|
(-\/\ dRaG0n´s CrAcKinG Lesson 7 /\/-)
|
Tools you need :
Softice V.3.X ( get it at cracking.home.ml.org & surf.to/harvestr)
W32dasm V8.X ( get it at cracking.home.ml.org & surf.to/harvestr)
Editor+ V3.0 Light ( get it at Click Here[editor.exe - MISSING] )
Hiew 5.xx
( get it at cracking.home.ml.org
& surf.to/harvestr
)
Introduction :
hi aaaaggggaaaiin ;) ... Long time didnt write
a tut´ , its time to CRACK again ...
In thiz tutorial , i will show you , how
easy it is to programm a [KeyGen] for Editor+ V3.0 ..
... YeAh ... KeYgens R cool , huh ;) ...
let´S rOCK !
Cracking Editor+ V3.0 Light with
Softice :
I will do thiz in Steps , so its better to Understand :-) .. like in the other Lessons ...
Step 1 : Run Editor+ V3.0 (What a fuckin´ bad Nag , hehe) and go to "?/Registration"
Step 2 : Enter "DrAg0n" as name
, and "77777" as dummy Code , enter S-iCE ...
Now we´ll set the most common Breakpoints .
GetDlgItemTextA and GetWindowTextA dont work , so we take ..
"Bpx hmemcpy"
Now leave S-iCE .
Step 3 : Press "Ok"... "break duo to BPX Kernel!Hmemcpy ... "
Step 4 : Now press "F5" to get to the second (Serial) Box ... Press "F11" to go to Caller..
Now you´ll see that we arent in the right place, see "USER(03)" ..
K .. Hit "F10"
till you are in the "EDiTORPL!CODE+xxxxxxx" section ...
If you trace a bit (F10) , you´ll see that there are only many ret
commands here ,
so trace as long , till you´re at the right code ... on Location
xxxx:004ACA3E ..
This is the only code we´ll need ...
:0042C940 33DB xor ebx,
ebx
:0042C942 8B45F8 mov eax, dword ptr
[ebp-08]
:0042C945 E8926BFDFF call 04034DC
:0042C94A 83F802 cmp eax, 00000002
:0042C94D 7E3C jle 0042C98B
:0042C94F 83FE01 cmp esi, 00000001
:0042C952 7E37 jle 0042C98B
:0042C954 8B45F8 mov eax, dword ptr
[ebp-08]
:0042C957 E8806BFDFF call 004034DC
:0042C95C 85C0 test eax,
eax
:0042C95E 7E13 jle 0042C973
:0042C960 BA01000000 mov edx, 00000001
:0042C965 8B4DF8 mov ecx, dword ptr
[ebp-08] ; Mov *our name*
to ECX
:0042C968 0FB64C11FF movzx ecx, byte ptr [ecx+edx-01]
; Get first Char ->
; Decimal to ECX
; ex.: D -> 44 -> ECX ;-)
:0042C96D 03D9 add ebx,
ecx
; Add Ecx (Name Decimal) to EBX
:0042C96F 42
inc edx
; not intresting(prog.Counter)
:0042C970 48
dec eax
; " "
"
:0042C971 75F2 jne 0042C965
; Is there a next Char after "D" ,
; Then goto 42C965 , get decimal
; and add it to EBX ...
; If finished , go on ..
:0042C973 81C3C0070 add ebx, 000007C0
; Heres the clue, "7C0" ... It add
; 7C0 (1984) to our Decimal pool
; of our name ( EBX ) ..
:0042C979 3BF3 cmp esi,
ebx
; Compare fake Reg with Real Ser.
; do "? esi" or "? ebx" to see it.
:0042C97B 7508 jne 0042C985
; Good Buyer or Bad Cracker JMP !
Step 5 : Ok ... I´ll explain the things from above again ...
1 . The program gets every Decimal Value from every Char in the name and
add
them to the , we call it Decimal-Pool ...
ex.: D -> 44 -> Pool .. R --> 52 --> Pool ... etc.. Pool would be 96 (HEX) .. ok ?
2 . Then , when every char of Name has been added to the Pool ,
it simple adds 7C0 (HEX) = 1984 (Decimal) to the Pool ... Thats it !
3 . So , since my proged Keygen only calculate Chars to decimal , we have
to
add 1984 to the pool , cause 1984 is the Decimal of 7C0 .. do "? 7C0" in
SiCE
to see it !
