December 1998

"Byte Catcher Pro V3.2"

( More hard-coded serial numbers  )

Win '95/'98 PROGRAM

Win Code Reversing

 

 

by Punisher 

 

 

Cracking 4 Newbies 

 

 

Program Details

Program Name: SetupBC_Pro.exe

Program Type: FTP Downloader

Program Location: http://www.Save-It.com

Program Size: 998 kb 

 

   

Tools Used:

Soft-Ice 3.2 - Debugger

Rating

Easy ( X )  Medium (   )  Hard (    )  Pro (    ) 

There is a crack, a crack in everything. That's how the light gets in.

 

Byte Catcher Pro V3.2

( Fishing a hard coded Serial Number  )

Written by Punisher

  

Introduction
 
The author(s) of this program can be found at:  http://www.Save-It.com
 
The author says:

"Welcome to ByteCatcher™. You have made the right choice, and you now have a compact, simple, and intuitive utility that will (1) speed up all your file downloads and (2) save hours of frustration from those dropped connections when getting files."
 

About this protection system
 
Registration is via the 'Help, About ByteCatcher dialogbox. The you will see a button marked register. Clciking the Register button will bring up the Registration Dialobox. Here you will be asked to enter:-

Registration  Number  :

Name :

Company :

The only one of importance is the Registration number. The program has a hard coded serial number.
 

The Essay 
     

Install Byte Catcher Pro V3.2 and run the program. You will be presented with a nag screen informing you of the number of days left in the demo version. You have 15 days to evaluate the program.

Click the OK button and you are now in the main program window. Slection the registration dialogbox from the Help menu via the About dialogbox.

Enter a fake regcode and your name and company.

Enter Soft-Ice by pressing ctrl-d. Set a breakpoint on GetWindowTextA. eg:-

>>> BPX GETWINDOWTEXTA

Leave Soft-Ice by pressing ctrl-d and click the OK button. Soft-Ice breaks in USER32 at GetWindowTextA. Type X and press {ENTER}twice. Soft-Ice will break break both times at GetWindowTextA. Now press F11 to return to the caller. You will end up in BYTECATCHER code.

Single step through thyis code by pressing F10 until you come to this piece of code.

0137:0042A731     MOV   ECX,  [EBP-08]
0137:0042A734     ADD   ECX, 5C
0137:0042A737     CALL  004031A0  ; we have to trace this call to get the real regcode
0137:0042A73C     TEST  EAX, EAX
0137:0042A73E     JNZ   004019F0    ; bad_cracker bugger off jump

Step until you get to CALL 00431A0. and trace into it by typing t and pressing the {ENTER} button. You will end up in this piece of code.

0137:004031A0     PUSH  EBP
0137:004031A1     MOV   EBP, ESP
0137:004031A3     PUSH  ECX
0137:004031A4     MOV   [EBP-04], ECX
0137:004031A7     MOV   EAX, [EBP+08]   ; real regcode loaded in eax.
0137:004031AA     PUSH  EAX

Single step through this piece of code until you come to PUSH EAX. Here do a memory dump of EAX and you will get the real regcode. eg:-

>>> d eax

Write down the regcode. Now clear all breakpoints. eg:-

>>> BC *

Type X and press {ENTER} to let the program run. You will get a messagebox informing you that you regcode is invalid.Clear this messagebox by clicking the OK button.

Now Enter the real regcode and click OK and the program will be registered. It will pop you back to the About dialog box.

Well that's it for now.

I will like to say thanks to +Fravia, Sandman, CrackZ, Cruehead, Iczelion and all the others out there who help by providing the knowledge to make this possible.

You should buy this program if you intend to use it longer than the
evaluation period.

  TUTORIALS