þ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿þ ÛÛÛÛ ÛÛ ÛÛÛ ÛÛ ÛÛÛ ÛÛÛÛ ÛÛ ÛÛ ÛÛ ÛÛÛÛ ÛÛ ÛÛÛÛ ÛÛÛÛ ÛÛ Û ÛÛÛÛ ÛÛÛÛÛ ÛÛ Û Û Û Û Û Û Û Û Û Û Û ÛÛ Û ÛÛ Û ÛÛ ÛÛ Û Û ÛÛ Û Û ÛÛ Û ÛÛ ÛÛ ÛÛÛÛÛ ÛÛÛÛ ÛÛÛÛ ÛÛ Û ÛÛ Û ÛÛ Û Û Û Û ÛÛÛÛÛÛ Û Û ÛÛ Û Û Û Û ÛÛ ÛÛÛÛÛ ÛÛÛÛÛ Û Û ÛÛÛÛÛ ÛÛÛ Û Û ÛÛ ÛÛ Û ÛÛ ÛÛÛ Û ÛÛÛÛÛÛ ÛÛ Û ÛÛÛ Û ÛÛÛ Û Û ÛÛÛÛÛÛ Û Û Û ÛÛ ÛÛ Û Û Û ÛÛ ÛÛ ÛÛÛÛ ÛÛÛÛ ììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììì Cracking Tutorial #28: CrAcKiNG Blackboard Encrypt 1.1 using w32dasm and resource hacker [cracked bY:] sLeEpY¿[FWA/NWA/FTPR8Z] iN 05/2002 [difficulty:] beginner [where:] http://store.yahoo.com/bsoftware/winsec.html http://www.blackboardsoftware.com/ [tOOLz:] W32dasm 8.93, Hiew 6.1, resource hacker ììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììì blackboard encrypt 1.1 bcrypt11.exe Word... man im in a different kind of mood today but im bored, its raining, im at work in this bodega computer store that had 2 customers all day so here is another bored ass tutorial for you if you are bored and want to read it. well i guess if you wanted to read it you would have read this allready. anyway the target is........... !!!!!!!!!!! "blackboard encrypt 1.1" !!!!!!!! WOOHOO OUR random surfhit of the day! Sorry suckas! Well run the prog and we are greeted with a "FUCK YOU" nag screen. BlackBoard Encrypt UNREGESTERED. This will expire in 30 days. [OK] Ya ok, whatever, i will never use this program again but i can garuntee when im done it wont ever expire, it will just become obsolete. Register requires a name and key combo, im lazy today so im gonna take it apart and patch it. No error msg for an invalid code but i bet you get one for registering it, so lets check the String Refs... Interesting things in the string refs: "30 day trial period is now over." "bbcrypt.ini" <-probably where the name/key is stored "BlackBoard Encrypt" <--title of our nag & prog "Registered" "UNREGISTERED" "UNREGISTERED. This will expire " <--our nag, how nice... First lets kill that annoying damn nag.. "UNREGISTERED. This will expire " Double click it and you will land here: :0047256F The only location... Jumped from 2 places (scroll up a bit and you will see): ììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììì * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00472551(C), :0047255F(C) <-jumped to nag from these places | ììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììì So lets go open up the code there: ììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììì :0047253B 755C jne 00472599 <-jump to no nag (offset 7193B) :0047253D E8C2BAFFFF call 0046E004 :00472542 A138494900 mov eax, dword ptr [00494938] :00472547 BA08264700 mov edx, 00472608 :0047254C E87717F9FF call 00403CC8 :00472551 751C jne 0047256F <-jump to nag (offset 71951) :00472553 8B06 mov eax, dword ptr [esi] :00472555 8B8058030000 mov eax, dword ptr [eax+00000358] :0047255B 80782400 cmp byte ptr [eax+24], 00 :0047255F 750E jne 0047256F <-jump to nag (offset 7195F) :00472561 A1402F4900 mov eax, dword ptr [00492F40] :00472566 8B00 mov eax, dword ptr [eax] :00472568 E81F6BFBFF call 0042908C :0047256D EB59 jmp 004725C8 <-jump to access violation windows nag ììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììììì So to get rid of the friggen nag... Change this: :0047253B 755C jne 00472599 to this: :0047253B EB5C jmp 00472599 Ok, simple problem solved. Next... Lets skip the date ahead a couple years and see if we got that 30 day problem. Nope! We have killed it with our nag patch. Next...Ah the unregistered shit. That would probably be here: "UNREGISTERED" Lets check it in the w32dasm string refs: That appears in one place, 00474111, lets open the code up. :0047410A 7524 jne 00474130 (offset 7350A) :0047410C A1FC314900 mov eax, dword ptr [004931FC] *Possible StringData Ref from Code Obj ->"UNREGISTERED" 00474111 BA58414700 mov edx, 00474158 Change this: :0047410A 