How to protect better
(SECOND PHASE of this new section)
by +Sync, 21 July 1997
Courtesy of Fravia's page
of reverse engineering
Register - The MegaMan Protection
download register.exe here (11200 bytes)
Well, I was wondering why I have not seen a unique protection scheme
in quite a while, so I decided to come up with one of my own. I tried to
think of a straight ahead name/password scheme except to make the algorithm
really tricky. However, since anyone with passing knowledge of assembly can
reverse this reasonably quickly, I decided to try to put a 'twist' on it.
What I came up with is, I believe, a challenging crack. This is what I would
call a 'fairly strong' protection. I did not Hackstop the program or put any
anti-debugger code in it, although I suspect that if I were actually trying to
protect this software I probably would have. What I developed is, as far as I
am aware, the only 'MegaMan' type registration scheme around. I call it
'MegaMan' because the old Nintendo games used to use a similar method for
entering codes. My challenge to you is, crack it - but following a few
restrictions. While a patch is always valid, and I would like to see how
some of you go about patching it, a valid code (or generator) will be the only
100% valid answer. I know that since this program does not use the standard
API functions (GetWindowTextA etc.) to retrieve the password it will require
some research (possibly) into how windows retrieves the data. I hope this
slows some of you down. Realizing that this is a somewhat difficult crack, I
offer you 2 hints.
1. The number of 'checks' is not always the same. It CAN vary in length
slightly depending on the name entered.
2. THIS IS A HUGE CLUE - I will give you a valid name/number pair, so that
you can see how the program reacts when a valid number is entered.
The program acts no different, and no message box appears, so you
cannot use a break on a window handle.
0 - H \
0 - C |- HCU on line 0, pretty interesting.
0 - U /
1 - S
2 - M
3 - Q
4 - I
4 - S
4 - Q
5 - H
6 - L
7 - S
8 - E
9 - S
I tried to not make this too tough to reverse engineer. For example,
one idea I toyed around with was to have the user enter a separate registration
number into each block, rather than just check it. I decided that while this
was challenging enough to prevent most crackers from attempting it, it was not
a viable protection because your customers would get frustrated too quickly. I
invite others to also develop UNIQUE protections and share them with us.
Final Note: As soon as a correct answer has been posted to the +HCU
discussion, full source to the registration routine will be presented by me.
Please make any comments you want (i.e about my lousy windows coding). I'm sure
that there is at least one EASY way to crack this, however there are many ways
to get lost quickly. Remember, a patch is acceptable, but the real answer is
a working code.
How to protect better.
You are deep inside Fravia's page of reverse engineering,
choose your way out:
Is reverse engineering illegal?