Cracking OmniQuad Detective

December 1998

"Omniquad Detective v1.0c"

(More stupid hard coded serial)

Win '95/'98 PROGRAM

Win Code Reversing

by Punisher

Cracking 4 Newbies

Program Details

Program Name: dectecv.zip

Program Type: System Analysis tool

Program Location: http://www.omniquad.com

Program Size: 420kb

Tools Used:

Soft-Ice -- Debugger

Rating

Easy ( X ) Medium ( ) Hard ( ) Pro ( )

There is a crack, a crack in everything. That's how the light gets in.

Omniquad Detective v1.0c

( Hard coded serial number)

Written by Punisher

Introduction

The author(s) of this program can be found at: http://www.omniquad.com
The author says:

"Detective is capable of dealing with a number of concerns that may affect you, your system and the problems of Internet access. The below list may therefore help to safeguard and give you greater security. "

About this protection system

Registration is via the About/Unlock button on the main program window. You will be presented with an about dialog box in which you can unlock the full version of the program. You will see two edit boxes one of which contains a digital signature for thye program, the other is the one we are interested in. they are :-

Digital Signature :

Serial License No :

Install Omniquad Detective v1.0c and run it you will be presented with the main program screen. Click on the About/Unlock button and you will be presented with the About dialogbox which allows you to enter your Serial no to get the full version of the program.

Enter a fake serial number in the Serial License No edit box. Now go into Soft-Ice by pressing ctrl-d and set a breakpoint on GetWindowTextA. eg:-

>>> BPX GetWindowTextA

Now leave Soft-Ice by pressing ctrl-d. Click the Confirm License Number button and soft-Ice breaks in at Get WindowTextA. Type x and press {enter} and Soft-Ice will break again at GetWindowTextA. Now Press F11 to get back to the caller.

Now Trace the code using F10 until you get to thispiece of code.

0137:00406E04   CALL  004063400
0137:00406E09   LEA   EAX, [EBP + 00000090]  ; real serial number in eax

0137:00406E10   LEA   ECX, [ESP +10]
0137:00406E14   PUSH  EAX
0137:00406E15   CALL  0044574F
0137:00406E1A   MOV   EAX, [EAX]
0137:00406E1C   MOV   ECX, [EDI]

Step pass LEA EAX, [EBP + 00000090] using F10. Immediately after stepping pass dump the memory address at EAX and you will see the real Serial number. Write down the real serial number and clear all breakpoints eg:-

>>> bc *

Now type x and press {ENTER} to let the program run. A dialogbox will pop up informing you that your serial number was incorrect. Click the OK button on this messagebox to get rid of it and Enter the correct serialnumber in and Click the Confirm Serial Number button and voila your program is registered.

I will like to say thanks to +Fravia, Sandman, CrackZ, Cruehead, Iczelion and all the others out there who help by providing the knowledge to make this possible.

You should buy this program if you intend to use it longer than the evaluation period.

December 1998	"Omniquad Detective v1.0c" (More stupid hard coded serial)	Win '95/'98 PROGRAM Win Code Reversing
	by Punisher
	Cracking 4 Newbies
	Program Details Program Name: dectecv.zip Program Type: System Analysis tool Program Location: http://www.omniquad.com Program Size: 420kb
	Tools Used: Soft-Ice -- Debugger
Rating	Easy ( X ) Medium ( ) Hard ( ) Pro ( )	There is a crack, a crack in everything. That's how the light gets in.

n on GetWindowTextA. press F11 to step out of this function.