Results 1 to 7 of 7

Thread: vdat 2.000.2

  1. #1
    Nameless
    Guest

    vdat 2.000.2

    Hello all,
    I downloaded vdat 2.000.2 and was amazed to see that it is limited!
    This information should be available to anyone.
    Any way Cicatrix done a good job protecting it,
    the only thing I found out is that the key file is a dll called openit.dll
    I have no idea what it does, I haven't messed with reversing for a long time,
    so I'll be greatfull if anyone could give me a direction.

    p.s
    I don't identify myself because cicatrix is blacklisting names...
    I suggest to response anonymously.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Anon_Crax0r
    Guest
    Duh the protection is very very lame
    go ahead and break it while watching tv
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Nameless
    Guest
    Anon_Crax0r (11-06-2000 02:19):
    Duh the protection is very very lame
    go ahead and break it while watching tv
    I haven't find it lame, can you give me a general direction?
    On what can I break?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Anon_Crax0r
    Guest
    I cracked it at home and left everything there..but if you gimme a link to it, ill reverse it + disassm and give you some hints.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Nameless
    Guest
    You can download it at:

    http://base.oc.to/VX-zine/vdt20002.zip
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Anon_Crax0r
    Guest
    great,im getting it.
    i'll let you know when i finish it.
    Bye
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Anon_Crax0r
    Guest
    ok here we go..
    you obviously break with loadlibrary..and see that this program requires openit.dll as you correctly said.

    Basically if the dll is not found the program shows that nasty message telling you how lammo you are..that's all..

    Its just a jz/jnz kinda thing..

    Sorry to spoil it all but there is basically no protection here!
    Of course the program tries to GetProcAddress some function and blah blah but there is no need to reverse this since the check is completely wiped out with a simple byte exchange.
    here is the disasm:

    les di,[bp][00006]
    push es
    push di <- "openit.dll"
    call 002:02DC8 <- LoadLibrary
    mov [bp][0FCEF],al <- keep result
    cmp b,[bp][0FCEF],000 <- result = 0?
    jne .000023293 <- no! go to good boy
    les di,[bp][0FEF0] <- yes! bad boy!

    Open vdat with hiew, search for 80 BE EF FC 00 75 4B C4 BE F0 FE
    and replace the 75 with 'EB'
    as _mammon would say:

    '...movie at eleven...'



    Bye !
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •