marco_ul
January 31st, 2007, 12:37
Hi,
I'm trying to fish a serial number out of a registration. This program comes in two "version", the normal and the pro. I first downloaded the normal version; witch is a 30 days trial. I loaded the .exe in Ollydbg and after 5 mins, the good serial was found. So I thought... "hummm, what about the pro version now..." In my dreams... the protection scheme is different. It's not just a "compare the code entered to the code generated" this time.
The program asks you to enter your Name, Organisation and the key. You have a note that tells you that if you registration succeeds, the program is going to connect to the internet within a month to verify your registration, but this is not my concern for now.
I analysed the code with Ollydbg and IDA (my knowledge of assembly is not that bad, but I'm not that good too... I guess you'll figure it out when you'll read my comments). This is a small app and pretty much all the text strings are "written" in the .exe file, so I think it's a good target for a newbie like me.
I think I found the "critical" test. If I change the zero flag value of that particular test, the registration succeeds and the time limit is removed. Afterwards, the program immediately tries to connect to internet (hey, I thought I had a month...
). If I try to patch the "critical" test, I have "This program file has been modified and will be shut down." Since I can find this string in the .exe, I guess I could find where the CRC check is and bypass it (?), but I don't want to do this. I want it the "clean" way.
So anyway, enough talk. As an attachment you'll find the code and my comments. I think everything is there. Unfortunately, my knowledge of assembly/programming is not good enough to solve this "puzzle" and fish out the correct key. Any hint or comments would be really appreciated. Correction of my comments (if they are wrong) would help me too.
Thanks in advance
Marco
I'm trying to fish a serial number out of a registration. This program comes in two "version", the normal and the pro. I first downloaded the normal version; witch is a 30 days trial. I loaded the .exe in Ollydbg and after 5 mins, the good serial was found. So I thought... "hummm, what about the pro version now..." In my dreams... the protection scheme is different. It's not just a "compare the code entered to the code generated" this time.
The program asks you to enter your Name, Organisation and the key. You have a note that tells you that if you registration succeeds, the program is going to connect to the internet within a month to verify your registration, but this is not my concern for now.
I analysed the code with Ollydbg and IDA (my knowledge of assembly is not that bad, but I'm not that good too... I guess you'll figure it out when you'll read my comments). This is a small app and pretty much all the text strings are "written" in the .exe file, so I think it's a good target for a newbie like me.
I think I found the "critical" test. If I change the zero flag value of that particular test, the registration succeeds and the time limit is removed. Afterwards, the program immediately tries to connect to internet (hey, I thought I had a month...

So anyway, enough talk. As an attachment you'll find the code and my comments. I think everything is there. Unfortunately, my knowledge of assembly/programming is not good enough to solve this "puzzle" and fish out the correct key. Any hint or comments would be really appreciated. Correction of my comments (if they are wrong) would help me too.
Thanks in advance
Marco