Target: Anti-BO v1.5 URL: http://www.swiftp.com protection: serial number Description: Anti-BO detects people trying to access your system with the use of Trojans such as Back Orifice. Anti-BO logs the IP address and time-stamp for reporting purposes. It also has a system scanner, which will attempt to clean any infections of installed Trojans. Anti-BO has been a lot of help in the cracking down of Trojans. Some people using Anti-BO have reported attacks and had the attackers Internet accounts disabled, and even further. Tools you will need to crack this program: Soft-ice 3.0 or better (http://www.numega.com) programming knowledge (any language as long as you can code the keygen) How to make a keygen for this program: 1. Start the program, choose license and enter a name (6 chars at least) and a serial but DO NOT press OK yet, go into softice and set a breakpoint on hmemcpy (bpx hmemcpy). Now go back to the program and press the OK button, and bang, you are in softice. 2. Now press F5 to goto the next hmemcpy call, and press F11 to get out of the second call, now trace down until you are here: :0048493E mov edx, [ebp-04] <-- your entered name :00484941 lea ecx, [ebp-08] :00484944 mov eax, ebx :00484946 call 00484710 <-- code calculation :0048494B mov eax, [ebp-08] :0048494E push eax 3. So trace into the call, and step down until you come here: :0048476D mov al, [ebx+eax-01] <-- al=upcase(name[i]) :00484771 call 00402880 <-- makes al=upcase :00484776 cmp al, 41 <-- compare al, 41h='A' :00484778 jae 00484791 <-- jump if above or equal :0048477A mov eax, [ebp-04] <-- eax=name :0048477D call 00403C64 <-- makes eax=length(name) :00484782 mov edx, ebx <-- edx=i :00484784 add dl, 09 <-- dl=dl+9h :00484787 add al, dl <-- al=al+dl :00484789 add [ebp-14], al <-- ebp-14=char(ebp-14+al) :0048478C jmp 0048486D <-- jump :00484791 mov eax, [ebp-04] <-- eax=name :00484794 mov al, [ebx+eax-01] <-- al=upcase(name[i]) :00484798 call 00402880 <-- makes al=upcase :0048479D cmp al, 45 <-- compare al, 45h='E' :0048479F jae 004847B8 <-- jump if above or equal :004847A1 mov eax, [ebp-04] <-- eax=name :004847A4 call 00403C64 <-- makes eax=length(name) :004847A9 mov edx, ebx <-- edx=i :004847AB add dl, 0C <-- dl=dl+Ch :004847AE add al, dl <-- al=al+dl :004847B0 add [ebp-13], al <-- ebp-13=char(ebp-13+al) :004847B3 jmp 0048486D <-- jump :004847B8 mov eax, [ebp-04] <-- eax=name :004847BB mov al, [ebx+eax-01] <-- al=upcase(name[i]) :004847BF call 00402880 <-- makes al=upcase :004847C4 cmp al, 49 <-- compare al, 49h='I' :004847C6 jae 004847DF <-- jump if above or equal :004847C8 mov eax, [ebp-04] <-- eax=name :004847CB call 00403C64 <-- makes eax=length(name) :004847D0 mov edx, ebx <-- edx=i :004847D2 add dl, 16 <-- dl=dl+16h :004847D5 add al, dl <-- al=al+dl :004847D7 add [ebp-12], al <-- ebp-12=char(ebp-12+al) :004847DA jmp 0048486D <-- jump :004847DF mov eax, [ebp-04] <-- eax=name :004847E2 mov al, [ebx+eax-01] <-- al=upcase(name[i]) :004847E6 call 00402880 <-- makes al=upcase :004847EB cmp al, 4D <-- compare al, 4Dh='M' :004847ED jae 00484803 <-- jump if above or equal :004847EF mov eax, [ebp-04] <-- eax=name :004847F2 call 00403C64 <-- makes eax=length(name) :004847F7 mov edx, ebx <-- edx=i :004847F9 add dl, 22 <-- dl=dl+22h :004847FC add al, dl <-- al=al+dl :004847FE add [ebp-11], al <-- ebp-11=char(ebp-11+al) :00484801 jmp 0048486D <-- jump :00484803 mov eax, [ebp-04] <-- eax=name :00484806 mov al, [ebx+eax-01] <-- al=upcase(name[i]) :0048480A call 00402880 <-- makes al=upcase :0048480F cmp al, 51 <-- compare al, 51h='Q' :00484811 jae 00484827 <-- jump if above or equal :00484813 mov eax, [ebp-04] <-- eax=name :00484816 call 00403C64 <-- makes eax=length(name) :0048481B mov edx, ebx <-- edx=i :0048481D add dl, 2E <-- dl=dl+2Eh :00484820 add al, dl <-- al=al+dl :00484822 add [ebp-10], al <-- ebp-10=char(ebp-10+al) :00484825 jmp 0048486D <-- jump :00484827 mov eax, [ebp-04] <-- eax=name :0048482A mov al, [ebx+eax-01] <-- al=upcase(name[i]) :0048482E call 00402880 <-- makes al=upcase :00484833 cmp al, 55 <-- compare al, 55h='U' :00484835 jae 0048484B <-- jump if above or equal :00484837 mov eax, [ebp-04] <-- eax=name :0048483A call 00403C64 <-- makes eax=length(name) :0048483F mov edx, ebx <-- edx=i :00484841 add dl, 3A <-- dl=dl+eAh :00484844 add al, dl <-- al=al+dl :00484846 add [ebp-0F], al <-- ebp-0F=char(ebp-0F+al) :00484849 jmp 0048486D <-- jump :0048484B mov eax, [ebp-04] <-- eax=name :0048484E mov al, [ebx+eax-01] <-- al=upcase(name[i]) :00484852 call 00402880 <-- makes al=upcase :00484857 cmp al, 55 <-- compare al, 55h='U' :00484859 jbe 0048486D <-- jump if below or equal :0048485B mov eax, [ebp-04] <-- eax=name :0048485E call 00403C64 <-- makes eax=length(name) :00484863 mov edx, ebx <-- edx=i :00484865 add dl, 46 <-- dl=dl+46h :00484868 add al, dl <-- al=al+dl :0048486A add [ebp-0E], al <-- ebp-0E=char(ebp-0E+al) :0048486D mov eax, [ebp-04] <-- eax=name :00484870 call 00403C64 <-- makes eax=length(name) :00484875 mov edx, [ebp-04] <-- edx=name :00484878 movzx edx, byte ptr [edx]<-- edx=asc value of first letter of name :0048487B mov ecx, [ebp-04] <-- ecx=name :0048487E movzx ecx, byte ptr [ecx+01]<-- ecx=asc value of second letter of name :00484882 imul edx, ecx <-- edx=edx*ecx :00484885 shr edx, 1 <-- edx=edx shr 1 :00484887 add al, dl <-- length(name)=length(name)+dl :00484889 mov [ebp-0D], al <-- ebp-0D=char(al) :0048488C inc ebx <-- i=i+1 :0048488D dec esi <-- length(name)-1 :0048488E jnz 0048476A <-- jump if not zero :00484894 mov ebx, 00000008 <-- ebx=8 :00484899 lea esi, [ebp-14] <-- esi=ebp-14 (ebp-14=start of the calculated chars) :0048489C lea edx, [ebp-18] :0048489F xor eax, eax :004848A1 mov al, [esi] <-- al=asc value of ebp-xx char :004848A3 call 00408198 <-- inttostr :004848A8 mov edx, [ebp-18] <-- place the string here :004848AB lea eax, [ebp-0C] :004848AE call 00403C6C <-- place the string at the right place here :004848B3 inc esi <-- i=i+1 :004848B4 dec ebx <-- ebx=ebx-1 :004848B5 jnz 0048499C <-- jump if not zero :004848B7 mov eax, [ebp-08] :004848BA mov edx, [ebp-0C] :004848BD call 00403A80 :004848C2 xor eax, eax :004848C4 pop edx :004848C5 pop ecx :004848C6 pop ecx :004848C7 mov fs:[eax], edx :004848CA push 004848EF :004848CF lea eax, [ebp-18] :004848D2 call 004039E8 :004848D7 lea eax, [ebp-0C] :004848DA call 004039E8 :004848DF lea eax, [ebp-04] :004848E2 call 004039E8 :004848E7 ret ok, hard eh? :) here's a sample delphi keygen.. { Anti-BO v1.5 keygen by Klefz use for educational purposes only! } unit antibo; interface uses Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls; type TForm1 = class(TForm) cancel_btn: TButton; name_ed: TEdit; msg_ed: TEdit; Label1: TLabel; Label2: TLabel; Label3: TLabel; procedure cancel_btnClick(Sender: TObject); procedure FormCreate(Sender: TObject); procedure