Dark Heaven - Tutorial: Registration of JavaScript Scrambler Program: JavaScript Scrambler v1.1 Description: Encrypt Java-Scripts Author: (C) 1996-98 Harro Mueller Size: 259.584 Bytes (JSSCRAM.EXE) Used Tool: - W32DASM v8.93 1. First, we must find out which kind of protection use this program. To this we start "JavaScript Scrambler" and searching for a point to register it. Well, "JavaScript Scrambler" use a Serial-Number as protection ! To get a clue about our Serial now, write down any data on the Registrations Menu now. e.g. Name: Dark Heaven Serial: 1122334455 Noticing the appearing error message absolutely !!! 2. Leave the program and Load W32DASM89 3. Now, you should disassemble the JSSCRAM.EXE (to be on the safe side, save the code) and run the program via the Debugger [Debug/Load Process]. 4. Look for the error message "The serial number you entered, was wrong!" via [Refs/String Data References]. The corresponding lines are shown on the listing by double clicks. We find the reference(s) at the address(es) : 00434075 and 00433FA8. * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00433F8A(C), :00433FA8(C) | * Possible StringData Ref from Code Obj ->"The serial number you entered, " ->"was wrong!" | :00434075 B8A8414300 mov eax, 004341A8 ; <- the ERROR message :0043407A E865B1FFFF call 0042F1E4 :0043407F 33D2 xor edx, edx :00434081 8B832C020000 mov eax, dword ptr [ebx+0000022C] :00434087 E86068FEFF call 0041A8EC :0043408C 33D2 xor edx, edx :0043408E 8B8330020000 mov eax, dword ptr [ebx+00000230] :00434094 E85368FEFF call 0041A8EC :00434099 8B93EC010000 mov edx, dword ptr [ebx+000001EC] :0043409F 8B83E8010000 mov eax, dword ptr [ebx+000001E8] :004340A5 E806D2FFFF call 004312B0 SNIP 5. Now we must find the Jump to the Error message.Therefore we choose the menu [Goto] and the menu option [Goto Code Location] and enter the address 00433F8A (first reference). * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00433F30(C) | :00433F52 56 push esi :00433F53 8BD8 mov ebx, eax :00433F55 33C0 xor eax, eax :00433F57 55 push ebp :00433F58 68C5404300 push 004340C5 :00433F5D 64FF30 push dword ptr fs:[eax] :00433F60 648920 mov dword ptr fs:[eax], esp :00433F63 8D55FC lea edx, dword ptr [ebp-04] :00433F66 8B832C020000 mov eax, dword ptr [ebx+0000022C] :00433F6C E84B69FEFF call 0041A8BC :00433F71 8D55F8 lea edx, dword ptr [ebp-08] :00433F74 8B8330020000 mov eax, dword ptr [ebx+00000230] :00433F7A E83D69FEFF call 0041A8BC :00433F7F 8B45FC mov eax, dword ptr [ebp-04] :00433F82 E8A9FAFCFF call 00403A30 :00433F87 83F804 cmp eax, 00000004 ; <- length of name <= 4 :00433F8A 0F8EE5000000 jle 00434075 ; <- Jump to ERROR message :00433F90 8D4DF4 lea ecx, dword ptr [ebp-0C] :00433F93 8B55FC mov edx, dword ptr [ebp-04] :00433F96 8BC3 mov eax, ebx :00433F98 E81BFAFFFF call 004339B8 :00433F9D 8B45F4 mov eax, dword ptr [ebp-0C] :00433FA0 8B55F8 mov edx, dword ptr [ebp-08] :00433FA3 E898FBFCFF call 00403B40 ; <- here we set a Breakpoint :00433FA8 0F85C7000000 jne 00434075 ; <- Jump to ERROR message :00433FAE C6054859430001 mov byte ptr [00435948], 01 SNIP 6. At address 00433FA3 we must set a breakpoint via [F2]. Then we change to "JavaScript Scrambler" and enter our name and a dummy code : e.g. Name : Dark Heaven Serial Number: 1122334455 7. After entering our datas WDASM will break at our Breakpoint.Now we can take a look at the contents of the register address [edx] and [eax]. EDX = 00BA8B70: EDX-00000018 = Dark Heaven EDX+00000000 = 1122334455 EDX+00000048 = 1735-465-60 EAX = 00BA8BB8: EAX+00000000 = 1735-465-60 ( the searched serial ) 8. Now we can register "JavaScript Scrambler" with the serial we have found. As result we will get the message "Thank you for registering!". e.g. Name : Dark Heaven Serial Number: 1735-465-60 9. Note : After the successful registration, "JavaScript Scrambler" writes down our datas into the file "JsScrambler.ini" in the "Windows"- directory ! I hope you have fun with cracking! Dark Heaven 01.02.1999