///////////////////////////////////////////////////////////////////////
/////// cracking made easy --for mIRC v5.9
///////
//////////////////////////////////////////////////////////////////////
One day I was trying to make the key generator for mIRC
and I came to know that making the patch is much more simpler than to make
the key generator so I decided to write the tut about this method and I
think this method will work for the future versions also.
So our target is mIRC v 5.9
Target URL: http://www.mirc.com
Tools required:
1) Win32dasm
2)Hview
If you don't have then download form www.exetools.com ( if you don't know
how to use these tools then first read my tut about cracking cool speech 5.0
or any other tut covering the basic)
Let's start download and install the program .Now in mIRC window go to help
> register.
Now enter the name and any fake serial like
Name: code buster
Registration number : 0123456789
Now press register. A nag screen pops up displaying the error message"The
registration name and Number you have entered does not match".
So write down this error message and close mIRC.copy the mIRC.exe file to
any folder and rename It like IRC.exe .Fire win32dasm and disassemble the
file IRC.exe. Now click "string data reference" (SDR) box and search for the
error message.
Here it is:
String Resource ID=01911: "Your registration has been entered successfully."
String Resource ID=01912: "mIRC Registration"
String Resource ID=01913: "The registration name and number you have entered
do" <<<--------
String Resource ID=01914: "'Unable to get local host'"
Now double click the line and close the SDR box.you will land up to this
code location
* Possible Reference to String Resource ID=01913: "The registration name and
number you have entered do not Mat"
:004AD073 6879070000 push 00000779 <-------here.
:004AD078 E80AEAF6FF call 0041BA87
Now we have to find the reference which called these instructions to
execute. So move up words to find the reference.
You will get it as
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004ACF72(C) <------this is the reference which we are talking about. the
(C) indicates that coditional instruction called this reference.
:004AD02F 6A00 push 00000000
So to find out the instruction press shift+F12 and enter the code 004ACF72.
And you will see the conditional jump as follows
:004ACF6B E8D9FBFFFF call 004ACB49
:004ACF70 85C0 test eax, eax
:004ACF72 0F84B7000000 je 004AD02F <--------- jump if equal
now it executes the instruction test eax, eax and according to the result
executes the error message.So the logic is that when we enter the mane and
fake serial it checks with the serial calculated by the Program and if it is
not same then displays the error message.
So just change the JE to JNE ( jumpif not equal to) and the program will
accept our fake serial. Let's do it. First write down the offset of that
instruction. At the bottom of the win32dasm you will Get it @offset xxxxxxxx
in my case it is 000AC572. (Last h means it is hex number so neglect "h")
Now close win32dasm and open the file IRC.exe in Hview.press F4 to select
the docode mode.
Now using F5 enter the offset number. Press F3 and replace 84 by 85 ( code
of jne).
Press F9 to up date the file and F10 to exit.
Now it's time to test our trick.run IRC.exe and enter the fake info.message
pops up saying
"Thank you for registration!" and in "about" box instead "unlicensed copy"
it will show you the name used for the registration. Hay we have cracked the
program. Wait! Close the program and again run it to test that it is
completely cracked. Check about box.
Oh no! It is again saying it is unlicensed copy. What to
do???????????????????????
Is our logic wrong? No because after patching the code when we tried to
register it. We go the success. So what is the problem? Think...........
This is interesting that there are some codes which separately checks the
name and serial again. So let's patch them also but where are they?now just
go through the code from where we got the je 004AD02F instruction.
If you see . You will come to know that first it calls 004ACB49 then tests
eax and executes je instruction.so our key is the call instruction.so open
IRC.exe in win32dasm and press search > find text. Enter 004ACB49 and press
find you will get two more locations as follows(actually there are three but
we have patched one location already)
1)
:004ACD71 E8D3FDFFFF call 004ACB49
:004ACD76 85C0 test eax, eax
:004ACD78 7445 je 004ACDBF <---------- got it (offset 000AC378)
2)
:004ACCA1 E8A3FEFFFF call 004ACB49
:004ACCA6 85C0 test eax, eax
:004ACCA8 7418 je 004ACCC2 <---------- got it (offset 000AC2A8)
have you came to know that the codes which checks the serial have a fix
pattern
call 004ACB49
test eax, eax
je xxxxxxxx
Write down the offset address for the two je instructions. Open IRC.exe in
hview and replace 74 by 75(jne). Save the changes and exit . Now run IRC.exe
and enter the name and serial. We got the
popup message "Thank you for registration!" now close the program run it
again check about box. You will see the name used for registration. Hay!
That means we have cracked the program perfectly.
That's all friends.I have tried my best. If you have any difficulties or
questions then mail me if I have time I will try to ans you.
Also if you think the software is really worth of it then please pay for
it.because cracking
the software is much more easier than to make the software. Also the
programmers deserve it.
________________________________________________________________________________________________
--={CoDe bUstEr}=--
code_buster@rediffmail.com
cracking made easy--for mIRC v5.9.
To get more knowledge visit us at : http://kickme.to/ico
________________________________________________________________________________________________
This Site is owned by ICO copyright 2000-02©. Read the Disclaimer