Page 1 of 3 123 LastLast
Results 1 to 15 of 34

Thread: pocket program need help

  1. #1
    einstein
    Guest

    pocket program need help

    Hi,

    i hope someone can help me.
    This program is for a pocket pc. (like iPAQ)


    Look at this:

    .text:00023B38 STMFD SP!, {R4,R5,LR}
    .text:00023B3C SUB SP, SP, #8
    .text:00023B40 MOV R5, R0
    .text:00023B44 ADD R0, SP, #0
    .text:00023B48 BL sub_15378
    .text:00023B4C ADD R1, SP, #0
    .text:00023B50 ADD R0, R5, #0x98
    .text:00023B54 BL _GetWindowTextW_CWnd__QBAXAAVCString___Z ; CWnd::GetWindowTextW(CString &)
    .text:00023B58 ADD R0, SP, #4
    .text:00023B5C ADD R1, SP, #0
    .text:00023B60 BL __0CString__QAA_ABV0__Z ; CString::CString(CString const &)
    .text:00023B64 LDR R4, =unk_BB6D4
    .text:00023B68 LDR R1, [SP,#4]
    .text:00023B6C LDR R0, [R4]
    .text:00023B70 BL sub_69E78
    .text:00023B74 LDR R0, [R4]
    .text:00023B78 LDRB R3, [R0,#0x328]
    .text:00023B7C CMP R3, #0
    .text:00023B80 BEQ loc_23B94
    .text:00023B84 MOV R0, R5
    .text:00023B88 BL sub_23890
    .text:00023B8C B loc_23BB8
    .text:00023B8C ; ---------------------------------------------------------------------------
    .text:00023B90 off_23B90 DCD unk_BB6D4 ; DATA XREF: .text:00023B64r
    .text:00023B94 ; ---------------------------------------------------------------------------
    .text:00023B94
    .text:00023B94 loc_23B94 ; CODE XREF: .text:00023B80j
    .text:00023B94 MOV R1, #0xAF00
    .text:00023B98 LDR R2, =aInvalidRegistr
    .text:00023B9C ORR R1, R1, #0xF9
    .text:00023BA0 ADD R0, SP, #0
    .text:00023BA4 BL sub_3ADF8
    .text:00023BA8 LDR R0, [SP]
    .text:00023BAC MOV R2, #0
    .text:00023BB0 MOV R1, #0x40
    .text:00023BB4 BL sub_8F978
    .text:00023BB8
    .text:00023BB8 loc_23BB8 ; CODE XREF: .text:00023B8Cj
    .text:00023BB8 ADD R0, SP, #0
    .text:00023BBC BL sub_845F0
    .text:00023BC0 ADD SP, SP, #8
    .text:00023BC4 LDMFD SP!, {R4,R5,PC}
    .text:00023BC4 ; ---------------------------------------------------------------------------
    .text:00023BC8 off_23BC8 DCD aInvalidRegistr ; DATA XREF: .text:00023B98r
    .text:00023BC8 ; "Invalid registration key!"
    .text:00023BCC


    at adress 23B54 the program read the serial (i think)
    at adress 23B70 the serial will be checked
    at adress 23B80 the program jump to the invalid regkey.



    at the sub 69E78 ida show this:

    .text:00069E78
    .text:00069E78 sub_69E78 ; CODE XREF: .text:00023B70p
    .text:00069E78 ; sub_66B78+68p
    .text:00069E78
    .text:00069E78 var_74 = -0x74
    .text:00069E78 var_6C = -0x6C
    .text:00069E78 var_68 = -0x68
    .text:00069E78 var_64 = -0x64
    .text:00069E78 var_60 = -0x60
    .text:00069E78 var_5C = -0x5C
    .text:00069E78 var_5B = -0x5B
    .text:00069E78 var_5A = -0x5A
    .text:00069E78 var_59 = -0x59
    .text:00069E78 var_58 = -0x58
    .text:00069E78 var_57 = -0x57
    .text:00069E78 var_56 = -0x56
    .text:00069E78 var_55 = -0x55
    .text:00069E78 var_54 = -0x54
    .text:00069E78 var_53 = -0x53
    .text:00069E78 var_52 = -0x52
    .text:00069E78 var_51 = -0x51
    .text:00069E78 var_50 = -0x50
    .text:00069E78 var_4F = -0x4F
    .text:00069E78 var_4E = -0x4E
    .text:00069E78 var_4D = -0x4D
    .text:00069E78 var_4A = -0x4A
    .text:00069E78 var_46 = -0x46
    .text:00069E78 var_C = -0xC
    .text:00069E78 arg_0 = 0
    .text:00069E78
    .text:00069E78 MOV R12, SP
    ...


    what must i do now?

