OK I've been wrestling with this program's key generation mechanism. It had
antidebug tricks, a second hidden check of the serial with aditional
validation at program initialization, dongle protection, and I managed to
bypass it by generating a key that seemed valid. The program started with
the full product splash screen! But I was disappointed to find the message
"[name of app] no licensed" in the status bar. That's a big step
considering the last time the program started was with the trial splash
screen. The thing is, now the program suddenly displays a window with a
message for a fraction of a second after the program starts, not even
giving me time to read, and then the whole thing aborts!

Is the a way I can somehow grab a screenshot of this window to read that message? The time it stays there is impossibly short.

Sure, manually step over the app, and narrow down the call to the routine that displays the banner, then carefully step into the routine, this is best done using split screen, where olly is only on the left half of your screen, personally I use dual monitors.

SiGiNT

Well the problem is there is more antidebug protection that won't let me get there. I managed to circumvent the first antidebug protection by being VERY patient and bypassing the call to the function that generated the exceptions so I could locate the dongle check and debug the serial cheking routine.

I would now have to bypass these other protections as well before I can step through the rest program freely to locate that window. Any way I can simply take some sort of a "video" of my destop to read it?

Do you have a video camara? I mean a Physical video camara?
You can train it on the screen then use slow motion and get what you want.

There are softwares like Snagit, and S-demo maker and a lot more if you search the web with the right keywords.

Another alternative, which may conflict with your Antidebug code is SoftIce placing bp on "display window" sort of API

OK, Snagit did it. The window says "[Name of program] is closing, please wait"
So it's nothing that looks really helpful I'm afraid. And I just found out that the program even closes this way with a known valid key I found on the Internet! Could it be that it's the dongle protection mechanism that is causing the program to exit?

All I've removed so far is remove the dongle check at the start of the program. Simply a jump reversal. I've read that the proper way to remove dongle protection is to emulate the dongle though. But I've never done that and could use a tutorial for that. I need to know several things:

1. How would I know if a program needs the dongle to be emulated as opposed to simply needing one to reverse a jump?

2. If it's just a simple "is dongle there, jump here, is dongle not there, exit" every number of seconds then another jump reversal on the code that is executed would also work. Am I right?

3. Also, is this sort of background dongle check normally done by a separate idle priority thread?

Can be a separate thread, which is rather conspicuous for a cracker, or as part of an often used procedure, or done with a timing mechanism. No pattern here

I know the name of the dongle, and I'm reading the manuals which I got from the Woodman site. Can I reveal the Dongle's name?

Yes

It uses Dinkey Dongle. Not sure which model it uses yet. Still reading the manuals So far it seems to be calling only one function from a dll called DDNO.DLL. If anyone has info on how to break Dinkey Dongle protection or guides to learn how to break it I would greatly appreciate it

It also runs a program called SETUPDRV.exe with the parameter "/q" so it doesn't show the "Dinkey Dongle driver has been installed blah blah blah" window.

I've patched several progs using Dinky Dongle and none of them were particulatly difficult, but I suspect that you've encountered one where the author has done his research, dotted his "i"'s and crossed his "t"'s - if you like PM me the target and I'll take a look - I'm very busy right now, (because of CES), but I'll see what I can do - naides would probably be curious also.

SiGiNT

Also if someone could tell me how to use the anti debug plugins for Olly. I downloaded OllyAdvanced, HideDebugger, and IsDebugPresent from the OllyStuph site and what I simply did was to install all of them and enable all the options, restarting of course. So unless the plugins' effects are cancelling each other out (yeah right), chances are the plugins are having no effect or I don't know how to use them properly.

Try using ollyshadow - I had absolutely no problems with anti-debugging tricks, as for the app - you can ignore the dongle - whether or not it's licensed boils down to what one memory location contains, (as with many apps) - if you can get it back to a demo splash, break olly on that point, then use the stack to look for what makes it jump over a call to the splash- it's a dword compare to a specific memory location, all you have to do is write anything to that location before it starts testing it. (hint try a memory breakpoint on write for that location).

It says licensed here and seems to run fine.

Thats as much as I'll, say for the moment.

SiGiNT

Whoah wait a sec. I had to generate a "valid" key for my name. Your strategy gives you a "licensed" message. But licensed to whom? If you didn't insert a name and a company it says "licensed to: (Blank)" ?

Yep!, unless you are picky, thats still a valid option, hopefully you are not of the same mind as a guy I got into an argument with, who claimed it had to be "valid registration" because it was used in a work environment, my reply was it shouldn't be used in a work environment - they should pay for it, and no matter what it says it's still pirated software, BTW there are ways to make that licensed to: , say what you want, I made a weak attempt at fishing it, but my time was short, my work day yesterday was about 14 hours, probably same today.

SiGiNT

That's ok, as long as it works with all the features, I have seen some hacks making it work but not with all the features enabled. I thank you very much for your help, I'll try your approach. Did you make sure all the features were enabled? Or did you see something that made it look like it wasn't a fully enabled product?

OMG, I feel so freakin dumb. I'm searching for Ollyshadow on Google but I can't find the download site, there was one that said "EXE tools" but it didn't load. All the other ones seem to be just posts saying "you need ollyshadow" and such but no actual link All I've found so far is OllyICE, but I don't know if that works.

I found this link http://navig8.to/Shadow but it's not working

I'm having trouble with OllyICE. I ran it but I see no code, everything is in black and I see no text whatsoever in any window when debugging starts.

I still can't find OllyShadow

OK someone just sent me OllyShadow, it works perfectly!

OK I did it sigint33. your approach. But the app still exits after a few moments because of the dongle.

I'll pm you tonight - but just for all the readers of this thread - many different olly versions can be found -

http://www.tuts4you.com/blogs/download.php?list.4 ("http://www.tuts4you.com/blogs/download.php?list.4")

SiGiNT

Hi allz. First excuse my bad english
I have problem. How to write a dinkey emulator...
Any ideas...
10x in advance

Again "bad English" is no excuse for failing to actually read the FAQ.

What have YOU done to attempt to find the answer to YOUR question? What have you searched for on the net to try to help YOURSELF? Actually READ the FAQ, do some homework on your own and then come back and ask a more thoughtful question than asking someone to tell you "How to write a dinkey emulator."

Regards,

Dinkey dongle can be removed without dongle, simply without any problem.

br

Um FoxB, did you, by any chance notice the date on the Post to which you just responded?

evilfreak hasn't been here for nearly a year.

Regards,

sure. this questions up on other RCE board...

I understood the "value" of the information in the "raw." I was only raising a small point about actually using evilfreak's name in the quote, rather than just something like:


How to write a dinkey emulator?


Dinkey dongle can be removed without dongle, simply without any problem.

Although something a less "enigmatic" might have been "somewhat" more informative, like a small hint "how" it might be removed "without any problem!" Such as "by using your favorite debugger" or "there are tutorials available by searching" or some such.

No big deal intended.

Regards

DinKey protections based on using SEH-handler (unpack/execute/pack code). One SEH for obj-method, two SEH - for shell method.

br

ps: Software Developer's Kit (Required) - Ј95.00 (UK Pounds), up to Ј25 per dongle.

@foxb: Any chance of sharing Dinkey SDK? I'm interested to take a look;

I think it must be a simple memory key like KeyLok....

4cEngineEEr: not have it and my search process in progress...

@all: if anyone have dinkey dongle - pls contact me for logging it...

hello every body!

Dinkey 1S dongle is done...

I wanted access to dinkey 2 (or 2 Net) dongle.
I need make some logs.
I can help with removing dongle protections as exchange to the logs.

br