| W32dasm tut |
|
TARGET = archive
searcher DIFF = 1/10 TOOLS USED = W32dasm and a brain:) |
| Cracking Tutorial #1 By Chainie |
Hi fellow Crackers. I write this tutorial in a short amount of time. So i apologise if there is any grammer errors in this essay. Enjoy!!! Difficulty Level: Easy [X] Medium [ ] Hard [ ] Expert [ ] Program to be fixed "Archive Searcher" Toolz Required: W32Dasm 8.93 or later...... Brain...................... Computer...................:) ============================================= How to crack Archive Searcher using w32dasm ============================================= Run Archive Searcher and after it's installed you'll notice it pops up a nag screen asking for a code so right away you notice there is only a serial needed to unlock so that makes things a bit easy:) With that in mind lets open w32dasm and disassemble it. For those who dont know what i mean open w32dasm and then click on "disassembler" at the top of w32dasm click on "open file to disassemble" Load "Searcher.exe" w32dasm will then begin to disassemble our file:) When W32dasm has finished loading our file lets look at the menu here we are looking for "Strn Ref" click on that button. You should see a menu at this point called "W32Dasm List string Data Items" if so were in the right area:) if not then back up and do the last step again. Ok now we noticed when we put in our serial in the begining we didnt get no error message in Archive searcher so we cannot search for an "error string" but we can search for a thank you for registration string:) or in this case "Thank you for purchasing Archive" when you find this string double click on you will then notice w32dasm will move to that string:) Look at the chart below as this is what you should be seeing right now in w32dasm This code can sometimes be hard to follow but in this case its pretty simple:) ==================================START CODE================================== Possible StringData Ref From Code Obj ->"Thank you for purchasing Archive" ->"Searcher!" :0044B2B6 B800B34400 mov eax, 0044B300 :0044B2BB E8280CFFFF call 0043BEE8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0044B2A6 (C) :0044B2C0 33C0 xor eax, eax :0044B2C2 5A pop edx :0044B2C3 59 pop ecx :0044B2C4 59 pop ecx :0044B2C5 648910 mov dword ptr fs: [eax], edx :0044B2C8 68DDB24400 push 0044B2DD *Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0044B2DB(U) | :0044B2CD 8D45FC lea eax, dword ptr [ebp-04] :0044B2D0 E8DF84FbFF call 004037B4 :0044B2D5 C3 ret================================================================================ If you see the above code then your in the right place:) all we need to do now is search above this code to see if maybe the programmer was sloppy and left our code out in the open:) Ok now we just need to scroll up a few lines till we see this: *Possible StringData Ref From Code Obj ->"L9CE1HITI8RESE1" :0044B29c BaE8B24400 mov edx, 0044B2E8 :0044B2A1 E89A88FBFF call 00403B40 :0044B2A6 7518 jne 0044B2C0 *Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0044B239(C) | :0044B2A8 A1C8CD4400 mov eax, dword ptr [0044CDC8] :00FFB2AD 8B00 mov eax, dword ptr [eax] :0044B2AF C7400C010000000 mov [eax+0C], 00000001 ,If you look at this line *Possible StringData Ref From Code Obj ->"L9CE1HITI8RESE1" you notice that there is a serial # and the programmer was a bit sloppy:) well lets check it out enter this code in your Archive Searcher it's the right code as you can see there is only 1 code for this program and it really wasen't that hard to find i hope you enjoyed this as much as i have:) chainie@biw-reversing.cjb.net ====================================== Greets go out to ====================================== http://biw.rult.at/ THe people from biw specially Detten and Fuss:) |