What’s wrong in this picture?

While browsing around http://www.apple.com/downloads to check for any interesting software (I really like the Featured 3rd party and latest software sections) I found this well designed CD burning app, Disco (http://www.discoapp.com).

I really like their website design (I have a big passion for design although I can’t design anything myself) and decided to try their app since it fits two characteristics, well designed interface and a software protection! Hurray.

Open it, bang, Little Snitch warns about connection attempt and a nice registration dialogue appears. Try to input some name and some serial, press register, nothing happens! Hummmm it seems we might have a challenge here!


Next step before loading the all mighty GDB and otx is to look at Contents/Resources folder and check out the NIB for this registration screen. One file calls my attention: registration_successful.aif.
So what can we try? Disassemble main binary with otx and search for registration_successful. Bang we have an hit!

-(void)[DCPreferencesController doRegister:]
0002b522  8b1544500400       movl    0x00045044,%edx     validateName:andCode:
0002b528  890424             movl    %eax,(%esp,1)
0002b52b  89542404           movl    %edx,0x04(%esp,1)
0002b52f  e84c1d0200         calll   0x0004d280          -[(%esp,1) validateName:andCode:] <- CRACKME
0002b534  84c0               testb   %al,%al
0002b536  7453               je      0x0002b58b
0002b538  c7442408fc3a0400   movl    $0x00043afc,0x08(%esp,1)  registration_successful
0002b540  a1ac580400         movl    0x000458ac,%eax           soundNamed:

And that’s it, game over… We have an entry point. Test it by loading into GDB, bypass that jump and voila, Thank you for registering….

If we load again the program, it’s still not registered but that’s not what I’m looking after here. Entrypoint is found and game is over! No challenge here but a good example of why simple details matter to defeat protections.

Is there any equivalent to GetWindowTextA (and friends) in Cocoa? Can we breakpoint on text input? How? It’s possible to check the NIB but that’s not always available.

Btw, check this other app from the same company, http://www.versionsapp.com. If you use SVN it looks like a killer app (I use Mercurial).