Cracking Tutorial #58:
Cracking 4-Net v2.1
[cracked bY:] sLeEpY¿[FWA/NWA/FTPR8Z] iN 07/2002
[difficulty:] beginner
[where:] http://5star.freeserve.com/Internet/InternetTools/4net-download.html
[tOOLz:] W32dasm 8.93 & Hiew 6.x

KANAL23 Tutorial

http://www.kanal23.net



4-Net v2.1

Download it from

http://5star.freeserve.com/Internet/InternetTools/4net-download.html 



Written by

sLeEpY¿

Tools

  • W32Dasm 8.93

  • Hiew 6.x

Rating

  • Easy {X}

  • Medium { }

  • Hard { }

  • Pro { }



Introduction

A comprehensive Internet tools package with many useful functions including Ping, Finger, Traceroute, and hostname/IP address resolution.

Ping a specified host to determine its network status, Finger a specific user or email address to find out detailed information about the user, and use Traceroute to determine the route and speed of all information you send and receive on the Internet.

4-Net also allows you to maintain your Internet connection indefinitely by simulating Internet activity.


The Essay


Try and register the prog and most likely you will be greeted with this:

Error
Invalid registration code!
[OK]


Make your backups ect and disassemble the prog.

Now check the String Refs for our clues...

"Invalid address!"
"Invalid argument"
"Invalid Handle"
"Invalid host address"
"Invalid Host/IP address ("
"invalid Host/IP address"
"Invalid internal SendFlags"
"Invalid query string format."
"Invalid registration code!" <-our error msg, double click it
"Invalid SendFlags"
"Invalid socks level. Must be 4, "
"Invalid Winsock Version"
"ioctlSocket"
"ioctlsocket"
"IsControl"
"JanFebMarAprMayJunJulAugSepOctNovDec"
"JPEG Image File"

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00480C84(C)
|
:00480C89 8D55F4 lea edx, dword ptr [ebp-0C]

* Possible StringData Ref from Code Obj ->"Cl4nET" <-thought it was hardcoded but no

:00480C8C B8600D4800 mov eax, 00480D60
:00480C91 E80632F8FF call 00403E9C
:00480C96 8D55EC lea edx, dword ptr [ebp-14]
:00480C99 8B45FC mov eax, dword ptr [ebp-04]
:00480C9C 8B8048020000 mov eax, dword ptr [eax+00000248]
:00480CA2 E8A9E7F9FF call 0041F450
:00480CA7 8B55EC mov edx, dword ptr [ebp-14]
:00480CAA 8B45F4 mov eax, dword ptr [ebp-0C]
:00480CAD E86E30F8FF call 00403D20
:00480CB2 7530 jne 00480CE4 <-offset 800B2 bad msg
:00480CB4 8D55EC lea edx, dword ptr [ebp-14]
:00480CB7 8B45FC mov eax, dword ptr [ebp-04]
:00480CBA 8B8048020000 mov eax, dword ptr [eax+00000248]
:00480CC0 E88BE7F9FF call 0041F450
:00480CC5 8B55EC mov edx, dword ptr [ebp-14]

* Possible StringData Ref from Code Obj ->"Cl4nET"

:00480CC8 B8600D4800 mov eax, 00480D60
:00480CCD E82632F8FF call 00403EF8
:00480CD2 85C0 test eax, eax
:00480CD4 7E0E jle 00480CE4 <-offset 800D4 bad msg
:00480CD6 A1743A4900 mov eax, dword ptr [00493A74]
:00480CDB 8B00 mov eax, dword ptr [eax]
:00480CDD E8DAD80000 call 0048E5BC
:00480CE2 EB37 jmp 00480D1B <-jump to good message!

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00480CB2(C), :00480CD4(C)
|
:00480CE4 6A00 push 00000000
:00480CE6 668B0D680D4800 mov cx, word ptr [00480D68]
:00480CED B201 mov dl, 01

* Possible StringData Ref from Code Obj ->"Invalid registration code!"

So we take out the 2 jumps to the bad msg and only 1 is left for the program to take, the good one.

Change this:
:00480CB2 7530 jne 00480CE4
to this:
:00480CB2 9090 nopnop

also Change this:
:00480CD4 7E0E jle 00480CE4
to this:
:00480CD4 9090 nopnop

Now the program will give you this when you register!

Information
Thank you for registering 4-Net!
Please restart 4-Net for changes to take place.
[OK]


We restart the program and the registration button is gone, we are still regged, no startup check. No time limit, what an easy target. Program Cracked =)

Laterz!

Final thoughts


Word....and stuff. BOOOOOOOOOORING TUTORIAL....


Greetings


Groups: FWA, NWA, FTPiRatEz! HAR! BEASTFXP!, KANAL23
Individuals: MiNioN, GreycZ & his cuppy, KlutCh, KiNgEr, MidNight, Edogg, Neoman, movax4c00int21, Acid_Cool_178, All those tuts I read from everyone who writes them.

CopyLeft:
sLeEpY¿
[all rights reversed]
Boredom causes crackers and babies.
Visit http://zor.org/sleepy & http://www.bright.net/~testsubject001
Mail sleepy@linuxwaves.com

This Document is copyrighted by kanal23 and it's members. Please mail the author of this document for complaints and those things.
Kanal23 is signing out for now.

="margin-bottom: 0cm">