Winzip Tut #1 - Serial Fishing by ?ferret
Skill Level: Newbie
Attack Plan: Serial Fishing
Target: Winzip 8.0
Tools Needed: Softice
Hola Compadres!
In this tutorial, I'll be showing you how to find a valid serial in memory. This is probably the easiest target you'll ever run across for this method.
Set a breakpoint on GetDlgItemTextA and try to reg the program. Hit CTRL-D once and Softice will break again (once for name, once for serial). Hit F11 to return to Winzip code. Disable the breakpoint, as you won't need it for awhile.
Next, we want to search in memory for our bogus reg number. Type s 0 l ffffffff 'your_serial' in Softice. You should find it at address DS:48CDA4. Set a BPM DS:48CDA4 and Softice will break whenever this address is written to/read from. Hit CTRL-D a few times until you come to this code.
MOV AL, [ESI]
INC ESI
MOV AH, [EDI]
INC EDI
CMP AH, AL
JZ 4692EC
This is the part of the protection that compares our serial to the real serial, one byte at a time.
If you type D ESI, you'll see your fake serial in the data window.Type D EDI and you'll see your real code. Disable your breakpoints, exit softice and reg it using the code you've found.
GREETZ & THANX to all of the people who've helped me @ the Newbies Forum. (I'm too damn lazy to type all the names ;-))