|
December 1998 |
"Solsuite 98 v3.5" ( A very easy hard(ly)-coded serial ) |
Win '95/'98 PROGRAM Win Code Reversing |
|
|
by Punisher |
|
|
|
Cracking 4 Newbies |
|
|
Program Details Program Name: Sol98.exe Program Type: Solitaire Games Collection Program Location: Softseek Program Size: 2.31MB |
||
|
Tools Used: Soft-Ice --- Debugger |
||
|
Rating |
Easy ( X ) Medium ( ) Hard ( ) Pro ( ) |
There is a crack, a crack in everything. That's how the light gets in. |
SolSuite98 v3.5
( A hard(ly)-coded serial number )
Written by Punisher
|
Introduction |
The author(s) of this program can be found at: http://www.solsuite.com
Solsuite is a collection of about 130 Solitaire games.
|
About this protection system |
Registration is via the ? REgistration Code.. menu item. Here you will be asked to enter:-
Registration Code :
The registration is hardcoded into the program.
|
The Essay |
Install Solsuite 98 and run the program. You will be presented with a window which ask you to choose a game. Choose the cancel button and you will get into the main program window. Selection Registration code from the ? (help menu).
You are now presented with the registration dialogbox. You will notice that there is one one edit box to enter only serial number. This means that the serial number will most likely be hard-coded.
Enter a fake serial number I use 45454545. go into Soft-Ice using ctrl-d and set a breakpoint on hmemcpy. eg:-
>>> BPX HMEMCPY
We will use hmemcpy becasue using GetDlgItemTextA and GetWindowTextA does not work.
Leave Soft-Ice by pressing ctrl-d. We are back in the registration dialogbox. Click the OK button and soft-ice breaks in Kernel at hmemcpy.
Type X and Press the {ENTER} button. Sof-Ice will break in Kernel at hmemcpy again. Now Press F11 once and F12 6 times to get to Solsuite code.
Now Single step through solsuite code until you come to this piece of code.
0137:0046BA89 SUB EAX, 0001E157
0137:0046BA8E LEA EDX, [EBP-0C]
0137:0046BA91 CALL 004075A4
0137:0046BA96 MOV EDX, [EBP-0C] ; the real serial is loaded in edx
0137:0046BA99 POP EAX
0137:0046BA9A CALL 00403E00
Single step past MOV EDX, [EBP-0C] and dump the memory addres at EDX. eg:-
>>> d edx
There in the data window you will see your fake serial number and the real serial number. Write it down. Now clear all breakpoints. eg:-
>>> bc *
Type X and press the {ENTER} Key to let the program run. A messagebox box will come up telling you that your serial number is invalid. Clear that messagebox by clicking the OK button.
NOw enter the real Serial number and press the OK button. A meesagebox will inform you that the program is now registered and display a dialogbox for you to enter your name. The rest is up to you.
You should buy this program if you intend to use it longer than the evaluation period.