The Crack:
Try entering your name and any number
to see what happens. You get a warning telling you to enter the number
correctly. OK, load up WDASM and open the bm_conv.exe into it. Normally
when you have entered a correct registration code we you would get a 'Thank
you for registering....' message, so lets search for the words 'thank
you', and you will find the following reference to it:
* Possible StringData Ref from Code Obj ->"Thank you for registering Bookmark "
->"Converter!"
:0043E1F8 B8E4E24300 mov eax, 0043E2E4
:0043E1FD E8326CFFFF call 00434E34 ----------> Show dialog box
:0043E202 EB15 jmp 0043E219
If we then look at where this routine is being
called from we need to scroll up the screen (page up twice) until you
see:
:0043DF85 33C0 xor eax, eax
:0043DF87 5A pop edx
:0043DF88 59 pop ecx
:0043DF89 59 pop ecx
:0043DF8A 648910 mov dword ptr fs:[eax], edx
:0043DF8D 68AFDF4300 push 0043DFAF ----------> Our information
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043DFAD(U)
|
:0043DF92 8D45D4 lea eax, dword ptr [ebp-2C] ---> Our information
:0043DF95 E86E59FCFF call 00403908 ------------------> Calculate real reg code
:0043DF9A 8D45F4 lea eax, dword ptr [ebp-0C] ----> Address of real reg code
:0043DF9D BA03000000 mov edx, 00000003
:0043DFA2 E88559FCFF call 0040392C
:0043DFA7 C3 ret
This looks like an interesting call so lets run
the bm_conv.exe and try to register it again. Enter your name and a fake
code, try 44444444444 for example, you can only enter 10 digits so we
know that the registration code must consist of 10 digits. DO NOT click
on register yet. Instead, press CTRL-D to bring up softice. Set a breakpoint
at the above mentioned address. Type bpx 43DF92, this will stop the program
when it gets to this point. Now type x then press return to go back to
the program. Now click on register and you will looking at your breakpoint
you have just set in softice at address 43DF92. We want to know what value
is at EAX so press F10 once to advance one instruction and the register
at EAX will change. OK, now type d eax followed by return. This will show
you the data at EAX. You will see your fake code and above it you will
see a series of letters and numbers.
Hmm, what could they be. If you count them you
will see that there are 10 of them. That's the length of the registration
code!, well, would you believe it?. WRITE DOWN THIS 10 DIGIT NUMBER NOW.
Now press x and return to go back to the program. You have entered a bad
number. Now try again entering the same name as before and then enter
the code number you wrote down then try to register it, you will be taken
back to the breakpoint again, so just press x and return to exit back
to the program. Look, we've got a 'Thank you for registering...' message
now. You've just cracked Bookmark Convertor 2.7. This code should work
for all versions 2.x although I haven't tried it yet...............perhaps
you could try it and see what happens.
That's it........hope you learned something.
|