Log in

View Full Version : Stuck with MosASCII


RenHoek
March 1st, 2002, 22:59
Hi there, I'm pretty much a newbie, but I'm trying my best

I'm currently trying to crack MosASCII Beta 6R2, since it does not allow various options that I want to try in the shareware version.

Here's in info on the target:

MosASCII 1.0.216 (Jan 8 2002)
//www.mosascii.com/
EXE filesize: 1,347,584

The program is a VB6 application, and can be registered with a name and serial.

First hurdle was the fact that the 'Register' button is grayed out as long as a non-valid serial is entered. Using softice and IDA I was able to find the location of that check.

0048DCD2 is a jz that I turned into a jmp

Then if you push the now clickable 'register' button it will pop up an 'invalid registration key' box, which I was able to find by putting a breakpoint on every damn rtcmsgbox I could find. (Any tips on better techniques appreciated, I could not F11 after a bpx on rtcmsgbox, it only returned me deep in MSVB60.dll)

Now I got that fixed by nopping out a jz on 0048ce07

The third hurdle is where I am stuck. It now comes up with a notice that my serial has expired. The text is in the binary but in an area in IDA that is marked unexplored. I have no idea what function is used to create that text window, so I'm totally lost on what to bpx.

Anybody have any pointers on my current problem or any advice on better techniques for the first 2 points?

Thanks

Tech19
March 1st, 2002, 23:30
you might wanna try using Numega Smartcheck for cracking VB apps.

RenHoek
March 2nd, 2002, 00:34
I tried, it's not pretty. He does a loop of 100 StrCmp's and god knows what else.

I did find the beginning of the procedure I think where the text message is displayed. It's at 004FBED0, which
is called from location 0048CF5D.

But I still cannot find how this thing works. When I try to enter some of the codes of the StrCmp's in the unmodified program the register button does not even light up.

So I'm still stuck

foxthree
March 2nd, 2002, 09:25
Okey: Here is what you do:

--> Run Spy ++ (VC Tools)
--> Locate the handle to the Button that says "Register"
--> Leave the window as is
--> Open VC++
--> Write code to call EnableWindow passing this hard-coded handle (to make it neater do a FindWindow but that's me ;-))

Voila! Your Register button is now enabled. Now monitor in SmartCheck what the serial protection code does once you click on Register button.

Signed,
-- FoxThree

RenHoek
March 2nd, 2002, 10:50
Well as I mentioned in my first post, I was able to hack the register button, so that is not the problem. The problem is, that I get a serial expired notice, but I am unable to find the badboy compare if that is how it works.

Also there are more then a 100 StrCmp's being done with all different numbers, so I think there is something sneaky being done here. So it's just kinda hard to type in a 100 different codes, and I think it wouldn't work in the end anyway...

wbe
March 4th, 2002, 00:04
Very well done. Smart program, lots of junk loops, tricks, etc.

Don't bother. No need to register. Just make it think it is registered. If you had worked well on the compare routine which is run just before you receive the "... disabled in this trial version" message, you simply cannot miss it.

Instead of checking a registered-or-not flag, the app calls a routine each time it needs to check your registration status. The routine where your regname (RKName) and regnum (RKNum) is checked is called from 89 addresses. On return, it tests ax register and then you have the classical good/bad boy jumps. Now, give MosASCII what it wants: Right at the beginning of the call xor eax, then inc eax and return with the flag 1;

(33C0
40
C3)

That's all. It now runs as if it was registered, no "...disabled", "You cannot...", etc. messages, even no "register" submenu item. You are left only with a few cosmetic changes.
Hope the above hints are explanatory enough.


Good luck.