I have at last cracked the Alfano Go-Kart timer/datalogger software. The software check the serial number inside the datalogger device and compare it to the licensfile. The Software is a VB5 program an I have used SI for the crack.


My problem now is that I want to make a copy of the download device for the datalogger. I have made somthing that communicate with the datalogger, but something is wrong in the design.
I want to see what the original device is transmitting and compare it with the data my device is transmitting. There is alot of different "sniffers" around on the net, so thats no problem. The problem is how do I get the properties of MSComm32 in runtime.
Tried SmartCheck to see if that gives me the properties of how MSComm32 is used inside the program.
I have tried the trial-and-error method for to many hours.
(9600/8/N/1 hmm dosent work, lets try 2400/8/N/1 hmm dosent work..... and so on)

Some people say sleep can make marvelous things to the human race. It is 5:00 in the morning and I think I will give it a try ;-)

Hi to all,
well i've not reversed the mscomm32.ocx yet (perhaps i'll do it who knows eheh) but if i remember well the serial port can be programmed by the int under simple dos
Now i cant remember which r the specific interrupts and memory location to use but i think that if u look at ralph brown u'll surely catch them
Using that informations think u'll be able to know the properties of the connection (but i'm not so sure about it coz lotsa time has passed)
Make me know about it

See ya
NikDH

I have "cracked" mscomm32.ocx, Version 6.0, as used under
VB6. Might it be the same one you are using? If so, maybe I
can help. I could talk you through analyzing the executable,
or you could tell me were to get it, and I could try to do it
for you.

(Actually, this is one of the simplest OCX's to crack; it is quite small!)

Sarge

I have develop the hardware. Alot more difficult than the Software.
I want to improve the software from Alfano.
I want to know the baudrate,databits, parity and stopbits that the program use.
The program uses MSComm32. I want to se the properties used/sent to the control.
I think that they are sent just before receiving data, and they shoulkd not be changed until the close of the port.

Well, as I asked...How do you want to do it?
Should I talk you through the code, or do you want to send me
the program?

The software can be found at:
h**p://alfano-usa.com/Download/alfano.zip

The path thru the app to find the section where the MSComm32 is called is:

Francais -> English: (More readable that way)
Files -> Import Data from Alfano -> Start Scan

Now the Comport is ready to receive data from the Alfano timer.

What I want to know is only the parameters for MScomm32.

I downloaded the program just after my first reply; the OCX is the
same one I have already done. (I had to check to be sure that
my decompile of the MSCOMM 6.0 ocx used in VB6 would be the same as whatever was used in VB5).

If you have a hex editor, I can show you how to find the control's
default properties. Of course, they may change programatically,
but if you look at them, they are the standard control setup in the app.
(Hint: Baud is 9600)

The first thing I tried was to set the hyperterminal to 9600/8/N/1 and tried to understand what the Alfano was sending.
All I saw was rubbish.
I belive that it is mutch slower than 9600. I think it can be as slow as 300.

I whant to understand how I can read the parameters to MSComm32 with SI in runtime, because I think the parameters are changed by the program.
To do that I need to have a BP on a "ComOpen" function in MSComm32. I do not know what function inside MSComm to set the BP on.
Another way is to look in the memory for a register for the comport. The problem is that I do not know what to look for.

Well, I can only say two things:

1. 9600 (among other things) is what is in the comm control in the app.
This does NOT mean that this is what the com port will actually
run at; the program may change this.

2. You say you see only garbage; I assume you mean you don't
see text. Are you sure that you SHOULD see text? How do you know that the data isn't binary. Did you try the monitor mode?
It may give you a clue. (Since I obviously don't have the hardware, I can't generate or look at "live" data).

If you think that investigating the comm control is worthwhile, I will help you decipher the app data. But remember, this is only the configuration of the control as it is initialized, the program may change this during the runtime.

Sarge

I will start looking at the "garbage" bytes I get and try to get the binary data that I get.
When I get the data fo a file I will try some ideas I have.
First I will test a simple XOR.
Second try will be that 1:st nibble is one figure and second nibble is the second.

Is there a decompiler for VB5 like there is one for VB3 (Dodi)?

It will take at least to after this weekend

IŽll be back!!

Ok, thats the spirit! Attack the program!

Some thoughts:

So far, you only have the baud rate (again, assuming what is in the control is what the app uses); you will need at least the full setting data, ie: 9600,N,8,1 or whatever. I agree that, given the 9600, you can probably assume the rest, but you might want to make sure first. The second most common is 9600,E,7,1.

You can make a good guess as to the baud rate that is actually used just by watching how fast the data streams into the Procomm monitor window. There is an easily determined difference between 9600 and 300; if you are not sure, make come kind of connection to another serial source (another computer, or a second com port on the same computer) and send data to yourself at both baud rates. You will certainly see the difference! If the data is coming at 9600, then the rest of the settings in the control probably ARE the settings in the app.

If you need help to "decode" the rest of the control settings, I'll be happy to walk you through the code.

Good luck

Sarge

Hi to all,
well i can suggest u a little that shoudl work to find the bpx on the ComOpen function

Load the ocx into one of urs vb project and uses the ADDR
vb instruction to show u the addr in memory of the
ComOpen() function (use a dialogbox to show the address)
So use sice to locate that addr in mem and see whats the corresponding position in the ocx file when u find it
well patch the ocx putting a int3 where that function starts
So sice will pop everytime that function is called everywhere

See ya
NikDH