Page 1 of 3 123 LastLast
Results 1 to 15 of 31

Thread: Making a keygen - almost there...

  1. #1
    ljre24
    Guest

    Making a keygen - almost there...

    OK I've been wrestling with this program's key generation mechanism. It had
    antidebug tricks, a second hidden check of the serial with aditional
    validation at program initialization, dongle protection, and I managed to
    bypass it by generating a key that seemed valid. The program started with
    the full product splash screen! But I was disappointed to find the message
    "[name of app] no licensed" in the status bar. That's a big step
    considering the last time the program started was with the trial splash
    screen. The thing is, now the program suddenly displays a window with a
    message for a fraction of a second after the program starts, not even
    giving me time to read, and then the whole thing aborts!

    Is the a way I can somehow grab a screenshot of this window to read that message? The time it stays there is impossibly short.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Sure, manually step over the app, and narrow down the call to the routine that displays the banner, then carefully step into the routine, this is best done using split screen, where olly is only on the left half of your screen, personally I use dual monitors.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  3. #3
    ljre24
    Guest
    Well the problem is there is more antidebug protection that won't let me get there. I managed to circumvent the first antidebug protection by being VERY patient and bypassing the call to the function that generated the exceptions so I could locate the dongle check and debug the serial cheking routine.

    I would now have to bypass these other protections as well before I can step through the rest program freely to locate that window. Any way I can simply take some sort of a "video" of my destop to read it?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Do you have a video camara? I mean a Physical video camara?
    You can train it on the screen then use slow motion and get what you want.

    There are softwares like Snagit, and S-demo maker and a lot more if you search the web with the right keywords.

    Another alternative, which may conflict with your Antidebug code is SoftIce placing bp on "display window" sort of API

  5. #5
    ljre24
    Guest
    OK, Snagit did it. The window says "[Name of program] is closing, please wait"
    So it's nothing that looks really helpful I'm afraid. And I just found out that the program even closes this way with a known valid key I found on the Internet! Could it be that it's the dongle protection mechanism that is causing the program to exit?

    All I've removed so far is remove the dongle check at the start of the program. Simply a jump reversal. I've read that the proper way to remove dongle protection is to emulate the dongle though. But I've never done that and could use a tutorial for that. I need to know several things:

    1. How would I know if a program needs the dongle to be emulated as opposed to simply needing one to reverse a jump?

    2. If it's just a simple "is dongle there, jump here, is dongle not there, exit" every number of seconds then another jump reversal on the code that is executed would also work. Am I right?

    3. Also, is this sort of background dongle check normally done by a separate idle priority thread?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Quote Originally Posted by ljre24 View Post
    1. How would I know if a program needs the dongle to be emulated as opposed to simply needing one to reverse a jump?

    No quick and easy way. Finding all calls to the dongle is the only sure way. It is not unusual for an app to do a quick and dirty "dongle are you there" call, which you reversed, and later do more involved protection, challenge/response sort of thing.

    2. If it's just a simple "is dongle there, jump here, is dongle not there, exit" every number of seconds then another jump reversal on the code that is executed would also work. Am I right?

    If you have seen a number of antidebug tricks and so on, I doubt very much that the protectors were lazy in the implementation of the dongle protection, I may be wrong, but I would expect a more robust protection if they are advanced enough to include antidebug code

    3. Also, is this sort of background dongle check normally done by a separate idle priority thread?
    Can be a separate thread, which is rather conspicuous for a cracker, or as part of an often used procedure, or done with a timing mechanism. No pattern here

  7. #7
    ljre24
    Guest
    I know the name of the dongle, and I'm reading the manuals which I got from the Woodman site. Can I reveal the Dongle's name?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Yes

  9. #9
    ljre24
    Guest
    It uses Dinkey Dongle. Not sure which model it uses yet. Still reading the manuals So far it seems to be calling only one function from a dll called DDNO.DLL. If anyone has info on how to break Dinkey Dongle protection or guides to learn how to break it I would greatly appreciate it

    It also runs a program called SETUPDRV.exe with the parameter "/q" so it doesn't show the "Dinkey Dongle driver has been installed blah blah blah" window.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    I've patched several progs using Dinky Dongle and none of them were particulatly difficult, but I suspect that you've encountered one where the author has done his research, dotted his "i"'s and crossed his "t"'s - if you like PM me the target and I'll take a look - I'm very busy right now, (because of CES), but I'll see what I can do - naides would probably be curious also.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  11. #11
    ljre24
    Guest
    Also if someone could tell me how to use the anti debug plugins for Olly. I downloaded OllyAdvanced, HideDebugger, and IsDebugPresent from the OllyStuph site and what I simply did was to install all of them and enable all the options, restarting of course. So unless the plugins' effects are cancelling each other out (yeah right), chances are the plugins are having no effect or I don't know how to use them properly.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Try using ollyshadow - I had absolutely no problems with anti-debugging tricks, as for the app - you can ignore the dongle - whether or not it's licensed boils down to what one memory location contains, (as with many apps) - if you can get it back to a demo splash, break olly on that point, then use the stack to look for what makes it jump over a call to the splash- it's a dword compare to a specific memory location, all you have to do is write anything to that location before it starts testing it. (hint try a memory breakpoint on write for that location).

    It says licensed here and seems to run fine.

    Thats as much as I'll, say for the moment.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  13. #13
    ljre24
    Guest
    Whoah wait a sec. I had to generate a "valid" key for my name. Your strategy gives you a "licensed" message. But licensed to whom? If you didn't insert a name and a company it says "licensed to: (Blank)" ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Yep!, unless you are picky, thats still a valid option, hopefully you are not of the same mind as a guy I got into an argument with, who claimed it had to be "valid registration" because it was used in a work environment, my reply was it shouldn't be used in a work environment - they should pay for it, and no matter what it says it's still pirated software, BTW there are ways to make that licensed to: , say what you want, I made a weak attempt at fishing it, but my time was short, my work day yesterday was about 14 hours, probably same today.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  15. #15
    ljre24
    Guest
    That's ok, as long as it works with all the features, I have seen some hacks making it work but not with all the features enabled. I thank you very much for your help, I'll try your approach. Did you make sure all the features were enabled? Or did you see something that made it look like it wasn't a fully enabled product?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Making fun of your...
    By esther in forum Off Topic
    Replies: 0
    Last Post: April 13th, 2014, 09:57
  2. Making own compressor...
    By polygon7 in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: October 17th, 2005, 08:39
  3. Making Dongle (not cracking)
    By minawahib1 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: July 17th, 2005, 17:10
  4. Making the change
    By Ryno in forum The Newbie Forum
    Replies: 10
    Last Post: March 14th, 2005, 12:40
  5. Making a asm rip keygen???
    By bik78 in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: May 14th, 2002, 15:13

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •