Hi

I am trying to crack the activation code for a program called Omniview. When you try and register the program it asks for a Activation code and expiry date. I have used Sice and set a breakpoint to messagebox, and it break on an invalid code just before the invalid code message appears. I have also used wdasm32 and found out that there is a code for a trial and a code for the full version I just don't seem to be able to find the correct serial number in the regesters.

Can someone please help me

lucy

Try 'bpx hmemcpy' trace down the code and check values with 'd ecx' 'd edx' etc to see where it checks serial...good luck

Thankyou for the reply

When I tried to use the hmemcpy breakpoint sice keeps breaking as soon as the breakpoint is set and when I exit that break point,
it just open up again at the same point I eventualy have to switch the breakpoint off.

Thanks

Lucy

hmemcpy executed when there is a read/write to memory so before setting the breakpoint you have to open serial box enter a junk serial and before you press ok fire up to softice and write 'bpx hmemcpy' close softice and press ok..Boom

Hi

Thanks how I did it, but it seems to get into some sort of loop I press f12 to move on to the end of the section, there is a pause of about 5 seconds and the same loop reapears, the same happens if I keep on using x to exit it keeps on looping around, thats why I tried messagebox, but I think that open sice to late.

I am totally lost, please help me

lucy

Hi wonderwoman,

Ok, just do exactly what EtErNaL_L0ser said about "hmemcpy" and then when you break type for example "BC *" (without the quotes ) to clear the breakpoint.
Because otherwise you keep breaking on hmemcpy
And i think that this was your "loop" right?

Cya...

CoDe_InSiDe

WonderWoman,

I think that you are rushing into this too fast.

If Omni(whatever) is an "commercial" application with the programmers having even "some" knowledge of protections, you will ~NOT~ find the correct serial.

Simply because, unlike the tutorials of yore, no one compares serial numbers any more (except proggies like Winzip and a few others). What they do compare, are hashes or numbers (plain or encrypted) with each other. And not to mention the integration of the routines in the main one...and table lookups perhaps...encrypted with 1024 bit keys maybe...and then some!!

So do NOT try to look for the echo. In most cases, it will not be there. You'd rather start searching for how to bypass time and expiry dates based on "CONDITIONAL" flow. Or do considerable reasearch and try to figure out HOW the algorithm works, and then TRY to rip it...

...Have Phun

Aimless even Flash 5 which they want you to pay more than 600$$ does that compare ;-)

Hi

Thanks everyone for the info.

From what I can gather the program seems to assign the compter an ID when you install the program, it then must create a serial number from the ID. It also seems to have a binary based expiry date.

When the program is activated it restricts you to only opening 1 file instead of the usual 250. How hard would that be to crack? Thats if I can do the serial number!!

Let me get this right when you use hmemcpy you get to the serial page and enter any serial number and before you press ok you set the breakpoint. Then when sice is activated you disable the breakpoint and press f10 to continue through the program, as I never seem to get the chance to press the OK button without sice popping up.

Where am I going wrong?

Thanks

wonderwoman

Hmmm are you sure that you are only working with the proggie you wanna crack because hmemcpy breaks where there is *any*
read/write to memory so dont set any breakpoint enter a junk serial fire up to softice set your breakpoint close softice press ok booom you are in softice clear your break point with 'bc *' and trace the code....

And maybe close all other running programs?
like a double-click mouseprog.?
I'm just guessing here..

please give some advice here---- this forum positively states:
"The Newbies Forum
For newbies and above. Please, no Crack or Serial requests as it offends our intelligence "

what am i missing here? there are like 4 or 5 replies and yet no one mentions what i just did. we need help to know where to place specific requests such as a request for help cracking or unpacking a program. if this is the inappropriate place, then where is the appropriate place? maybe we can have just simple cracking area and one for unpacking requests. think about it moderators and help us. thanks
jomamameister

We didnt give any serial # / crack away we just tried to show how to remove that junk serial # bug!

Hiya Wonderwoman,

Its really nice to see a girl on this board once in a while And judging from the 12 replies you've gotten in 2 days, I'd say quite a few folks would agree with me

Without downloading the target, I can only offer you some general suggestions/approaches. If you're in need of more specific help, I'd suggest providing a url to the target so that someone can take a closer look at the prog in question.

First, as aimless mentioned, chances are that you will NOT find the valid code in one of the registers. Even in basic key gen algorithms, there are often multiple mathematical checks across all or parts of the key.

2. You can probabaly gain a bit more information about your target from the Wdasm listing. Specifically, what APIs does the program use for text entry? GetDlgItemTextA, GetWindowText, ...ect. These APIs will also provide useful breakpoints or even provide a good boundary for setting up a backtrace. And sense you mention an expiry date, you should also spy out the timer APIs used by the program. These might include GetSystemTime, GetLocalTime, and GetTickCount to name just a few. Of course, expiry dates often smell of registry entries so it couldn't hurt to take a look at the registry access APIs either (RegCreateKey, RegOpenKey, RegQueryValue...ect).

3. Check for suspicious registry accesses using Regmon. Expriy information is sometimes stored in the registry.

4. Check for suspicious file accesses using FileMon. Snoop around any .ini or other initialization files the prog uses. Expiry information is sometimes stored here as well.

5. Gain a mental picture of code flow, particularly during initialization and during the serial # entry. An API monitor is a great resource in this situation and you can use it to spy real-time on all of those text entry, timer, and registry access APIs you found in Wdasm. Try to see significant patterns by correlating the order and proximity of the function calls. You could also use this information to set intelligent boundary breakpoints for a backtrace.

6. Make the most of your tools. The backtrace range feature of SI could be used effectively in a situation like this. A range could easily be defined between the text entry API and the invalid code message box such that you can examine the exact sequence of code flow between these 2 breakpoints. The syntax for the backtrace is bprw "module name" T. Check SI documentation for more details on this useful feature. Also, check out Kayaker's nifty TracDis tool. Its currently the only way to save SI backtraces to a file and version 2 will soon have a handy autodumping feature to boot.

Well, thats about all the general advice I can think of right now. Good Luck and keep learning

Cheers,
Clandestiny

well..still u can do it,
read tuts from krobar.cjb.net
it has cool tuts there...
i also recommend u yo read the guide i did (need to send new one ;-)) maye it will help for now till next time. (tsehp's) page.

p.s

CoDe_ heya :-)
i will get my new computer today :-)
so i can be online weee...

What a girl on the board where? lol!

Thanks everyone for your replys it is very much appreciated!!!

I will just have to keep reading the tuts because I am getting know where with the code, I can follow the it easy enough, but it uses differnet codes to activate different features and the codes are created from the computer ID. I have tried using regmon and it definetly does not store any information there. I can't seem to work out the algorithm which creates the serial number.

Anyway once again thanks for your support

wonderwoman