Tried unpacking DVDIdle Pro - AsProtect

I see what you mean britedream.

Still some problem though. I've compared the "code" section of mine and your dumped exe and even though there are no differences, yours is registered and mine is not. Do you have custom code executed in any of the other sections.

[britedream]

you saw the address at 444600 ,where my name is,just go to the address moved to eax in dump and change the value to 444600.
you should change the value of the address moved, not the address its self.

Hehe, sorry for being so thick. All is well and it runs registered now.
Thanks a bunch m8

To lownoise,

When I changed the code to xor EAX , EAX DVDIdle Pro came up with the splash screen.

Is this something that is commen with AsProtect? I recall Stripper creating a working exe out of dvdIdle Pro.

I thought this whole process was to create an unpacked version of the original program. yes?

I will look thru this executing exe and see if I can discover the algorithm for the serial #.

After doing some tracing....

Since I am interested in creating a serial#.... the code to check for a valid serial # is missing. That's why the XOR EAX,EAX works because the serial# check is missing (from the program). It's not being left in "unpacked" program (which is probably why there aren't many keygens for AsProtect Programs IE: PowerStrip and DVDIdle Pro/Region Free).

I BP on all (and every) RegQueryKey and it never loads hKey with "KEY" which is where the code is stored in the Registry.

When you go thru the enter serial # dialog box.... it's a dummy... no check is done. It just saves it to the registry and tells you to restart. When you restart the program.... it bypasses the missing code due to the XOR EAX,EAX.

How do I get that code into the pack as well? Is it impossible with AsProtect?

-Malt....

Me Thinks I have to do this in memory... and not from an unpacked file.

[MaRKuS-DJM]

hm... do you think you can keygen RSA1024? Asprotect checks the serial on startup, then it sets global variables which get the program registered. a way to dump the program registered is to use asload, break on EP of asprotected program, then let Asload do his job you can dump registered

Asload has a system to bypass the RSA-Algorythm & load it registered nearly like the loader of TMG for AnyDVD.

Well,

I am attempting to trace the code to reverse it. Things I know so far:

After pressing F9 once.

Press SHIFT + F9 22 (BEFORE it's placed on the stack) times and the stack holds the key brought in from the registry. It's stored here in memory: STACK 12EA90: 9910D4 (address). Address varies by size of key

Try this:
Create a new String Value of "KEY" in: KEY_CURRENT_USER\Software\DVDIdle Pro

Right click modify and place something obvious... MARKUSMARKUSMARKUS in it

Press F9 once, then SHIFT + F9 (22 times to see it already loaded in stack)
Look at 12EA90

This is as far as discovery as I've made... Since I'm new to olly (not reverse engineering techniques) I am attempting to bp when my fake key is loaded and backtrace.

If you are interested in this with me I will share everything I find.

-Malt

I could use some help too along the way if you have time.

P.S. MaRKuS... I'm not trying to crack the encryption. That would be if I had an encoded string... and tried to figure out what it originally said before it was encrypted without the formula. The formula/algorithm for AsProtect/DVDIdle is in the code as it checks it's validity. One just has to reverse the steps. So technically I'm not trying to perfrom an amazing feat... Getting to that code is my focus now.

[britedream]

Quote:

Originally Posted by MaRKuS-DJM

hm... do you think you can keygen RSA1024? Asprotect checks the serial on startup, then it sets global variables which get the program registered. a way to dump the program registered is to use asload, break on EP of asprotected program, then let Asload do his job you can dump registered

Asload has a system to bypass the RSA-Algorythm & load it registered nearly like the loader of TMG for AnyDVD.

Markus, I am curious to know, asprotect checks in asprotect region that isn't in
the dump file once unpacked. does asload read back this region to dump, we can read any region from asprotect to be included in dump.but there is onther way to

register, that is to write a dll, then have small patch in the original to load the dll and trick asprotect to allow you to patch it. I have seen this done. but I believe reading the right region back to dump is much easier to do.