Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 45

Thread: Newbie trying to learn. Think my project maybe a little to advanced.

  1. #16
    Michael, if you are new to this, maybe you should start with a simpler software then, as you have mentioned that "this software is NOT an easy piece to crack."

    Have Phun
    Blame Microsoft, get l337 !!

  2. #17
    Hello Michael_J:

    sigint33 gave you some excellent advise on how to possibly break this protection scheme you are working on. Try to find out where in code the address [EAX+14] gets set to a 1. If you find that, try to determine why it gets set to a 1 and not a 3.

    Keep trying. Ask more questions.

    If you want, you may private message me a download link to your target. No guarantees that I will even look at it, but, I may be able to help.

    Regards,
    SS
    Crashing through life!!

  3. #18
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    This is a difficult target, not only is that value being set, there are multiple values along with it that control menu items, save options, etc.. probably on the order of 5-10 of them, that mem BP does get you to a "sweet spot" but it is executed before the license is checked so even though you enable a bunch of stuff the proggie crashes when you attempt to use an unlicensed option, it looks as though fooling the target into thinking it has a valid keyfile is going to be necessary - or actually trying to fish out the needed info - more info - this target is a mixture of "C" and Python - looks like we need to try the Immunity Debugger - however I think the Python stuff is only for the graphics.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  4. #19
    Quote Originally Posted by Michael_J View Post
    I have bought a book on Asm and im slowly reading threw it.
    Who buys books these days

    Especially when there's "milliards of pages on the Web, a vast resource of knowledge of everything" (Fravia, searchlores.org)

    Also, I believe you can order printed copies of the Intel manuals at no cost.

    @sigint33: Python decompilers are awesome. Team 509 (Chinese group) have a version that works with the latest compiler.

  5. #20
    Michael_J
    Guest
    Cheers SiGiNT for letting people know its not easy.

    I have followed tutorials and been reading up on it online. I buy have bought books because I like to read before bed.

    I maybe a newbie to all of this, but I am trying to learn and wheres the point in repeating simple tasks which I have already learnt? I choose this application because im trying to learn some more advanced software protection systems work.

    After this application I will probably move onto to trying to crack some applications which require dongles.

    Cheers for all your help though, Its really appreciated.

    Michael J
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #21
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Giant steps are not good steps - you lose a lot of the fundamentals in the process, for instance you could choose to try and reverse a HASP HL protected target in the future assuming that it can be done - maybe it can, but, no one has done it yet without the benefit of having a dongle to work with - the problem I'm going to have with your target is trying to teach you exactly how and why I did what I did, with well protected targets sometimes the only approach is to patch it willy nilly until it runs - then go back and undo what you did one at a time to find the unnecessary patches - this particular protection has in the past been called "magic bullets" and in it's more common use a Dword is assigned in memory for product activation status which is indicated by which bytes are 0 or contain data - this particular target has the "bullets" located in different areas of memory the best way to reverse this one is to generate a valid license - and that's not going to be easy, especially for a hack like me, but, we'll see I'm determined to teach you something in the process - please feel free to share the target with others, I could stand to learn a lot myself

    SiGiNT

    Just a note - to reinforce what I said above - this app. comes complete with a command line keygen, but nothing to tell you what the command line syntax is - someone who had a really good understanding of assembler and a lot of time could probably figure it out - that would be a great learning experience for a noob!
    Last edited by SiGiNT; September 17th, 2007 at 14:49.
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  7. #22
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    I just had a short period of time to work on this last night, but here is a tidbit, in the lic. routine @4E790E the lic file size is checked, there are 2 ways to approach this, the line is CMP ESI,DWORD PTR SS:[ESP+20] - you can fool it by changing it to MOV DWORD PTR SS:[ESP+20], ESI or you can insert as the first Dword in your lic file, in little endian, the value compared, for instance if the value @ the memory location is 0000010A change with a hex editor the first 8 bytes in your lic file to 0A010000, this will allow you to proceed with the rest of the routine.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  8. #23
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Ahem,

    Has anybody else perchance perused this target????? - I noticed this last night and really didn't think anythimg abput it - BUT - without a license you can enable the save functions easily by changing 4F52FC SETE to SETNE - but when you try to save one of the demo files it gives the message "the file contains extended features that may not be saved" - if you break on this nag and look in the stack, on my machine it breaks after executing atioglxx.dll - a video driver file - if you bring up this file in the cpu window and do a text search you get a listing of pretty much every serial and license used on your machine - this is really unsettling and bizarre behavior - anyone have any comments? Or can verify this on a different machine?

