Acid_Cool_178
presents he's

#13  Tutorial

 

For Hellforge

This Text Are Only Ment To Edcucational Purpose And Not To Be Used Illegaly, I Take No Response For Illegal Use Of This Text. Move On On Your Risc.

Athour Information
E-mail acid_cool_178@hotmail.com
Age 17
Web Page http://acidcool.cjb.net/
Date Febuary 2K
Member in Hellforge Flying Horse Cracking Force
Groups Web Page Hellforge Login FHCF Login

 

Program Infromation
Name eKH CrackMe 1.0
eKHcrackme1.exe
Athour flag eRRatum
Where to Downlaod Crackmes Webpage
Tools used W32Dasm
Downlaod At
1. Player Tools
2. Programmer Tools
Size 194KB
What kind of a program Crackme Shareware
     
Skill Easy Not so easy Hard X-pert
         

 

Information about the protection

This protection takes a bit from your name and are generating a serial and comparing it with your entred serial. If wrong then show wrong message if correct then show good message

Before we start

I won't explain everything in detail!

The Process

Open eKHcrackme1.exe in W32Dasm and look at the "String Data References" i founded this ERROR and scrollen up until i could see this code.

:00427B6D E83EBCFDFF call 004037B0
:00427B72 48 dec eax
:00427B73 7C30 jl 00427BA5        <-- If Less then jump to Bad Code
:00427B75 8D55FC lea edx, dword ptr [ebp-04]
:00427B78 8B83EC010000 mov eax, dword ptr [ebx+000001EC]
:00427B7E E80DE2FEFF call 00415D90
:00427B83 8B45FC mov eax, dword ptr [ebp-04]
:00427B86 50 push eax
:00427B87 8D55F8 lea edx, dword ptr [ebp-08]
:00427B8A 8B83DC010000 mov eax, dword ptr [ebx+000001DC]
:00427B90 E8FBE1FEFF call 00415D90
:00427B95 8B45F8 mov eax, dword ptr [ebp-08]
:00427B98 5A pop edx
:00427B99 E882FEFFFF call 00427A20
:00427B9E 3D4E61BC00 cmp eax, 00BC614E
:00427BA3 7D1E jge 00427BC3        <-- If Greater Or Equal the jump to Good Code

Lets see, the code must be greater than something and i wonder what, it have to be with BC614E, and what are the call's doing ?
The firt thing what i did was to NOP the first jump and chane the seccond jump from JGE to JMP, and that worked just fine. But i want my serial! Not to patch, i'm tierd of that!!

Well, as a newbie i can't find the serial but i have shown you where the code are holding it's base. The question are where in the base ?

I have lookes at LaZaRuS's homepage and he has written a tutorial about this crackme. So i won't copy he's text, please go to this page and downlaode the tutorial.
http://come.to/hellforge Tutorials section --> Tutorial 10

Ending

Well, i have fail what i began to work with. One step forward and two back, I will return harder!! I promise..

Greetings

LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do and all the other i have forgotten