Software Reverse Engineering - PingSim v1.3 and NetSim v1.0 - Jump To Registered Status! Copyright (c) 1998 Volatility Document Courtesy of The Immortal Descendants - http://pages.prodigy.net/volatility These are both "half-useful" programs, and SIMPLE to crack. You can patch these programs so that they jump directly to registered status with just ONE modification. I'm just going to go through the PingSim crack, because NetSim is done the EXACT same way. --------------------------------------------------------------------------------------------- Targets: PingSim v1.3 (pingsimz.exe) - 238,065 bytes. Download this at: http://www.xs4all.nl/~houtriet/PingSim/Download/PingSimZ.exe NetSim v1.0 (netsimz.exe) - 186,210 bytes. Download this at: http://www.xs4all.nl/~houtriet/NetSim/Download/NetSimZ.exe Tools Needed: WDASM - recommended (or disassembler of your choice) HIEW - recommended (or hex editor of your choice) PMTK - recommended (or patcher of your choice) --------------------------------------------------------------------------------------------- Prepare To Crack: Run PingSimZ.exe after downloading to install PingSim. Run the program. No nag screen, that's a bonus. You'll see "UNregistered" in the titlebar though. I hate programs that do this, so let's crack it! You'll find the registration screen at "Options", "License Information". Enter some data for the registration key. I entered 272727. Hmm....nothing. Could be a Delphi program. I then entered "d", and got an error that "d" wasn't a valid integer... now we know the program only accepts numbers. This could be useful (but it won't be as you'll see). Starting The Crack: Let's disassemble this babe to see what we've got. Fire up Wdasm, and disassemble PingSim.exe - "Disassembler", "Open file to disassemble" then choose PingSim.exe. I checked the SDR (String Data References) window, to see if I could find the string for the error message we saw.. instead, I found some even more interesting strings.. "Registered" and "Registration Key". I double clicked on "Registration Key, but there was nothing useful here at first glance. I went back, and double clicked on "Registered". You'll land here: --------------------------------------------------------------------------------------------- * Possible StringData Ref from Code Obj ->"Registered" | :004455CB BAF0554400 mov edx, 004455F0 --------------------------------------------------------------------------------------------- Now look just a few lines above this. You'll see the following: --------------------------------------------------------------------------------------------- :004455C5 84C0 test al, al