|
Here we go... (I love this sentence)
load SmartCheck, and run the program. Write Skizo in the textbox that popped up, and when it says
that the registration code is wrong, click on STOP (in SmartCheck, the red square). Ok, let's see
how it keygened our nick ;)
We see a lot of ASC instructions: that's because the SoftGuard is a "XOR" protection :) I mean
that everything it gets in input, it captures the ascii value and xor with an another string. Oh,
the first thing the SoftGuard does with our nick is to remove any char not between 20h and 7Eh,
but it's not our business now. Looking down we can see our nick scrambled, that follows this algo:
First: it removes all the chars not between 20h and 7Eh
Second: it removes the char in the middle
Third: takes the last char of the nick and the first one
Fourth: removes the chars used and goes back to the third step
Got it? If not, read again the steps above.
The SoftGuard won't accept nick with at least two chars, and now we know why.
We have our brand new nick, "oSzk" and now we can see a lot of numbers. Don't worry, the numbers
are the ascii chars of the scrambled nick (111, 83, 122, 107). Now the things are a little harder
to understand, so I won't explain you how to find in the program what it is doing, but I'll
explain directly what it is doing: it XORs the ascii code of the first char of the encryption key
with the first of the the "11183122107", then with the second, the third and so on, and it puts the
result in a string: in our case we have
841228564117125118988183949582919583698881871136799893738511614138111288111
If the asciis string is shorter than the encryption key, it returns to the first char of the string.
Now there's the final thing: it analises the mask. If is needed a number, it puts the first char
in the numbers string and then removes it from that string, and if a char is needed it gets two
first chars, it makes a char (ex. 2 + 8 = Chr(28)), and
If the ascii code of the char is below 23 it adds 100
If the ascii code of the char is between 91 and 96 it subs 6
If the ascii code of the char is between 23 and 44 it adds 42
If the ascii code of the char is between 44 and 64 it adds 52
That's all. Easy, ain't it? Well... I know you are gonna kill me because you have seen things like
Encryption Key and Mask in the tutorial, without knowing what the hell they are... but damm, I'm
gonna explain... wait a moment, let me smoke my Marlboro and drink my Guinness :)
Ok, done! Load your hex editor, and open the urlmaster.exe. Try to find the "mask": remember that
we are cracking a VB program, so you have to look for a unicode string ("m" + chr(0) + "a" + chr(0)
+ "s" + chr(0) + "k" + chr(0)). Found? Sure, it's "UR###-#^#-###^^": in a mask the chars we have
to know are
# number
& letter
* small letter
^ capital letter
Now look for "encryptionkey" a little above the mask: is
^iAi>?FgxmU8r@obiwankenobiQGOGqeMe
Yeah, it's funny but I'm not joking :D
Ok, what you have to know now? Hmm... how the SGKT works: it's really easy. Download it from
my website, unzip and run the executable file. Done? Put the cracker and group names, the name
and the version of the program and the year of the release, then click on Check and open the
urlmaster.exe file... wait a bit... seen? Mask and Encryption Key are setted. Click on Save and
choose a folder. A subfolder will be created with the keygen project: run it and test it. Yes,
you don't have to code a thing, it works perfectly. Compile and you will get the Keygen. Changing
the icon of the "FakeForm" you will change the icon of the executable. You may wonder why I've
explained all these things while you could use this tool, well... you will understand when you will
read the EyeBatch tutorial ;)
Oh, last thing: the Journal Safe 2001 uses the same protection, even if you can't find the declarations
of the mask and the encryption key in the executable file. It doesn't mean that my program sux
(hehehe), but it means that the declarations are made run-time. The only thing you have to find out
is a string that could be a mask, and a string that could be an encryption key. I perfectly know
how to find them but I won't explain you: it's your homework. If you are in a big trouble, than
email me. Hmm... I don't remember its URL, but I think I will put a link in my site, so check the
keygen's section
|