Thread: Beginner with OnGuard Target
View Single Post
  #12  
Old 02-06-2018, 12:23
psgama psgama is offline
Friend
  
Join Date: Jul 2014
Posts: 101
Rept. Given: 0
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 75 Times in 44 Posts
psgama Reputation: 6
cgrs,

I believe the key being used is

0DEBF4F725768E6195BD7A1226CC782C

It has been a very very long time since I worked on this protection, and can't seem to remember how to trace the modifiers out. But I believe this should be a start.


In ollydbg it is loaded here
Code:
 dregistro::TFormRegistro.OgDaysCode1GetKey
 00770194    push       ebx
 00770195    push       esi
 00770196    push       edi
 00770197    mov        ebx,ecx
 00770199    mov        edi,ebx
 0077019B    mov        esi,9E5674
 007701A0    movs       dword ptr [edi],dword ptr [esi]
 007701A1    movs       dword ptr [edi],dword ptr [esi]
 007701A2    movs       dword ptr [edi],dword ptr [esi]
 007701A3    movs       dword ptr [edi],dword ptr [esi]
 007701A4    pop        edi
 007701A5    pop        esi
 007701A6    pop        ebx
 007701A7    ret
Reply With Quote
The Following 2 Users Say Thank You to psgama For This Useful Post:
cgrs (04-04-2019), Indigo (07-19-2019)