Log in

View Full Version : Request Suggestions


naides
April 17th, 2003, 19:15
I am dealing with certain package and I am running out of ideas.
I am appealing to the inspiration and lateral thinking talent, which is not in short supply in this board.

The program in question is written in/by Asym37rix T00LB00k II. This is a relative old package used to construct multimedia presentations sort-of Macromedia.

Most of its libraries, dll, etc work in a 16 bit virtual machine, so tracing the code execution with Sice is not very gratifying. Needless to say, Windows APIs are not used, and run of the mill cracking does not work. (sort of cracking a Vbasic, JAVA or a Macromedia app)

The protection itself is probably contained in the program's script-like files which bear .TBK extensions.

I searched the net and found comments about this programs saying T00LB00k uses OpenScript language as the scripting tool for its apps. I could not locate anything that remote looks like script code inside these .TBK files. They look like encoded 16 bit type MZ files. IDA will only decompile the initial stub, not the internal working of the files.

I did not see an SDK or an interpreter/Debugger for this files in the manufacturer site.

Questions to the Board: Has anybody dealt with this system, and can give me hint/suggestions about how to look under the skirt of this application?

I have the impression that I am missing something extremely simple, but I, obviously don't know what.

Manko
April 18th, 2003, 03:13
Hi!

Not that I will supply a sollution, but you forgot to describe the protection... :P

/Manko

naides
April 18th, 2003, 06:19
I guess you are into minor details, eh Manko?

The program will not run unless is 'activated'

To do that you may either get into the net, where a bona fide Macromedia app talks to a server and provides your personal info, and likely obtains a serial activation number.

If you are not willing to use the net, an alternative activation works like this:

The program gives you a computer specific number probably derived from the HD, and then you enter an activation key into a dialog box.

Needless to say, any attempt to track down the destiny, processing of an activation code gets loss in the code woods of the NTVMD.DLL and WOW32, which are part of the Windows 16 bit virtual machine system.

I have tried to track file access and Registry access to see how the prog finds out registered or not, but the fact that this prog uses NTVDM means it does such an ungodly number of file access (20000 files acessesjust to start, after filtering out any system houskeeping activity), that catching signal from noise is beyond my lame zen capabilities.

nikolatesla20
April 19th, 2003, 15:50
Toolbook eh?

The company I work for STILL uses ToolBook to write its software tutorials..

Perhaps I can come up with something to help you in a little while. Yep, I've seen the OpenScript language .. my guess is the TBK file is interpreter bytecode. ...

Maybe I can find a debugger at work..


-nt20