010011110000010010100101010110011011010101010100110101011001010
011010101110101110110101101010101010101010110100100101010110101
10 10
01 @@@ pppppp @@@ ccccc 11
10 @ @ pp pp @ @ ccccccc 11
01 @ @ @ pppppp @ @ @ cc 10
01 @ @ p p @ @ cc 01
01 @ @ @ p p @ @ @ ccccccc 00
10 @ @ @ @ ppp @ @ @ @ ccccc 11
11 @p@c 10
10 fffffffff oooooo ''' eeeeeeeevvv vvv @@@ 01
01 fffffffff oooooooo ' eeeeeeee vv vv @ @ 00
10 fff oo oo eee vv vv @ @ @ 11
00 fffffffff oo oo eeeeeeeeee v v @ @ 01
11 fffffffff oo oo eee v v @ @ 10
00 fff oooooooo eeeeeeee v v @ @ @ 00
11 fff oooooo eeeeeeee v @ @ @ @ 10
01 wILDcAT*******************NeMo 01
010110101001101010101101001010101010101010101010101010101001101
101010101010110101010101010101010101010101101010101010101110010
MATHXPERT
TOOLS:HIEW, W32DASM
WELCOME LADIES AND GENTELMAN TO ANOTHER EPISODE OF CRACKING WITH NEMO AND WILDCAT.
THIS TIME WE WILL BE DOIN MATHEXPERT FOR ALL THOSE GEEKS MAJORING IN MATHEMATICS. AS
ALWAYS LETS DOWNLOAD THE PROGRAM AND INSTALL IT. AFTER WE HAVE INSTALLED IT WE WILL SEARCH
FOR THAT NAG SCREEN THAT POPS UP AND SAYS SORRY WRONG INFO, OR WRONG SERIAL. ONCE WE HAVE
DONE THAT WE WILL GO TO W32DASM AND DISASSEMBLE THE PROGRAM. BUT BE AWARE, THE INFORMAION
WE NEED IS NOT IN THE EXE FILE THIS TIME, NOPE, IT IS IN THE DLL FILE CALLED "MGODO59.DLL"
ONCE YOU HAVE DISASSEMBLED TAHT FILE SEE IT YOU CAN LOCATE THE NAG SCREEN. TO DO THAT YOU
NEED TO CLICK THAT ONE BUTTON TAHT SAYS STRING REFERENCES. IT SHOULD BE IN THE FAR RIGHT UP
TOP...ONCE YOU HACE CLICKED THAT, TRY TO SCROLL DOWN AND SEE IT YOU CAN LOCATE THE NAG
SCREEN. ONCE YOU HAVE DONE THAT DOUBLE CLICK ON IT AND HIT THE CLOSE BUTTON IN THE FAR LOWER
LEFT CORNER. THEN SCROOL UP TILL THE POINT
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.134B(C)<<<<<<<<<<<<<<<<==========================================THESE ONES
|
:0001.13BA 89E5 mov bp, sp
* Possible StringData Ref from Data Seg 013 ->"o"
YOU SEE THOSE NUMBERS UP TOP. WELL WE WILL HAVE WRITE THEM DOWN OR REMEMBER THEM. AFTER
WE HAVE THEM GO AHEAD AN CLICK THAT BUTTON UP TOP THAT SAYS GO TO CODE LOCATION. IT SHOULD
BE YELLOW AND FOURTH ONE DOWN FROM THE RIGHT. CAREFULLY TYPE IN THE NUMBERS FIRST WINDOW
0001
THEN
134B
THIS SHOULD TAKE YOU SOMEPLACE IN THE CODE THAT WE DONT KNOW. AND DON'T WANT TO KNOW...
NOW THAT YOU ARE LOST IN THE COMPLICATED CODE YOU BAR THAT STREATCHES ALL THE WAY ACCROSS
THE SCREEN SHOULD BE GREEN. AND AS IT IS GO AHEAD AN COPY THE OFFSET NYMBERS TAHT ARE
AT THE BOTTOM OF THE PROGRAMS WINDOW, THEY SHOULD LOOK LIKE THIS...@OFFSET 00001A4Bh
THOSE ARE THE CRITICAL NUMBERS.....YOU CAN PRETTY MUCH INGNORE THE FISRT THREE # AND THE LAST
LETTER "h" CAUSE WE DON'T NEED THEM. NOW GO AHEAD AND OPEN UP HIEW AND LOCATE THE DLL
FILE THAT WE JUST DISASSEMBLED...ONSE YOU HAVE DONE THAT OPEN IN BY HITTING 'ENTER' AND THEN
F4 AND SCROOL DOWN TO DECODE. THEN HIT F5 AND TYPE IN 01A4B, IT SHOULD TAKE YOU TO SOME
RANDOM PART OF THE CODE. THEN HIT F3 AND CHANGE ALL THE NUMERS ON THE LINE WITH A '90'.
SO IF THERE ARE NUMBERS THAT LOOK LIKE THIS '646143' THEN CHANGE THEM TO '909090' AND THEN
SAVE BY HITTING F9 AND F10 TO QUIT. RUN THE PROGRAM AND REGISTER.....TYPE IN ANY NAME YOU
WISH AND IT SHOULD SAY...REGISTERED.....AAAAAAAAAAAA.......I LOVE CRACKING....
YOU CAN ALSO GO TO MY SITE
DIAL.TO/NEMO AND CHECK SOME COOL THINGS OUT
MY EMAIL IS CRZZYY@YAHOO.COM
PEACE OUT MAN