[Task one | Task two | Task three | Task four | Task five | Task six | FAQ]
Ok people. First of all I´d like to say that I do not want to
support any illegal action with this tutorial. It´s just for educational
purpose. It
should help you to undestand what´s going on in a PC any why
things are the way they are. You should also get an idea of what good craking
is about and be able to recognize genaral patterns used by many programs.
If you want to use the software beyond it´s trial-status then there´s
only one way. This way is to buy it. After doing and understanding
the crack you should buy or delete the software. Because cracking isn´t
neccessarilly illegal. It´s a way having fun and it´s a
real good feeling when you´re done with a hard program. Believe me.
So, if you do not think the same or if you were too stupid to find an
exe crack and just want to crack it by my tutorial, then I´d like
you to go to
bed, take a nap, think about ethical cracking, your life, things you
archieved and how did it, love, hate, ignorance, of course Roadrunner and
Koyote and come back with the wish to learn and understand. Repeat
this part until you feel you are the kind of person having the wish to
seek for knowledge bestowed upon.
Foreword:
Tutorials I came across very often are even too detailed, I think!
So I´d like to try a new approach by writing a tutorial which does
not tell you where to put a breakpoint and why to do so, but which should
guide you to one of the possible solutions. This means that I also
presuppose fundamental knowledge about the use of Soft-ICE, Win32 DASM,
HView, and basic assembler-knowledge. I will not tell you where or how
to set breakpoints. I will only tell you how to look for the right position.
The where and why is your part.
This may, or even will (I hope it will) cause many questions. Therefore
I got an eMail-address. Don´t
hesitate to post but be sure about what and why you post a question. These
Questions will be collected in a FAQ which will be added and updated frequently.
I´ll just tell you exatcly how to write a patch for the program
in pascal. (with false addresses of course)
Where to get the program:
find it at:
http://www.ultraedit.com
http://www.tripod.com/members/Ignatz_x_/ultraedit32.zip
Let´s get started!
Question: Why should you find out as much as possible and not try a bruteforce approach ?
MY answer: (since there are hundrets of possible answer, because cracking is more like a philosophy to me, than something to be put into schemes of rules and "dos and don´ts". You might also say it´s not useful to do any research on your target, because sooner or later you´ll crack the damn thing this way or the other. It´s YOUR philosophy. So use a way that suits you best!)
Knowing as much as possible about you program gives you the oppertunity to set up a plan of how to crack a program. If you want to break into a bank for example you should know what you want to steal. Is it the money, the gold, diamants, shares or all together, and what you want to do with you loot. Then you have to know about the security-installations of your target. Is it enough to crash the door and grab the money (brureforce) or does it have a high security standard. Then you take a look at the tools you got and which tools you might need in addition to bust the sec.-sys. Putting it all together you might get a scenario like this.
Target:
BANK
What do I want :
get rich!
How may I do this:
steal money, steal shares.
(they don´t got diamants.
I can´t carry the gold.)
What about the security:
The shares are stored in a much safer place than the money. Therefore I´d
rather just try to
get the money.
How to get the money:
1) get in, shoot people, take the money, get out (brutal isn´t it)
2) find a way to bypass the security system by getting as much knowledge
as possible and
setting up a good plan.
What to do with the money:
don´t waste it, and don´t get caught by spending it all for
things you shouldn´t be able to buy
So like this you can get a much better idea of what to do and how to do. If you have the mission to steal the gold you´ll have to set up a totally different plan. The same about programs: do I want to register, do I want to write a keygen,... .Each target has it´s own way.
I our case -ultraedit32 ver 6.00c- we have 3 major possibilities to
archive our "what do I want"-part : no limitations since the timetrial
is the only limitation.
1) find the correct serial
2) fake a correct serial
3) fake that you are still in the trial period.
1&2 are a bit harder since there is no nagscreen and it´s
therefore harder to find the generating routine.
3 looks easy. You have got enough nags which guide you to a useful
part in the disassambled code.
(* Autor
: Ignatz [Ignatz_x_@hotmail.com] *)
(* Date
: 22.2.1999
*)
(* Use
: Step one to crack Mp3 Wolf v1.04] *)
(* Version : 1.0
*)
program wolfcrcstep1;
uses crt;
var ToPatch:file
of char; (* I use file of char because it easy
to handle *)
x:char;
const c_helo1='Helo,';
c_helo2=' This program cracks ultraedit Versoin 6.00c';
c_helo3=' Please read the file_id.diz before starting';
c_PressKey='Please Press <ENTER> to continue';
c_Processing='Processing...';
c_FileNotFound='Error- file not found, this patch must be in same directory
like uedit';
c_Corrupt='Error- Corrupt file, maybe you have the wrong Version';
c_CrcNotDone='Error- unable to crack file, maybe itïs writeprotected';
c_CrcDone='crack done.';
c_Message='whatever you say';
c_FilePos = 123456; (* it´s in integer format. The position you get
from HView is hex so you´ll have
to do some calculation *)
c_Filename='UEdit32.exe';
(*
* I like to use
these constants because it´s making it easy to re-use a patch for
another program
*)
begin
writeln(c_Helo1);
writeln(c_Helo2);
writeln(c_Helo3);
(* print out the hello messsage *)
assign(ToPatch,c_Filename);
{$I-}
(* turn off the internal I/O error-check *)
reset(ToPatch);
(* try to open the file *)
{$I+}
(* turn on the internal I/O error-check *)
if IOResult <>
0 then (* there might have been a fault
while trying to open the file *)
(* we have to take care of that
begin
writeln(c_FileNotFound);
(* no such file ... *)
writeln(c_PressKey);
(* goodbye *)
readln;
end else (* continue
*)
begin (* file
found *)
writeln(c_Processing);
{$I-}
(* turn off the internal I/O error-check *)
seek(ToPatch,c_FilePos);
(* go to the positon of the instruction we want to patch *)
{$I+}
(* turn on the internal I/O error-check *)
if
IOResult <> 0 then (* there might have been
a I/O error *)
begin
writeln(c_Corrupt);
writeln(c_PressKey);
readln;
end
else (* continue *)
begin
(* position found *)
{$I-}
read(ToPatch,x); (* read what
for an instuction we have here *)
{$I+}
if x <> 'u' then (* if it
is the right one then patch (u stands for 75 jnz) *)
begin
writeln(c_Corrupt); (* otherwise it might already be patched
or it´s a wrong file *)
writeln(c_pressKey);
readln;
end else
begin (* just patch now *)
{$I-}
seek(ToPatch,c_FilePos);(*we have to set the filepointer to the correct
position again after the read*)
x:='t';
(* t stands for 74 jz *)
write(ToPatch,x); (* patch *)
seek(ToPatch,c_FilePos);
read(ToPatch,x); (* control if we really patched
the program *)
{$I+}
if (IOResult <> 0) or (x <> 't') then
begin
writeln(c_CrcNotDone); (* too bad we wern´t able to patch *)
writeln(c_presskey);
readln;
end else
begin
writeln(c_CrcDone); (* well done *)
writeln(c_Presskey);
readln;
end;
end;
end;
end;
writeln(c_message);
end.
Thanks for reading. And please give me feedback!!!!
chiao bella
-Ignatz
(||||)