Log in

View Full Version : need some help


The Keeper
August 31st, 2002, 14:21
Hello everyone,

im having some problems with this program, one thing i found weird is that the program doesnt use ebp to reference variables, i see it passing by the stack(esp)


the first part of the algo is:

int z=0;
char final[100]={0};
char table[]="XATSFNH6Y8LP5R47CZMBGJDEKV3UQ9W2";
MD5_CTX context;

lstrcpy(buffer,"$GrkC{s%zCA";
lstrcat(buffer,name);
lstrcat(buffer,"cSW<=j!hmc";
len=lstrlen(buffer);

MD5Init(&context,1);
MD5Update(&context,(unsigned char*)buffer,len);
MD5Final(szHash,&context);

/*
now below is the part im stuck at, i dont understand the MagicNumber procedure, the proc which makes this number seems to be at RVA 00402A24, if anyone could help me with it, funny thing is that there are 4 valid serials but there is no difference between them.

if you've traced into it, please give me hints on how to make tracing better in this kind of program, ida disassembly was very weird, i couldnt see how many parameters were being passed very well and stuff, the tools i have used until now are softice, ollydbg, hiew and ida pro.

*/

for (i=0;i<16;i++)

{
z=MagicNumber(szHash[I]>>0x04);
GetFinal(z);

z=MagicNumber(szHash[I]>>0x0F);
GetFinal(z);

}

GetFinal(int z)
{
char temp[100]={0};
wsprintf(temp,"%c",table[z]);
lstrcat(final,temp);
}

the program im looking at is called NxPowerlite (www.nxpowerlite.com)

Thanks in Advance
The Keeper.

The Keeper
September 3rd, 2002, 06:52
hello,

did i post in the wrong place || noone is interested || i need to put more ?

regards
keeper.

DakienDX
September 3rd, 2002, 10:07
Hello The Keeper !

No, I think it's the right place but perhaps little public interest.

I downloaded the program an veryfied your specifications. Evrything you wrote was correct. (not completely, it's szHash[I] and 0x0F and not szHash[I]>>0x0F, but I think it's just a miss-spelling)

The only thing I can tell that the "MagicNumber" procedure decides if the digit is used for the serial or not. The procedure would generate a 32 byte long serial, but only 25 bytes are expected. So it needs to skip 7 bytes. But always the same 7 bytes are skiped and after a very easy scheme. I won't tell more. Just try it.