|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This program need a Serial Number to register it !! , but the problem is that the serial is HARD CODED , and try to find the error message , well let me save you some time it is not there !!! so don't bother !!! , and we will try something or a different appraoch to crack this program so here it gose !!!
|
|
install jpeg optimizer and run it , notice the window caption UNREGISTERED , o.k never mind !!! , click on help\register and try to enter any code you like and *BOOM* , the error message will appear !! , so let's try to dasm the file , copy the file jpegopt.exe to your win32dasm Dir. and dasm it . KOOL you finished , and as i said there is no luck looking for the error message , but i also said notice the window caption so let's look for the UNREGISTERED string , click on the SDR window and look for it , o.k found it , double click on it and you will land at this part of the code :
* Possible StringData Ref from Data Obj ->" - Unregistered"
:00404885 BA07C74700 mov edx, 0047C707
So... Now let's look for something intresting ,like a call or jump , scroll up until you see this code :
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:00404845 51 push ecx
So.... (why did you chosse this call ?) , Hmm.. good question , will because it is the first call
before the UNREGISTERED String and there is another call after it we will chaeck it latter , in the mean time let's
See what is inside this call , set the green bar in win32dasm on the call and press the call button and you
will see something like this :
* Referenced by a CALL at Addresses:
:0042A1E4 55 push ebp
Kool !!! .... i think we have found our Code , Don't you think so ?
it is time to use our ASCII Table , (y ? ) , cuz the serial is 8 char long , 1st and 2nd char is a letter , 3rd is a dash - , and then from 4 to 8 is
numbers , if you take a look at the compare statemnets at lines 0042A233,0042A243,
0042A24C,0042A255,0042A25E,0042A267,0042A270 and 0042A279 , we see that the registers eax,edx and ecx
is compared with the following :
Note : these are hexa numbers
hex : 50 47 2D 34 36 36 37 32
Dec : P G - 4 6 6 7 2 <<--- *boom* our serial
So.. there you have the serial , now all we have to do is to try it out , let's see , kool !!! Jpeg Optimizer is
REGISTERED.
:0040488A 8D8568FFFFFF lea eax, dword ptr [ebp+FFFFFF68]
:00404890 E83F790400 call 0044C1D4
:00404895 FF8548FFFFFF inc dword ptr [ebp+FFFFFF48]
:0040489B 33C0 xor eax, eax
:0040489D 898564FFFFFF mov dword ptr [ebp+FFFFFF64], eax
:004048A3 8D9568FFFFFF lea edx, dword ptr [ebp+FFFFFF68]
:004048A9 FF8548FFFFFF inc dword ptr [ebp+FFFFFF48]
:004048AF 8D8D64FFFFFF lea ecx, dword ptr [ebp+FFFFFF64]
|:0040483E(U)
:00404846 E899590200 call 0042A1E4 <-- a call
:0040484B 59 pop ecx
:0040484C 84C0 test al, al <-- a test for the result of the call
:0040484E 0F85EC010000 jne 00404A40 <-- jump if we pass the text
:00404854 66C7853CFFFFFFA001 mov word ptr [ebp+FFFFFF3C], 01A0
|:00404846 , :00429651 <-- This Code is called Twice
:0042A1E5 8BEC mov ebp, esp
:0042A1E7 83C4F4 add esp, FFFFFFF4
:0042A1EA 53 push ebx
:0042A1EB 8B4508 mov eax, dword ptr [ebp+08] <-- put serial in eax
:0042A1EE 8D5DF4 lea ebx, dword ptr [ebp-0C] <-- duplicate the serial
:0042A1F1 8A10 mov dl, byte ptr [eax] <-- start of the duplication
