How to crack mIRC by ?ferret



Skill Level: Newbie
Attack Plan: Patching
Target: mIRC v5.61 32 bit
(Available @ http://www.mircscripts.com/old/)


Tools Needed: HexEditor
W32Dasm




Comment: There is no real reason that I can find for cracking this program ( other than just the sake of defeating the protection scheme).

It doesn't have any limitations that I know of.


Now on to the tutorial. ;-)


Disassemble mirc32.exe.

Search for "thank" (a good chance it will be in the success message)

Right above this is a dialog reference and a string ref to mirc registration.

Now search for "sorry" (Bet u know where you'll see this) ;-)

Now we know to avoid this section of code starting at cs:43B6C2. (ref'ed by a conditional jump at location CS:43B621)

Scroll down from CS:43B621 a little and you will see the successful reg message!

Hmm....CS:43B621.... if we change this jump, it will go to the reg message every time!...BUT, will it stay regged?



No, it won't. There is a check at program startup for either a keyfile or a registry entry, so, if we patch it here we'll have re-register every time we run it(common newbie mistake, hence the reason I brought you here, to explain).

However, this particular program writes to the registry when you get the success message, and deletes the key after the program starts if it is invalid. As long as the Registry key exists....you are registered. So, go ahead and patch the jump at CS:43B621, then search for RegDeleteKeyA. You will find an instance of this API with a string data reference to "code". Interesting. The one directly below that one has an SDR to "name".

Scroll up a bit to see where this section is accessed from. You will see 2 conditional jumps. Let's NOP them both, so it will never jump to delete the key.

Reg the proggy, close it, and restart it. It should now stay regged. ;-)


P.S. There are definitely better ways to crack this, but I wanted to show an easy approach that doesn't get taught every day.









GREETZ & THANX to all of the people who've helped me @ the Newbies Forum. (I'm too damn lazy to type all the names ;-))