Log in

View Full Version : This is Hard to Believe

naides
November 4th, 2003, 22:43
Well, I am going to post the name of a target and some specific info.
If this is improper, please remove it. And no, for a change, I don't need help.

I was playing with Mcafee Uninstaller, which is a Time limited, useful app, worth its $19.00 price.

All the protection is contained in RECAPI.DLL, which checks the time and licensed status. Now the curious thing:This code SENDS TEXT to the SoftIce command line, some thing like this:

-----------------11/01/03---------Entering License Validation Module-----------

All the Licensing parameters and variables in English, neat and formatted plain text.



Later on

-------------License Module Finished --------------------------


And indeed the code between these "brackets" performs all or most of the time and license validation.

Now, are these people as nice as to give crackers clear hints o where to crack?
Are they setting a trap for less than proficient crackers like me?

This is more than leaving debug information in the module, this seems to be wide open, flag waving Here crack me.

Any body has an idea what is this all about?
Kayaker
November 4th, 2003, 23:05
Hi,

I'm not sure since I've never used the function, but would this be output from the DbgPrint function?
naides
November 5th, 2003, 00:39
Quote:
[Originally Posted by Kayaker]Hi,

I'm not sure since I've never used the function, but would this be output from the DbgPrint function?


Now that you mention it I traced into it and the API is :
Kernel32!OutputDebugStringA

But the question still remains. . .
Why?
Zaza
November 5th, 2003, 00:46
Quote:
[Originally Posted by naides]Now that you mention it I traced into it and the API is :
Kernel32!OutputDebugStringA

But the question still remains. . .
Why?


cause they were stupid and released a debug build, not a release version that had been stripped of all debugging content
just
November 5th, 2003, 07:57
I saw something similar once in a game, it detailed many things about what the game engine was doing, and when data was sent in multiplayer environment, etc. All very useful for gamehacking

The only thing different was that they probably used something like

function debugprint(...) {
#IFDEF DEBUG
OutputDebugString(sprintf(...));
#ENDIF
}
And called this function when they wanted to show info for themselves.

So all the strings were still in the game, I just had to rewrite the debug function.
Tola
November 5th, 2003, 08:14
I once saw an app that wrote the correct serial via OutputDebugString when you entered a name in the registration dialog...
I wonder if they noticed