Kay I believe most of you have registered the program, and many of you have found the algorythm, but anyway, here are some steps for a newbie to follow to eventually get down to the kill.

First, sniff out the program using regmon/filemon and your eyes. Find out what sort of protection it uses (serial, keyfiles, etc.) Key things to look for is where the program stores its information, and what speciffic entries are useful to us.

Next, before going into the code, use API Mon to find out what APIs are used when we hit "Register". Set a breakpoint on anything interesting you find here, and then see if you get any breaks in soft Ice

You should get a break on one of them. When you do, trace through it. Look for any jumps etc. You may be able to simply 'sniff' your serial out in this fashion, but go back for another look. If you dont see how any of this relates to an algorythm, do the following.

Convert your 'serial number' that you got with the program into HEX (calculator that came with windows). WRite this down. Then convert your phony reg code to HEX,and write it down. Now go through the code in SoftICE again, this time looking for those HEX values. Take careful note of any operations done tot hem. You should have no trouble finding the algorythm in this way...ANd remember, a dead listing helps.


hope this helps anyone whos stuck (though no one probably is anywya)

--ThRaX

Hi ThRaX, those steps should help newbies I just wanted to add something to the last step. Instead of converting your serial to Hex and searching for it that way you can use the search command in SoftIce:
s 0 l ffffffff "12121212" <-- that's the made up serial you used
s = search, 0=starting point, l=length, ffffffff=length of ffffffff, "12121212"=you serial number or whatever you are looking for
now if the address that it finds it in is way out of the range that the program is loaded into then it wasn't found.
Example: program started at 401000, doing a search and it founded it in C89354 that is way out of our program's range so it's not what we are looking for. If it had found it in 432012 (or something like that) thent that would be what we are looking for and you could set a BPM 432012 (Break Point on Memory) so if the program reads or writes to this memory address you SoftIce will break.

goatass

Just a quick note....

Use single quotes for the search string ;-)

s 0 l ffffffff '12121212'

Sorry Goatass, most of us will know what you meant, but just in case hehe

hmm...what happened there? LOL

OK LMAO, the board doesn't like to print single quotes...but softice likes to use 'em

?ferret not that it matters but the search function works just fine with either single quote(' ') and with double quotes (" "

goatass

hmmmm....ok, I seem to remember having troubles with trying regular quotes at one time, but it may have just been the version of sice or something (maybe the user, who knows? hehe)