Rockey4

[Kyrios]

Hi,

Anyone has experinces with rockey4? I have a program (17MB) with rockey4 protection. I also have the dongle right now. But i want to use it without the dongle.
Before the call to Rockey, the flag is set to ax.

Mov ax, some word
Call Rockey
mov eax, dword ptr (esp)

The result always static value. It could be token left, dongleID, expiration date, etc. And always depend of the value of AX. For example if AX=1, always return token left. If AX=2, always return dongle ID. IF AX=3, always return expiration date. I have no problem with this kind of routine. It's done. I could modify the return value to anything i want coz it's static value.

But i have trouble with this kind of routine.
Mov ax, some dword
Push [ebp]
push [ebp+4]
Call Rockey4
mov ecx, [ebp]
mov edx, [ebp+4]

The final result depend on the push [ebp] and push [ebp+4]. And the initial value (before call to rockey) is always differ, depend on the library (music) file i load. The library music file came from the author of the program. And the amount is huge, about 10k files (3 DVDs). And the whole files are encrypted. In the beginning of each file there's 2 dword which are ALWAYS differ from each other. These values are used for initial push before call to Rockey. And the result values (which are moved to ecx and edx) are used the decrypt the music library file currently load. So you already know my currently situation.
So my question is how do i know what rockey doing with the inital values being pushed to stack? So i can ripped the code and inject it to the exe?

If someone interested with the target, i have upload it to yahoo mail i created for this purpose. Also my current progess which it can run without the dongle but can't decrypt the music libraries from the DVDs (came from author, package from purchase). Just PM me, i'll send the ID and the passw to you.

BR,
kyrios