version : Help with cracking this program
kholmes163
July 8th, 2012, 14:43
2610
When I enter a key and press Activate License there is no error message to says its wrong. So when using W32dasm and Ollydbg I cant search for any strings etc so Im out of ideas.
Ive also tried wireshark to see if they program is going to any server but there is not any connections from it.
Thanks for any help!
Kevin
FrankRizzo
July 8th, 2012, 16:56
From the picture, that appears to be a dialog box. Search for the dialog box functions as your way in. If there are MANY of them, check the resources in your application for the number of THAT one, and find the code that references that particular one. You'll probably see it called as a modal, then when it returns, there could be code to read the entered values from the text boxes, and then you're staring at what it does with the data. If it writes it to a file, search for file reads. If it writes it to the registry, search for registry key reads. If it processes it immediately, there you are.
kholmes163
July 8th, 2012, 19:21
Im not sure what you mean and what to do. I also forgot to mention, inside Ollydbg there are messages like:
thanks for activation
your software will be unlocked now
click ok to continue
these are all in unicode and not ascii. there is no sign of any error messages but as stated the program doesn't give any when putting in a wrong serial.
hope this is of use
kholmes163
July 8th, 2012, 19:32
The computer ID the program has is 5.11-5871-3791-4654-E+ check the image
2611
One line in Ollydbg has this code which the @'s look like the computer id code hidden:
00401DF8 744E4000 DD SoundClo.00404E74 ; UNICODE "@@@@-@@@@-@@@@-@@@@-@@"
check this image, it has all the unicodes with the text saying 'thanks for activation' etc
http://i48.tinypic.com/2zgzxpi.jpg
Aimless
July 8th, 2012, 21:19
. . .is that the dialog box is not named 'Registration'.
Instead, its called 'Login'
Are you saying that this computer ID and Activation code accesses data / verifies data from a remote server?
OR
That this program is a sort of a 'database' program that is being looked at?
If so, its quite a new ballgame.
Answer me a single question please: Once you enter the ID and activation successfully (example, say), will this dialog box ever popup again?
Have Phun
kholmes163
July 8th, 2012, 21:40
Quote:
[Originally Posted by Aimless;92860]. . .is that the dialog box is not named 'Registration'.
Instead, its called 'Login'
Are you saying that this computer ID and Activation code accesses data / verifies data from a remote server?
OR
That this program is a sort of a 'database' program that is being looked at?
If so, its quite a new ballgame.
Answer me a single question please: Once you enter the ID and activation successfully (example, say), will this dialog box ever popup again?
Have Phun |
The software doesn't connect to any server, Ive tested it. So the serial must be inside the software. Once its activated I dont think this box will show again.
Aimless
July 9th, 2012, 03:13
then I'd suggest you do what FrankRizzo said.
Have Phun
kholmes163
July 9th, 2012, 09:41
Quote:
[Originally Posted by Aimless;92863]then I'd suggest you do what FrankRizzo said.
Have Phun |
I have no clue what I'm doing to be honest lol If there is anyone who can help please let me know. Thanks
R4ndom
July 9th, 2012, 10:57
Open the app in Olly. Run it. Do whatever you have to do to get that Login screen up. Enter a name and serial, but before clicking OK, click on Olly window and pause it. Then select Debug-> Execute till user code. Olly will start running again. Now go to the dialog box and press OK. Olly will break at the code right past the showing of the dialog box. Now you can step into the code and find the registration check.
You can also do a search for intermodular calls (right click in disassembly window and choose "Search for" -> All intermodular calls. Find GetDlgItemTextA (or anything that sounds like this- getting text from a dialog). Right click this name in the intermodular calls window and select "Break on every call to ____" where ____ is the name of the call. Now run the app, enter your serial and hit OK. Olly should break right after getting the serial from the dialog box and right before performing any checking on it.
R4ndom
kholmes163
July 9th, 2012, 11:24
Quote:
[Originally Posted by R4ndom;92867]Open the app in Olly. Run it. Do whatever you have to do to get that Login screen up. Enter a name and serial, but before clicking OK, click on Olly window and pause it. Then select Debug-> Execute till user code. Olly will start running again. Now go to the dialog box and press OK. Olly will break at the code right past the showing of the dialog box. Now you can step into the code and find the registration check.
You can also do a search for intermodular calls (right click in disassembly window and choose "Search for" -> All intermodular calls. Find GetDlgItemTextA (or anything that sounds like this- getting text from a dialog). Right click this name in the intermodular calls window and select "Break on every call to ____" where ____ is the name of the call. Now run the app, enter your serial and hit OK. Olly should break right after getting the serial from the dialog box and right before performing any checking on it.
R4ndom |
Hey R4ndom, thanks for the info.
Ive tried doing what you said and have no luck. I can't find anything like "GetDlgItemTextA" or similar I only get like 5 results which look like this:
Found intermodular calls, item 6
Address=00404BD9
Disassembly=CALL EAX
Destination=MSVBVM60.DllFunctionCall
Would there be any chance you could have a look at the program if I sent you a link? I am willing to pay $50 to the person who can crack this for me as I am in desperate need of it.
Thanks again
R4ndom
July 9th, 2012, 13:56
Yeah, go ahead and send it to me.
randomnetzley(at)yahoo(dot)com
kholmes163
July 9th, 2012, 14:28
Quote:
[Originally Posted by R4ndom;92869]Yeah, go ahead and send it to me.
randomnetzley(at)yahoo(dot)com |
Thanks man, email sent

TempoMat
July 9th, 2012, 15:19
Quote:
[Originally Posted by kholmes163;92868]
Would there be any chance you could have a look at the program if I sent you a link? I am willing to pay $50 to the person who can crack this for me as I am in desperate need of it.
Thanks again |
50 bucks for a crack means the normal license cost is much higher.
Well I thought you were interested in learning a bit RCE.
If you are still interested then the mention of "MSVBVM60.DllFunctionCall" should mean that the program is written in VB6. You could search for SmartCheck (old but still work on a lot of VB applications because it seems some of the programmers out there have completely forgotten about it and continue to write programs that still allow them to be debugged by it) and use it alongside Ollydbg.
Cheers,
TemPoMat.
kholmes163
July 9th, 2012, 15:22
Quote:
[Originally Posted by TempoMat;92871]50 bucks for a crack means the normal license cost is much higher.
Well I thought you were interested in learning a bit RCE.
If you are still interested then the mention of "MSVBVM60.DllFunctionCall" should mean that the program is written in VB6. You could search for SmartCheck (old but still work on a lot of VB applications because it seems some of the programmers out there have completely forgotten about it and continue to write programs that still allow them to be debugged by it) and use it alongside Ollydbg.
Cheers,
TemPoMat. |
The cost is $130 for the program. I am interested in learning but its all new to me. If i got step by step instructions I would know how to manage it.
So do I need a program called SmartCheck now?
Thanks
R4ndom
July 9th, 2012, 16:26
You do know the app won't work unless you have an online account, right?
kholmes163
July 9th, 2012, 16:29
Quote:
[Originally Posted by R4ndom;92875]You do know the app won't work unless you have an online account, right? |
That doesn't make sense because I used Wireshark and Fiddler on it and the program doesn't make any out going connections.
Also when I emailed the company pretending to be a buyer etc, they said I had to send them the Computer ID and they would send me a password.
TempoMat
July 9th, 2012, 16:53
Ok your progi is written in VB6 compiled to P-Code, which makes debugging a bit slow, as you have to step through this incredible MSVBVM60.DLL.
At least I know how the Computer ID is calculated and it goes like this.
1. X1=GetVolumeInformationA(C:\) in my case X1=CE54B5EB
2. NEG X1 if HexValue(X) is negative->NEG(CE54B5EB)=31AB4A18
3. Convert X1 to decimal and then string -> X2="8833309208"
4. PreCat the string "5748" to X2 -> X3="57488833309208"
5. VarMul 89 with X3-> X4 = 89 x 57488833309208 =9684536836179986671
6. "5116461164519512" & X4 ->X5=51164611645195129684536836179986671
7. Take Left(X5,18) and display in the form @@@@-@@@@-@@@@-@@@@-@@
The problem is I missed where this value "5116461164519512" was generated and that means I have to start the whole debugging again.
Well the next step is to find out how the activation Key is generated from the computer ID.
Unfortunately it is very late were I live, so I have to stop and continue another time.
Cheers,
TemPoMat
TempoMat
July 9th, 2012, 17:00
Quote:
[Originally Posted by R4ndom;92875]You do know the app won't work unless you have an online account, right? |
Well you are right.
The applications tries to connect to the Internet for the log in, that is why it does not return to Olly when you hit CTRL-F9 in Olly and then click the "Activate License" button.
kholmes163
July 9th, 2012, 17:08
Quote:
[Originally Posted by TempoMat;92879]Well you are right.
The applications tries to connect to the Internet for the log in, that is why it does not return to Olly when you hit CTRL-F9 in Olly and then click the "Activate License" button. |
I don't understand why it doesn't show in Wireshark and Fiddler that its trying to connect
Looks like your getting somewhere already so next time you can have a bash at it I hope it goes well

Thanks for all your help man
Aimless
July 9th, 2012, 21:38
Alright Kholmes.
I told you before that it will be accessing a server -- simply because the box isn't titled Register, but Login. Anyways. . .
Also, I have to hand it to you. I didn't really see that crack request coming. It was pretty well disguised.
If I had, I would have told you we don't supply cracks on this forum. But then as someone above is ready to earn the money and crack it for you, it kind of serves no purpose for me to lecture you on the rules of this forum.
As for Kholmes, as it stands, it seems to me you're least interested in learning how to crack the program -- far more than you are in actually getting it cracked.
What a waste of time.
Have Phun
Darkelf
July 10th, 2012, 14:13
Did I miss something?
Since when do we fulfill crack requests here, let alone crack-on-demand?
I'm a bit perplexed.
TempoMat
July 11th, 2012, 12:00
Hi Darkelf and Aimless,
Sorry if what I had written implicates honouring a crack request.
I just wanted to see if I could help by checking the software and give him some clues to continue from there.
The only private messages exchanged between us was about the link and nothing else.
All other writings from me were posted here directly.
I actually thought he was interested in learning but looks like he is only after a finished solution.
This I know will be against the rules of the board, which has prompted me to stop posting anything further to this topic.
Personally I hate applications that phone home and have always given such "apps" a wide berth.
Regards,
TemPoMat
dion
July 12th, 2012, 07:42
no mean to continue above discussion, but one point interests me:
Quote:
[Originally Posted by kholmes163;92880]I don't understand why it doesn't show in Wireshark and Fiddler that its trying to connect 
|
i once wants to log such connection too. fiddler is of course, useless. it just a proxy. i don't try wireshark, but i did notice the outgoing connection with process monitor. but i can't seems to get good detail from it. just fyi, the connection was made with delphi's Indy.
Powered by vBulletin® Version 4.2.2 Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.