Softec Keyboard training 1.10
Visual Basic 6
Written by McCodEMaN


Introduction


Greetings and welcome to the noble art of reverse engineering!

This program was recommended to me by a scandinavian friend, he was trying to reverse it and neded some hints.
So I decided to write this essay, hoping it would inspire me to finish all those half done essays I've got.

...happy hunting!



Tools required

Numega SmartCheck v6.x



Target's URL

http://www.ssw.nu/



Essay

 



 

Step1 Run Smartcheck and configure the settings, like this:

      Under Program/settings menu:

     *ERROR DETECTION: Check all boxes except 'Report errors immediately'

     *ADVANCED SETTINGS: Check the first four boxes. The others should be emty!

     *REPORTING: All boxes should be checked except the one for:
                                 'Report Mouse Move events from ocx controls'
 
 
 

Ok, Smartcheck is ready, are you?
 
 
 

Step2  Load and run Tangentbordsträning.exe, when the app is loaded select Register under the Help menu.

           Type in: Reg. Name
                        User Name
                        Dummy code


           When the nag appears, terminate.


Step3 Go into 'cmdOK_Click' and down to the first 'txtRegKod.Text', then select Show All Events from the View menu.



           It should look like this....



           + cmd OK_Click

                  _TextBox:: AddRef returns DWORD:1

                  __vbaObjSet returns LPVOID: 2EC0014

           + txtRegKod.Text                 
<======================Here we are!

                  _TextBox:: AddRef returns DWORD:2

                  __vbaObjSet returns LPVOID: 2EC0014



Scroll down to....

           + txtRegtill.Text


                  __vbaStrCmp returns DWORD:FFFFFFFF

                           
="[Your Name]"
                           ="McCodEMaN"


                  __vbaStrCmp returns DWORD:1

                           ="McCodEMaN"


                  __vbaStrCmp returns DWORD:FFFFFFFF

                           
="[User Name]"
                           ="McCodEMaN"


                  __vbaStrCmp returns DWORD:1

                           ="McCodEMaN"


                  __vbaStrCmp returns DWORD:FFFFFFFF

                           
="[Reg. Code]"
                           ="1234567890"


                  __vbaStrCmp returns DWORD:1

                           ="1234567890"



                  Hmm, It feels like we are getting closer and closer to that code generating routine, let's go and get it...shall we!



           + Mid $

                           ="McCodEMaN"
                           =Integer    iVal=1 0*0001


                  __vbaStrMove returns DWORD:52BBB0

                           ="M"



           + Asc returns Integer:77

                           ="M"


                  __vbaFreeStr returns DWORD:20

                           ="M"



                  __vbaFreeVar returns DWORD:20

                  Double (80. 85)-->Integer (81)


           + Chr



                  __vbaVarCat returns DWORD:72F1E4

                  __vbaStrVarMove returns DWORD:52BBD4

                           
="Q"


                  __vbaStrMove returns DWORD:52BBD4

                           ="Q"


           + SysFreeString

                           ="Q"


           + Mid $

                           ="McCodEMaN"


                  __vbaStrMove returns DWORD:52BBB0

                           ="c"


           + Asc returns Integer:99

                           ="c"


                  __vbaFreeStr returns DWORD:20

                           ="c"


                  __vbaFreeVar returns DWORD:20

                  Double (103. 95)-->Integer (104)


           + Chr

                  __vbaVarCat returns DWORD:72F1E4

                  __vbaStrVarMove returns DWORD:502388
                           
="Qh"


                  __vbaStrMove returns DWORD:502388

                           ="Qh"
                           ="Q"


           + SysFreeString

                           ="h"



                   As you see the program calculates a valid code based upon our username.
                   My username has nine letters, so if I would like to find the serial without viewing all the code I can scroll by
                   nine 'SysFreeString'!

                   So I think I'll do just that and when doing that I landed here:


                   __vbaStrCopy returns DWORD:502388

                           ="Qhxxxxxxx" <================Here we have our valid serial!




Final Notes



I would like to thank:

attiTude, tKC, Razzia, MrX, members of TRES2000 and my beloved Jen!




When ever there is a door,
there is an entrance.
And behind an entrance can no secret hide,
when a cracker takes his knowledge for a ride



ObDuh  

The information in this essay is for educational purpose only!
You are only allow to crack, reverse engineer, modify code and debugg programs that you legaly bought and then for personal use only!!
To ignore this warning is a criminell act and can result in lawful actions!

So please note!
I take no responebility for how you use the information in this essay, i take NO responebility for what might happen to you or your computer! You use this information on your own risk!!

What i mean is: Please buy the software!







Essay written by McCodEMaN ©TRES2000. All Rights Reserved.
1