Hi, I`m a newbie at reversing protections. Have succesfully managed to reverse winzip and a few other simple protections.

But I am stuck with a program called Tabledit from h*tp://www.tabledit.com/

There are no error messages for a wrong serial. I`ve been able to set a breakpoint on MY serial (using hmemcpy and then PAGE it and set a break range on 30:location 30:loc+7) that i enter and still cannot find how it compares it to the correct serial.

Its taking my entry one byte at a time into the variable BL and moving it to EAX once complete, but then EAX is empty and there are no compares. Whats going on?

I`ve seen once before a patch for this program by Laxity and its supposed to be difficult, but I just want to know what would be the best way to attack this program. I don`t think its packed. String references are available in wdasm. Also theres lots of XOR`ing going on.

I`m NOT looking for the answer, just a point in the right direction.

I`ve looked in every register going and cannot find anything.
Thanks.
Sorry if my explanation isn`t very clear, I`m still learning.

P.S.
What is the location in User called Bozo`s live here?

Hi Cyberdyne,

Just to let you know, I'm almost 100% sure this is a crippled demo with a lot of anti-cracker code to fool you into thinking it can be registered. There was a patch around for one version of it, but this would be major work to fully enable it, including the watermarking and "missing bits" of printouts, not to discourage you from trying it mind you.

This sucker is actually the app that got me into learning to reverse quite some time ago when I actually cared about cracking shareware, and was my "pet project" for many months. I was later told the real registerable version was on a protected server somewhere that you got the URL for after registering.

The author Kronos is no dummy and chose what's probably the best combination of protection - fool the cracker, cripple the app by completely ripping out code, and update versions often. The "serial" routine just dead ends and goes nowhere, which leaves you searching for footprints over rock. Believe me, I became very "intimate" with the code ;-)

Have fun with it, learn what you can, but don't beat your head against a brick wall forever like I did, LOL. That said, I think this is a good enough guitar tab program worthy of forking over the bucks for if you want to use it.

Cheers,
Kayaker

Thanks Kayaker for the reply, I`ve already been banging my head off a wall for months trying to beat this sucker!

I`ve been able to get by the few limitations, e.g, only 16 bars or so can be imported/exported etc. , and have been able to remove the watermark on the printouts quite easily.

The reason I`ve been tackling this is that I already bought an older version 1.41 some time ago, and was sent a serial by mail that fully registered my demo, however, I`ve been unable to get upgraded to the new versions without paying for it again! The older version I bought was 16 bit, and the new 32bit version isn`t under the same licence or something like that they said. I can only upgrade to the newer 16bit version.

This sucks.

anyway, thanks for your info, I did read in the help that you had to download the new version again, after you were given the serial to register. No wonder I couldn`t find a compare to the correct serial.

It is a worthy purchase though, especially if your into flamenco.
(I`ll teach anyone how to play flamenco/classical if they teach me how to reverse engineer), hehe...

I agree, especially when you don't have a recording you can still input a transcription and get it played back so you know what it's supposed to sound like. I never found a tab proggy that did bends very well though.

Be warned, you start in on RE you may not get the time for other interests. Sounds like a fair trade though, riffs for code snippets, heh.

Kayaker

LOL!!! Warning people against the dangers of RCE now, eh? I'm afraid the warning's coming a little too late for some of us Hehe, it won't be long before we'll be taking membership applications for "Reverser's Anonymous"... What is Splaj's motto...? "There is a fine line between hobby and mental illness." Yeah, that rings a little to close to home sometimes

BTW, did you ever try Cakewalk? Don't know about its ability for guitar, but its great for keyboard / MIDI stuff

Cheers,
Clandestiny

Hello again, I`ve been busy with tabledit.

I`ve managed to make it say that i`m the licenced user, no more nags at startup, have fixed the midi import export limit.

One thing has got me stumped, the 16 bar save limit for tablature.

I`ve tried breaking and tracing from WritefileA, _lwrite, and even hmemcpy. Still I cannot find a compare to 10h (the 16bar limit). Well I did find a few compares but none that worked after patching the jump if, after the compares.

I would have thought that it wouldn`t be much different from the midi import/export, but it must be.

At the moment, it looks fully registered except for the save limit. Because the program doesn`t check for a valid serial, just nopping the call to the string 'UNREGISTERED' that gets drawn on the dialog box fixed it. Now says Licenced User: [name], it still takes your name from registraion dialog box.

Have also tried following a tutorial for Guitar Pro 2.2 Demo from zor.org/krobar/ . This has similar limits also. but theres obviously something different in regards of protection for this version of Tabledit.

I managed to disable the save limit on version 2.33 though. But 2.60b7 is different.

Help....I`m wasting away....