7524 jne 00474130 to this: :0047410A EB24 jmp 00474130 Now we dont have that UNREGISTERED in the registered to box. Well there is no other limitations to this program, so lets clean it up a little bit by using a resource editor. I like resource hacker! Open the prog in resource hacker and find your way to: -RCData -TABOUTFORM 0 Click 0 and you will see a bunch of stuff you can edit. If you just want the prog to be regged to you change this: Caption = 'Registered to :' to this: Caption = 'Registered to : sLeEpY¿' Then delete this right below it: object Edit1: TEdit Left = 88 Top = 160 Width = 145 Height = 21 Enabled = False TabOrder = 0 end Click compile at the top and then save, now that stupid box is gone and it just says Registered to : sLeEpY¿ or whatever name you like. You can change other things in there too, i changes the email and webpage to mine as well. Those are located here: Hint = 'www.blackboardsoftware.com' Caption = 'http://www.blackboardsoftware.com' URL = 'www.blackboardsoftware.com' Hint = 'dalin@blackboardsoftware.com' Caption = 'dalin@blackboardsoftware.com' URL = 'dalin@blackboardsoftware.com' Just change em to whatever your webpage and email is if you wanna personalize it. Next up is that button to get to the register screen. We dont need it anymore. Navigate to: -RCData -TMAINFORM 0 Click on the zero and find: object Register1: TMenuItem Caption = '&Register' OnClick = Register1Click end Just highlight those lines and remove them. Compile the script and save the program, now run it, no more register button! Later! ¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼¬½¼ email me if you are bored: sleepy@linuxwaves.com ._Tutorialz_. [-------------------------------------------------------------------------------] [ 1. Cracking Cosmi's Generic Installshield Protection ] [ 2. CRACKING(?) MATH WORKSHOP 2.0 ] [ 3. CrAcKiNG DLSuperCBT Resynchronizing Byte Compare Program ] [ 4. CrAcKiNG the nag on DLSuperCBF - Dir Binary File Compare Program ] [ 5. CrAcKiNG n)0(va crackme v3 (crazy approach) ] [ 6. CrAcKiNG mIRC(R) v5.91 Internet Relay Chat Client ] [ 7. CrAcKiNG Actionizer 1.4 ] [ 8. CrAcKiNG Tag Wizard 4.3.0 ] [ 9. CrAcKiNG Freecell for Win2k and WinXP ] [10. CrAcKiNG Netrace 1.0a ] [11. CrAcKiNG Winrar 3 Beta 2 THROUGHLY ] [12. CrAcKiNG Aditor Pro 3.05 build 1 ] [13. CrAcKiNG EasyType 1.0 ] [14. CrAcKiNG The Psychedelic Screen Saver v2002.0215 ] [15. CrAcKiNG Applet Headline Factory Version 4.0 ] [16. CrAcKiNG Codewhiz Editor Version 1.7 (build 1.01b) ] [17. CrAcKiNG iuVCR 4.0.0.205 beta5 Trial (R_02-28-2002) ] [18. CrAcKiNG The Weakest Link -NOCD- ] [19. CrAcKiNG Blowfish 2000 V2.3 by finding a valid serial ] [20. CrAcKiNG the CD Check in Tony Hawk Pro Skater 3 ] [21. CrAcKiNG DLL Show 4.7 bY Turning it Into its Own Keygen ] [22. CrAcKiNG Opera 6.01 bY making a valid serial and manually unpacking Aspack ] [23. CrAcKiNG Tickle 2.8 with w32dasm, & finding a valid serial with SI hmemcpy ] [24. CrAcKiNG AxMan 3.12 with a valid serial using softice Hmemcpy ] [25. CrAcKiNG Acid_Cool_178 Assembler Crackme01 using W32dasm ] [26. CrAcKiNG Mirc 6.1 bY finding a valid serial using Softice Hmemcpy ] [27. CrAcKiNG Bitmap to Icon 3.5 two ways with w32dasm & Softice ] [28. CrAcKiNG Power Edit 1.1 by unpacking UPX w/procdump and using w32dasm, then] [ finding a valid serial with Softice ] [29. CrAcKiNG Blackboard Encrypt 1.1 using w32dasm and resource hacker ] ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ gReEtz: MiNioN, GreycZ, KlutCh, KiNgEr, MidNight, FWA, NWA, FTPiRatEz! HAR! BEASTFXP! ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ CopyLeft: __ ______ __ __ _ _____/ / ___ / ____/__\ \/ /(_) / ___/ / / _ \/ __/ / __ \ // / (__ ) /__/ __/ /___/ /_/ / / _/_ /____/_____|___/_____/ .___/_/\___/ /_/ [all rights reversed] Boredom causes crackers and babies. ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