Copyright © 2001 - MeTaL ---------------------------------------------------------------- W e W i l l N e v e r S t o p L i v i n g T h i s W a y ---------------------------------------------------------------- Title: Various ways to crack LiteServe v1.25 Target: LiteServe v1.25 Size: 967kb Protection: Serial Website: http://www.cmfperception.com Tools: SoftICE, Hiew, W32dasm Get tools at: http://protools.cjb.net ----------------------------------------------------------------- ================== - Introduction - ======================== In this tutorial I will show you some different methods how to crack the program LiteServe. The protection we are gonna focus on is the serial. So we are not gonna patch any nags or so. =============================== - Method 1 - Serialfishing - ===================================== Run the program and click "Help" then "Register" Enter a name and a key. Name: MeTaL Key: 6666666666 Click 'Register' "Key and name don't match! Try again ;)" Ahh I knew that would come, hehe So lets set a bp on hmemcpy (bpx hmemcpy) F5 to return to the program, and click "Register" SoftICE breaks, Press F5, F11, F5, F11 then F12 11 times. Now you should see this: ===========================START CODE=========================== :0044BC60 8B55F0 mov edx, dword ptr [ebp-10] ; You should land here. :0044BC63 8D4DF4 lea ecx, dword ptr [ebp-0C] :0044BC66 A1FCE04700 mov eax, dword ptr [0047E0FC] :0044BC6B 8B00 mov eax, dword ptr [eax] :0044BC6D E83E6D0000 call 004529B0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0044BBF8(C) | :0044BC72 8B45F4 mov eax, dword ptr [ebp-0C] ; Stores the valid serial? :0044BC75 50 push eax ; d eax :0044BC76 8D55F0 lea edx, dword ptr [ebp-10] :0044BC79 8B83F0010000 mov eax, dword ptr [ebx+000001F0] :0044BC7F E83028FDFF call 0041E4B4 :0044BC84 8B55F0 mov edx, dword ptr [ebp-10] :0044BC87 58 pop eax :0044BC88 E87782FBFF call 00403F04 :0044BC8D 0F85C8000000 jne 0044BD5B ; If it jump's then bad cracker, else good. ============================END CODE============================ Ok, to get the real serial just stand on the 'push eax' and type 'd eax' That was really easy, so why not continue to try some other methods to crack this program. ======================================================= - Method 2 - Display real serial in BadMessagebox - ============================================================== This way is really cool, it's like a keygen kinda. You enter your name and serial and press register. Instead of the message "Key and name don't match! Try again ;)" you will see the correct serial in the messagebox :) Lets take a look in W32dasm, so load the exe. Click the strn ref button and look for the message we got when we tried to register with our fake key. When you found it doubleclick on it and see where you land...right here: ===========================START CODE=========================== :0044BD66 B814BE4400 mov eax, 0044BE14 ; You should land here. :0044BD6B E86CD6FEFF call 004393DC ============================END CODE============================ We know the serial is in: :0044BC72 8B45F4 mov eax, dword ptr [ebp-0C] And the bad message in: :0044BD66 B814BE4400 mov eax, 0044BE14 To get the real serial in the messagebox we just have to replace the code at 0044BD66 with the code in 0044BC72 So change the address 0044BD66 From: B814BE4400 To: 8B45F49090 Save and run the program Enter your name and a key. Cool :) hehehe Well that's it ================================================= - Method 3 - I can't stop laughing at this :) - ====================================================== In the file options.ini you can find your name and key: [reg] name=MeTaL key=68091751995152709617 Let's change this so it looks like this: [reg] name=MeTaL key= Save the file and run the program. hmm everything is normal, im still unregistered. Close the program and run it again. LOL!!!!!!!! WHAT A SHITTY PROTECTION!!!!! You can see you are registered now :) Just by adding our name in the file..hehehe BUT take a look in the file again. The program added the serial right after key= Ok now this tutorial is over! Goodnight... Any questions? E-Mail: metal@the-eminence.com see ya! ================== - GrEeTiNgS - ======================== All eMiNENCE Members Sheep Mantana Stimpy MagicMike Maria Bluesman Cyberjunkie WebToaster And all I forgot...