Dongle cracking: NetXRay 1.1.3

("A Very Easy Dongle Protection")

by +DataPimp

(02 November 1997)

Courtesy of fravia's page of reverse engineering

Well, +DataPimp has indeed "specialised" in CD-ROM protections, yet he has now started to work on this 'related' cracking subject! Well, you would not have thought that some 'so called' dongles just check THEIR OWN PRESENCE ON THE PORTS... would you? And yet, look here! An easy (yet important) further step!

				Cracking NetXRay 1.1.3

			   (A Very Easy Dongle Protection)



 				   by -= +DataPimp =-



	Yes dongles, there was only two dongle essays there and since

I contributed to the Cd-Check essays I would have to say that I wanted

to contribute this to project as well. I would have to say that this is 

my first dongle and I was able to defeat it's protection within a matter 

of about 1 or 2 minutes. This software is not freely downloadable, but 

you can -if you like- find it on the internet, it is the same exact 

version that was released by PWA. 



	OK, so you have the software, let's get going so we can run this 

software and see what it looks like. Ok, after you have installed the 

program go ahead and run it, you will see a msg box pop up with a message 

saying the 'protect key' was not found, and some other junk telling you 

to contact them etc. 

Ok, now we are not going to use Soft-Ice on this at all, we are 

going to decompile the "netxray.exe" file and view it's code. 

Once you have decompiled it, we are going to search for the string 

"sorry". You will notice that it is found rather quickly, and this 

is the code we find:



* Referenced by a Jump at Addresses:00401B33(U), :00401B3E(C)

|

:00401B51 85C0          test eax, eax   "Sorry! No protect key is found. "

                               ->"Please contact Cinco Networks,Inc "

                               ->"by phone (770) 671-9272, or by "

                               ->"Internet e-mail sales@cinco.com, "

                               ->"if you wish to purchase or upgrade "

                               ->"NetXRay. Otherwise, return the "

                               ->"complete package in the original "

                               ->"shipping box.  Thank you for your "

                               ->"interest in Cinco products."

                                  |

:00401B59 6878325500              push 00553278 <PREPARE Nag :00401B5E E835E40F00 call 004FFF98 <-Call Nag This is a classic Bad Guy, Good Guy test, and can easily be defeated. At Code "Data.class" tppabs="http://fravia.org/Data.class" Location "00401B53" all we have to do is change that to a "jmp"... of course now it does not matter any more if the dongle is found or not the code snippet will continue to allow the running of the program. I hope that this has helped people with the understanding of dongles, I know that I have learned something myself, and that has made it all worth while. Thanks for reading, DataPimp@hotmail.com
(c) +DataPimp 1997. All rights reversed