Happy Log v1.51
Written by anTiHerO
Protection: Registration and 15 Day Trial Limit
About: Happy Log is an interactive log file analyzer with a wealth of different analysis to help you optimize your site, check out what your visitors are doing, how they got there, and much more.
The analysis is presented in easy to read lists or graphs.
To use Happy Log, you need to have access to your server's log files. If you are using a web-host, you can easily download the log files with the built-in FTP function. Happy Log can also execute commands over Telnet. In this way, you can for example compress the files before you download them, and reduce transfer time to 1/10:th.
With the unique feature, Targets, can you check to see if your visitors are doing what you want them to do. If, for example, a search from a search engine is guiding a visitor to your site, you can see if the visitor is going to the page that you want, or downloading a file, etc.
Tracking lets you create reports reports based on the visitors who are guided to your site from another site. When the function is on, Happy Log tracks all movements from a visitor whish arrive to your site from a refereeing site. This can be a search engine, clicking on a banner, etc. If you are having a banner campaign, this is very useful to check if it is successfully or not.
With advanced filtering can you select parts of the log files for special studies.
You also have access to the raw log data, which can be easily searched..
With Happy Log you will get:
The analysis can also be exported to HTML, Microsoft Word or Microsoft Excel as files, without use of DDE, OLE, etc.
Debugger (eg Softice or TRW2000)
Half a brain
OK, shall we begin? Before we start, I have to say that the protection on this program is awful, they only seem to have done half a job (what I mean will become obvious later on!). Right, lets find the serial!
When we start up Happy Log we are greeted by a nag screen displaying three options, we want to enter a serial number, so click on the top button. OK, what do we see? 8 dialogue boxes! I entered the following information into the eight boxes;
1111 – 2222 – 3333 – 4444 – 5555 – 6666 – 7777 – 8888
Before we click ok, we need to set up a breakpoint within softice, so open up your debugger window using Ctrl+D, and type the following to set the breakpoint on HMEMCPY;
Close the softice window by using Ctrl+D, then hit the register button, BANG, we are straight back into softice. This is where things get interesting. Because the registration contained eight dialogue boxes, you would expect to trace through eight instances of program code before you get to the juicy stuff, but not in this case! All will become clear shortly. Using F12, we need to skip through to the FOURTH instance of our program code (not the eighth), once there, trace through the code using F10 until you get to the following piece of code;
00484447 CALL 004043D0
0048444C LEA EDX, [EBP – 20]
0048444F MOV EAX, [EBP – 08] ßMove 1,3,5,7 parts of “fake” serial into EAX
00484452 CALL 00409B08 ß-----------------------------------------------------------------Type D EAX to see 1,3,5,7 parts of fake serial
00484457 CMP DWORD PTR [EBP – 20], 00
0048445B JZ 00484630
Right, if you typed D EAX when the call at 484452 is highlighted, you will be looking at;
Hmmm, it’s taken the 1st, 3rd, 5th and 7th parts of our fake serial. If we trace through the code a bit further, we land here;
0048447D CALL 00483D7C
00484482 MOV EDX, [EBP – 28] ßMove 1,3,5,7 parts of real serial into EDX
00484485 POP EAX ßPull EAX containing both serials off the stack -----Type D EDX to see 1,3,5,7 parts of real serial
00484486 CALL 00404420 ßCompare the two serials -----------------------------------Type D EAX to see both serials
0048448B JNZ 0048461B ßIf serials are different, jump to “Bad Cracker”
If you typed D EAX while the call at 00484486 is highlighted you should be looking at;
1111333355557777 followed by….
4c8e86ecc3e782de write this down,
OK, I am going to save you a lot of time here……..Remember at the beginning of this tutorial when I said that the protection was awful? Now you are going to learn why. It now looks like we have half of our real serial, corresponding to the fake serial we entered into the 1st,3rd,5th, and 7th dialogue boxes, and we must now try to find the other half of the real serial, corresponding to the 2nd,4th,6th, and 8th dialogue boxes. DO NOT BOTHER! We already have what we need! For some reason, the programmer responsible left the program only needing half a correct code!
So, disable the breakpoint in softice by typing bc * , then Ctrl+D to exit. Get rid of the “Bad Cracker” message and enter what we have found into the registration box;
Initially, we had 1111 – 2222 – 3333 – 4444 – 5555 – 6666 – 7777 – 8888
Now we enter 4c8e – 2222 – 86ec – 4444 – c3e7 – 6666 – 82de – 8888
“But We Still Only Have Half A Real Serial!” I hear you cry. Trust me. Click OK. REGISTERED!!!!! See, I told you the protection was lame! I don’t know whether the programmer was too lazy to protect the program properly, but that is his problem! C U Soon.
Pat yourself on the back, grab a beer and a cigar, and relax, safe in the knowledge that you just learnt something usefull!!
[T]urb0z – For introducing me to these infernal machines
The TRES2000 Crew
The information in this essay is for educational purpose only!
You are only allow to crack, reverse engineer, modify code and debug programs that you legaly bought and then for personal use only!!
To ignore this warning is a criminal act and can result in lawful actions!
So please note!
I take no responsibility for how you use the information in this essay, I take NO responsibility for what might happen to you or your computer!
You use this information on your own risk!!
What I mean is: Please buy the software!
Essay written by anTiHerO ©TRES2000. All Rights Reserved.