Log in

View Full Version : Help needed !!! [cep2reg.exe]


GEnto
October 14th, 2002, 17:56
Hello, Im trying to know what is the pass generated in cooledit pro 2.0. The soft to register is cep2reg.exe. I usually use w32dasm89 to patch.

This is not a crack request. Is only a idea request.

Im blocked, Can anybody tell me one idea to attack this soft.?

I use SendDgitemtextA to break in softice when the window is shown.

The name and key character are taken by cep2reg.exe by one on one. (hmemcpy). I think that the cmp is made when i introduce one caracter.

his soft extract archives into windows temporaly folder. [GLCxxx.TMP and GLFxxxx.TMP]

Im trying to jump the register window, but i think this not work.

Thx everybody. [Sorry for my bad english, Im spanish one]

DakienDX
October 14th, 2002, 18:25
Hello GEnto !

Since this is not a crack request as you say, but an idea request, I'm giving you the idea.

Forget about hmemcpy, if you find something using this function you'll probably end up somewhere deep in the setup script interpreter.

There is a nice DLL extracted into your TEMP folder, which exports some nice functions with some nice names like GetSubVersion, CEGetVersion, CheckFile, BigIniRead, BigIniWrite, VerifyPassword, ConvertRegCode, GetCDInfo and VerifyPasswordEx.
It would be a nice idea to look at the nice functions.
It would be even more nice not to bypass the the registration window, but to find a name/serial combination so that you don't need to bypass it. Else you might wonder yourself what the nice window telling you about an invalid registration is doing on your screen when you start the program.

And because I decided to be nice I'm not telling you that you need to be able to read at least something before using warez.

Isn't this nice?

GEnto
October 14th, 2002, 19:01
Hello, lots of thanks.

I have found them, with w32dasm, FileINspector XL . (I have not seen them because are exported functions, umm stupid !!!)

I dont know how to use them, ill try anything.

Thaks again for your faster and goodest answer.

Bye from spain.

PD. Yes its very nice...

Guybrush
October 15th, 2002, 18:13
Just to let you know, it's possible to register cooledit 2 pro without the cep2reg.exe, and it's more challenging too

I succesfully wrote a (bruteforce)keygen for it, it's still somewhere on my hdd i think

GEnto
October 15th, 2002, 18:39
Hello, at this moment I dont know how to load the exported f() on softice.

Force brute?

But you need to know what is written in the windows registry. Name, Number and NumberViewed.

I never haven't used a furcebrute keygen.

Do you need to open cooledit, every time a number is forcebrute generated?

Guybrush
October 15th, 2002, 19:19
when cooledit is started it checks your name and key in registry, if they are correct then you are registered, simple as that.

i wrote a bruteforce keygen because i think the algo that checks the key with username cant be reversed easily.

GEnto
October 15th, 2002, 22:15
Hello, yes i know that checks name and key in registry. I have one name/key correct, but I want to take another one name/key and how it works.

Woodmann
October 15th, 2002, 22:51
OK,

I think I know what he is trying to say.

He has a valid registration, he wants to see how
to make a new one by looking at what the prog does
with his valid one.

I think the problem is that GEnto thinks that the registration
process is passed in a plain text sort of way. This is why he cant see how his valid license is passed.

Yes/No ?

Peace, Woodmann

squidge
October 15th, 2002, 22:58
I've not used this software, but since a few nice functions are exported from one of the files (VerifyPassword, ConvertRegCode, GetCDInfo, etc) then I would look for any other files in the distribution that uses these functions to try and find out the parameters for them and what they return, and then write my own program to use them. If you find a routine in there for verifying a key/name pair, then you can disassemble that routine to find out how it works, or write a bruteforce key-gen (assuming you know the format of the key/user entry of course).

GEnto
October 16th, 2002, 00:17
Hello

Thanks for everybody.

Yes Woodmann I mean that. (sorry for my bad english)

I am not looking for all the pass on memory.

I think that the key is checked by a simple comparation of the characters.

For example: take 1st caracter -> cmp, take 2nd then cmp, and ....

I mean one by one caracter.

If anyone has any idea, plz post it.

Again thanks to everybody.

Woodmann
October 16th, 2002, 00:50
Howdy,

Quote:
There is a nice DLL extracted into your TEMP folder, which exports some nice functions with some nice names like GetSubVersion, CEGetVersion, CheckFile, BigIniRead, BigIniWrite, VerifyPassword, ConvertRegCode, GetCDInfo and verifyPasswordEx.


Squidge and Dakien have great ideas where to look.
Now you have to figure out how to understand just exactly how
the process works. Anymore information and it becomes someone else doing your work.

Peace, Woodmann