|
The Crack: First
of all disassemble the setup.exe from the CD in the \setup folder. Then
search for the text that tells you that you have enterend an incorrect
number.
"The serial number you have entered is incorrect........"
You will find numerous references to this text string but the one we want
is below:
:00443245 E8DD560100 call 00458927
:0044324A 83C404 add esp, 00000004 ------------->
Set you breakpoint here
:0044324D 3BF0 cmp esi, eax ------------------------>
Compare the real serial with your serial
:0044324F 7443 jz 00443294 -------------------------->
If they do not match then fail and display error message
* Possible Reference
to String Resource ID=00260: "Please select
the items you would like to install." ---------> Hmm, interesting
:00443251 6804010000 push 00000104
* Possible Reference to String Resource
ID=00279: "The serial number you have entered
is incorrect....." -----> Our search string
:00443256 6817010000 push 00000117
:0044325B 68003E4700 push 00473E00
:00443260 E8CB680000 call 00449B30
Let me explain what is happening here. The first 3 boxes for your serial
number are juggled around and calculated to produce the value in the 4th
box. So the test here is comparing the value you have entered in the 4th
box with the true value that the program has calculated. If the do not
match. ie. if the value you vave entered is 1234 and the true value is
3456 then you cannot continue.
So what we need to do is:
[A] Set a breakpoint at the comparison and write
down the value of ESI then use that in conjunction with the previous 3
boxes of numbers you entered or;
[B] Patch the code so the real number is automatically accepted in the
program.
Method [A]
Load setup.exe into the soft-ice's symbol loader and type 'bpx 44324d'
followed by enter to set the breakpoint then F5 to run the program. Enter
any serial number you like and click next and you will be popped back
to soft-ice (SI). The value in EAX is the value in the 4th box you entered
and the value in ESI is the real value calculated from the other 3 boxes.
Try '? eax' and '? esi' to verify this.
So write down the value in ESI and change the 4th box value to the value
you wrote down. Now click on next and...................yeah, it worked
and you can now installl the game with a valid serial number.
You need a different serial number from everyone else to play on the net
together so do this quite a few times with different values in the first
3 boxes and keep writing the values of ESI until you have enough.
Method [B]
To patch the file we need to force the program to always accept the value
we typed in together with the real serial number end value. To do this
we need to change CMP ESI, EAX to MOV EAX, ESI. Move the real value over
our value (overwrite it) then tell the program to JuMP to the correct
location.
:0044324D
8BC6 mov eax, esi --------> Force the real value
:0044324F
EB43 jmp 00443294 -------> Jump to the correct location always
So open setup.exe in your hex-editor and
goto offset 4324D and change the value
there to 8BC6
goto offset 4324F and change the value there to EB43
All you need to now is reburn the CD with the new setup.exe...................personally
I would rather just generate lots of different serial numbers - but i'm
just a lazy git though.
So there you have it - how to generate you own personal serial number
for NOX.
|