Log in

View Full Version : Keygenerator,patching, etc


uezguere
April 27th, 2003, 23:42
First of all I've to say that woodman.com is the best site I've found regarded to reverse engineering and something like that.
You have to know that I'm a newbie on this huge and very interesting sector of programming.

At the time I only want to find serials for 2 programs. I have already searched the web for a crack, serial or a keygenerator but I didn't find anything. Of course it's very hard to get something for such unpopular (but for me very usefull!) programs.

So I said to myself, if there's nothing out there, I will have to help my own.

Helping on my own means reading, reading and reading again. This process costs a lot of time that I don't have or don't want to spend on.

That's the way I got the idea to post this message.
Would it be possible that someone who is an real expert on this topic can help me and only tell me how to solve my problem?
I hope so! Perhaps there's somebody out there who really loves such a challenge.

There's my problem in detail:
The programs are simliar in their regestration form.
The form looks like:

Name:_______________________
Serial:_____________________


If I give "Name" and "Serial" several random inputs and then say ok - a message window pops up with the following text: "invalid registration" or something like that.

What is the fastest way to registrate this program?
I think programming a keygenerator would surely be the finest method but not the fastest if you are a newbie and don't have the time of the world.

I am able to start following software tools:
HIEW, SoftICE, WDASM32

I already read through a hand full of tutorials about this topic and there I think I've learned that solving such a problem the fastest way is to patch the registration process.

Something like saying "JNE" instead if "JE". The registration form will then accept any wrong name/serial, isn't it.

Further on I have read something about encryption and packed programs. I think I'm able to understand this problem basically but of course not more. I only hope that this registration-handler don't use such crypton-techniques which can be probably a really hard challenge for our revere engineeres today.

I would be glad if somebody fell now compassion to me and can invest a few minutes in writing an email to me or giving an serious answer to this short posting.

Thank you!

FoolFox
April 28th, 2003, 01:25
Hi,

Quote:

What is the fastest way to registrate this program?


Buy it.

Quote:

If I give "Name" and "Serial" several random inputs and then say ok - a message window pops up with the following text: "invalid registration" or something like that



At this point, you can already try to find if the correct
serial is echoed in memory.... if it's the case...could be the
fastest way.... (try.. WINHEX)

Regards
FoolFox

Stilgar
April 28th, 2003, 10:44
Being myself a newbie, I felt some identification with your post.

FoolFox already give you the right and short answers. However, maybe they aren't the answers you wanted.

Like FoolFox said, possibly the fastest way of find the correct serial is to follow this "invalid registration" message.

I would start with a dead list in wdasm. Try to find the strings mentioned in the Name/Serial request message and in the "invalid serial" message. Probably the serial checking routine is near to or referenced by this code sections.

In softice you could put a bpx GetDlgItemTextA, or maybe other function that is reading the Name/Serial. You can see these functions in the start of the dead list of the proggie in wdasm. Try to follow the code after this reading and see what the proggie do with Name/Serial.

I hope this helps you. Of course, I'm a newbie and I know almost nothig myself. If you want to learn, don't give up. Everybody here start knowing the same things that you know right now.

dELTA
April 28th, 2003, 18:14
Just so you know uezguere, your post is dangerously close to a crack request, and if any of the moderators would have felt a little more grumpy today it would already be deleted.

This is also the reason why you most likely won't get any more serious answers (as if the lack of information in the question wouldn't be enough).

We help to teach reverse engineering, not to "solve specific problems in the fastest way".


dELTA

Woodmann
April 28th, 2003, 20:10

naides
April 28th, 2003, 21:18
You need to be more sympathetic with people that are in dire need of help!!!


The answer to your problem is:

name: uezguere newbie

Serial: 03EC453E-456DCA8F-3C

Woodmann
April 28th, 2003, 21:30
Howdy,

naides, you make me laugh

OBC

uezguere
April 29th, 2003, 01:27
Thanks to the admin who deleted my foolish 2nd posting. Now I really know what you mean!

Sometimes I have to put some lack into information...

Woodmann
April 29th, 2003, 16:06
Your doing fine.........

Woodmann

mythical
May 25th, 2003, 23:49
Would like to know more about you target...You will need to PM me....I will NOT crack this for anyone, but I may be able to help you out on a good starting point......*I will not send a name or serial so don't ask I will simlpy help you better understand the code if I can.....

Jon
May 26th, 2003, 03:00
If you can PM me also with the apps name or a place where can i download them... maybe ill be able to understand the code and explain you what to do like in the tuts.

Regards, Jon

Fake51
May 26th, 2003, 07:32
Newbie considerations in cracking a serial reg scheme:

Wrap your brain around the fact that:
- if the program will actually let itself get regged with a valid username/serial combo (or just a valid serial, consider this too), then it needs to check the input given to it.

Possible approaches:
- Locate the input routine, and follow the data from there. Millions of tuts on the web will show you how to set a bpx on getwindowtexta, getdlgitemtexta (if I remember correctly, been a while), a bmsg on wm_gettext etc.etc. Find the relevant api, and track the data from there on. Practice, practice, practice.
- Locate the "wrong serial" routine and work your way backwards. If you're lucky, the dimwit coding the scheme put the check for right reg close to the output box. If you're unlucky, you're lost in the socalled codewoods. A perfect place to learn some asm code, and the virtue of patience.
- Locate an api that is called in between the input routine and the output routine, and break on that. Next, find the memory echo of your input. Then bpm on that, and start over.

Each approach will wreck open any normal serial scheme. Work with sice or olly, using w32dasm for inspiration. Don't forget to look for suspicious strings, they typically mark the spot.

Practice makes perfect, and gives you a hint whether to keep up or drop cracking altogether. Unless your two targets are out of the ordinary (and they'd have to be way out of the ordinary) all the info you need is up for grabs, here and in the tuts on the net.

Fake

uezguere
May 27th, 2003, 06:34
The programs are written in C++ and they are protected with "PE-compact".

What is this protection good for? Who knows?
There is a useful program out there: UnPECompact 1.32 by yoda/FReAK2FReAK

What do the options "Force full IA T rebuilding" and "Optimize Filesize" in UnPECompact do?

Fake51
May 27th, 2003, 15:04
Hmmmm ....
Just telling you would be too easy, how bout you search a bit, then offer an educated guess, and we'll tell you if you hit the spot, or how close you came?

Sounds more like fun to me.

Fake

Woodmann
May 27th, 2003, 18:18
Quote:
Sounds more like fun to me


I agree

Woodmann