Tutorial Number 6
Written by Etenal Bliss
Email: Eternal_Bliss@hotmail.com
Website:http://crackmes.cjb.net
http://surf.to/crackmes
Date written:2nd Feb 1999
Program Details:
Name: CrackMe v2.0a
Author: Borna Janes
Language: Visual Basic 6
Tools Used:
NuMega SmartCheck 6.01
Cracking Method:
Understanding and Analyzing Data in SmartCheck
Viewing Method:
Use Notepad with Word Wrap switched on
Screen Area set to 800 X 600 pixels (Optional)
__________________________________________________________________________
Foreword
Before you read the following, I suggest that you go to my website and read
my two essays on VB cracking first. You will find the common breakpoints
and some uncommon ones. And there are explanation on what they are for.
Also, I have described the common things you will see in SmartCheck as well.
They will aid in understanding all the information given by SmartCheck and
are definitely useful.
__________________________________________________________________________
About this protection system
No disabled function. Protection is based on a 9 digit combination which
are compared one by one. Before any serial is checked, the length is
compared first. If it is not 9 characters, no checking is done.
__________________________________________________________________________
The Essay
As this is a tutorial for newbies, I'll go into details about how I go about
cracking the program. I suggest that you read this tutorial first.
When you have completed the tutorial, leave this tutorial open and follow
the instructions while using SmartCheck. Re-do it once more after you have
completed the step by step guide...
__________________________________________________________________________
Understanding and Analysis
Run SmartCheck. Load the program using it by using "File", "Open"
and choose Bjcm20a.exe
If this is your first time using SmartCheck, do the following:-
Under Program Settings:-
Error Detection: "tick" all boxes except "Report errors immediately".
Advanced: "tick" first 4 boxes.
Make sure "Suppress system API and OLE calls" is not "ticked".
Reporting: All boxes "ticked" except for "Report MouseMove events
from OCX controls"
**I have captured the images of the three boxes for better reference. They are
available on http://crackmes.cjb.net or http://surf.to/crackmes
Run Bjcm20a.exe in SmartCheck by pressing F5. Type in any registration
code you want. (I used 99999999) Then click "Check It". You will get an
error message. Exit the program.
Ok. You will see a few lines in the left window. Look for Command1_Click.
**This is the subroutine in VB that is called when you click on the
"Check It" button.
Click on the "+" sign next to Command1_Click to expand the thread in it.
You will notice that there are only 3 lines.
The most important line is
Len(String:"99999999") returns LONG:8
**This means that the length of the code you entered is checked...
So, I tried 9 characters... "999999999"
Re-run the program and enter "999999999". You will get the error message
again.
Click on the "+" sign next to Command1_Click.
This time, you will see more lines in it with other functions like
Asc and Mid...
So, we are right about the length check.
Under "View" in SmartCheck, choose "Show All Events" and "Show Arguments".
**This is also capture in a file called setting4.jpg file on
http://crackmes.cjb.net or http://surf.to/crackmes
**Make sure you click on Command1_Click first or you will be lost
in a sea of codes!!!
Interesting lines include:
1) Mid$(String:"999999999", long:1, VARIANT:Integer:1)
**This means to get the first char of the code you entered.
2) __vbaVarTstNe(VARIANT:Const Double:9, VARIANT:String:"3")...
where did the "3" come from?? And it is compared to our 1st char "9"
**__vbaVarTstNe means VARiant type data is TeSTed to see if they are
Not Equal
So, we will presume that the first char must be 3.
Choose "Show Errors and Specific Events" under "View" to reduce the
number of lines.
Then, re-run the program and this time, enter "399999999"
Repeat the steps above. you will see even more lines now.
Click on the "+" sign again.
This time, after the 1st __VbaVarTstNe, you will see
Mid$(String:"399999999", long:2, VARIANT:Integer:1)
**It means get the 2nd char which is "9"
Near the end, look for
__vbaVarTstNe(VARIANT:Const Double:9, VARIANT:String:"0")...
Again... a mysterious number "0" appeared.
But you will know that we are on the right track because the 2nd char
is now being compared...
So, repeat the steps above again. Entering "309999999"
**Reminder, make sure you reduce the number of lines first by choosing
"Show Errors and Specific Events" under "View"
Keep doing the same thing for 9 times and you will get this serial...
301674501
Program cracked...
__________________________________________________________________________
Final Notes
This tutorial is dedicated to all the newbies like me. I've tried to
explain everything in details.
And because I'm a newbie myself, I may have explained certain things wrongly
So, if that is the case, please forgive me. Email me if there is anything
you are not clear about.
My thanks and gratitude goes to:-
The Sandman
All the writers of Cracks tutorials</XMP></BODY></HTML>