Web : http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com


Main | Index

Sonork Server 1.04.06

Type : Database
Protection : Serial
Tech : Serial Fishing ...



Crack : I got this from : http://www.sonork.com

This program uses a very long S/N - 48 characters long ....!!!!!

It also uses simple look up tables to generate a S/N ....

ASCII - Look Up Table :
*****************
01AC234DE56789BF
A0123B678CD459EF
LM57TUVNOPQZWXY3

7891560OPQ234TVM
EASP546901HONT82
123456UIRP7890XY

43287MJ09UH65BT1
0FXJ9438OPM76521
1X4D95KJ6Q7S2380

Hex Look Up Table :
**************

0E 0A 0F 00 05 06 04 09 0D 0B 01 08 0C 07 03 05
0A 03 0C 07 06 00 0E 01 08 0F 09 05 0B 02 04 0D

Enter fake S/N = 555555555555555555555555555555551234567812345678

BPX GETDLGITEMTEXTA ...and click "Next" button in Server Instalation ....

MAIN CALL ...

0x40195F LEA EAX,[EBX+00000097] >> FAKE S/N
...............................................
0x40196A CALL 405F70
0x40196F ADD ESP,08
0x401972 TEST AL,AL
0x401974 JNZ 401982 ==>> GOOD BOY ...

INSIDE CALL 405F70 .....

0x405FA8 CMP ESI,30 ===>> S/N 48 - CHAR LONG ....!!!!
.............................
0x405FDC CALL 405BF4 >> ASCII LOOK UP ...LAST 8-SET CHAR ...
............................... >>
0x405FEF CALL 405BF4 >>
..............................
0x406000 CALL 405B95 >> HEX LOOK UP ...WITH ABOVE RESULT ...
.............................. >>
0x406011 CALL 405B95 >>
..............................
0x406039 CMP ESI,04 ========= LOOP 1
.............................
0x40604A CMP ECX,14 ==>> FIRST COMPARISION - when last 8-set char is encrypted the result
.......................................should be in the form x1 4x xx xx ...
..............................
0x406085 CALL 405BF4 >> ASCII LOOK UP .. FIRST 20 CHAR ...
............................... >>
0x4060A7 CALL 405BF4 >>
...............................
0x4060CB CALL 405B95 >> HEX LOOK UP ...WITH ABOVE RESULT ...
.............................. >>
0x4060E1 CALL 405B95 >>
..............................
0x4060FB CMP ESI,14 ========= LOOP 2
.............................
0x406115 CMP EAX,ECX ====>> IF 2ND LAST 8-SET i.e 12345678 ---algo--> 2654240A then
............................................ 240A must be = 0130

Expiration Date :

When encrypted S/N is passed through ..

0x401F21 PUSH ESI >> ENCRYPTED S/N
0x401F22 CALL 405CF1
0x401F27 POP ECX
0x401F28 TEST EAX,EAX
0x401F2A JZ 401F3A

should give EAX = 0 ... to make this last 8 -set hex should be full of zeros ... so start from here .....

Registration Info :

Reg Key = 555555555555555555555555B8M34M28B22B427701MDLUH0
Concurrent Users = 320
Expiration Date = None
Processors = 4
********************************************************
Reg Key = 55555555555555555555555555555555B2MB4277BODH56HX
Concurrent Users = 3520180
Expiration Date = None
Processors = 4


 


0x40A6AB CMP EDI,EAX =>3C --"60" ; EDI = NO: DAYS USED
0x40A6AD JLE 40A70A = 7E 5B --> GOOD BOY OFFSET = A6AD
...........................................
NOW BPMB 5F5A78 RW --- CONTINUE
...........................................
0x40A942 PUSH 5F5A78
0x40A947 CALL [005B42A8]
0x40A94D ADD ESP,04
0x40A950 CMP EDI,EAX
0x40A952 JLE 40A973 = 7E 1F --> GOOD BOY OFFSET = A952

So all you want to do is to convert :
JLE ---> JMP i.e 74 ===> EB

 


Suppose we just try to redirect this check to an original and virgin