The Keeper
August 31st, 2002, 14:21
Hello everyone,
im having some problems with this program, one thing i found weird is that the program doesnt use ebp to reference variables, i see it passing by the stack(esp)
the first part of the algo is:
int z=0;
char final[100]={0};
char table[]="XATSFNH6Y8LP5R47CZMBGJDEKV3UQ9W2";
MD5_CTX context;
lstrcpy(buffer,"$GrkC{s%zCA"
;
lstrcat(buffer,name);
lstrcat(buffer,"cSW<=j!hmc"
;
len=lstrlen(buffer);
MD5Init(&context,1);
MD5Update(&context,(unsigned char*)buffer,len);
MD5Final(szHash,&context);
/*
now below is the part im stuck at, i dont understand the MagicNumber procedure, the proc which makes this number seems to be at RVA 00402A24, if anyone could help me with it, funny thing is that there are 4 valid serials but there is no difference between them.
if you've traced into it, please give me hints on how to make tracing better in this kind of program, ida disassembly was very weird, i couldnt see how many parameters were being passed very well and stuff, the tools i have used until now are softice, ollydbg, hiew and ida pro.
*/
for (i=0;i<16;i++)
{
z=MagicNumber(szHash[I]>>0x04);
GetFinal(z);
z=MagicNumber(szHash[I]>>0x0F);
GetFinal(z);
}
GetFinal(int z)
{
char temp[100]={0};
wsprintf(temp,"%c",table[z]);
lstrcat(final,temp);
}
the program im looking at is called NxPowerlite (www.nxpowerlite.com)
Thanks in Advance
The Keeper.
im having some problems with this program, one thing i found weird is that the program doesnt use ebp to reference variables, i see it passing by the stack(esp)
the first part of the algo is:
int z=0;
char final[100]={0};
char table[]="XATSFNH6Y8LP5R47CZMBGJDEKV3UQ9W2";
MD5_CTX context;
lstrcpy(buffer,"$GrkC{s%zCA"

lstrcat(buffer,name);
lstrcat(buffer,"cSW<=j!hmc"

len=lstrlen(buffer);
MD5Init(&context,1);
MD5Update(&context,(unsigned char*)buffer,len);
MD5Final(szHash,&context);
/*
now below is the part im stuck at, i dont understand the MagicNumber procedure, the proc which makes this number seems to be at RVA 00402A24, if anyone could help me with it, funny thing is that there are 4 valid serials but there is no difference between them.
if you've traced into it, please give me hints on how to make tracing better in this kind of program, ida disassembly was very weird, i couldnt see how many parameters were being passed very well and stuff, the tools i have used until now are softice, ollydbg, hiew and ida pro.
*/
for (i=0;i<16;i++)
{
z=MagicNumber(szHash[I]>>0x04);
GetFinal(z);
z=MagicNumber(szHash[I]>>0x0F);
GetFinal(z);
}
GetFinal(int z)
{
char temp[100]={0};
wsprintf(temp,"%c",table[z]);
lstrcat(final,temp);
}
the program im looking at is called NxPowerlite (www.nxpowerlite.com)
Thanks in Advance
The Keeper.