Please Read The Disclaimer Before Continuing.
Prepare To Crack: My entire motive for cracking this program, is that PrimaSoft puts out some goofy ass software that literally annoys the piss outta me! This program is about the most normal one of the bunch! Anyway... run the program, and you'll see a nag screen, telling you that you have 30 days to evaluate the product. When the program comes up, you'll see there is no place to enter your registration information. Hmm... a hidden registration? Click on the "Exit" button, and there's our answer, another nag screen, but this one with the option to enter registration. Go to the registration screen and enter some test data. For this program, let's try the HMEMCPY function. Press Cntrl+D to enter Soft-Ice, and set a breakpoint on HMEMCPY (BPX HMEMCPY). Making The Crack: Press Cntrl+D again to
exit out of Soft-Ice, and click on the "Ok" button. Soft-Ice breaks.
Press F11 to get into the code. You'll see down on the line above the
command window the string "USER(0A). This isn't where we want to be,
so step through the code using F10 until you see the string "PSDIAL!CODE"
on the line. You should now be here:
If you step through this routine, looking for a compare and a jump, you can find the place where the user name you entered is stored. This isn't where we want to be either. We want to be in the routine where our serial number is stored. So... step ALL the way through the code again using F10 until you see the string 'PSDIAL!CODE" on the line again. Now we're in the serial
number routine. Slowly step through the code using F10, until we get
to the compare and jump. You should be here:
From my comments above, you should be able to find your correct serial number. If not, you need to press F10 until the line "0137:00480C5B TEST AL,AL" is highligted. Then, since your serial number is stored in EDX, display it by typing: d EDX. (you'll need to press ALT+Up Arrow keys a couple times to see your serial). My serial number was 674482699-214 (Cracked By Volatility [ID] for my user name). Don't be a lamer, use your own serial number. If time permits, I'll add more to this essay, showing you how to crack by getting a dead-listing and patching with a hex editor.
Copyright © 1998 Volatility And The Immortal Descendants. All Rights Reserved. |
Since I cracked this program without using
a Dead Listing I won't tell you to go and create one using W32Dasm but
if you really want to learn more about this program it might be a good
idea to create one all the same..
First things first..
Run up the program then select the 'File'
menu then the 'Register..' option.
You should now be in a simple looking
Registration Screen.
Fill in your Name/Handle and a fake serial
number.
I used:
The Sandman
999999999
Before clicking on the 'Ok' button press 'Ctrl-D' to activate Softice then type: bpx messageboxa. Now press 'x' to leave Softice.
Now you can click
on the 'OK' button.
Softice now breaks
at the start of the messageboxa system function.
Press the 'F11'
key once and click on the 'OK' button to the message saying your serial
code was invalid. Softice should break here..
:00423815
68A7E04400
push 0044E0A7 ;Messagebox Title
:0042381A
6842DF4400
push 0044DF42 ;"You've entered invalid.."
:0042381F
53
push ebx
:00423820
E848550100
Call USER32.MessageBoxA
:00423825
E979010000
jmp 004239A3 ;We return here
What I normally
do here is to scroll the Softice Assembly window until I come across the
first occurrence of the following assembler instructions which are nearly
always very close by:-
Call XXXXXXXX
cmp Register,Register
(or test Register,Register)
Conditional Jump
The first set of
these instructions I came across I discounted because it was to do with
creating a messagebox:-
:004237EB
686CDE4400
push 0044DE6C ;"Thank you for registering"
:004237F0
53
push ebx
:004237F1
E877550100
Call USER32.MessageBoxA
:004237F6
85F6
test esi, esi
:004237F8
7430
je 0042382A
OK, no problem,
I now scrolled up a few more lines and Bingo!, I found another classic
set of my favorite set of instructions here:-
:004237CF
E80C960000
call 0042CDE0 ;Compare serials
;eax=ffffffff if fail
;eax=1 if correct
:004237D4
83C408
add esp, 00000008
:004237D7
85C0
test eax, eax ;serial correct?
:004237D9
7502
jne 004237DD ;No? then jump
If you have a dead
listing close by for this program then you'll see how close all these instructions
are to our original Softice breakpoint on messageboxa.
At this point I
cleared all of Softice's previous breakpoints by typing: bc *
then I type: bpx
004237cf then x to leave Softice.
Now re-run the registration
process again and once again Softice breaks but this time on our newly
created breakpoint at: 004237cf
Press the 'F10'
key once, yep that's right don't trace into this call, just step over it.
Now it's interesting to monitor the state of the pc's registers after you've
just skipped over a call because this can reveal quite a lot about what
the call has just been doing.
So now type: D
ecx and you'll see in Softice's code window the *real* serial number
you need to use to register this babe!.
If you type D edx then you'll see your *fake* serial.
Now re-run this program
but now use the *real* serial number you've just sniffed out.
Job Done.
|
|
My thanks and gratitude goes to:-
Fravia+ for providing possibly the greatest
source of Reverse Engineering
knowledge on the Web.
+ORC for showing me the light at the end
of the tunnel.
|
Ripping off software through serials
and cracks is for lamers..
If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.