Im having trouble crackin Art 1.5 which can be found at http://www.elcomsoft.com/art.html

The app is protected with Asprotect v0.95 however im still relatively new to cracking and havnt unpacked any programs successfully yet without tutorials so thats kinda out of the question at the moment. The program requires a 16 character serial and performs this check and some others starting at 0049943E. The conditional jump at 0049946E jumps to the bad boy code, however if you reverse it the program is registered. This is all fine and dandy but the program rechecks the serial every time it starts OEP: 00498784 and reversing the jump at 004987F1 cause the program to think its registered again.

Now i would patch this conditional jump but the program is packed and my unpacking skills are rather poor ar the moment. After you have entered your 16 character serial, the program takes it and turns it into a 32 character serial before comparing it with a serial from a long list of serials inside the program(i think). It changes your entered serial into the 32 character serial at 0048F7F2 in a loop as it goes through each letter. For example i enter 1212121212121212 as my serial and it generates 6A716591C8E7CA561708631510579345 from it. It then subtracts my generated serial from another program generated serial at 00408D7F. The problem is I am unsure as to how the program generates the 32 character serial from my 16 character serial, so i cannot get them to match...

Any help in how the serial is generated would be greatly appreciated.

Hmm... i din try to key gen it but i unpacked it, and patch it :> din seem fun to trace through the long long key gen routine...

Yeah few wks ago i was a newbie at unpacking but i learnt a lot since i joined this board, do a search for AsProtect on this board and you will get more than enough info to rip out most AsProtect prog... try and ppl will help you along the way...

Have fun

ok, ill give it a shot then

Hi,

md5(1212121212121212)=6A716591C8E7CA561708631510579345

md5->Crypto Hash

AdamA

Hello:

Just out of curiosity I took a look at this.

App is ASProtected (erm) 1.08 :->

Took the easy way to unpack, (sorry +splaj guru <wink> CASPR..

Run the app. Surely, the app must store the code in the registry somewhere ... DoH! HKCU\Software\Elcom\ART\Registration\Code

Okey, let's enter a 16 byte string. Right! it checks the length as 0x10. We passed that one eh!

Put a bpx on RegQueryValueEx. We land at the reg. checker code at 0049886F! Rest all analysis of Tech19 is perfect!

Adam is also right md5(1234567890123456) = ABEAC07D3C28C1BEF9E730002c753eD4

Okey apps has a list of bad serial nos. (hacked previously and floating on the net I guess). We don't need those nah!

Finally, the app seems to crush this 32 byte into a 8byte sig of some sort with some unique properties and compares this (good crypto functions! Worth learning !!)

However, we just do this at raw offset 0x97c91 90 90

Gosh! Did we just register it ;-)

Enjoy!

Signed,
-- FoxThree

PS: This app just showed how good serial checking routines are taken by just two bytes :-<. Beware protectionists!