|
June 99
|
Cracking DataSAFE 1.28
|
Win '95 Program
Win
Code Reversing
|
|
|
by ViPeR
|
|
|
|
Code Reversing For Beginners
|
|
|
Program Details
Program Name:DataSAFE 1.28
Program Type: Encryption Utility.
Program Location: Here
Program Size: 1.73 meg
|
|
|
Tools Used:
Softice V3.2 - Debugger
|
|
|
Rating
|
Easy
( X ) Medium ( ) Hard ( ) Pro
( )
|
There
is a crack, a crack in everything. That's how the light gets in. |
DataSAFE 1.28
'Catching the registration key'
Written by ViPeR
DataSAFE creates a safe and locks your files in with the password and combination you supply. The recipient of your secured information does not need to have.
|
About this protection system
|
You need to enter name, company and key in order to register this program.
Start the program SAFE32.exe, can click the register button. In order to register this
program, you need to enter User's name, Organization name, and registration number. I enter the
following information:
Name: ProfViper
Organization name: Home
Registration number: 54545454
Before you click 'OK' button, press Ctrl-D to get into Soft-Ice and set a breakpoint
by typing bpx getwindowtexta. Done that? ok. Type x, and press Enter to leave Soft-Ice. Now,
click 'OK' button, *BOOM* and you are back to Soft-Ice again. Type x, press enter and
type x, press enter, then press F11 to get back to the caller. You will find
you are at,
:
:0043158F 8B4D10 mov ecx, dword ptr [ebp+10]
:00431592 6AFF push FFFFFFFF
:
Press F10 to get pass 0043158F, and d ecx. You will see
.....
FC 15 DE 00 00 .....
.....
on the data window. If now you type d DE15FC, you will see your name shows up
on the right-hand side of the data window. Ok, let's continue. Keep pressing F10
several times until you land at,
:
:00409B14 8378F805 cmp dword ptr [eax-08], 00000005
This line compare the length of your name with 5.
:00409B18 7C09 jl 00409B23
:00409B1A 8B4660 mov eax, dword ptr [esi+60]
:00409B1D 8378F801 cmp dword ptr [eax-08], 00000001
This line compare the length of your registration number with 1, means, the length of
your registration number should be at least 1. F10 until you land at 00409B2E.
:00409B2E 50 push eax
:00409B2F E88CCB0000 call 004166C0
:00409B34 59 pop ecx
The above call put the hex value of your registration number in EAX. To see this, type
? eax, and you will see 54545454.
:00409B35 8BF8 mov edi, eax ; move reg. no from eax to edi
:00409B37 FF7664 push [esi+64]
:00409B3A E8EB9D0000 call 0041392A
:00409B3F 3BF8 cmp edi, eax ; edi=03404C2E(hex) which
; is 54545454 in decimal.
; eax contains the real registeration
; key in hex mode.
Now, this is the interesting part. The above call calculate the real registration number
and put it in eax. So, if you are interested in writing a key generator for this
program, you should study what is inside the call. Ok, in order to see what the real
regitstration number is, type ? eax and you will see the real registeration key is 6969125.
Job done.
My thanks and gratitude goes to:-
Fravia+ for providing possibly the greatest
source of Reverse Engineering
knowledge on the Web.
Do I really have to remind you all
that by buying and NOT stealing the software you use will ensure that these
software houses will continue to produce even *better* software for
us to use and more importantly, to continue offering even more challenges
to breaking their often weak protection systems.
If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.
Essay
by: ViPeR
Page Created: 3rd June
1999