Results 1 to 6 of 6

Thread: Stuck with MosASCII

  1. #1

    Stuck with MosASCII

    Hi there, I'm pretty much a newbie, but I'm trying my best

    I'm currently trying to crack MosASCII Beta 6R2, since it does not allow various options that I want to try in the shareware version.

    Here's in info on the target:

    MosASCII 1.0.216 (Jan 8 2002)
    EXE filesize: 1,347,584

    The program is a VB6 application, and can be registered with a name and serial.

    First hurdle was the fact that the 'Register' button is grayed out as long as a non-valid serial is entered. Using softice and IDA I was able to find the location of that check.

    0048DCD2 is a jz that I turned into a jmp

    Then if you push the now clickable 'register' button it will pop up an 'invalid registration key' box, which I was able to find by putting a breakpoint on every damn rtcmsgbox I could find. (Any tips on better techniques appreciated, I could not F11 after a bpx on rtcmsgbox, it only returned me deep in MSVB60.dll)

    Now I got that fixed by nopping out a jz on 0048ce07

    The third hurdle is where I am stuck. It now comes up with a notice that my serial has expired. The text is in the binary but in an area in IDA that is marked unexplored. I have no idea what function is used to create that text window, so I'm totally lost on what to bpx.

    Anybody have any pointers on my current problem or any advice on better techniques for the first 2 points?

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    you might wanna try using Numega Smartcheck for cracking VB apps.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    I tried, it's not pretty. He does a loop of 100 StrCmp's and god knows what else.

    I did find the beginning of the procedure I think where the text message is displayed. It's at 004FBED0, which
    is called from location 0048CF5D.

    But I still cannot find how this thing works. When I try to enter some of the codes of the StrCmp's in the unmodified program the register button does not even light up.

    So I'm still stuck
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4

    Neat trick!

    Okey: Here is what you do:

    --> Run Spy ++ (VC Tools)
    --> Locate the handle to the Button that says "Register"
    --> Leave the window as is
    --> Open VC++
    --> Write code to call EnableWindow passing this hard-coded handle (to make it neater do a FindWindow but that's me ;-))

    Voila! Your Register button is now enabled. Now monitor in SmartCheck what the serial protection code does once you click on Register button.

    -- FoxThree
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Well as I mentioned in my first post, I was able to hack the register button, so that is not the problem. The problem is, that I get a serial expired notice, but I am unable to find the badboy compare if that is how it works.

    Also there are more then a 100 StrCmp's being done with all different numbers, so I think there is something sneaky being done here. So it's just kinda hard to type in a 100 different codes, and I think it wouldn't work in the end anyway...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Condemned geezer
    Join Date
    Oct 2001
    Ankara, Turkey

    50 ways to kill your lover...

    Very well done. Smart program, lots of junk loops, tricks, etc.

    Don't bother. No need to register. Just make it think it is registered. If you had worked well on the compare routine which is run just before you receive the "... disabled in this trial version" message, you simply cannot miss it.

    Instead of checking a registered-or-not flag, the app calls a routine each time it needs to check your registration status. The routine where your regname (RKName) and regnum (RKNum) is checked is called from 89 addresses. On return, it tests ax register and then you have the classical good/bad boy jumps. Now, give MosASCII what it wants: Right at the beginning of the call xor eax, then inc eax and return with the flag 1;


    That's all. It now runs as if it was registered, no "...disabled", "You cannot...", etc. messages, even no "register" submenu item. You are left only with a few cosmetic changes.
    Hope the above hints are explanatory enough.

    Good luck.

Similar Threads

  1. Stuck with CRC or similar check..
    By swifty in forum The Newbie Forum
    Replies: 12
    Last Post: July 4th, 2007, 02:10
  2. Stuck on dongle emulation
    By sal in forum The Newbie Forum
    Replies: 3
    Last Post: May 26th, 2007, 01:41
  3. Stuck with registry query
    By toones in forum The Newbie Forum
    Replies: 1
    Last Post: January 1st, 2005, 15:48
  4. Stuck with an App
    By LOUZEW in forum The Newbie Forum
    Replies: 10
    Last Post: November 22nd, 2003, 11:39
  5. Stuck on aspr
    By fALC0N in forum Malware Analysis and Unpacking Forum
    Replies: 10
    Last Post: April 6th, 2002, 12:36


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts