Log in

View Full Version : Small license exe, ollydbg, referenced text string mystery


mr_tex
November 18th, 2012, 23:33
Ok I have a very small .exe whose sole purpose is licensing (I know it's very basic and no real protection because only about 100 people in the world use this software and they didn't put a lot of effort into making it hard to crack, but I'm an extreme noob)

What I can't wrap my head around is that I copied every line of code (11,000 lines of asm) into notepad and searched for words that appear in the "enter your serial" dialog box. None of the words are found, how is that possible? I mean if a program has words in the body of dialog boxes, shouldn't they be in the assembly code?

Here's a screenshot of the dialog box:
2682

As you can see even when I completely fill out the Renew Code (which is the "activation serial" in this case) it doesn't enable the OK box to test it, it has to be the correct code so I don't know what to search for in ollydbg to find out where to start changing code around. I've tried a mixture of letters as well as random numbers and nothing enables the OK box.

Aimless
November 19th, 2012, 03:01
I am assuming you have also peeked at your RESOURCES?

Alternatively, RESOURCE HACKER in CRCETL is a good tool.

Remember to change to number of STRINGTABLE text to HEX before you search it in the assembly.

Have Phun

mr_tex
November 19th, 2012, 03:50
I have used resource hacker and yes the dialog is in there - but I don't know how that's useful

Quote:
Remember to change to number of STRINGTABLE text to HEX before you search it in the assembly.


What are you talking about and how do I do this??

Woodmann
November 19th, 2012, 21:10
Howdy,

Quote:
What are you talking about and how do I do this??


This is for you to learn. You have been given the direction.
Follow it and come back if you need more help.

Woodmann

mr_tex
November 19th, 2012, 21:22
Quote:
[Originally Posted by Woodmann;93736]Howdy,



This is for you to learn. You have been given the direction.
Follow it and come back if you need more help.

Woodmann


I followed it and need more help. Can't decipher what it is he is talking about, as I tried to follow what he was saying.

Aimless
November 19th, 2012, 21:38
Why don't you start off by typing:


PE Executable Resources Stringtable


into your favourite search engine and taking it from there?


Alternatively, I hope you have archived F+'s "OLD" site on reverse engineering -- then you can read tutorials about how to pinpoint protection schemes using resource based angle, and of course, stringtables.

Have Phun.

mr_tex
November 19th, 2012, 21:56
Quote:
[Originally Posted by Aimless;93738]Why don't you start off by typing:


PE Executable Resources Stringtable


into your favourite search engine and taking it from there?


Alternatively, I hope you have archived F+'s "OLD" site on reverse engineering -- then you can read tutorials about how to pinpoint protection schemes using resource based angle, and of course, stringtables.

Have Phun.


Thanks, although that search didn't give any good results in Google. I guessed what you meant was converting the text to hexadecimal and then searching for that, which I tried, and found nothing in several different tests.
It could be that I used too long a string, didn't space it properly, or should have converted it to unicode or something, I'll never know I guess. I keep coming back to this .exe for almost two years now all through school and it's always this first step that I get stuck on. I've Googled, tried chat boards, forum posts, and reading cracking websites that look like they were last updated in 1999, watching tutorials on youtube, as well as some from torrents, as well as ebooks, asm manuals, etc. If I had gone to programming school for 4 years I'm sure this would be easy for me, but unfortunately I'm only good enough to carry out instructions in non-professional-jargon English. In my profession it's also very common for the trained "professionals" to act like what they do is super simple, but then use confusing jargon to every layman to make themselves feel superior, of course the layman doesn't have mental images in his head associated with the niche jargon, so it flies right over his head and he thinks it's rocket science, when really it's just like someone speaking Spanish when he doesn't. Happens in just about every field from medical to engineering to computers. I could explain everything a new person needed to know to do what I do and replace me for 1 tenth the cost in a single day if I really had their best interest at heart (they would have to study for a few intense weeks but nothing compared to me) and its taken me years of struggle precisely because the entire world is obsessed with obscuring everything in this manner, even in most educational facilities. I would hope that if anybody could rise above that, it would be individuals that see past the moral walls of society.

Aimless
November 20th, 2012, 03:14
Reading your moral tirade has left me exhausted.

Nothing else from me.

Have Phun

Woodmann
November 20th, 2012, 22:06
http://www.woodmann.com/collaborative/tools/Category:Resource_Editors

MORAL WALLS ????

The single most important thing YOU need to learn
is how to search. (and proper construction of a paragraph, but I digress)

It is not as simple as someone telling you what to do.
If you cannot figure this out from the excellent hints
you have been given, I suggest you go the warez route.

Fini, OBC

Darkelf
November 21st, 2012, 18:56
mr_tex

let's look at this from a different angle.
You have some exefile that obviously processes some input without clicking a button or hit the "Return" button or something the like - right?
So. let's stay focused on that for a moment. What API (or APIs) does exactly that? Processing input directly. How is that done. What happens at the end of this loop?
How and why does your greyed-out button become active? Dig that - and the solution will become obvious and clearly visble before your very eyes.

Hope that helps and is not too "cryptic"

Regards
darkelf

mr_tex
November 21st, 2012, 20:57
Quote:
[Originally Posted by Darkelf;93753]
You have some exefile that obviously processes some input without clicking a button or hit the "Return" button or something the like - right?
So. let's stay focused on that for a moment. What API (or APIs) does exactly that? Processing input directly. How is that done. What happens at the end of this loop?
How and why does your greyed-out button become active? Dig that - and the solution will become obvious and clearly visble before your very eyes.


The greyed-out button doesn't become active unless there is a correct serial entered, but I don't have nor have ever had a serial to test it out. I have no idea how to find out what APIs control that part of the program. The only way I've ever known to find an entry point to start patching the asm is through string searches. I believe what others have said before me is to use resource hacker to find the dialog box responsible and then search that by converting the decimal number to hex or something, I also saw that in a cracking tut video by lena, but that doesn't work in this case because there is no dialog box in resource hacker except a 'dialogtemplate' which looks different, plus it has the "number" 0 as do most of the other resources. Furthermore searching for strings doesn't work either.

resource hacker and peid screenshot:
http://i.imgur.com/7rPod.png

also did a search in resource hacker through the stringtables (using ctrl+f and manually checking) and found nothing of use, using several keywords in the licensing dialogs

@Woodman I would have gone the warez route but as I said, only a very tiny amount of people use this program in the world and therefore it has gotten no attention from the warez scene. All of the programs related to my field of work are like this because it's a very niche field, there's over 35 or so programs for it and none of them have ever been cracked publicly even though their programs are extremely dated and coded by amateurs, they aren't as simple it seems as the 30 day trial nagware from 2000 like is conveniently used in the cracking tutorials on websites/videos. There doesn't actually seem to be any tutorials for real world situations besides the canned-material programs that all use the same nag screens or anti-cracking protections.

Quote:
The single most important thing YOU need to learn
is how to search.

I know how to search, but I could tell you that breathing is the key to good health, as long as you increase your vo2max, but it's not going to do you any good if you're a good searcher, because the golden information is buried in a few sites and you as a novice to this area have no idea how to sort through all the BS or irrelevant information and find it, you'll most likely end up in some yoga site talking about belly control or some other nonsense, no matter how hard you dig you don't know what you're looking for even though I gave you a few field-specific keywords.

Anyway, I figured there must be a way to find the text in the dialog box, as it must exist somewhere, but it's not showing in resource hacker or by searching olly. If there really is no way to find the text in olly other than praying for it to show up in resource hacker or searching in olly then I guess I'm out of luck.

Darkelf
November 21st, 2012, 22:07
If you won't show a bit more effort on your own, I'm not going to answer your questions any further.
You say, you have no idea how to find out what API controls that kind of stuff - well, GET AN IDEA!
That's what our fellow reversers meant by writing "learn to search". What's so hard in writing just "winapi help"?
Doing so, you'll soon find out about this (for instance):

http://www.winprog.net/tutorial/

or that:

http://www.carabez.com/downloads/win32api_big.zip

Well, now I've already done your homework (almost), please consider - at least - looking into the Win32 help file and FIND the API's needed. It's not that hard, believe me. I requires just... reading.

Sorry if I sound a bit disdainful, but you behave just like a little kid (in a way). A reversers most powerful weapon is it's brain. Dare to use it! The hints you've got are not meant to make fun of you or mislead you. They are meant to make you think on your own. If this is actually to much of a hassle, please consider to buy this piece of software or find someone to crack it for you. For this, Woodmann's is the wrong place - but if you want to become better and if you have no fear of using the grey matter between your ears, you're very welcome.

Again regards
darkelf

Woodmann
November 21st, 2012, 23:16
Amen Darkelf .

If the next post by mr_tex is not pertinent then this shall be gone.

Woodmann

yogi_saw
November 24th, 2012, 12:59
@mr_tex r u sure u have seen and learned techniques described in lena151's tutorials. Just grab then and learn i m sure u wll understand basic atleast which wll help u in ur way