Thread: [ARMADILLO] 1 serial & 1 key - need input
View Single Post
  #1  
Old 02-17-2005, 11:28
Maltese
 
Posts: n/a
[ARMADILLO] 1 serial & 1 key - need input
I have successfully unpacked TheaterTek 2.06 which was packed with Armadillo.

The activation process is as follows:

A Window pops open asking for the 1st serial#. In this box the cancel button is active.... however the OK button is ghosted out. If you enter in a valid serial# the OK button will become active. There is a check for a valid serial# within this routine as it is running waiting for input.

I am trying to reverse this to help generate a valid serial# and then generate a valid key to make a keygen. (might change my mind if I can make a simple crack).

I can bypass this window and make the program think it has a valid serial #. It tests EAX,EAX. If EAX=1 it's good. This routine is called about 6 times within the program (search all commands w/Olly). I modified the routine to output EAX=1 everytime.

The program will now bypass the serial window and continue on.

You can then see that it generates a unique number based on your system (Armadillo crap).

The 2nd step of the activation is that you get a 9 (I believe... xxxx-xxxx) code which is used to create/check against a new key you enter in. The key is in the format: xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx. The OK box is RED meaning you have to enter in a valid code. Once you enter in a valid code, it will turn GREEN.

There are other checks inside the program. Because the program is dumped the armaccess.dll functions are not there. There are at least 3 routines I can see.... VerifyKey, InstallKey, and UpdateEnvironment. Every time these routines are called they will exit with AL=0 which the program looks for AL=1. I can modify the routine but it's still not enough.

I can get the program to run and play a DVD. However there is another problem. There is no audio for DVD playback. If a valid key is installed it will play the audio. The serial is not important for this function. There is another check somewhere or it isn't a check just a side affect of dumping the program.

This is why I am looking into a keygen. I have a valid one for reference don't want to add it in the code so that it is blacklisted.

If anyone has any input as to how I can get inside the routines (inside the windows checking in realtime if they are valid or not). I'm stuck on PeekMessage. I found the loop.... I was hoping to set a bp so that when a key was entered it would break. But can't find it "yet".

Please help.

-Malt
Reply With Quote