Hi guys,

I already did a post in Advanced cracking but my post has been deleted by the way. I don't know why but i think it was because the guys from the board thought of it being a crack-request.

So i write again: THIS AIN'T A CRACK-REQUEST!

I just need to know how to find the adresses to patch. I Know that the program is packed with UPX, I also know how to unpack this program and I know that it is surely impossible to get an useable keyfile for registry...
But I know it is possible to patch that file.

The program I talk about is Nokia LogoManager from Mike Bradley. It can be found at logomanager.co.uk
The program starts up and if you do a "bpx regqueryvalueexa" youl see that the program look in registry "HKLM\Software\Mike Bradley" it looks for your name, email address and key.

So if anyone is able to help me finding a way to make the program think that it has found an useable key so that it starts up registered I would be very thankful.

And YES I have read the other threads but I haven't found a way myself to do that thing.

Thx in advance,

peacemaker

P.S.
Please don't delete that thread,
change it, move it, but don't delete it

Hi,
1) You didn't explain your approach
2)You have posted the wrong forum again it should be newbies forum

Sorry for posting again into the wrong forum, but I didn't have a clue where to post right, so if anybody could move it into the right section it would be great. what do you mean with approach?
I just got no clue how to stop that fuckin' program checkign the registry for the right writings. It must check that at startup because there must be a flag set. if that flag is 0 i guess, it displays the DEMO screen in the edit window and if it's 1 it won't display, so please if anyone can help do so...

Can you explain what you have done so far to try and trace the protection and what you have done to attempt to work around it ?

P(e)acemaker, this is not the correct way to ask help in this forum.

Just pick a few random threads and examine them. Then try to understand why some posts were replied and some ignored. That may give you a clue.

Otherwise, someone will take the battery of your p(e)acemaker out.

Hmm... This smells funny...

How can it be that he knows it's checking for those in the registry, but don't have more info on what the program does with them?

My guess is, this is still a crackrequest. ...although the person MIGHT be wanting to learn... ?
I'd advice him to read more tutorials and start with simpler schemes. (If it even is a hard one? I won't check! :P)

...or at the very least, do his very best to make it sound as if he'd done something... :P

Sorry, if this offends you, but you HAVE to make an effort, you know!?

/Manko

Okay guys,

now I'll tell you how this thread was done...

I wrote the thread from my workstation, while I was working (or havin' a short break) because I don't have internet access at home because I moved from one city to another and got no money at the moment for internet access. Now I'm at my parents where I got internet connection but there I'm using Win2k and I can't get SICE breaking on any bpx I set. In my flat I got a new PC with Win98SE installed and SICE working. That's why I can't do sice'ing here and so I only can tell you what I did so far and what I can do with the unpacked and disassembled "logomanager.exe".


This is what it looks for in the registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Mike Bradley\LogoManager]
"Username"=""
"Password"=""
"RegistrationKey"=""

The thing is that you can crack all off the program but the DEMO text in working window and the first splash.
And if you do a "bpx regqueryvalueexa" you can follow the routine which checks at startup, but you can't find a serial...

So I'll tell you more if I find out something new,.. I don't want you to crack it, but I need help in cracking it because I can't follow up the other threads about it...

Thx in advance

Hmmm. Since the registry values for regname/serial etc are empty, bpx'ing regqueryvalueexa isn't going to give you a serial number as there's nothing to pull back anyway, and only extremely lame authors use fixed serial numbers so there's no compares to check.

What you need to do is to enter a fake serial number into the registry in the places you suspect it checks using regedit, and then follow the program through to find out how the programs detects this is a bad serial, and then change the serial so that the program will take it as valid. The is the only reason by bpx'ing regqueryvalueexa I can think of.

If you are not experienced enough to work out the serial algorithm, then you can always search for the "good guy / bad guy" flags and either flip them or remove all references to "bad guy". This is almost always easier than "fishing" for a valid serial number. For example, I recently looked at a shareware program of interest, and although the serial calculation routine used some kind of RSA signature to verify the serial (which is approx 200 bytes long) all you see at the end of the routine is the infamous MOV EAX, 1 or a jump to XOR EAX, EAX if the serial was bad. Nobody needs to tell you how to get round that kind of protection.

No, I don't want to catch a serial number, just want to find the fuckin' flag which decides if its regged or not...

Which you can easily do by using a valid serial number...

...believe me, why ain't there any keygens or serials out? because its that hard to get or just impossible

You could always do it the long and tedious way - use a fake serial and then see where it jumps out, follow the code through and see where to "good guy" call would be. Normally there's a single "bad guy" so you should be able to find it quite easily. Lot more difficult than toggling a flag, but certainly not impossible.