So before we start digging into the code, we need to start the program and see what things we need to crack, and to get the feeling of the program.
Start the program, click the About button, and in there we see that it says Unregisted version. And also there is a Register button, if you click that you see a Username field and a serial field. So now we know the limitations and what things needs to be cracked.
Serial fishing program;
Then we are ready to open it up with Olly, so fire olly up and load the program
then olly should say you are on the adress 00401000, just to make it clear. And since we want to serial fish we need to stop the program exactly when the program is collecting the data from the text fields, so to do that we need to set a breakpoint. To do that first we need to find what to set the BP on. So click the E in the toolbar that is shown in the picture below.
Now we will see all the modules that the program has loaded. And at the top of this list in the Module window, you see the xcovn.exe -> Right click it and take View Names, now you look for GetDlgItemTextA -> Right Click and take -> Set breakpoint on every reference. Now the program will break when those are called.
Now go back to the Main window (the C letter) and lets run the program by pressing F9. The program will start, go to the About box -> then to the Register window.
And there you just type any name, I took "LazykEY" and also just enter some numbers for the serial, ex. "12312312" and press Check input. Then you'll see that Olly jumps forward and breaks the program for us and we should be at the adress: 00401680. So now we just need to trace through, and to do so we use F8 and to Step into a Call we use F7. So if you want you can trace through everthing with F7, if you're intressted what happens to the code, but I would say just use F8 and step though until you are on adress: 004012B2, because on this Call you should trace into (F7) you maybe need to press it twice unless it doesn't trace into. below is a picture showing how it works and how it looks like. and briefly explained under it.
1. Username is collected here
2. Fake serial collected here
3. Trace into(F7) on this call
So now that you have traced into the call, you can continue to trace down with F8 and watch how things change.......But soon, you will see this:
1: Slowly trace through this and you'll see that nr are generated and even a "-" is added, looks like a serial nr, eh? so when you've traced through that part you'll see that the serial looks like xxxxxxxx-xxxxxxxx-xxxxxxxx. Thats the one!
2: This part is where your Fake serial is going to be compared with the real one, and later there will be more checks to see if EAX is equal to a certain value.
So there we go.. Use your serial and the Username to reg the product and use it, note: Also you might saw that a reginfo.dat file was created containing your regdata, but no more of that, just so you know ;P. Hope you learned something, I had fun writing this tutorial, as it was my first too, soon I'll make more when I have time.
And thanks to BoR0 and TDC for this nice little tool :>
Greets to the people that have helped me alot through the years, and good friends: xb0z,Detten,bluffer,ZaiRoN,TDC,BoR0 and of course the rest of Team BiW.