http://tntcrack.darpa.org | http://tntcrack.tsx.org  
  [WinGest v3.5 Tutor by XASX]  
  [Tutor Layout by XASX]  
Date 7 July/1999
Cracker XASX
   
Appz WinGest v3.5
Description Spanish/French administrative program.
Type Demo Version.
Protection Scheme Restrictions and UseLimit to September/99.
Appz URL http://www.sfy.com
Crack URL http://tntcrack.darpa.org
Tools SoftIce v3.25.
   
Introduction

Hi all, in this tutorial Im going to explain how to crack WinGest v3.5.
The version I have cracked is a demo released in a Spanish Computers Magazine: PC Actual (Nº36 Julio/Agosto 99).
In 'Soft for You' web, you can find the same demo download->
http://www.sfy.com/demo.htm.

Sorry by my fucking english xD.

Go on...

 
Program info
   
WINGEST AVALIABLE VERSIONS:

WinGest 3 Standard.
WinGest 3 Profesional.
WinGest 3 Entreprise.

PROGRAMAS Versión 3.5
WinGest 3.5 Standard 35.000.-
WinGest 3.5 Profesional 120.000.-
WinGest Enterprise - 5 Licencias Adicionales - Todos los Módulos Adicionales ya a la venta. 350.000.-
MÓDULOS ADICIONALES  Versión 3.5
Nuevo Módulo de CONTABILIDAD 25.000.-
Módulo de Producción 50.000.-
Módulo Terminal Punto de Venta 50.000.-
Módulo Tallas y Colores 25.000.-
Módulo R.M.A. 65.000.-
Códigos Postales 5.000.-
Módulo Remesas Bancarias y Gestión de pagos a proveedores 35.000.-
Módulo Control Stock Por Lotes y Fecha Caducidad 75.000.-
Módulo de Comunicación 75.000.-
Módulo Facturación Periódica 50.000.-
LICENCIAS DE RED Versión 3.5
Licencia para WinGest Standard 18.900.-

All this prices are in 'pesetas' | 1$ = 150 pts |

Thess prices are very high, at least for a small bussines.
In this crack we are going to convert demo version to Enterprise version with all the modules and 900 net licenses = 116.000$ ... nothing xD.

Ok, go to some fun...

 
Registering

When you load the program, you'll get a window with two options: register and enter demo version.

We select register, that is we want xD.
Then appz open another window 'Asitente de registro' = 'Register Assistant', and want we enter some data:

- Nombre = Name
- Empresa = Bussines
- CIF = Spanish ID Number

We enter boolean data and continue (its indifferent... so we cant leave in blank this data).
Now, other window with more options, this window its important because here we say what version we want to 'buy' (estandar, profesional, enterprise), what modules we want, and number of licenses.

Serial number is indifferent... we can put boolean data, for example. '123xasx321'.

I select Enterprise version, all the modules, and 900 net licenses xD. (max number is 999).

Ok, now all is done, we push |siguiente|=|next| and we get a code like this:

6921-59610/3*33311111-900
^^^^^^^ ^ ^^^^^^ ^^^
boolean code ----- est/pro/ent ----- modules -- licenses number.

Ok, we have the code.
Now, we 'must' comunicate by fax or phone it to 'soft for you' and put our money in their bank account xD, then they 'll send us a code2 that we'll introduce in next window.

Ok, we are now in 'enter code2 window'.

Now begin real cracking!!!.

Seaching for code

We enter a random number, and the apps say: ¡Lo Siento!, el contracódigo introducido está mal. = Sorry, entered number is bad.

Ok, we are goint to search the code that call this window.
ohhh, W32DASM don't work very well with this appz... WINGEST.EXE is 10,4 Mb size of 'junk' code programed in VisualFoxPro 6.0.

We'll must use SoftIce... more fun!!!, xD.

After test some typical breakpoints without success (getdlgitemtext(a), getwindowtext(a)... etc etc), i think that this app is coded in Visual Fox Pro 6.0, and will use some sucking dll like Visual Basic.

Yes...its: VFP6R.DLL / Microsoft® Visual FoxPro® Runtime Library.

We are goint to try apis from this dll (very unknow on typical cracking), but... why don't go first to easy cracking and take a look to ram, searching some 'forgotten' numbers?

Searching in RAM

Search command with SoftIce is:

S = Search
S 0 l ffffffff ´that u want to search´

Search will be done before we have entered a code2 and pushed |siguiente| = |next|, because all comparations in ram will be done and we can find some number.

Remember that our code was: 6921-59610/3*33311111-900 (first part change everytime).

I think best string to search is: 3*33311111-900 : final code that only change with registry data.

Enter softice (ctrl+d):
Use search command...: s 0 l ffffffff ´3*33311111-900´
and press <s> a lot of times to go a interesting place.

After press <s> aprox 15 times (can be less or more), we appear in a place where we see that::
<<unknow number 5 characters>>............610/3*33311111-900..................<<our code2>>.

(to move in softice data window, you must push alt+up/down)

hmmmmmmmm..... what are making these numbers too close?... we write down the unknow number of 5 characters and going again to Wingest.
Push |anterior| = |previous| button and enter softice again (ctrl+d),

hmmmmmmmmmmm..... the number has dissapear... and we can see "enrerant" in his place.
we are going to write the unknow number in code2 window, some casual....

xDDDD... Felicidades, ya tiene Wingest registrado, le deseamos un buen día.
xDDDD... Congratulations, you have a Regged copy og Wingest, have a nice day.

Ok, it has worked!... and we haven't entered to trace the black world of: VFP6R.DLL / Microsoft® Visual FoxPro® Runtime Library.

Push |finalizar| = |End| and the app load correctly, without the word 'demostration' in begin window...
We close Wingest and open again. hmm it load correctly and we don't get any registration window to reg the app, too all the modules work, there aren't restrictions, and no timelimit exist.

We have made it!!!!!,

Now we are going to search were registration data are saved:

This can be made in some places:
Windows Registry -> Test with 'regmon' if some value is queried. NO.
.ini file-> Test with 'filemon' what .ine files are read. NO
Another own file-> Ok, this is... we search for last modified files in wingest dir, and we can see tha CONT.DBF has been modified when we registered the app.
We open file with a text editor and yes, this is the file where registration data is saved.
If we delete the file, the registration window appear again, if we put file again, Wingest load regged.

Ok, The app has been Cracked.
Not very difficult, but we have been lucky beacuse we haven't traced any line of code, I think in next wingest version protection scheme will be high and we have to fight with: VFP6R.DLL / Microsoft® Visual FoxPro® Runtime Library... anybody knows it xD.

See u in next tutorial...