Valid registration codes, then, must be 10 characters long. The user's input is presumably stored in local_10, we then call and proceed to manipulate the registration code further only if the length is 10. We see that the InputBox function is called with the title and prompt of the registration code input window. 1 It appears, then, that this is a relevant target for our analysis, so we examine in greater detail Ghidra's decompiled output, which is a feature not available in IDA Free.
We note that TMainForm.Register1Click contains references to "Enter Registration Code" and related strings which appear in the dialog when the user accesses the registration feature of the software. We can then import this data into Ghidra using Dhrake, which identifies the function at 0x4f64dc as TMainForm.Register1Click, and also identifies other functions such as InputBox and which will greatly help with analysing the disassembly: To overcome this, we leverage IDR, the Interactive Delphi Reconstructor, which extracts the relevant symbols from the binary: Both Ghidra and IDA have trouble with Delphi binaries, resulting in missing symbol names and missing labels relating to Delphi classes. We know from the metadata of the software binary that this build was produced in Delphi 7 (released 2002). Ghidra can perform a more extensive analysis via Analysis → One Shot → Aggressive Instruction Finder, but the result is still incomplete.
As it turns out, this is one function which will be relevant to our analysis. IDA automatically identifies a function at 0x4f64dc, but this is not identified by Ghidra. For example, see the following Ghidra disassembly: In comparison to IDA, Ghidra requires some coaxing to correctly disassemble the software binary. Since then, the US National Security Agency has released its reverse engineering tool, Ghidra, as open source software, which I will use for this project. In an earlier post about another reverse engineering project, I used IDA Free as a disassembler. The software became abandonware circa 2009 when it ceased to be offered, and while the software binary has been archived, to date there has been no effort to restore the functionality once available with a free licence. A free licence could be obtained by registering online with the software vendor. The software was available in an unregistered trial mode with limited functionality. This series concerns a software licensing system used in a proprietary software application from circa 2004.
0 kommentar(er)
