|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
iNTROdUCTION :
hi there and welcome to another tutorial about cracking ....
about 2 years ago , when i started reading cracking tutorials , and trying to crack anything , i was thinking that if i want
to be a cracker i have to work very hard , and yes this is true , and also i will take the blame from alot of software companys
for cracking there babys , but when i think of it now it seems really silly to take the blame for cracking something ..(y ?)..
i'll tell u y , because some programmers don't know shit about shit or let's say don't know how there code act inside a machine
and then it easily get cracked and who gets the blame ....!!
but again some ppl say like i said in my last tutorial that u crackers can't crack without u toolz , so i say to these ppl if i gave the toolz will be able to crack ... I THINK NOT !! ... , so the point is that when u crack something don't feel the guilt for doing it , instaed feel happy cuz man there is a lot of idiots in this world , and i will prove it , in this tutorial that even anyone with the right toolz can crack this program in about 2 min tops , and also that anyone with the right tools can code a program to do whatever and then cry for his baby when it gets cracked .... i hope u got all this shit !!
pROTEcTION :
The protection on this prog it like allways a name, company and a serial number . so in this tutorial like allways we will find the right serial number for our name , althought the program is patchable but again we will increase the chalenge level by finding the real serial number , cuz i think it is better for us and for the programm ...
|
|
O.k install the programm and run it , and like allways u will see a window that asks if u want to enter the registration info or if like to continue unregistered , so let's first enter our info and see where that leads , so in my case i wrote like this :
Name : FaT[BiT] \ TNT!
Company : TNT!CRACK!TEAM!
Registration ID : 1234567890
and offcourse u will see the error message telling us that the serial number is invalid and the body of the message is like this :
o.k first let's dasm the exe file and look for this message , copy the exe to win32dasm dir ...(just to make a copy of it )... and load it in win32dasm , after it finish click on the SDR button and look this error string , double click on it then close the SDR window , scroll up a little bit and u should see something like this code :
:0046D411 6828DA4600 push 0046DA28
* Possible StringData Ref from Code Obj ->"ABC 95 registration Error. Please " <-- our error message
:0046D42B BA34DA4600 mov edx, 0046DA34
:0046D416 8D45F4 lea eax, dword ptr [ebp-0C]
:0046D419 BA03000000 mov edx, 00000003
:0046D41E E8A56BF9FF call 00403FC8
:0046D423 E9E4000000 jmp 0046D50C <-- hmm! i don't like this one
:0046D428 8D45F4 lea eax, dword ptr [ebp-0C]
->"verify that you enter Name, Company "
->"and Registration ID exactly as "
->"indicated."
:0046D430 E8EF68F9FF call 00403D24
:0046D435 E9D2000000 jmp 0046D50C
O.k we know have located our error message ...
but if we take a look at the code u will see that there is no api around it and if u scroll up u will see no ref. jump
so when i was cracking this prog. i thought of something else let's try a diffrenet approach , forget about win3dasm
and let's move on to softice , so again run the program click on enter registration data button enter ur info then before
u click on ok , set a breakpoint like this one :
Bpx hmemcpy
then exit softice , and click on the o.k button , softice will break press F11 , then press F12 11 times , and u should land one something like this code , when u land at the code below write bc * and start tarcing with F10 .
:00483FCB 8B45EC mov eax, dword ptr [ebp-14] <-- we land here also eax = comapny name, write (d eax)
:00483FCE 8D55F0 lea edx, dword ptr [ebp-10]
:00483FD1 E86A4DF8FF call 00408D40
:00483FD6 8B45F0 mov eax, dword ptr [ebp-10] <-- eax = comapny name, write (d eax)
:00483FD9 50 push eax
:00483FDA 8D55EC lea edx, dword ptr [ebp-14]
:00483FDD 8B45FC mov eax, dword ptr [ebp-04]
:00483FE0 8B80D8020000 mov eax, dword ptr [eax+000002D8]
:00483FE6 E851A4FAFF call 0042E43C
:00483FEB 8B45EC mov eax, dword ptr [ebp-14] <-- eax = our name, write (d eax)
:00483FEE 8D55E8 lea edx, dword ptr [ebp-18]
:00483FF1 E84A4DF8FF call 00408D40
:00483FF6 8B45E8 mov eax, dword ptr [ebp-18] <-- eax = also our name, write (d eax)
:00483FF9 8D4DF8 lea ecx, dword ptr [ebp-08]
:00483FFC 5A pop edx <-- edx = comapny name, write (d edx)
:00483FFD E806ACFEFF call 0046EC08
:00484002 8D55EC lea edx, dword ptr [ebp-14]
:00484005 8B45FC mov eax, dword ptr [ebp-04]
:00484008 8B80E0020000 mov eax, dword ptr [eax+000002E0]
:0048400E E829A4FAFF call 0042E43C
:00484013 8B45EC mov eax, dword ptr [ebp-14]
:00484016 8D4DF0 lea ecx, dword ptr [ebp-10] <-- eax = our dummy Registration ID, write (d eax)
:00484019 B220 mov dl, 20
:0048401B E86080FEFF call 0046C080
:00484020 8B45F0 mov eax, dword ptr [ebp-10] <-- eax = also our dummy Registration ID, write (d eax)
:00484023 50 push eax
:00484024 8D45E8 lea eax, dword ptr [ebp-18]
:00484027 50 push eax
:00484028 B909000000 mov ecx, 00000009
:0048402D BA01000000 mov edx, 00000001
:00484032 8B45F8 mov eax, dword ptr [ebp-08] <-- eax = real serial as it would be in windows registry
:00484035 E8D200F8FF call 0040410C
:0048403A 8B55E8 mov edx, dword ptr [ebp-18] <-- edx = our real code , write (d edx)
:0048403D 58 pop eax <-- eax = our dummy code, write (d eax)
:0048403E E8D5FFF7FF call 00404018 <-- check if eax = edx
:00484043 0F85A6000000 jne 004840EF <-- jump to error message if not equal
:00484049 33C0 xor eax, eax
hehehe ... sorry !!
o.k now all u have to is to trace with the F10 until u reach the address 0048403D , and write d edx and see your real code in
the date window and in my case it was :
Name : FaT[BiT] \ TNT!
Company : TNT!CRACK!TEAM!
Registration ID : D9AD7BFD4
Now the last thing to do it test if this code is good or not lets try it , and ...
|
|
so... what do u think !!
did the tool made the crakcing for us or did we make the crack
to me i see it as a 50% each , but some ppl don't get that in there heads , i don't know y ? , but maybe cuz some of
them like to be in our place and take credit for it , anyway ... who craes
and something i would like to say to the author of this program , don't feel sorry for this but i think the blame falls also on u , u r the one who coded this not me , and although some ppl told me to write on my tutorial "This is for educational purpose only !" , i say to them no , cuz this is not for fun or for education it is for the thrill of it !!
|
|
tKC ... (for showing me the light !! )
LW2000 ... ( Thanx alot i now use my brain )
[XasX] ... (a very good founder and a very good friend also!)
AzmO ... (yes!! man we are different !! )
Sir dReAm ... (i will be seeing u soon !! )
BoneZ ... (thanx alot for the support !!)
BillGameZ, VaibLitzeR, MezUz , and ShaQ ... (good luck to u all !! )
and to all TNT!CRACK!TEAM! members ... (keep up the good work !!)
any comments mail me : fattnt@yahoo.com
See ya in another tut !!! Soon !!!
--= EOF =--