:0042A1F3 8813 mov byte ptr [ebx], dl
:0042A1F5 8A4801 mov cl, byte ptr [eax+01]
:0042A1F8 884B01 mov byte ptr [ebx+01], cl
:0042A1FB 8A5002 mov dl, byte ptr [eax+02]
:0042A1FE 885302 mov byte ptr [ebx+02], dl
:0042A201 8A4803 mov cl, byte ptr [eax+03]
:0042A204 884B03 mov byte ptr [ebx+03], cl
:0042A207 8A5004 mov dl, byte ptr [eax+04]
:0042A20A 885304 mov byte ptr [ebx+04], dl
:0042A20D 8A4805 mov cl, byte ptr [eax+05]
:0042A210 884B05 mov byte ptr [ebx+05], cl
:0042A213 8A5006 mov dl, byte ptr [eax+06]
:0042A216 885306 mov byte ptr [ebx+06], dl
:0042A219 8A4807 mov cl, byte ptr [eax+07]
:0042A21C 884B07 mov byte ptr [ebx+07], cl
:0042A21F 8A4008 mov al, byte ptr [eax+08]
:0042A222 884308 mov byte ptr [ebx+08], al
:0042A225 C6430900 mov [ebx+09], 00 <-- End of the duplication
:0042A229 0FBE03 movsx eax, byte ptr [ebx] <-- check for our serial
:0042A22C 50 push eax
:0042A22D E8128A0400 call 00472C44 <-- check if fisrt char of our code is a letter
:0042A232 59 pop ecx
:0042A233 83F850 cmp eax, 00000050 <-- first char should be
:0042A236 7559 jne 0042A291 <-- if not equal to ( P ) then unregged
:0042A238 0FBE5301 movsx edx, byte ptr [ebx+01]
:0042A23C 52 push edx
:0042A23D E8028A0400 call 00472C44 <-- checks if 2nd char is a letter
:0042A242 59 pop ecx
:0042A243 83F847 cmp eax, 00000047 <-- 2nd char should be
:0042A246 7549 jne 0042A291 <-- if not equal to ( G ) then unregged
:0042A248 0FBE4B02 movsx ecx, byte ptr [ebx+02]
:0042A24C 83F92D cmp ecx, 0000002D <-- 3rd char should be
:0042A24F 7540 jne 0042A291 <-- if not equal to ( - ) then unregged
:0042A251 0FBE4303 movsx eax, byte ptr [ebx+03]
:0042A255 83F834 cmp eax, 00000034 <-- 4th char should be
:0042A258 7537 jne 0042A291 <-- if not equal to ( 4 ) then unregged
:0042A25A 0FBE5304 movsx edx, byte ptr [ebx+04]
:0042A25E 83FA36 cmp edx, 00000036 <-- 5th char should be
:0042A261 752E jne 0042A291 <-- if not equal to ( 6 ) then unregged
:0042A263 0FBE4B05 movsx ecx, byte ptr [ebx+05]
:0042A267 83F936 cmp ecx, 00000036 <-- 6th char should be
:0042A26A 7525 jne 0042A291 <-- if not equal to ( 6 ) then unregged
:0042A26C 0FBE4306 movsx eax, byte ptr [ebx+06]
:0042A270 83F837 cmp eax, 00000037 <-- 7th char should be
:0042A273 751C jne 0042A291 <-- if not equal to ( 7 ) then unregged
:0042A275 0FBE5307 movsx edx, byte ptr [ebx+07]
:0042A279 83FA32 cmp edx, 00000032 <-- 8th char should be
:0042A27C 7513 jne 0042A291 <-- if not equal to ( 2 ) then unregged
:0042A27E C705F49F48001443FC69 mov dword ptr [00489FF4], 69FC4314
:0042A288 E8DFA8FDFF call 00404B6C
:0042A28D B001 mov al, 01 <-- Register Success !!!
:0042A28F EB1B jmp 0042A2AC
here let me explain :
|
|
There you have it , i hope you have learned somthing out of this Tutorial and i also hope that you habe enjoyed it as much as i did writing it .....Cya !!!
FaT[BiT]_FaTsO GreetZ the following PPL :
tKC --- ( ur tuts ROX!! , i have them all!!!!!)
LW2000 --- ( Thank u for showing me how to use my brain!!!! )
R!SC --- ( if only ur tut is more compleX !! man !! u rox !!)
XasX --- ( Thanx for the award!!! , u are a great founder !! )
karlitoxZ --- ( u r a true friend !!!)
The WishmaKer --- ( u r good !!! keep it up )
Sir dReAm --- ( U make TNT! crack , keep it up !! )
BoneZ ---( thanx for ur support !! it ment alot !!)
cya FaT[BiT] \ TNT!