December 1998 |
"Byte Catcher Pro V3.2" ( More hard-coded serial numbers ) |
Win '95/'98 PROGRAM Win Code Reversing
|
|
by Punisher |
|
|
Cracking 4 Newbies |
|
Program Details Program Name: SetupBC_Pro.exe Program Type: FTP Downloader Program Location: http://www.Save-It.com Program Size: 998 kb
|
||
Tools Used: Soft-Ice 3.2 - Debugger |
||
Rating |
Easy ( X ) Medium ( ) Hard ( ) Pro ( ) |
There is a crack, a crack in everything. That's how the light gets in. |
Byte Catcher Pro V3.2
( Fishing a hard coded Serial Number )
Written by Punisher
Introduction |
"Welcome to ByteCatcher. You have
made the right choice, and you now have a compact, simple, and
intuitive utility that will (1) speed up all your file downloads and
(2) save hours of frustration from those dropped connections when
getting files."
About this protection system |
Name :
Company :
The only one of importance is the Registration number. The program
has a hard coded serial number.
The Essay |
Install Byte Catcher Pro V3.2 and run the program. You will be presented with a nag screen informing you of the number of days left in the demo version. You have 15 days to evaluate the program.
Click the OK button and you are now in the main program window. Slection the registration dialogbox from the Help menu via the About dialogbox.
Enter a fake regcode and your name and company.
Enter Soft-Ice by pressing ctrl-d. Set a breakpoint on GetWindowTextA. eg:-
>>> BPX GETWINDOWTEXTA
Leave Soft-Ice by pressing ctrl-d and click the OK button. Soft-Ice breaks in USER32 at GetWindowTextA. Type X and press {ENTER}twice. Soft-Ice will break break both times at GetWindowTextA. Now press F11 to return to the caller. You will end up in BYTECATCHER code.
Single step through thyis code by pressing F10 until you come to this piece of code.
0137:0042A731 MOV ECX, [EBP-08]
0137:0042A734 ADD ECX, 5C
0137:0042A737 CALL 004031A0 ; we have to trace this call to get the real regcode
0137:0042A73C TEST EAX, EAX
0137:0042A73E JNZ 004019F0 ; bad_cracker bugger off jump
Step until you get to CALL 00431A0. and trace into it by typing t and pressing the {ENTER} button. You will end up in this piece of code.
0137:004031A0 PUSH EBP
0137:004031A1 MOV EBP, ESP
0137:004031A3 PUSH ECX
0137:004031A4 MOV [EBP-04], ECX
0137:004031A7 MOV EAX, [EBP+08] ; real regcode loaded in eax.
0137:004031AA PUSH EAX
Single step through this piece of code until you come to PUSH EAX. Here do a memory dump of EAX and you will get the real regcode. eg:-
>>> d eax
Write down the regcode. Now clear all breakpoints. eg:-
>>> BC *
Type X and press {ENTER} to let the program run. You will get a messagebox informing you that you regcode is invalid.Clear this messagebox by clicking the OK button.
Now Enter the real regcode and click OK and the program will be registered. It will pop you back to the About dialog box.
Well that's it for now.
You should buy this program if you intend to use it longer than the
evaluation period.