"Welcome to ByteCatcher™.  You have made the right choice, and you now have a compact, simple, and intuitive utility that will

(1) speed up all your file downloads and
2) save hours of frustration from those dropped connections when getting files."

If you have CuteFPT32 then you don't need this program since CuteTFP32 is much better and offers much more by way of ease of use. Bytecatcher's main selling point is that it can resume broken downloads should your ISP connection breaks down, but CuteFTP32 already does this and much more besides.
 
 

About this protection system

 
Registration is via selecting the Help drop-down menu then selecting the 'About Bytecatcher' option then selecting the 'Register' button.

 
In the Register Screen your asked to provide:-
 
Reg No:
User Name:
Company Name:
 
This program is not compacted or encrypted in anyway.
 
 

The Essay

 
 The protection system employed in this program is virtually nonexistent, it will keep out everyone who never tries to look at the actual code itself but other than that, its open season for anyone with a few minutes to spare and a disassembler on hand.
Don't believe me?.   Then read on...

As a newbie to cracking my first attempt was to set a breakpoint in Softice so that it would break on the messageboxA function to capture the moment when the program presented me with a  'Invalid Registration Code' dialog box in response to me trying to enter a fake registration code into the program.

No problem, Softice breaks as expected and I'm in, now I use the F10 key several times so that I'm back into the actual Bytecatcher's code and then proceeded to set various breakpoints on suspicious JPZ statements that followed CMP & TEST instructions.

I spent almost an hour eliminating the various breakpoints I had set and by which I had now made quite a few pages of notes on what each part of the protection system did and how but for some reason was still no where near cracking it.  From what I now knew about this program made me feel I was close to the answer but still the crack eluded me.

It was at this point I decided to create a 'Dead Listing' of this program using Windasm32 so that I could compare my notes with the source listing just in case I had missed something along the way.

The first thing I always do is to check the string data within the target's program, it often helps to locate routines within the program much quicker and while I was doing this I saw the following string: "239856538576" which looked out of place and so located it's reference within the source code and found it here:-
 
* Possible StringData Ref from Data Obj ->"239856538576"
 

:0040F5DA 689CB04A00   :0040F5DF 8D4DF0   :0040F5E2 E8B93BFFFF   :0040F5E7 85C0   :0040F5E9 0F85AD000000

push 004AB09C  lea ecx, dword ptr [ebp-10]  call 004031A0  test eax, eax  jne 0040F69C

 
 
What's happening here is this:

The program is pushing onto the stack the memory address 004ab09c which has at that address, the value '239856538576' and then a couple of lines down there is a test eax,eax instruction which is comparing a register with itself. Could it be testing to see if it's comparing the registration code we enter with this string value of '239856538576' ??
 
Since this number looks out of place I went on a hunch and re-entered the program's registration screen and for my registration code I entered 239856538576 and entered the Name of 'Sandman' followed by a '#' for the Company name.  Pressing the OK button resulted in the About dialog screen to be shown with my Name being shown as the Registered owner!!.   If you try and re-register the program again it will display a message saying it has already been registered..

What do you think of this!.  The program keeps it's registration code 'hard coded' within it's self, it uses NO encryption on it what-so-ever to hide it from prying eyes, so any utility caperble of loading this program into itself and displaying ascii characters will reveal the registration code.

We've now shown how to best *crack* this program, simply locate it's built-in registration key and use it to register the program in whatever name and company we choose but their are other ways we could have chosen to crack this program.

Remember the snippet of code I shown you earlier:-

push 004AB09C
lea ecx, dword ptr [ebp-10]
call 004031A0
test eax, eax
jne 0040F69C

Well, if we changed the jne 0040F69C to jmp 0040F69c then no matter what registration code we type in it will always be the right one.

Job Done.....
 

The 'Crack' Loader

 
There is no need to create a crack loader for this program, since we can always use the built-in Registration Key so kindly provided by the author..:).

However, another way we could do to provide a crack for this program is to locate the entry within our win'95 registry file which is at:-

HKEY_CURRENTUSER\Software\Microsoft\Save-it Software

and save this whole entry to a .REG file, then all the User needs to do is double-click on this file and hey presto, their Bytecatcher software is fully registered!.
    

Final Notes

 
After this crack I will always be using a 'dead listing' on shareware programs I'm about to study, it only takes a few moments but could very well save me hours of fruitless searching.
 

My thanks and gratitude goes to:

Fravia+ for providing possibly the greatest source of Reverse Engineering
knowledge on the Web.
 
+ORC for showing me the light at the end of the tunnel.

 

Ob Duh

 
Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will continue to  produce even *better* software for us to use and more importantly, to continue offering even more challenges to breaking their often weak protection systems.
 
If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks etc.