Reserving with Resource DLLs

[redbull]

Hi GUys,

I am reversing the latest MobSync 2.0.3. An application which allows you to syncronize a windows mobile phone with files on windows computer. IT has lots of options and a really good tool.

http://doosoft.seesaa.net/

The program is written in Borland C++ 6 (BCB6) and IDA and DEDE seem to do quite well on the target. No packing or protection.

The protection consists of an ID and a password.

It uses Localization software to help you build other languages.

The native EXE is built in the Japanese language and when you run the program it tries to load the language for your region. Eg mobsync.enu (english) mobsync.de (german) etc.

These other files are basically resource DLLs (mobsync.enu).

I have located the Japanese resource strings for "Registered" "Unregistered" etc. And marked them in IDA at the right position.

Problem is the PE file has all its strings in the ".rsrc" section and not ".data" so IDA 5.1 does not link the string to any of its references. So i have no xref's for these strings. I tried various options when analysing the file in IDA with no luck.

I have found the MessageBoxA calls and calls to determine where the serial is read.

But the target is quite tricky because it writes a serial file. <username>.ser2
So I want to make sure I find all the places and patch the target correctly. (Actually I want to keygen it)

My question is really how to get IDA to recognize these strings or how to find the "link" between the strings and their references.

I am not expecting people to do my work for me but I need a push in the right direction.

There is a large table, which I will post the real code later, which could be a clue

Something like:

a425530: db offset_421334 [text, dd_213324]
a425534: db offset_421316 [text, dd_213324]
a425538: db offset_42133A [text, dd_213324] etc

And I and guessing this is where the major work is done.

I want to ideally write an IDA script to map these resources and rename them to their reference strings.

[redbull]

Done!! 6 byte patch

Screw the resources, Olly never lies.

[Git]

You are assuming he wants to patch it. I thought he wanted to reverse engineer it

Git

[ahmadmansoor]

it is good if u make a flash movie on what it happen with u .
so every one here will learn something .
maybe tut at least .
Thanks

[redbull]

Hi Git and Ahmadmansoor,

Yeah I did want to reverse it but I can't come right with the resource strings. I have found the serial generation routine, but I could patch the result of the function in 6 bytes.

The serial number routine was very simple but the serial number file "username.ser2" is the one that's giving me trouble.

I have the C++ code reversed from the serial number routine but it looks too complicated for me to care. Going to have to think if I still want to keygen this target.

Thanks anyway

Redbull

[Git]

I have seen an IDC script that adds the string as a comment to each resource reference, like WD32Asm does.

Git

[redbull]

Hi Git,

The script is have is "parsersc.idc" by XDA Developer itsme.

I dunno if you have another. I run this script and I get an error right away. I am not sure if I need to select bytes before running the script. Does not look like it in the script source.

I am putting together a video on my experience with this crack as Ahmadmansoor requested.

Do i host the crack on YouTube or tuts4you ??

[Git]

Can we have a look at the script please, may be able to find the problem. If it is the one I remember, you have to set a variable to tell it which kind of resource to search for (String, Dialog, etc) .

Later... ius it this one? :
http://nah6.com/~itsme/cvs-xdadevtools/ida/idcscripts/parsersc.idc

Git

[Git]

Sorry to reply to myself but the Edit button still disappears a few minutes after posting.

That script above is not finished, it does not even have a main(). However, this looks like the one you want :

http://nah6.com/~itsme/cvs-xdadevtools/ida/idcscripts/addstrcmt.idc

Git