http://nuclearcrackers.cjb.net
present :
_______________________________________________________________________________________________
Autor of tutorial : H!ghSt@ck
Target : Kleptomania v2.1
My Tools : SoftIce 4.05, Tasm 5.0
_______________________________________________________________________________________________
Hi everybody !
Today we are going to crack Kleptomania v2.1 http://www.structurise.com/kleptomania/ This program has trial period for 21 days. Ok, Let's start ! Sorry for my bad english!
Open SystemClock and enter into the month window the next month. Run k-mania.exe and you see the icon in SystemTray. Click on it and select anything. Oops ! Message 'This trial version has expired'. This is a standart API function. Open SoftIce (Ctrl+D) and set breakpoint bpx MessageBoxA, press F5 and go out into Windows. Click on icon Kleptomania and select anything. We see SoftIce. Press F12 then Enter and we see a code :
* Reference To: USER32.MessageBoxA, 0rd:0195h
:00410F2B FF150C034300 Call dword ptr [0043030C] <-- MessageBoxA
:00410F31 8BD8 mov ebx, eax <-- We are here
:00410F33 8D4508 lea eax, dword ptr [ebp+08]
:00410F36 53 push ebx
Ok, now we must look for the last comparison before the error message. Press Ctrl+UP key till find:
:00410F05 84CO test a1, al <-- if 0 then error message
:00410F07 59 pop ecx
:00410F08 7414 je 00410F1E <-- bad jump
Set breakpoint bpx 410F08. In this time you are here:
:00410F05 84CO test a1, al
:00410F07 59 pop ecx
:00410F08 7414 je 00410F1E (Jump !) <-- you must change Jump ! to No Jump
Go to flags window and select flag Z, then press Insert button and Enter. Now we have No Jump. Ok, press F10 and look for next comparison:
:00403428 84CO test a1, al
:0040342A 59 pop ecx
:0040342B 750B jne 00403438 (No Jump) <-- you must change No Jump to Jump (as past time)
Is It changed? Ok, press F10 and look for last comparison:
:00403166 E888020000 cal1 004033F3
:0040316B 84CO test a1, al
:0040316D OF84F9000000 je 0040326C (Jump) <--change Jump to No Jump
Yeh, it is work! But this don't work in next time. We must make the .crack.
-------------------- asm ------------------
.MODEL TINY
.CODE
.286
ORG 100h
start:
mov ah, 9
mov dx, offset MainTitle
int 21h
mov ax, 3D02h
mov dx, offset filename
int 21h <-- Open file
jnb Ok
mov ah, 9
mov dx, offset error
int 21h <-- if file don't find
then error and exit
mov ax, 4C01h
int 21h
Ok: mov
bx, ax
mov ax, 4200h <-- set segment and
offset (address)
mov cx, 01h ; segment
mov dx, 0308h ; offset
int 21h
mov ax, 4000h
mov cx, 2 <-- two bytes to file
mov dx, offset BytesToWrite1
int 21h <--write file
mov ax, 4200h
mov cx, 00h ; segment
mov dx, 282Bh ; offset
int 21h
mov ax, 4000h
mov cx, 5
mov dx, offset BytesToWrite2
int 21h
mov ax, 4200h
mov cx, 00h ; segment
mov dx, 256Dh ; offset
int 21h
mov ax, 4000h
mov cx, 6
mov dx, offset BytesToWrite3
int 21h
mov ax, 3E00h
int 21h <-- Close file
mov ah, 9
mov dx, offset done
int 21h
mov ax, 4C00h
int 21h <-- Exit
MainTitle db 0Dh,0Ah
db 0dh,0ah
db ' ----------Hi-Stack present:---------',0dh,0ah
db ' ġġġ Crack for Kleptomania v2.1 ġġġ',0dh,0ah
db 0dh,0ah
db 0dh,0Ah,'$'
error
db 'File not found or file error...',0Dh,0Ah,'$'
filename
db 'k-mania.exe',0
done db
' + + + Trial period was deleted !!! + + +', 0Dh,0Ah
db '$'
BytesToWrite1 db 90h,90h
BytesToWrite2 db 0E9h,08h,00h,00h,00h
BytesToWrite3 db 90h,90h,90h,90h,90h,90h
end start
----------------------- end ----------------------
That's all ! Sorry for my bad English.
Thank's to : all NC members
mail to : highstack@usa.net