Happy Log v1.51
Delphi
Written by anTiHerO
Introduction |
Protection: Registration
and 15 Day Trial Limit
About: Happy Log is an interactive log file analyzer with a wealth of
different analysis to help you optimize your site, check out what your visitors
are doing, how they got there, and much more.
The analysis is presented in easy to read lists or graphs.
To use Happy Log, you need to have access to your server's log files. If
you are using a web-host, you can easily download the log files with the
built-in FTP function. Happy Log can also execute commands over Telnet. In this
way, you can for example compress the files before you download them, and
reduce transfer time to 1/10:th.
With the unique feature, Targets, can you check to see if your
visitors are doing what you want them to do. If, for example, a search from a
search engine is guiding a visitor to your site, you can see if the visitor is
going to the page that you want, or downloading a file, etc.
Tracking lets you
create reports reports based on the visitors who are guided to your site from
another site. When the function is on, Happy Log tracks all movements from a
visitor whish arrive to your site from a refereeing site. This can be a search
engine, clicking on a banner, etc. If you are having a banner campaign, this is
very useful to check if it is successfully or not.
With advanced filtering can you select parts of the log files for
special studies.
You also have access to the raw log data, which can be easily searched..
With Happy Log
you will get:
The analysis can also be exported to HTML, Microsoft Word or Microsoft
Excel as files, without use of DDE, OLE, etc.
Tools required |
Debugger (eg Softice or TRW2000)
Half a brain
Target's URL |
http://www.axolot.com
Essay |
OK,
shall we begin? Before we start, I have to say that the protection on this
program is awful, they only seem to have done half a job (what I mean will
become obvious later on!). Right, lets find the serial!
When
we start up Happy Log we are greeted by a nag screen displaying three options,
we want to enter a serial number, so click on the top button. OK, what do we
see? 8 dialogue boxes! I entered the following information into the eight
boxes;
1111 – 2222 – 3333 – 4444 – 5555 – 6666 – 7777 – 8888
Before
we click ok, we need to set up a breakpoint within softice, so open up your
debugger window using Ctrl+D, and type the following to set the breakpoint on
HMEMCPY;
:bpx hmemcpy
Close
the softice window by using Ctrl+D, then hit the register button, BANG, we are
straight back into softice. This is where things get interesting. Because the
registration contained eight dialogue boxes, you would expect to trace through
eight instances of program code before you get to the juicy stuff, but not in
this case! All will become clear shortly. Using F12, we need to skip through to
the FOURTH instance of our program code (not the eighth), once there, trace
through the code using F10 until you get to the following piece of code;
00484447 CALL 004043D0
0048444C LEA EDX, [EBP – 20]
0048444F MOV EAX, [EBP – 08] ßMove 1,3,5,7 parts of “fake” serial into EAX
00484452 CALL 00409B08 ß-----------------------------------------------------------------Type D EAX to see 1,3,5,7 parts of fake serial
00484457 CMP DWORD PTR [EBP – 20], 00
0048445B JZ 00484630
Right,
if you typed D EAX when the call at 484452 is highlighted, you will be looking
at;
1111333355557777
Hmmm,
it’s taken the 1st, 3rd, 5th and 7th
parts of our fake serial. If we trace through the code a bit further, we land
here;
0048447D CALL 00483D7C
00484482 MOV EDX, [EBP – 28] ßMove 1,3,5,7 parts of real
serial into EDX
00484485 POP EAX ßPull EAX containing both serials off the stack -----Type
D EDX to see 1,3,5,7 parts of real serial
00484486 CALL 00404420 ßCompare
the two serials -----------------------------------Type D EAX to see both serials
0048448B JNZ 0048461B ßIf serials are different, jump to “Bad Cracker”
If
you typed D EAX while the call at 00484486 is highlighted you should be looking
at;
1111333355557777 followed by….
4c8e86ecc3e782de write this down,
OK,
I am going to save you a lot of time here……..Remember at the beginning of this
tutorial when I said that the protection was awful? Now you are going to learn
why. It now looks like we have half of our real serial, corresponding to the
fake serial we entered into the 1st,3rd,5th,
and 7th dialogue boxes, and we must now try to find the other half
of the real serial, corresponding to the 2nd,4th,6th,
and 8th dialogue boxes. DO NOT BOTHER! We already have what we need!
For some reason, the programmer responsible left the program only needing half
a correct code!
So,
disable the breakpoint in softice by typing bc * , then Ctrl+D to exit. Get rid
of the “Bad Cracker” message and enter what we have found into the registration
box;
Initially,
we had 1111 –
2222 – 3333 – 4444 – 5555 – 6666 – 7777 – 8888
Now
we enter 4c8e – 2222 – 86ec – 4444 – c3e7 – 6666 – 82de – 8888
“But
We Still Only Have Half A Real Serial!”
I hear you cry. Trust me. Click OK. REGISTERED!!!!! See, I told you the
protection was lame! I don’t know whether the programmer was too lazy to
protect the program properly, but that is his problem! C U Soon.
Final Notes |
Pat
yourself on the back, grab a beer and a cigar, and relax, safe in the knowledge
that you just learnt something usefull!!
[T]urb0z
– For introducing me to these infernal machines
The TRES2000 Crew
My mum
ObDuh |
The
information in this essay is for educational purpose only!
You are only allow to crack, reverse engineer, modify code and debug programs
that you legaly bought and then for personal use only!!
To ignore this warning is a criminal act and can result in lawful actions!
So please note!
I take no responsibility for how you use the information in this essay, I take
NO responsibility for what might happen to you or your computer!
You use this information on your own risk!!
What I mean is: Please buy the software!
Essay written by anTiHerO ©TRES2000. All Rights Reserved.