![]() Web
: http://kickme.to/mxbnet Nokia LogoManager 1.2.8
Type : LogoManager for Nokia Phones
Crack :
Looking at the section in PE editor shows that this file is packed.Not packed with ASProtect .. as early versions where.So we will unpack this baby.Make "in1" & "in2" section flags = E0000020.Now SICE will break at entry point.Now just few lines down and look for POPAD
0047FC3B POPAD = 61 OFFSET = 3103B - FOUND IN PACKED EXE :) PLACE FOR OUR CODE
So we will have to dump it here .. it is "now or never"
So make ... 0047FC3C JMP EIP = EB FE .... Come out of SICE and Dump full module using PEditor.
Now our dumped file works fine and we can use Win32DASM .... and search for nag strings.A quick look shows that this program is using one or more flags set.Searching through flag we can find an important place where these flags are set ...
0042B909 CALL [ECX+08]
Now we found out flags.Now put :
BPMB 00459284 W
This will lead us to where program resets our flags :).Following code can be found.
0040BCA2 CMP [EBP-04],EBX
Now program works well and but "About" Box doesn't show that it is registered.This can be easily traced.
0040BF1E CALL 409ED1
Run time Patch
Now our patch should look like this :
0042B909 CALL [ECX+08]
0040BF1E CALL 409ED1
Also disable instructions at address : 0040ADC8 OFFSET = ADC8& 0040BCA8 OFFSET = BCA8
This can be done easily inside our unpacked file ... but to distribute crack ... we will have to use runtime patching as our real file is packed file.Our attack point will be after the program unpacks itself i.e at 0047FC3C --- OFFSET = 3103C --- INSIDE PACKED FILE.It can be seen that there is enough space to write our code.
Run Time Patch Code :
0047FC3B POPAD = 61 OFFSET = 3103B |