    I hope anyone can help me.


    regards
    Einstein
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    I've never worked with ARM processor instructions before. It looks as if the serial is checked but here is a list of all the ARM instructions. http://www.heyrick.co.uk/assembler/qfinder.html. A better site is http://www.crhc.uiuc.edu/ECE371EMR/qrc0001c_armside.pdf

    Just a quick look at the reference card and we now know

    .text:00023B7C CMP R3, #0 <---Compare
    .text:00023B80 BEQ loc_23B94 <--- Branch (jump) if equal to next intructions
    .text:00023B84 MOV R0, R5 <--- continues if It is not equal
    .text:00023B88 BL sub_23890
    .text:00023B8C B loc_23BB8


    Hopefully help give you a better understanding of whats going on
    Last edited by gabri3l; April 27th, 2004 at 16:43.

  3. #3
    einstein
    Guest

    Talking

    hello gabri3l,

    thanks for your request.
    What do you think I can do?

    text:00023B7C CMP R3, #0 <---Compare -change to R3, #1 ???
    .text:00023B80 BEQ loc_23B94 <--- Branch (jump) if equal to next intructions -I think thats wrong, because i tried to change BEQ to BNE.
    So the screen "invald registration" is never showing.
    .text:00023B84 MOV R0, R5 <--- continues if It is not equal - i don`t know
    .text:00023B88 BL sub_23890
    .text:00023B8C B loc_23BB8

    i hope you can help me.

    Regards
    Einsein
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Another source of ARM knowledge is http://www.peter-cockerell.net:8080/aalp/html/toc.html Chapt. 3 talks about the instruction set.

    What happened when you changed the branch and tried registering with an invalid serial?

    Are you just trying to patch the program or search for a valid string?

    From cockerell.net:
    ----
    There are sixteen instructions, and they have very similar formats. Examples of instructions from this group are ADD and CMP, which add and compare two numbers respectively. As mentioned above, the operands of these instructions are always in registers (or an immediate number stored in the instruction itself), never in memory
    -----
    So maybe try keeping an eye on the registers.

  5. #5
    einstein
    Guest
    Hi gabri3l,

    when i changed the ".text:00023B80 BEQ loc_23B94" to BNE
    the message "invalid Registration..." does not appear.

    Yes i will patch the program. But i need help, because i am a beginner.

    Regards
    Einstein
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Well if you are just starting out try taking a look at
    http://www.searchlores.org/fravia/personalia/ipaq.htm
    http://www.woodmann.com/fravia/tsehp_pocketpc.htm

    Have you saved the modified program and tried syncing it to your pocket pc? did it register?





    --This may be better in the newbie forum, not really advanced reversing--
    Last edited by gabri3l; April 28th, 2004 at 15:55.

  7. #7
    einstein
    Guest

    Talking

    Hi,

    yes i tried, but with no result. only the message "invalid registration" is never shown.
    There is a second prob. The unregistred program shows the reg screen in short time intervals.
    So it is possible to work with the program fully, but it shows allways the reg screen. (thats uggly)
    Is it possible that i send the file to you?


    What do you mean with the newbie forum?
    Where can i find it?

    Einstein
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    einstein
    Guest
    Ok, sorry.
    I see, the newbie forum is here.


    Einstein
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    It's ALL relative.

    Regards,
    JMI

  10. #10
    einstein
    Guest
    hi JIM,

    do you know the pocket language?

    Einstein
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Nope. Sorry.

    Was just making a pun on your nick: Einstein.

    You know, "the theory of relativity".

    Regards,
    JMI

  12. #12
    Hello again JMI.

    einstein i just shook my head when you asked where the forum was...

    If you want to Private Message me with a link to the prog I'll take a look at it. Though as i said before I really dont know ARM instructions. In the meantime read up on those tutorials i gave you. Try searching for the call to the messagebox that asks you to register or try fishing out the valid serial. As said before its prob in a register and is compared to yours.

  13. #13
    einstein
    Guest

    Talking

    hi Gabri3l,

    do you have an PDA? Then i can send you the link. Otherwise i must send you the exe file.

    regards
    Einstein
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    Yes i do. I will not be home this weekend however. So you can just PM me whenever you get a chance. And I will take a look at it on Monday.

  15. #15
    einstein
    Guest
    ok, thanks.
    we see us at monday.

    ciao
    Einstein
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. looking for program
    By book in forum Tools of Our Trade (TOT) Messageboard
    Replies: 7
    Last Post: November 20th, 2005, 09:21
  2. how to cr@ck a pocket pc application?
    By hambam in forum Malware Analysis and Unpacking Forum
    Replies: 6
    Last Post: August 8th, 2002, 08:57
  3. help, or is there a program?
    By Rage9 in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: December 11th, 2001, 08:40
  4. Help with finding keyfile a program used by program
    By Polt in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: August 14th, 2001, 15:41

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •