Subj : Cracking DOS software
To   : All
From : AKAcastor
Date : Thu Apr 04 2024 11:36:10

Anybody interested in cracking DOS (or other) software?

I have done some reverse engineering work and have some familiarity with software disassembly, so I've been poking at some DOS programs for fun and created a few cracks and keygens.  One of the most fun has been a keygen for Buccaneer (door game) - my interested was sparked by a post on reddit:
https://www.reddit.com/r/bbs/comments/1b626zo/curious_if_anyone_remember_my_fathers_door_game/

If anybody else is interested in cracking some old software, I would love to swap notes and have some discussion.

It's certainly interesting seeing the different levels of protection in various software - sometimes it is pretty easy to find and disable the registration check, or to write a simple keygen.  Sometimes there are multiple layers of obfuscation and anti-disassembly and anti-debugging techniques.  It's hard to predict what to expect!

I started looking at the EZ-ROM door, and wow it has layers of protection that I hadn't expected to see.  Self-modifying code, overlapping code segments, some pretty significant obfuscation.  I spent a few hours stepping through code in DOSBox-X debugger and loading decrypted code segments into IDA, which got me to the subroutine that reads EZROM.KEY, but haven't worked out any idea of what it's doing with it yet.

It looks like EZ-ROM is written in Turbo Pascal, I wonder if this protection is part of the Pascal code or if it is a wrapper around a compiled program.  I would imagine there's heavy use of assembler to implement the anti-disassembly/anti-debugging/obfuscation.  (just thinking out loud)


Chris/akacastor

--- Maximus 3.01
 * Origin: Another Millennium - Canada - another.tel (21:1/162)

.