------------------------------------------ How to make a keygen for E-Forms EZ Wizard ------------------------------------------ Cracker: stealthFIGHTER Target: E-Forms EZ Wizard v2.0 Tools: Soft-Ice Delphi Brain Where: http://http://www.azwebpages.com/e-forms/ Protection: Name/serial -------------------------------------------------- Sorry for my English, it's not my mother language. -------------------------------------------------- ---------------- ===[ Step 1 ]=== ---------------- ======================================================================= Run E-Forms and go to registration window >> Fill input boxes and push check button >> ..bad serial.. >> Go to Soft-Ice and create a breakpoint using hmemcpy >> go back and push check button again >> Soft-Ice breaks two times, because we have 2 input boxes (name and serial) >> In Soft-Ice press F5 and F11, then F12 about 11 times until you are in the E-Forms code >> Now keep tracing until you are here: ======================================================================= :0045C33D E8CE8CFFFF call 00455010 ;Main calculation routine :0045C342 84C0 test al, al :0045C344 7455 je 0045C39B ;If serial=bad then jump ======================================================================= Now enter the call 00455010 with F8 key and then trace until you came here: ======================================================================= :0045514C call 00403B58 ;Get length of the name :00455151 imul eax, 00000521 ;Mulitply it with (EAX=EAX*1313) :00455157 add eax, 0003790A ;EAX=EAX + 227594 :0045515C push eax :0045515D mov eax, dword ptr [edi+5C] :00455160 call 00403B58 ;EAX=length of the name :00455165 mov ecx, 00000003 ;ECX=3 :0045516A cdq ;ECX=3, EDX=0 :0045516B idiv ecx ;EAX=EAX div ECX, EDX=EAX mod ECX :0045516D imul eax, edx, 0000A179 ;EAX=EDX * 41337 :00455173 pop edx :00455174 add edx, eax ;EDX=EDX + EAX :00455176 imul eax, esi, 00001BDE ;EAX=[2nd char of name] * 7134 :0045517C add edx, eax ;EDX=EDX + EAX :0045517E imul eax, dword ptr [ebp-04], 23E3 ;EAX=[3rd char] * 9187 :00455185 add edx, eax ;EDX=EDX + EAX :00455187 imul eax, dword ptr [ebp-08], 2B25 ;EAX=[4th char] * 11045 :0045518E add edx, eax ;EDX=EDX + EAX :00455190 mov esi, edx :00455192 cmp esi, ebx ;Compare our serials :00455194 jne 004551A7 ;If bad then jump ======================================================================= At line 'cmp esi, ebx' type '? esi' - right serial and '? ebx' - fake serial. If you ask where I get these numbers (1313, 227594,..) they are decimal values of these numbers (521, 3790A,...) ======================================================================= -------------------------- ===[ Source of keygen ]=== -------------------------- ======================================================================= Procedure TForm1.Keygen; Var temp, serial : LongInt; temp1 : byte; temp2, temp3, temp4, temp5 : Integer; begin if length(Edit1.Text) <> 0 then begin temp := length(Edit1.Text) * 1313; ;EAX=EAX*1313 temp := temp + 227594; ;EAX=EAX + 227594 temp1 := length(Edit1.Text) mod 3; ;EDX=EAX mod ECX temp2 := temp1 * 41337; ;EAX=EDX * 41337 temp3 := Ord(Edit1.text[2]) * 7134; ;EAX=[2nd char of name] * 7134 temp4 := Ord(Edit1.text[3]) * 9187; ;EAX=[3rd char] * 9187 temp5 := Ord(Edit1.Text[4]) * 11045; ;EAX=[4th char] * 11045 serial := temp + temp2 + temp3 + temp4 + temp5; ;Result Edit2.Text := IntToStr(serial); end; end; ======================================================================= Any comments or mistakes are welcome at: stealthfighter@another.com =======================================================================