CompuPic Cracking

Project 11 - April 26, 1999

+=widY@cL 2011=+

from newbie to another

Tools used	: W32dasm 8.93 - Hiew 6.04
Target	: CompuPic 4.50 build 979
Homepage	: http://www.photodex.com

CompuPic is a high performance, easy to use digital content manager distributed exclusively online by Photodex. Digital Content Managers enable graphic and web designers, digital photography enthusiasts and business and home users to efficiently acces and manage digital content stored across a single hard drive or across a network.

Ok .. run the program .. aah we have a trial message .. skip it .. this time we're not gonna find out the correct password .. 'coz we have more interesting way to registering this program .. now look at the title bar .. you should see ' Evaluation Copy ' .. this text won't show up if we are a registered user right ?! .. heh a good hint don't you think ?! .. let's dissasemble compupic.exe .. find the text in SDR .. waah it's not in here ! .. now dissasemble if.dnt .. wait ... wait .. done .. ok find the text in SDR .. double kick on it :

10004B57	E824B30200	call 1002FE80	; we must return from this call with EAX=1
10004B5C	85C0	test eax, eax	; ands 1 with 1 result 1 ( zero flag not set)
10004B5E	753A	jne 10004B9A	; so we'll jump to 10004B9A (good routine)
* Possible StringData Ref from Data Obj ->" - Evaluation Copy"

Now let's take a look what's inside the CALL .. snip .. snip .. aah here is the interesting parts :

* Reference To: if._ReadRegVal@12

1002FEBD	E86EE5FFFF	call 1002E430
1002FEC2	85C0	test eax, eax
1002FEC4	0F858F000000	jne 1002FF59	; we should nop this jump
1002FECA	6639742408	cmp word ptr [esp+08], si
1002FECF	0F8584000000	jne 1002FF59	; nop
1002FED5	668B44240A	mov ax, word ptr [esp+0A]
1002FEDA	660344240C	add ax, word ptr [esp+0C]
1002FEDF	668B0DBC630A10	mov cx, word ptr [100A63BC]
1002FEE6	6603442408	add ax, word ptr [esp+08]
1002FEEB	662944240E	sub word ptr [esp+0E], ax
1002FEF0	66394C240E	cmp word ptr [esp+0E], cx
1002FEF5	7562	jne 1002FF59