PDA

View Full Version : how to set break point for trail period validation


selvag
May 18th, 2008, 05:43
hi..

i have nice cool program ... but they gave 15 days trail license .... i just want to extend the period trail time ....

Its based on internet license . every time the program should connect through internet.

i tried in different ways but its not enough to fix..

1. i tried change the date/time ... it's failed . they stored my activate time...
every time the program reminds balanced dates...

so changing data's not to fix this...

2. i have checked installed directory .... no files related to license ...( may be i couldn't find out.).. i think everything in that exe file...itself
its every time checking my host id... for license... based on host id only it's giving license from internet license server.

3. i tried obdg110 i couldn't find the break point.... ... i know its very difficult


my point is....

in that exe file itself validating all those thing through internet .... i know it's very very hard to find validation point.... and set break point...
but they giving activation option over the phone...

so their license program inside the application....
its confirmed....
i have to find out validation method... since i'm newbie i know logics but i don't know where to start ... to find out validation method...

can any guide me to find out....validation methods
it will be great full to you...

thanks lot...

Polaris
May 18th, 2008, 14:30
Wow, I've never seen so many dots in the same post!! Amazing!!

marcovaldo
May 18th, 2008, 15:41
Although it looks as he has not understood any of the points -

naides
May 18th, 2008, 16:57
Quote:
[Originally Posted by selvag;74676]hi..

i have nice cool program ... but they gave 15 days trail license .... i just want to extend the period trail time ....

Its based on internet license . every time the program should connect through internet.

Question number 1: Does the computer HAVE to be connected to the Internet? If it is not connected does the program run?

i tried in different ways but its not enough to fix..

1. i tried change the date/time ... it's failed . they stored my activate time...
every time the program reminds balanced dates...

Get a packet sniffer: Ethereal for instance, and monitor the dialog between your program and "Home". Can you make something out of it?
Are there recognizable strings? What about the Web address, can you find it in the program strings??


so changing data's not to fix this...

2. i have checked installed directory .... no files related to license ...( may be i couldn't find out.).. i think everything in that exe file...itself
its every time checking my host id... for license... based on host id only it's giving license from internet license server.

3. i tried obdg110 i couldn't find the break point.... ... i know its very difficult


my point is....

in that exe file itself validating all those thing through internet .... i know it's very very hard to find validation point.... and set break point...
but they giving activation option over the phone...

Well, if there is a "phone only" validation, that is where you can concentrate your attack. Figure out which module runs the home validation, what strings are there, and search the exe for them. Pay attention to the "invalid serial number" or some sort of bad boy message. Figure out who makes it and why, then you can fake the on the phone validation.

so their license program inside the application....
its confirmed....
i have to find out validation method... since i'm newbie i know logics but i don't know where to start ... to find out validation method...

can any guide me to find out....validation methods
it will be great full to you...

thanks lot...



Is your program made by <0R3L?

ElDaR
May 19th, 2008, 04:50
heh, maybe this is time for JMI's action

selvag
May 19th, 2008, 11:45
thanks for all your replays ...

hi ...naides

for your fist question answer :

--> no need internet connection to run application without internet i can run the application
--> but i can see the reminder message of trail period.


so their validation checking happening my system itself.

for your second question..


--> i am not such good programmer like you guys. I'm new to this community. i can understand what u telling , but i don't know where to find that string.
guide me i will find it...

problem is i don't know the basic attacks . any way no problem i will learn quickly thats why i am here.


for your third question

-->this is my first try so i don't have much ideas about validation modules. one more thing ollyDbg not able to open that exe fully, when i click inside ollyDbg quits.
is there any other applications to edit.
--> i can understood your strategy but i don't where to execute .


i'm dam sure we can fix this ... i was searching two years for this ... their previous version doesn't have this kind of validation , in this new version only they gave trail period and phone activation(for phone they asking product code). at least i want to extend the trail period .it will be very nice.

so help me... thanks lot.

dELTA
May 19th, 2008, 12:48
selvag, this is getting dangerously close to a crack request, and/or this target is all too hard for your current level of experience/expertise.

I would advice you to study basic reversing concepts (see the sites linked to below for example), and then come back if you need a little more "qualified" help.

JMI
May 19th, 2008, 15:58
I'm poised and ready. Just send me in coach, send me in.

Regards,

selvag
May 19th, 2008, 20:52
i am not requesting crack , just guide me to learn ... for this type of situation . it will be help full. i can learn lot of things while doing practically... this is really interesting work , tough and challenge to me . this is good battle for brains. so administrators plz.. guide me to learn ....

i know you guys will tell = "i cant feed in spoon" but just tel me where i can get the food ,i ll eat my self .
thanks lot

dELTA
May 20th, 2008, 03:36
Quote:
[Originally Posted by selvag;74696]but just tel me where i can get the food ,i ll eat my self
Yes, and I just did, above. Please start "eating" at the sites linked below in our footer, then come back when you're ready for the main course, or at least anything not being served on a toothpick.

personmans
May 20th, 2008, 12:30
If you search for "lena151", you will find something like 40 tutorials that an absolute beginner could follow to the end with a bit of time and patience.

Many "reversing" tutorials will be based around a specific target, lenas, however focus on specific tasks, such as removing nag screens or skipping *ahem* certain functions. This is useful because you can then apply these concepts to any program you encounter. -- of course, looks like you have a ways to go.

SiGiNT
May 20th, 2008, 17:53
I have a tutorial, (yes even lazy me can write one occasionally), that may or may not be of some value to you - I'll upload it tonight and post a link for you!

SiGiNT {;P)

personmans
May 20th, 2008, 18:40
Quote:
[Originally Posted by sigint33;74725]I have a tutorial, (yes even lazy me can write one occasionally), that may or may not be of some value to you - I'll upload it tonight and post a link for you!

SiGiNT {;P)



Eep. I wasn't trying to take away from reading your tutorial, SiGiNT =P Actually, I will probably read yours when it's posted (so do it already!!). I was just offering what seemed to be needed, a starting point in reversing.

Cheers,
Personmans

SiGiNT
May 20th, 2008, 22:39
Hey, I think I've composed 2 or 3 tutorials in the past 5 years - MODERATORS - JMI - I'm unclear on the rules here this link contains a target specific tut - so be merciful if it's against the rules delete the link and stomp me carefully I have back surgery in a month! Lena151's tutorials, (I regard Lena as a friend), are a must for anyone, if for filling in gaps if you are experienced or for learning from the ground up - this tutorial presents a unique approach.

Anyway here goes - a non direct masked link http://rapidshare.com/files/116426380/Time_Trial_Tut.rar.html

SiGiNT

of course you must fix the 2 x's

(EDIT KAYAKER: forget the silly xx mask, use direct links here, they are handled by our modifications )


HMMMMM!!!! Stunned silence - c'mon it's not that bad! (is it????) |P)

SiGiNT
May 21st, 2008, 15:03
Kayaker,

Alzheimer's hasn't set in that badly yet, I still know how to do a direct link, I was concerned about the target specific nature of the tut and a possible rules violation.

But I'm reallllllly stunned and curious, I originally posted this tut over at ARTeam and got very little feedback on it, now in the place where I knew I would get very candid comments, I'm seeing no reaction, I know that this method is more or less an OMG!!! that's so fucking simple why didn't I ever do it - kind of thing - but absolutely no comments is bewildering

SiGiNT

selvag
May 21st, 2008, 15:23
thanks sigint33.... nice tutorials....
superb...

i tried... but one thing i dont have odbg version which u shown in the tutorials ... some thing different. mine is totally limited .... i couldn't find all your options in my odbg200e... where i can find like yours

any idea

which version is apt for your tutorials ....

thanks lot for your replays

thanks

SiGiNT
May 21st, 2008, 18:28
I prefer and use Shadow's version - it can be found here - http://www.woodmann.com/collaborative/tools/index.php/Category:OllyDbg_Custom_Versions ("http://www.woodmann.com/collaborative/tools/index.php/Category:OllyDbg_Custom_Versions")

SiGiNT

personmans
May 21st, 2008, 20:01
SiGiNT, only complaint I have is the resolution, watching it on my IBM lappy, and I couldn't see the whole screen. Was a good tut though. As for the method, I've used it myself quite a few times. Sometimes when I have a really tough scheme, I try that just to be cute. I've never had it work with a well-implemented check though.

cheers,
Personmans

SiGiNT
May 21st, 2008, 21:44
Interesting, well I'm no tutorial producer, I'm surprised, (only a little), that someone else uses it, I've dissected many, many cracks and the most usual approach is donwnright butchery, most of mine are less than 10 bytes but most of what I see on the scene is more like 50-100 bytes, the interesting thing is I was monitoring a thread here and the advice given to a Noob was stay away from time trials because usually they are difficult, and at least one former board member here described a process where she tracked the trial in the ST registers down to the millisecond range, since I started reversing on the PC dealing almost exclusively with time trials and dead listings, I set out to prove him wrong - even though they still seem easy to me, after going over the process I couldn't prove him wrong, until I stumbled on this method - interesting thing is since I first released the tut, the success rate has dropped a little, maybe about 10% - with some adaptation this method is also applicable to some licensing schemes. Thanks for the critique, I'm not fishing for compliments, just honest criticism.

SiGiNT

dELTA
May 22nd, 2008, 03:10
Since that rapidshare link will disappear soon (I hate rapidshare links :boo, it would be great if someone could summarize this revolutionary method with a couple of words in a post in this thread. Otherwise this thread will be useless as soon as the rapidshare link expires.

Oh, and the rapidshare + rar thing is most likely why not as many people as usual bothered to check out the tut. That's goes for me anyway.

I'm sure it was good though.

SiGiNT
May 22nd, 2008, 11:50
AHHHHH, there's that cynicism I love so well!! In retrospect the logic of this is so elegant that it's not obvious - basically it's a cut off the offending limb logic.

Here it is in a nutshell:

All time trials reach a logic juncture - it's either "trial or registered" or "still active or expired" a decision is made and the appropriate code is executed, however, there may be many of these junctures, or they may be difficult to find, possibly even in another module, I simply find the subroutine that contains the trial dialog - "days left", "expired" etc... at the very beging of that sub, usually a Push EBP or Push -1, I simply insert a RETN - forcing the code down the registered branch or into the main code. The only trick is finding the "sweet spot" - this is the exact opposite of my normal incorrect philosophy that most code is difficult to reverse - something that has always plagued me. Anyway hope this immortalizes this "revolutionary" approach.

SiGiNT

selvag
May 22nd, 2008, 12:20
hai.. sigint

i tried with shadow ... which u referred... but that file is not opening ... properly... can u try once again... thanks

SiGiNT
May 22nd, 2008, 13:40
Your application is a server based subscription - if you fool this eventually you'll be banned or shut-off - but I'll take a look anyway.

SiGiNT

SiGiNT
May 22nd, 2008, 19:26
sigint33,

You aren't worth your salt unless you crack that app.

S

JMI
May 22nd, 2008, 19:34
sigint33 who??? Let's see how long it takes everyone to figure out what just happened.

Regards,

SiGiNT
May 23rd, 2008, 01:38
selvag,

You are correct, it's not a server based app., I went to the page and quickly scanned and apparently read an ad for a music down loader. I have no good news for you, it's packed with Themida, not for the faint of heart, and definitely not for a noobie, Themida is a type of compression kind of like zip but very difficult to uncompress so that it may be modified, If you are serious about this past-time just let us know and we can point you in the right direction, but in the mean time you are out of luck with this one.

SiGiNT