|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
iNTROdUCTION :
hi there and welcome to another 30sec tops tutorial about cracking !!
The cool thing that i want to tell u , that when i started cracking, the methods that i was applying was from other crackers
and beleive me they where allways woking , and the good thing that after u start cracking and publish crackz u start to
make ur own methods in cracking , so trust me if u want to be good read as much tutorial as u can , my best friend
call this approach as the STUDY EVEYTHING APPROACH thanx aZmO ...
pROTEcTION :
This program is our hands has a week or let's say a lazy protection it only needs a serial to unlock this software , now in this tutorial we're gona find the real serial using the toolz i told u about ...( look above )...
|
|
o.k what we need to do first is to install the program , after u install it , let's check it out , run it and u will see a nag with 4 buttons , one of these buttons is labeled "Enter License Code" , so click on it and u will see a window with a text box asking us for our serial number , in my case i wrote :
Code : 1234567890
then pressed the o.k button and offcourse our error message poped out saying :
o.k kool !!!, first lets dasm the exe file , copy it to win32dasm for backup and load it on win32dasm , when the dasming if finished look for our error string and double click on it , and u should see like this code :
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:004A70D7 FF45EC inc [ebp-14]
* Possible StringData Ref from Code Obj ->"You have entered an invalid registration "
:004A70E4 B814724A00 mov eax, 004A7214
|:004A6FD9(C) <-- we go to this location
:004A70DA 837DEC1F cmp dword ptr [ebp-14], 0000001F
:004A70DE 0F8580FDFFFF jne 004A6E64
->"number. If you are a registered "
->"user of Download Assistant, please "
->"contact Iolo for a valid code." <-- our error string
:004A70E9 E8BEA0F9FF call 004411AC
:004A70EE 8B45F8 mov eax, dword ptr [ebp-08]
:004A70F1 E8F6BDF5FF call 00402EEC
o.k kool so lets go to address 004A6FD9 , so in win32dasm click on Search\Find and enter 004A6FD9 , make sure that u set the direction to up and enter 004A6FD9 then click on Find Next button , after win32dasm find the address scroll up a little bit and u will see something like this code :
:004A6FD0 8B55D0 mov edx, dword ptr [ebp-30] <-- edx has our real code
:004A6FD3 58 pop eax <-- eax has our dummy code
:004A6FD4 E84BCEF5FF call 00403E24 <-- call procedure to check if our code is valid
:004A6FD9 0F85F8000000 jne 004A70D7 <-- if not jump to error message
:004A6FDF B890000000 mov eax, 00000090
:004A6FE4 E8E7B6F5FF call 004026D0
o.k kool the prog. is cracked , ...( wait a min!! how did u know that edx will have our real code !! )...
easy i'm a cracker not a god !!!! heheheeh
as u can see there is a call at address 004A6FD4 right !! , that call is like a function in high level language , now every function or let's say
some functions needs parameters to work with , right !! , and since there is a jump after the call and that jump will take
the program to the error message then simply the call is the check function for our code, and like i said since most functions
needs parameters to work with then edx and eax register will have the 2 parameterz for this function (call) and these
two parameters are the real code and our dummy code !!!
so now lets run the program and use softice to find the real serial
o.k run the program and click on Enter License Code , and again enter ur dummy code , but before u click on the o.k button
get in softice by pressing Ctrl + d and set a break point like this :
bpx hmemcpy
then press F5 to quit , now press the o.k button and softice will break now press F11 once , then press F12 six times now clear all the breakpoints by writing like this bc * and set a new break point like this one :
bpx 004A6FD3
as u can see this where the call function is , but before softice or the program execute it , after u set this break point press F5 , then softice will break again and we will land at address 004A6FD3 , now all u have to do is to see what is in the edx register and u can do that by writing the command d edx , and u will see our real code in the data window , so write down this code , clear all breakpoints and exit softice, and let's try it , by the way in my case it was :
5253900
o.k kool !! so we find the good serial lets try it and ...
|
|
tKC ... (for showing me the light !! )
LW2000 ... ( Thanx alot i now use my brain )
[XasX] ... (a very good founder and a very good friend also!)
AzmO ... (yes!! man we are different !! )
Sir dReAm ... (i will be seeing u soon !! )
BoneZ ... (thanx alot for the support !!)
BillGameZ, VaibLitzeR, MezUz , and ShaQ ... (good luck to u all !! )
and to all TNT!CRACK!TEAM! members ... (keep up the good work !!)
any comments mail me : fattnt@yahoo.com
See ya in another tut !!! Soon !!!
--= EOF =--