Mushy`s Thread Saturday, 20-Feb-99 05:26:45 It was suggested that some of us might like to try to crack this the harder way. So here goes. I`m going to first try to crack this without the use of softice OR wd32asm (This is going to be difficult I think). What I have found out so far : 1.) Looking into the hex file I have found the words 'CAVEMAN.DAT'. This is the name of the keyfile that has to be created. 2.) The first 2 bytes are read from this file. 3.) The next number of bytes that are read from the file are dependant on the first two that have been read (and so on,..). 4.) When creating a file containing the values '01 00 00 00 00 00' this seems to get past the 'registered to' check but produces some strange effects. By creating a file with just '01 00' the program tries to read 1 more byte from the offset of 2. If you have the bytes '00 02' as the file then it tries to read 512 bytes from offset number 2!!. Therefore it can be assumed that there is some mathematical work being done on the first two bytes that are read from the file and thus affecting the rest. 5.) Looking through the hex file there are numerous 'CD 21' combinations which are of course calling 'Interrupt 21h' the dos services. Tracing back a little through the hex we can see the values that are being placed into cx(Number of bytes to read) , ah(The function of the dos interrupt 3Fh(read file)) and bx(The file handle[also the Pointer to the file being read or opened] in this case 'CAVEMAN.DAT' and the buffer which is a bit different in dos than windows (ds:dx for dos). Difficult to see how the calculations on what is read from the file without dissasembling but looks like some sort of xor from the output of the text on the screen. I then analized the output on the screen and found it NOT to be a plain xor. hmmmmm,.... My brain is getting clogged up with to many thoughts. I`ll try again tomorrow. Incedently, there is a part of the file that looks like 'T.abcdfw'.Don`t know of this has any importance yet. And there seems to be a lot of campare / jz combinations in there too. L8R Mushy!!!! mushy |
Mushy`s Thread (mushy) (20-Feb-99 05:26:45) |