Hia,
I am working on a target called Tapeview and have run into some trouble. Some general info:

- The "real" version is protected by a dongle of some kind along with a key.
- There is a trial version that one can download that expires after 14 days.
- There are three versions of the program. Bronze, silver and gold.
- One can receive extended demo keys that make it gold/30 day. This leads me to believe that the demo is the full version, and can be cracked without key/dongle.
- It complains when setting date back.
- The demo version needs a password for the setup.
- The setup program used is some thing called innosetup.
- It is MS VC++

So what I have done so far is I have cracked the setup password so the application installs ok. However cracking the application seems harder. When browsing through the code with ollydebug I saw several references to "debugger detection" etc. but they never seemed to trigger on OllyDbg. However when trying to breakpoint on the usual functions for serial fishing I get nothing. I am able to break on createfilea during start-up but I haven't found anythign interesting yet (ongoing). So if anyone here could give me some hints as to how to proceed I would appreciate it. I am not asking for a complete answer... just some hints. I will post when I find something intersting. Thanks.

// cHeCksUm

Do you have an URL for the target?

hobgoblin

Hiya Checksum

First does it complain after time expired you do NOT have a dongle. If yes, the protection is probably fairly simple. Down load a copy of IDA, and the usual dongle signatures. Run it over night on your exe, yes overnight it will take a while even on a 1Ghz machine, then search for your string.

If it doesn't complain about missing a key, you have a fair amount of work, you can try using IDA to see if you have a dongle sigature ie read, else try softice with the usual breaks. Hint go to the archieved CRACKZ site and download ALL the dongle tutorials including frog's print dongle bashing (yes I know it's old but hey software developers can't read).

Good Luck

MTB

Sorry for not answering the Q's but I have been away all week attending courses. Anyhow the target can easily be found by searching for the name on google.

@MTB

The thing is I know it does not require the Dongle. The trail version comes without one. And so yes it complains of time trial expiring without dongle. The trial version without code is "bronze version" with 14 day trial whilst one can get a code which enables the trial to "gold version" and 30 day trial instead of 14. The code is computer specific, so one code will not work on two different machines. It is also ime dependant, and probably based on ones name (not sure here). Anyhow I have not had time to look at the target mroe since my first post, but as weekend has come it's time to roll up ones sleeves and get down and dirty with this target. Anyhow what I was asking before still stands. Since none of my traditional breakpoints seems to work I was wondering what else I could try!? Also is it possible to break on HMEMCPY in OllyDBG? Well I'm off to explore. Thanks for the ideas so far.

// cHeCksUm

Well I have managed to "semi" crack it. In other words I can get it to work ok but I have to patch the thing by hand each time . At least now I know what I am dealing with. Seems to be armadillo wrapped target. It's time for me to put this target down... go read some tutes on armadillo and then come back and fully crack it. Thanks for the help.

// cHeCksUm

Well keeping at it eventually paid off. After much trouble I managed to crack and patch the application fully this weekend. Wooohooo.... my first go against Armadillo... ok so I didn't unpack it but I cracked it at least... new version and all :]. The only thing is it still shows as a trial, but Gold edition that never expires, but I have one more thing to do. To make it think it is fully registered. The problem is the program starts up fine but after a while it dies most likely (about 99.999% sure) because of a dongle check. I can feel that the check is just round the corner though... I've got it on Zen radar and am homing in for final lock and... kabam!!!

Well enough ranting it's time for bed as it's another day at work tomorrow. Btw again thanks to the peep's on the board.... some threads where of great use on this target (and of course others as well). Happy cracking!

**
Ah almost forgot. I might do another tute as a "thank you" for all the help I have gotten here (contribute some myself in other words). Problem is not to make it target specific... might have to try another target with the same protection (armadillo) before I write a tute.
**

// cHeCksUm