    SiGiNT

    That combined with the name of the target tweeks ny paranoia bone
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  9. #24
    Quote Originally Posted by sigint33 View Post
    but when you try to save one of the demo files it gives the message "the file contains extended features that may not be saved" - if you break on this nag and look in the stack, on my machine it breaks after executing atioglxx.dll - a video driver file
    Not surprising, if the program outputs through the driver that's where I'd expect to end up after any output occurred.

  10. #25
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    LLXX,

    That's not my concern, it certainly is a graphic intensive app, but why would a video driver be logging what amounts to the contents of my registry and environment, almost exclusively licenses?? - I do assume its a third party driver due to the "gl" contained in it's name, as a good portion of the code this app uses is open source, if I make a leap of faith I can almost believe it's for error reporting as this does seem to be a legit app. but it's behavior is odd at best.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  11. #26
    nchanta
    Guest
    It is not unusual for 'tricky' developers to attempt to hide their main protection code and library by using ambiguous or deliberately misleading filenames and export names.

    Its quite possible that the file is just an extension of the product that was installed somewhere in the Windows path in an attempt to hide it somewhat. Naming it something like atiblah.dll also would make most people skip over its reference as unimportant.

    If the dll file has a blacklisting of serials and such its quite probable that the author knows people are cracking his software and is trying to put as many obstacles in front of the attacks as he can...

    A classic case of security through obscurity
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #27
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Yeah,

    I've seen that many times, actually used it to my advantage by learning a valid but blacklisted number - then patching around the obligatory "violators will be prosecuted ... blah blah" to reg the app, but this list also contains FlexLM references and all kinds of interesting stuff - it's late but may be I'll disassemble it just to see what the hell it is.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  13. #28
    Michael_J
    Guest
    Sorry for not being so active lately. Just moved house and havnt had the internet.

    I have been carry on with trying to crack it. Still not closer. Will carry on tonight, with the new info and let you know how I did.

    Has anyone had any luck so far?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #29
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Michael,

    I've put this one on hold for the moment - things have gotten busy at work and around my house - read up a ways and you'll see some of my discoveries - I'm pretty much convinced, (everytime I say that I prove myself wrong), that generating a valid license is the way to go - I'm not good at that - I'm pretty much a hack but I can use the education - so when I have time I'll see what hapenns - I really want to look into that video driver crap - the file is newer than the last time I updated my driver so I need to find a clean comparison.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  15. #30
    Michael_J
    Guest
    I have just been playing around and have enabled the save function like you described. It however crashes everytime I try to save. So we now have the menu working, but the app doesn't actually want to save.

    I found the area of code which relates to the 1 hour 30 minute limit on the app and have changed it. Fingures crossed that will stop the "you are using a demo version of APPLICATION which is limited to 1 hour 30"

    I was looking on my machine for this file you mention :atioglxx.dll

    Im sure im being dumb, but I cant find it anywhere on my machine, or anything like it.

    Cheers

    Mic
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. advanced iphone reversing tutorial
    By BLZPDA in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: February 11th, 2013, 11:24
  2. Making an advanced api redirection more advanced?
    By rendari in forum Blogs Forum
    Replies: 0
    Last Post: October 18th, 2007, 10:16
  3. Howto put advanced breakpoint
    By hosiminh in forum OllyDbg Support Forums
    Replies: 3
    Last Post: January 31st, 2005, 06:52
  4. advanced Crackme
    By XFlorian in forum Mini Project Area
    Replies: 10
    Last Post: January 28th, 2005, 12:29
  5. Which OS to learn on?
    By ptsdmaker in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: March 9th, 2002, 08:34

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •