Posted by +Sandman on 1/22/2000, 7:45 am
, in reply to "Re: interesting find"
212.139.131.132
Greetings HaQue, Well spotted and YES, this is most definatly part of the challenge. The underlining aim of this challenge is -observation- and -understanding-, -trial- and -error-, it's all part of the whole package.
What you found is a kind of back-door to the serial registration routines, most proberbly used to check that the program correctly checks & validates the serial code and that it also updates the User's Registry file.
Having found this back-door, it's worth exploring this further..Have you tried entering an -invalid- serial into the program while leaving the Name & Company fields blank?. Does the program now check for empty data fields? Using W32Dasm or Softice, can you see what the program checks for first? I.E, does it check the entered serial first, or, does it check for invalid Name/Company first?
The reason why I ask is that -some- programs that check the serial first actually generate a -real- serial for blank name/company fields before it then realizes that the User hasn't entered any data into the name fields and cancels the registration process. This is all part of reversing, learning the strengths & weakness of our target program.
Regards
+Sandman