Here´s the code of my keygen ... I wrote thiz in "C" with some Creditz
to "CrAckZ"
for help !
I Think , its self explaining ... Compile it with any Dos - C - Compiler
;)
The Source Code :
// This Code is copyrighted to Drag0n FFO99 .. Do with it what ya want ;)
#include <stdio.h>
#include <string.h>
int main(void)
{
char Name[30];
int NameLength, Offset;
long int Regsum = 0;
// Display Logo
printf("
\n");
printf("
EDiTOR+ LIGHT v3.0 [KeyGen] \n\n");
printf(" ÜÜÜÜÜÜÜÜÜÜÜ
ÜÜÜÜÜÜÜÜÜÜÜ \n");
printf(" ÜÛß ÜÜÜÜÜÜÜ
Û ÜÛß ÜÜÜÜÜÜÜ
Û \n");
printf(" ÜÛßß ÜÛÛÛÛÛÛÛß
Ûß ÜÛÛÛÛÛÛÛÛ
Û ÜÜÜÜÜÜÜÜ \n");
printf(" Ûß ÜÛÛÛÛßß
ÜÜÜÜß ÜÛÛÛÛßß
ÜÜÜÜÜßÜß ÜÜÜÜÜÜ
ßÛ \n");
printf(" Û ÛÛÛÛß Üßß
Û ÛÛÛÛß Üßß
Üß ÛÛÛÛÛÛÛÛ
ßÛÜ \n");
printf(" Û ÛÛÛÛ Û
Û ÛÛÛÛ Û
Ûß ÜÛÛÛß ßÛÛÛÜ
ßÛ \n");
printf(" Û ÛÛÛÛÜ ßÜ
Û ÛÛÛÛÜ ßÜÜÜÜÜÛ
ÛÛÛÛ ÛÛÛÛ
Û \n");
printf(" Û ßÛÛÛÛÛ
Û Üß ßÛÛÛÛÛÜÜÜÜÜÜ
ßßßß ÛÛÛÛ
Û \n");
printf(" ÛÜ ÛÛÛÛÜ
ßßß ÜÜÜÜÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
ÛÛÛÛ Û \n");
printf(" Üß ÜÜÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛßßßß
ÜÜÜÜ ÛÛÛÛ
Û \n");
printf(" Û ÛÛÛÛÛÛÛÛÛÛÛÛÛßßß
Ü ÛÛÛÛ ÛßßÛ ÛÛÛÛ
ÛÛÛÛ Û \n");
printf(" ÛÜ ßßßßÛÛÛÛ
ÜÜÜÜÛßßÜ ÛÛÛÛ
Û ÛÜ ÛÛÛÛÜ ÜÛÛÛÛ
ÜÛ \n");
printf(" ßßßÛ ÛÛÛÛ
Û Û ÛÛÛÛ
Û ÛÜÜ ÛÛÛÛÛÛÛÛ
ÜÜÛ \n");
printf(" Û ÛÛÛÛ
Û Û ÛÛÛÛ
Û ÛÜ ßßßßßß
ÜÛ \n");
printf(" Û ÛÛÛÛ
Û Û ÛÛÛÛ
Û ßßßßßßßßßß
\n");
printf(" Û ÛÛÛÛ
Û Û ÛÛÛÛ
Û <Crash>\n");
printf(" ÛÜÜÜÜÜÜÛ
ÛÜÜÜÜÜÜÛ
\n\n");
printf("
- bY drAg0n [FFO99] - \n\n");
printf("eNTER yA nAME : ");
// Get Name - Decimal Values
gets(Name);
NameLength = strlen(Name);
for (Offset = 0; Offset < NameLength; Offset++)
{
Regsum = Regsum + Name[Offset];
}
printf("\nyOUR sERiAL iS : ");
// Regsum is the Decimal Pool ... With all Decimal Chars from the name...
// You see, we just add 1984 (7C0) to it , and its done ...
printf("%d ", (Regsum + 1984));
return 0;
}
- Heres the KEygen in a File if you dont want to copy all thiz shit - keygen.c[keygen.c - MISSING]
Last Words :
Ok , you have done your (first) Keygen ;)
... I think , it wasnt that hard ...
I had some problems to write Keygens when
i started to do Keygens ..
How and in which language to program in..
... I think "C" is very good / easy to write
Keygens ... so ... enjoy it ;)
l8rz , [DrAg0n FFO99]
- See ya all in Lesson 8 soooon ;) -