PDA

View Full Version : Help learning to reverse and crack


spados
April 24th, 2013, 00:59
Hey everyone, I am fairly new to reversing (couple months). I use randoms version of ollydbg and have read a lot of randoms pages (http://thelegendofrandom.com).

I first stared out trying to crack a program called timeline maker professional. This uses a 3rd party protection system from "protexis" to phone home using https and uses windows inbuilt cryptography stuff to encrpyt and decrpyt things. I have spent many hours commenting code and trying to figure out how to bypass the security or try to make it successfully register, to no avail.

I am a very fast leaner however sometimes I just need help understanding new concepts and the tricks of the trade.

I have given up on timeline maker pro for now and thought I would give something a little simpler a go.

I have opted for AVS video converter from avs4you. It has a program called registration.exe which looks like it phones home and then updates the registry and creates a file with a extension *.lickey

I have also studied the program itself which initially pops up a not registered window on startup and non-activated is displayed as the main window title of the main program. I made a file called license.lickey in the programdata\avs4you\licence\ folder which is where it looks for files with a *.lickey extension and it turns out this changes the message that is initially displayed when the program opens to "your subscription has expired".

I used resource hacker to find the dialog which is entitled "TFORMUNREGISTEREDVERSION", I did a search strings in olly for this and found it as data in a couple of places, I put a few breakpoints in and I found the spot where the window is called, but I have no idea how to prevent it, I think that logic has already been processed well before.

Basically I'm not sure where to start and I desperately need to improve my skills so am hoping to get some tips and help to finally crack something from scratch.

Should I
a.) try and crack the main prog and get it to think its registered?
b.) try and crack the external exe called registration that phones home and eventually writes a licence file and some reg things.

I just need someone to talk to.

Thanks guys.

rendari
April 24th, 2013, 10:31
Check out these tutorials:

http://tuts4you.com/download.php?list.17

tedshred
April 24th, 2013, 12:20
From the dialog name, I would guess that this was written in Delphi. You could try using "PEiD" to identify the file signature. If it is, try using a Delphi decompiler like "DeDe".

spados
April 25th, 2013, 16:25
Thanks I will

spados
April 25th, 2013, 16:27
Quote:
[Originally Posted by tedshred;94589]From the dialog name, I would guess that this was written in Delphi. You could try using "PEiD" to identify the file signature. If it is, try using a Delphi decompiler like "DeDe".


It must be because it has borland delphi c++ written in various places in the dissasembled code.

Will DeDe do a much better job than olly? Ill give it a go. thanks!

gayungan
April 28th, 2013, 12:05
im newbie. i hope you can help me to solve my problem.
i have 2 software like this. (software can download right here CRACK REQUEST, LINKS DELETED). i have try to find bitmap and password with resource hacker but it say "protected by exe compresor". that software is built with delphi. I just want to know the password of setup and change "header image" .
this is the screenshoot of software :
http://s7.postimg.org/9vg8i3rwb/image.jpg
http://s7.postimg.org/kjjzgy1vf/image.jpg
http://s7.postimg.org/gol6s483f/image.jpg

thanks for your help

spados
April 28th, 2013, 23:55
Quote:
[Originally Posted by rendari;94588]Check out these tutorials:

http://tuts4you.com/download.php?list.17


Thanks, Im up to tutorial 8 out of 40, going well so far they are very very helpful. Ive learn't a couple of new little tricks for use in olly. Most of the stuff so far I did already know from research and trial and error. Will keep going.....

spados
April 28th, 2013, 23:58
Quote:
[Originally Posted by spados;94592]It must be because it has borland delphi c++ written in various places in the dissasembled code.

Will DeDe do a much better job than olly? Ill give it a go. thanks!


OK so I have run DeDe and it shows the forms etc. I'm finding it very hard to use DeDe, it is very different to olly. Is my goal to find the references in DeDe and then use olly to actually do the crack or can you crack things in DeDe aswell? That having been said I did get a VA of the non registered form from DeDe but when I use olly and goto expression with that address, it doesnt resemble anything like the data I am looking for.

tedshred
May 1st, 2013, 13:04
I see DeDe as a means to explore the code structure. You still need a separate debugger.