|
(-\/\ dRaG0n´s CrAcKinG Lesson 3 /\/-)
|
Tools you need :
Softice V.3.X ( get it at cracking.home.ml.org & surf.to/harvestr)
W32dasm V8.X ( get it at cracking.home.ml.org & surf.to/harvestr)
Winamp V2.X ( get it at http://www.winamp.com )
Hiew 5.xx
( get it at cracking.home.ml.org
& surf.to/harvestr
)
Introduction :
Hey ya ...
Welcome to Lesson 3 =) ...
Our target is Winamp
V2.0 ... i think very much ppl are using it
, cause it´s a very great
program ...
I hope u will enjoy thiz Lesson ... so Lets ´rOck.. :-)
Cracking Winamp V2.0 with Softice :
I will do thiz in Steps , so its better to Understand :-) .. like in the other Lessons ...
Step 1 : Run Winamp , go to "Winamp..." / "Shareware" / "Enter licence info" ....
Step 2 : Enter "dRag0n FFO98"
as name and "777777" as dummy serial .. enter S-iCE ...
Now we´ll set the most common Breakpoints .
"Bpx GetDlgItemTextA"
"Bpx GetWindowTextA"
Now leave S-iCE .
Step 3 : Press "Ok" button and
let S-iCE break ... wHat dA heLl is thAt ?!?
We cannot press the "OK" button ... hmmm .. hehe ...
To let S-iCe break we just have to enter any more number to the sErial
box ...
Ahh... "break duo to BPX GetDlgItemTextA ... "
Step 4 : Now press "F11" to go
to where it was called from ... You will see following Code
now ..
:00403717 FF15E8664400 Call [User32!GetDlgItemTextA]
; Get text in Box
:0040371D 53
Push EBX
; Push Ebx to Stack
:0040371E 53
Push EBX
; Push Ebx to Stack
:0040371F 688C040000 Push 0000048C
; Push 48C to
:00403724 FF7508
Push Dword Ptr [Ebp+08] ; Push Value
from
; [Ebp+08] to Stack
:00403727 FF15B0664400 Call [User32!GetDlgItemInt]
; Get Text in Box
:0040372D 8BF0
Mov Esi,Eax
; Move Eax -> Esi
:0040372F 8D4580
Lea Eax,[Ebp-80]
; Eax = Ebp-80
:00403732 50
Push Eax
; Push Eax to Stack
:00403733 E8407C0000 Call 0040B378
; The Call to the
; Calculation algor. ;)
:00403738 83C404
Add Esp,04
; Add 04 to Esp
:0040373B 3BC6
Cmp Eax,Esi
; After Calculating
; the code in the call
; above , it Compares
; our dummySerial with
; the right one ...
:0040373D 7509
Jnz 00403748
; Jump to "BAD
; CRACKER" else to
; "Good Buyer" =)
Step 5 : So ... After haveing a good look
at the asm code, we notify , that there´s a compare
between Eax,Esi ... Trace with "F10" till you are on this "Cmp Eax,Esi"
command .
Step 6 : Now do a "? esi" and you will see your dummy code ... like thiz ...
" 00012FD1 0000077777 Ascii here "
Now do a "? eax" .. and what do we see ?
" 0101E7CE 0016902094 Ascii here " ... our real Serial ... =)
Step 7 : Write "16902094" down and do " BD * " to disable all breakpoints ... and leave SiCE ..
Replace our dummy serial with the number we got ... WoW .. we can press
the
"OK" button now , kewl ..
----- Licenced to : dRag0n FFO98 (16902094)
-----
Last Words :
Great , we got it ;) ... Now remove the last
"RegisteredTo" line in your Winamp.ini ...and
try to crack it without thiz tutorial =)
So , that wasn´t that hard ... hehe ... but like i always say .. Learning by doing .. =) ..
Ok , Star Trek Voyager comes now on tv ..
have to see it .. hehe ;-)
Hope to see you in Lesson 4 =) ..
L8r . . . dRag0n FFO98