name_edChange(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form1: TForm1; al,dl:byte; penis,penis2,penis3,penis4,penis5,penis6,penis7,penis8,edx,ecx:longint; endsum,nisse:string; i:integer; implementation {$R *.DFM} procedure TForm1.cancel_btnClick(Sender: TObject); begin halt(0); end; procedure TForm1.FormCreate(Sender: TObject); begin Form1.Caption:='Anti-BO v1.5 keygen by Klefz / CRYSTAL'; name_ed.text:='Klefz / CRYSTAL'; end; procedure TForm1.name_edChange(Sender: TObject); { the calculation routine} label fel,ok,hah,nota,note,noti,notm,notq,notv1,notv2; begin al:=0; edx:=0; dl:=0; nisse:=chr($00)+chr($00)+chr($00)+chr($00)+chr($00)+chr($00)+chr($00)+chr($00); if length(name_ed.text)<6 then goto fel; for i := 1 to Length(name_ed.text) do begin; al:=ord(upcase(name_ed.text[i])); if (al > $41) or (al=$41) then goto nota; { cmp al, 41 jae } edx:=i; al:=length(name_ed.text); dl:=edx; { dl:byte (min 0, max 255) } dl:=dl+9; al:=al+dl; { al:byte (min 0, max 255) } nisse[8]:=chr(ord(nisse[8])+al); { add [ebp-14], al } goto hah; { jmp } nota: if (al > $45) or (al=$45) then goto note; { cmp al, 45 jae } edx:=i; al:=length(name_ed.text); dl:=edx; dl:=dl+$c; al:=al+dl; nisse[7]:=chr(ord(nisse[7])+al); { add [ebp-13], al } goto hah; note: if (al > $49) or (al=$49) then goto noti; { cmp al, 49 jae } edx:=i; al:=length(name_ed.text); dl:=edx; dl:=dl+$16; al:=al+dl; nisse[6]:=chr(ord(nisse[6])+al); { add [ebp-12], al } goto hah; noti: if (al > $4d) or (al=$4d) then goto notm; { cmp al, 4d jae } edx:=i; al:=length(name_ed.text); dl:=edx; dl:=dl+$22; al:=al+dl; nisse[5]:=chr(ord(nisse[5])+al); { add [ebp-11], al } goto hah; notm: if (al > $51) or (al=$51) then goto notq; { cmp al, 51 jae } edx:=i; al:=length(name_ed.text); dl:=edx; dl:=dl+$2e; al:=al+dl; nisse[4]:=chr(ord(nisse[4])+al); { add [ebp-10], al } goto hah; notq: if (al > $55) or (al=$55) then goto notv1; { cmp al, 55 jae } edx:=i; al:=length(name_ed.text); dl:=edx; dl:=dl+$3a; al:=al+dl; nisse[3]:=chr(ord(nisse[3])+al); { add [ebp-0F], al } goto hah; notv1: if (al < $55) or (al=$55) then goto notv2; { cmp al, 55 jbe } edx:=i; al:=length(name_ed.text); dl:=edx; dl:=dl+$46; al:=al+dl; nisse[2]:=chr(ord(nisse[2])+al); { add [ebp-0E], al } goto hah; notv2: hah: edx:=ord(upcase(name_ed.text[1])); { movzx edx, byte ptr [edx] } ecx:=ord(upcase(name_ed.text[2])); { movzx ecx, byte ptr [ecx+01] } edx:=edx*ecx; { imul edx, ecx } penis:=edx; al:=length(name_ed.text); penis:=penis shr 1; dl:=penis; al:=al+dl; nisse[1]:=chr(al); { mov [ebp-0D, al } end; penis:=ord(nisse[1]); { penis=asc value of first char in string nisse } penis2:=ord(nisse[2]); { penis2=asc value of second char in string nisse } penis3:=ord(nisse[3]); { penis3=asc value of third char in string nisse } penis4:=ord(nisse[4]); { penis4=asc value of fourth char in string nisse } penis5:=ord(nisse[5]); { penis5=asc value of fifth char in string nisse } penis6:=ord(nisse[6]); { penis6=asc value of sixth char in string nisse } penis7:=ord(nisse[7]); { penis7=asc value of seventh char in string nisse } penis8:=ord(nisse[8]); { penis8=asc value of eighth char in string nisse } endsum:=inttostr(penis8)+inttostr(penis7)+inttostr(penis6)+inttostr(penis5)+inttostr(penis4)+inttostr(penis3)+inttostr(penis2)+inttostr(penis); msg_ed.text:=endsum;goto ok; fel: msg_ed.text:='You must enter atleast 6 chars!'; ok: end; end. /Klefz - klefz@cryogen.com - http://klefz.cjb.net