halfcrazed
March 17th, 2006, 01:44
I'm going to try real hard to not get the "go read the #$#@#$% FAQ" newbie response, so here it goes....
The software I'm trying to "reverse" requires two serials and a checksum value. When you open up the registration box, all it says is copy and paste all six lines from where ever you got the license info. I fed it some garbage and found it in SoftICE with
s 23:0 L -1 "randomgarbage"
then I bpm on the address, got the address and found my way into OllyDbg.
I set a breakpoint on the address, enter some garbage in the reg window again and hit the breakpoint. I followed the dump and set a memory break point in olly and followed it. To make a long story short, I found the structure of the six lines to be
User:
Addr1:
Addr2:
Code1:
Code2:
Chksm:
Hopefully the above information will let people know I'm not completly stupid and have put effort into this.
The program doesn't care what you put in for user and addr's as long as User:, Addr1:, and Addr2 is in front of it. Judging from my notes, at some point I determined Code2 to be based off of User. Yet, I never could fish out the serial, it keep going into lstrcmpiA and I couldn't see it (Scotch may be to blame for this). Eventually I found where it got pissed that I didn't have good codes in. CMP EAX, 10 then a JNZ to an address to being the "no dice sucker" window process. I simply changed that to CMP EAX, EAX to get around it hoping I would get lucky. I was wrong. When it gets to the checksum rountine, I can see what it wants, Uz in the case of the garbage I kept feeding it. Even after giving it the value it wanted, I kept getting the following problem. It gives me an error saying my key was only good for free upgrades until 12/05/1617. Too bad I can't change the clock that far back. I chased the date and changed it before it went into DosDateTimeToFileTime API. Changed the value on the stack it was giving it to a good date, but no dice. I found some keys and checksum for an old version, gave it that and it never went into the DosDateTimeToFileTime API. But it got mad because the keys are for an older version and my User.txt didn't jive with it. My guess is its calculating a date someone in the checksum routine maybe, but I can't find it. My question is, has anyone ever delt with a program like this? I'm fairly new to cracking and this is my first. Should I try to go back and find the serials it wants? Where in the hell would it be calculating the value its using for the 12/05/1617 date. I think if I could find where it was deciding that, I might be home free, but I can't find it. Any nudges in the right direction would be greatly appreciated. I'm determined to complete this.
The software I'm trying to "reverse" requires two serials and a checksum value. When you open up the registration box, all it says is copy and paste all six lines from where ever you got the license info. I fed it some garbage and found it in SoftICE with
s 23:0 L -1 "randomgarbage"
then I bpm on the address, got the address and found my way into OllyDbg.
I set a breakpoint on the address, enter some garbage in the reg window again and hit the breakpoint. I followed the dump and set a memory break point in olly and followed it. To make a long story short, I found the structure of the six lines to be
User:
Addr1:
Addr2:
Code1:
Code2:
Chksm:
Hopefully the above information will let people know I'm not completly stupid and have put effort into this.
The program doesn't care what you put in for user and addr's as long as User:, Addr1:, and Addr2 is in front of it. Judging from my notes, at some point I determined Code2 to be based off of User. Yet, I never could fish out the serial, it keep going into lstrcmpiA and I couldn't see it (Scotch may be to blame for this). Eventually I found where it got pissed that I didn't have good codes in. CMP EAX, 10 then a JNZ to an address to being the "no dice sucker" window process. I simply changed that to CMP EAX, EAX to get around it hoping I would get lucky. I was wrong. When it gets to the checksum rountine, I can see what it wants, Uz in the case of the garbage I kept feeding it. Even after giving it the value it wanted, I kept getting the following problem. It gives me an error saying my key was only good for free upgrades until 12/05/1617. Too bad I can't change the clock that far back. I chased the date and changed it before it went into DosDateTimeToFileTime API. Changed the value on the stack it was giving it to a good date, but no dice. I found some keys and checksum for an old version, gave it that and it never went into the DosDateTimeToFileTime API. But it got mad because the keys are for an older version and my User.txt didn't jive with it. My guess is its calculating a date someone in the checksum routine maybe, but I can't find it. My question is, has anyone ever delt with a program like this? I'm fairly new to cracking and this is my first. Should I try to go back and find the serials it wants? Where in the hell would it be calculating the value its using for the 12/05/1617 date. I think if I could find where it was deciding that, I might be home free, but I can't find it. Any nudges in the right direction would be greatly appreciated. I'm determined to complete this.
I'm not 100% new, I play around with crackme's and can usually fish a serial out of a random program, but I don't consider myself proficient. I'm looking at it in IDA now, me and IDA's syntax don't get along real well. I'll update if I make any progress. Thanks for the responses.