Dongle cracking: NetXRay 1.1.3
("A Very Easy Dongle Protection")
(02 November 1997)
Courtesy of Fravia's page
of reverse engineering
Well, +DataPimp has indeed "specialised" in CD-ROM protections,
yet he has
now started to work on this 'related'
cracking subject! Well, you would not have thought that some 'so called' dongles
just check THEIR OWN PRESENCE ON THE PORTS... would you? And yet, look here!
An easy (yet important) further step!
Cracking NetXRay 1.1.3
(A Very Easy Dongle Protection)
by -= +DataPimp =-
Yes dongles, there was only two dongle essays there and since
I contributed to the Cd-Check essays I would have to say that I wanted
to contribute this to project as well. I would have to say that this is
my first dongle and I was able to defeat it's protection within a matter
of about 1 or 2 minutes. This software is not freely downloadable, but
you can -if you like- find it on the internet, it is the same exact
version that was released by PWA.
OK, so you have the software, let's get going so we can run this
software and see what it looks like. Ok, after you have installed the
program go ahead and run it, you will see a msg box pop up with a message
saying the 'protect key' was not found, and some other junk telling you
to contact them etc.
Ok, now we are not going to use Soft-Ice on this at all, we are
going to decompile the "netxray.exe" file and view it's code.
Once you have decompiled it, we are going to search for the string
"sorry". You will notice that it is found rather quickly, and this
is the code we find:
* Referenced by a Jump at Addresses:00401B33(U), :00401B3E(C)
:00401B51 85C0 test eax, eax <-was Dongle attached? :00401B53 742D je 00401B82 <-0="NO!,1=YES!" :00401B55 6A00 push 00000000 :00401B57 6A00 push 00000000 * StringData Ref from Data Obj>"Sorry! No protect key is found. "
->"Please contact Cinco Networks,Inc "
->"by phone (770) 671-9272, or by "
->"Internet e-mail firstname.lastname@example.org, "
->"if you wish to purchase or upgrade "
->"NetXRay. Otherwise, return the "
->"complete package in the original "
->"shipping box. Thank you for your "
->"interest in Cinco products."
:00401B59 6878325500 push 00553278 <-prepare Nag :00401B5E E835E40F00 call 004FFF98 <-Call Nag This is a classic Bad Guy, Good Guy test, and can easily be defeated. At Code "Data.class" tppabs="http://Fravia.org/Data.class" Location "00401B53" all we have to do is change that to a "jmp"... of course now it does not matter any more if the dongle is found or not the code snippet will continue to allow the running of the program. I hope that this has helped people with the understanding of dongles, I know that I have learned something myself, and that has made it all worth while. Thanks for reading, DataPimp@hotmail.com
(c) +DataPimp 1997. All rights reversed
You are deep inside Fravia's page of reverse engineering,
choose your way out:
to Project 3 ("Dongle protections")
Is reverse engineering legal?