June 99
|
Find the user code for MPEGPlayer 3.31
|
Win '95 Program
Win Code Reversing
|
|
by ViPeR
|
|
|
Code Reversing For Beginners
|
|
|
Program Details
Program Name: MPEGPlayer 3.31
Program Type: MPEG Player
Program Location: Here
Program Size: 2.01 MB
|
|
|
Tools Used:
Softice V3.2 - Debugger
|
Rating
|
Easy
( X ) Medium ( ) Hard ( ) Pro
( )
|
There
is a crack, a crack in everything. That's how the light gets in. |
MPEGPlayer 3.31
'Fish for the user code for MPEGPlayer 3.31'
Written by ViPeR
MPEGPlayer is a 32-bit utility for playing MPEG, VCD and other movie files.
Formats supported include .mpg, .vcd, .dat, .avi, .mov, .fli, and .flc. MPEGPlayer can
extract still .mpg and .pic images from .vcd or .mpg video files, and cut your favorite
part of the movie to disk when playing. You can extract the system stream or video
and audio stream only.
About this protection system
|
The program will automatically generates the user ID. You need to enter user name and
user code in order to become registered.
For this example, I use:
User name : evc_viper
User code : 54545454.
Start the program, right-click the main menu folder and select configuration then click the
registration tab. Here, the User ID is generated by the program. Enter your favorite user name
and type the user code 54545454. Ok, Ctrl-D to invoke the
Soft-Ice and set breakpoint by 'bpx getdlgitemtexta'. Ctrl-D to get out of Soft-Ice and click
the register button.
Now, you are back to Soft-Ice. Press x one time (or two times? well, I forgot)
and F11 to go back to the caller and you will land at 0041297C
just after the call. (the memory address may vary on your machine).
:0041297A FFD6 call esi ; call GetDlgItemTextA
:0041297C 6888A34700 push 0047A388 ; we land here.
; type 'd 47A388' to see your code
:00412981 68A8934500 push 004593A8 ; your name
:00412986 E8154A0000 call 004173A0 ; call we need to trace inside
:0041298B 83C408 add esp, 00000008
:0041298E 85C0 test eax, eax
:00412990 0F8486000000 je 00412A1C
:
After F8 into call 004173A0, just press F10 (like a hundred times)
until you land at 0041748F.
:
:
* Possible StringData Ref from Data Obj ->"%8.8x-%8.8x"
|
:0041748A 68C0864300 push 004386C0
:0041748F 51 push ecx
type 'd ecx' first, then, press F10 to pass the following call and you will
see your user code in the data window.
* Reference To: USER32.wsprintfA, Ord:0264h
|
:00417490 FF1508554800 Call dword ptr [00485508]
:
In my case, it shows d7779bcc-fe771eb1. The rest of the codes just compare your fake registration key with the real key.
Note: You must exit the program and re-run the program. Then, you will see the registration
tab is gone and you are registered. ^__^
Do I really have to remind you all
that by buying and NOT stealing the software you use will ensure that these
software houses will continue to produce even *better* software for
us to use and more importantly, to continue offering even more challenges
to breaking their often weak protection systems.
If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.
Essay
by: ViPeR
Page Created: 21 June
1999