Axman v3.00 Beta 3
The tricky way
Written by McCodEMaN


Introduction


Greetings and welcome to the noble art of reverse engineering!


This is a great utility, this little program can split large files and then easy link them together again.
If you still are useing floppy-disks you need to get this tool!
Note! This is a beta version.

The protection...well, this program calculates a valid serial based on the user information.

Please note:
 I will not teach any assembly in this essay and there will be a lot of blankouts, for you to fill in!
I want you to think and try to understand what happends between the steps in the essay, i want you to see the pattern.
So that you can start to think like a cracker!



Tools required

Numega SoftIce



Target's URL

http://www.wwnet.com/~dfend/download.htm



Essay



Step1  Run the register process.
 
 

Step2  Start SoftIce and place a breakpoint on BPX GetWindowTextA
 
 

Step3  Return to axman and press 'OK'
          and SoftIce breaks due to BPX USER32! GetWindowTextA
 
 

Step4  Press 'F11'
 
 

Step5  Press 'F5' twice.
 
 

Step6  You should land here................

               USER32! GetWindowTextA
               :BFF61718          B1A7                MOV         CL , A7 <= Here!
               :BFF6171A         55                     PUSH        EBP
 
 

Step7  Scroll down to..................

                :00405965           8D4C2410         LEA          ECX , [ESP+10] => Fake Code!
 
 

Step8  Trace down in the code to....................

                :0040597A          50                      PUSH       EAX  => Fakecode!
                :0040597B          51                      PUSH       ECX   => Company
                :0040597C          52                      PUSH       EDX   => Username!
                :0040597D          8D4C241C         LEA         ECX , [ESP+1C] => Company!
 
 

Step9  Go to................

                :00405986           E8E5F9FFFF       CALL      00405370

           step into this call with 'F8'
 
 

Step10 At............

                :00405377           8D442400             LEA        EAX , [ESP+00] => Fakecode!
 
 

Step11 Go to........

                :00405382           52                         PUSH      EDX => Company!
                :00405383           50                         PUSH      EAX => Username!
 
 

Step12 Go into the CALL at...........

                :00405384           E857000000           CALL      004053E0
 
 

Step13 Trace down until you see............

                :00405549            51                         PUSH       ECX

            If you dump ecx, you will see eight of the nine numbers that will form our valid
            serial!
 
 

Step14 Now goto.......

                 :00405551           8BAC2420010000   MOV      EBP , [ESP+00000120]

            did you see what happend when you stept over the CALL   00405630 ???
            Yes, the final number of our valid serial was added!
            This means that our serial now is almost complete, all that is left is to split
            the numbers in three parts with three numbers in each part.
            Like this: xxx-xxx-xxx
 
 
 

Step15 Goto............

                 :0040555F            55                            PUSH       EBP

          dump ebp!.......what do you see?.....right nothing!!

          Now step over the CALL at............

                  :00405560            FF1520254100          CALL      [00412520]

           what do you see..?.....you should see:  xxx
 
 
 

Step16 And at............

                  :0040559D           55                             PUSH        EBP  =>   xxx-
 
 
 

Step17 When you step over:   CALL    [00412524] you will see  =>  xxx-xxx
 
 
 

Step18 and at.........

                  :004055DB            55                             PUSH         EBP =>  xxx-xxx-
 
 
 

Step19 Now trace down in the code until you see.......

                  :004055E9             885D0B                     MOV           [EBP + 0B] , BL

            dump ebp and you will get the final valid serial, this is the serial that will register the
            software!
 
 
 

Step20 At..............

                  :00405615               5D                             POP             EBP => Valid serial!
 
 
 

Step21 And at...........

                  :00405391                8A10                         MOV            DL , [EAX] => Valid serial!
 
 
 

Ok!...........i think we quit here, but before you try the serial i would like to show you one last thing
so if you go back to       ' Step8 '   and the trace down to..............

                  :0040599B               8BCE                          MOV            ECX , ESI => Valid serial!!

So if you only want a serial, the cracking time would be ca: 15sec.
 
 

 

Final Notes 





When ever there is a door,
there is an entrance.
And behind an entrance can no secret hide,
when a cracker takes his knowledge for a ride


ObDuh 

The information in this essay is for educational purpose only!
 You are only allow tocrack, reverse engineer, modify code and debugg programs that you legaly bought andthen for personal use only!!
 To ignore this warning is a criminell act and can result in lawful actions! 

So please note!
I take noresponebility for how you use the information in this essay, i take NO responebilityfor what might happen to you or your computer! You use this information on your own risk!!

What i mean is: Please buy the software!





BACK





Essay written by McCodEMaN 1999 ŠTRES2000. All Rights Reserved.