þ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿þ ÛÛÛÛ ÛÛ ÛÛÛ ÛÛ ÛÛÛ ÛÛÛÛ ÛÛ ÛÛ ÛÛ ÛÛÛÛ ÛÛ ÛÛÛÛ ÛÛÛÛ ÛÛ Û ÛÛÛÛ ÛÛÛÛÛ ÛÛ Û Û Û Û Û Û Û Û Û Û Û ÛÛ Û ÛÛ Û ÛÛ ÛÛ Û Û ÛÛ Û Û ÛÛ Û ÛÛ ÛÛ ÛÛÛÛÛ ÛÛÛÛ ÛÛÛÛ ÛÛ Û ÛÛ Û ÛÛ Û Û Û Û ÛÛÛÛÛÛ Û Û ÛÛ Û Û Û Û ÛÛ ÛÛÛÛÛ ÛÛÛÛÛ Û Û ÛÛÛÛÛ ÛÛÛ Û Û ÛÛ ÛÛ Û ÛÛ ÛÛÛ Û ÛÛÛÛÛÛ ÛÛ Û ÛÛÛ Û ÛÛÛ Û Û ÛÛÛÛÛÛ Û Û Û ÛÛ ÛÛ Û Û Û ÛÛ ÛÛ ÛÛÛÛ ÛÛÛÛ ììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììì Cracking Tutorial #24: CrAcKiNG AxMan 3.12 with a valid serial using softice Hmemcpy [cracked bY:] sLeEpY¿[FWA/NWA/FTPR8Z] iN 04/2002 [difficulty:] beginner/intermediate [where:] http://www.mosaicware.com/ http://www.tucows.com/ [tOOLz:] softice 4.05, "optional" W32dasm if you wanna look at the deadlisting ììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììì AxMan 3.12 Date: August 6th, 2000 License: Shareware Size: 2.3MB Rating: 5 cows Cost:$15.00 Evaluation: 30 Days Information: AxMan will split files so that they will fit onto floppy disks. It can also split them to fixed sizes that the user determines. The program will even restore the file for you. Word... Im at work again and am really really bored. I love my job at this computer store. Crackprogs, work on computers, & smoke cigs all day. Today lets crack the latest AxMan, the last I saw a tutorial for was beta 3 so figured I would write one on 3.12. Start the prog, ugly nag ergg, goto register the prog..erg.. bad reg gives you: "Invalid Registration Information" I used the following: Name: sLeEpY Company: Cracked_Your_Ass_Muthafuckin Serial: 111111 Fill in all the info and Ctrl+D into softice...Set a Breakpoint on hmemcpy BPX HMEMCPY Press Ctrl+D, SI exits then press OK. SI pops back up, press Ctrl+D, SI pops back up, press Ctrl+D, ..and SI pops back up. You should be here: (may be diff on your comp except the hmemcpy) KERNEL!HMEMCPY 0147:9EA6 55 PUSH BP blah blah blah code, press F12 20 times and you will be in "AXMAN!.text+5906" Just looking at the code and you should guess that the Call, Test, then JNZ are probably where we wanna be. 0167:00406923 E83CFBFFFF CALL 00406464 <-our important call 0167:00406928 84C0 TEST AL, AL 0167:0040692A 7518 JNZ 00406944 You can verify it by disassembling the exe with w32dasm im sure. But anyhow, this jump must be taken for a successful reg: 0167:0040692A 7518 JNZ 00406944 (JUMP!) So then we find the first call before it (scroll up a little)and press F8 to enter it, and lets start checking for that serial. Inside the call @ 00406464: ììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììì 0167:00406464 55 PUSH EBP 0167:00406465 8BEC MOV EBP, ESP 0167:00406467 83EC18 SUB ESP, 18 0167:0040646A 8D45E8 LEA EAX, [EBP-18] 0167:0040646d 50 PUSH EAX 0167:0040646E FF750C PUSH DWORD PTR [EBP+0C] 0167:00406471 FF7508 PUSH DWORD PTR [EBP+08] 0167:00406474 E818000000 CALL 00406491 0167:00406479 FF7510 PUSH DWORD PTR [EBP+10] 0167:0040647C 8D45E8 LEA EAX, [EBP-18] 0167:0040647F 50 PUSH EAX ììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììì 0167:00406479 FF7510 PUSH DWORD PTR [EBP+10] D EBP and scroll up a little bit of the dump here for the serial, or just D EBP-20 if you cant scroll or dont know how. (ALT+up arrow for me) D ESP also holds the serial here! Your dump should look somethine like this: ..e.yd@..