Happy Log v1.51
Delphi

Written by anTiHerO

Introduction

 

Protection: Registration and 15 Day Trial Limit

About: Happy Log is an interactive log file analyzer with a wealth of different analysis to help you optimize your site, check out what your visitors are doing, how they got there, and much more. 

The analysis is presented in easy to read lists or graphs.

To use Happy Log, you need to have access to your server's log files. If you are using a web-host, you can easily download the log files with the built-in FTP function. Happy Log can also execute commands over Telnet. In this way, you can for example compress the files before you download them, and reduce transfer time to 1/10:th.

With the unique feature, Targets, can you check to see if your visitors are doing what you want them to do. If, for example, a search from a search engine is guiding a visitor to your site, you can see if the visitor is going to the page that you want, or downloading a file, etc.

Tracking lets you create reports reports based on the visitors who are guided to your site from another site. When the function is on, Happy Log tracks all movements from a visitor whish arrive to your site from a refereeing site. This can be a search engine, clicking on a banner, etc. If you are having a banner campaign, this is very useful to check if it is successfully or not.

With advanced filtering can you select parts of the log files for special studies.

You also have access to the raw log data, which can be easily searched..

With Happy Log you will get:

• Number of hits on your pages, and number of visitors.
• DNS-lookup to translate IP-addresses into domain names.
• What web browser and operating system your visitors are using.
• The most popular pages.
• How your visitors are moving through the site.
• Extensive statistics day-by-day for each page on your site.
• Other sites that are linking to yours.
• Information about search engines, and what questions and keywords guided visitors to your site. You can also easily add new search engines. Something that is important, as URL's of search engines change often.
• Who Is lookup of domain names. Shows you who is the owner of a domain.
• Reports on errors, and broken links.
• And much more.

The analysis can also be exported to HTML, Microsoft Word or Microsoft Excel as files, without use of DDE, OLE, etc. 

 

Tools required

Debugger (eg Softice or TRW2000)
Half a brain

 

Target's URL

 

http://www.axolot.com

 

Essay

 

OK, shall we begin? Before we start, I have to say that the protection on this program is awful, they only seem to have done half a job (what I mean will become obvious later on!). Right, lets find the serial!

When we start up Happy Log we are greeted by a nag screen displaying three options, we want to enter a serial number, so click on the top button. OK, what do we see? 8 dialogue boxes! I entered the following information into the eight boxes;

 

1111 – 2222 – 3333 – 4444 – 5555 – 6666 – 7777 – 8888

 

Before we click ok, we need to set up a breakpoint within softice, so open up your debugger window using Ctrl+D, and type the following to set the breakpoint on HMEMCPY;

 

:bpx hmemcpy

 

Close the softice window by using Ctrl+D, then hit the register button, BANG, we are straight back into softice. This is where things get interesting. Because the registration contained eight dialogue boxes, you would expect to trace through eight instances of program code before you get to the juicy stuff, but not in this case! All will become clear shortly. Using F12, we need to skip through to the FOURTH instance of our program code (not the eighth), once there, trace through the code using F10 until you get to the following piece of code;

 

00484447     CALL           004043D0

0048444C     LEA             EDX, [EBP – 20]

0048444F     MOV            EAX, [EBP – 08]                         ßMove 1,3,5,7 parts of “fake” serial into EAX                      

00484452     CALL           00409B08                                  ß-----------------------------------------------------------------Type D EAX to see 1,3,5,7 parts of fake serial

00484457     CMP             DWORD PTR [EBP – 20], 00

0048445B      JZ                00484630

 

Right, if you typed D EAX when the call at 484452 is highlighted, you will be looking at;

 

1111333355557777

 

Hmmm, it’s taken the 1^st, 3^rd, 5^th and 7^th parts of our fake serial. If we trace through the code a bit further, we land here;

 

0048447D     CALL           00483D7C   

00484482      MOV            EDX, [EBP – 28]                           ßMove 1,3,5,7 parts of real serial into EDX

00484485      POP              EAX                                              ßPull EAX containing both serials off the stack -----Type D EDX to see 1,3,5,7 parts of real serial 

00484486      CALL            00404420                                  ßCompare the two serials -----------------------------------Type D EAX to see both serials

0048448B      JNZ               0048461B                                   ßIf serials are different, jump to “Bad Cracker”

 

If you typed D EAX while the call at 00484486 is highlighted you should be looking at;

 

1111333355557777                followed by….

4c8e86ecc3e782de             write this down,

 

OK, I am going to save you a lot of time here……..Remember at the beginning of this tutorial when I said that the protection was awful? Now you are going to learn why. It now looks like we have half of our real serial, corresponding to the fake serial we entered into the 1^st,3^rd,5^th, and 7^th dialogue boxes, and we must now try to find the other half of the real serial, corresponding to the 2^nd,4^th,6^th, and 8^th dialogue boxes. DO NOT BOTHER! We already have what we need! For some reason, the programmer responsible left the program only needing half a correct code!

So, disable the breakpoint in softice by typing bc * , then Ctrl+D to exit. Get rid of the “Bad Cracker” message and enter what we have found into the registration box;

 

Initially, we had                          1111 – 2222 – 3333 – 4444 – 5555 – 6666 – 7777 – 8888

Now we enter                           4c8e – 2222 – 86ec – 4444 – c3e7 – 6666 – 82de – 8888

 

“But We Still Only Have Half A Real Serial!”  I hear you cry. Trust me. Click OK. REGISTERED!!!!! See, I told you the protection was lame! I don’t know whether the programmer was too lazy to protect the program properly, but that is his problem! C U Soon.

 

Final Notes

Pat yourself on the back, grab a beer and a cigar, and relax, safe in the knowledge that you just learnt something usefull!!

 

My Greetz Goes to:

[T]urb0z – For introducing me to these infernal machines

The TRES2000 Crew
My mum

When ever there is a door,
there is an entrance.
And behind an entrance can no secret hide,
when a cracker takes his knowledge for a ride
                                                                               McCodEMaN

 

ObDuh

The information in this essay is for educational purpose only!
You are only allow to crack, reverse engineer, modify code and debug programs that you legaly bought and then for personal use only!!
To ignore this warning is a criminal act and can result in lawful actions!

So please note!
I take no responsibility for how you use the information in this essay, I take NO responsibility for what might happen to you or your computer!
You use this information on your own risk!!

What I mean is: Please buy the software!

Essay written by anTiHerO ©TRES2000. All Rights Reserved.