>x.'Fg. @Hg.152-647-621. <--our valid serial .$7l@Hg...e...e. 0167:0040647F 50 PUSH EAX D EAX gives the serial again... 0167:00406487 59 POP ECX D ECX gives us our fakey serial (111111) 0167:0040648A 59 POP ECX D ECX gives the serial again... Put in your Valid serial and let the program register... If all goes well we return from the call and put a 1 in AL and the jump will be taken and the program will be regged! Info: Name: sLeEpY Company: Cracked_Your_Ass_Muthafuckin Serial: 152-647-621 "Thank you for registering your copy of AxMan" This program was a cake, took about 5 minutes with Softice to crack! Laterz! ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ email me if you are bored: sleepy@linuxwaves.com ._Tutorialz_. [-------------------------------------------------------------------------------] [ 1. Cracking Cosmi's Generic Installshield Protection ] [ 2. CRACKING(?) MATH WORKSHOP 2.0 ] [ 3. CrAcKiNG DLSuperCBT Resynchronizing Byte Compare Program ] [ 4. CrAcKiNG the nag on DLSuperCBF - Dir Binary File Compare Program ] [ 5. CrAcKiNG n)0(va crackme v3 (crazy approach) ] [ 6. CrAcKiNG mIRC(R) v5.91 Internet Relay Chat Client ] [ 7. CrAcKiNG Actionizer 1.4 ] [ 8. CrAcKiNG Tag Wizard 4.3.0 ] [ 9. CrAcKiNG Freecell for Win2k and WinXP ] [10. CrAcKiNG Netrace 1.0a ] [11. CrAcKiNG Winrar 3 Beta 2 THROUGHLY ] [12. CrAcKiNG Aditor Pro 3.05 build 1 ] [13. CrAcKiNG EasyType 1.0 ] [14. CrAcKiNG The Psychedelic Screen Saver v2002.0215 ] [15. CrAcKiNG Applet Headline Factory Version 4.0 ] [16. CrAcKiNG Codewhiz Editor Version 1.7 (build 1.01b) ] [17. CrAcKiNG iuVCR 4.0.0.205 beta5 Trial (R_02-28-2002) ] [18. CrAcKiNG The Weakest Link -NOCD- ] [19. CrAcKiNG Blowfish 2000 V2.3 by finding a valid serial ] [20. CrAcKiNG the CD Check in Tony Hawk Pro Skater 3 ] [21. CrAcKiNG DLL Show 4.7 bY Turning it Into its Own Keygen ] [22. CrAcKiNG Opera 6.01 bY making a valid serial and manually unpacking Aspack ] [23. CrAcKiNG Tickle 2.8 with w32dasm, & finding a valid serial with SI hmemcpy ] [24. CrAcKiNG AxMan 3.12 with a valid serial using softice Hmemcpy ] ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ gReEtz: MiNioN, GreycZ, KlutCh, KiNgEr, MidNight, FWA, NWA, FTPiRatEz! HAR! BEASTFXP! ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ CopyLeft: __ ______ __ __ _ _____/ / ___ / ____/__\ \/ /(_) / ___/ / / _ \/ __/ / __ \ // / (__ ) /__/ __/ /___/ /_/ / / _/_ /____/_____|___/_____/ .___/_/\___/ /_/ [all rights reversed] Boredom causes crackers and babies. ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