؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
00000 00000000 0000 0000
377O 00000 J77t 30000000 O7J t7W 000Q 0000 H0000
d00000000 00000 00000000 0000; 0000000000 000 J000 0000
0003 0000 00000 W0000 0000 0000 W0000 00000 000W000
0000 ,0 0000O 0000 c0000 0000000d 0000 0000 c000000 0ZZ 0000
000000 00000 0000000000 0000000 0000 0000U 200000 0000000000
W00000 0000Q 0000 00000 0000 0000 U0000 00000 0000
W 0000 00000 0000d 0000 :0000 00000 0000Q 0000; 00000
0000t 000; 0000St0 0000 3000 00000 0d 0000 0000 t0000 0000Q 0000
000000000 00000000 00000000, 00000000 S000000000 00000 c0000 00000
HZZH 00ZZZZ0 HZWZ 00ZZZZZH 0000 QQ, :0QW0 U0000000000
t077H H0000U
Cracking Tutorial #8:
CrAcKiNG Tag Wizard 4.3.0
[cracked bY:] sLeEpY؟[FWA/NWA/FTPR8Z] iN 02/2002
[difficulty:] beginner
[where:] radioshack internal...probably on the net somewhere
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
tOOLz: W32dasm 8.93 w/vb sdr patch
Well to start with this one, just make the usual 3 copies and name em:
TWUser.exe, TWUser.W32, TWUser.BAK
Disassemble TWUser.w32 in w32dasm and while it is decompiling run the exe file.
A password prompt occurs here and allows you to enter a password. Enter any old
password and write down the error message. (to save time, press the "ok" button
without entering a password and write down that error message too)
Go back to w32dasm and click on SDR button. Look for the error msg:
"the password you entered is not valid"
This will drop ya here.
the password you entered is not valid
:00460E5D
Follow the code up and you will see where its called from,
After following the code up and tracing back where each call
is from you will eventually find that the error message is
made from this jump:
:00460DC4 0F845C010000 je 00460F26 <-jump if password is correct
Remember this spot and lets look for out other error message:
"Please enter a password"
This will drop you here:
Please enter a password
:00460CF5
tracing the calls up will eventually take you to a suspicious
place with 2 jumps:
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
:00460c5c 0F84E4000000 je 00460D46 <-jump if a password is there
:00460C62
:00460C67
:00460c69 7510 jne 00460C7B <-bad jump to "please enter a
password"
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
We want :00460C5C to be a jmp, but i couldn't remember how to make it just jump(EB)
because it modifies the code to much and renders the program "dead". Well a good
reference material would be "crackers notes" where i found a bunch of jump
instructions.
This works instead.
[0F 83 cw/cd JAE rel16/32 Jump near if above or equal (CF=0)]
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
So modify this code:
:00460C5C OF84E4000000 je 00460D46 <-if there is a password in the
to this code:
:00460C5C OF83E4000000 jae 00460D46 <-jump if above or equal
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
SO now to see what we changed go back to the program and leave the password field
blank and hit OK. Instead of ""please enter a password" we now get the error
message "the password you entered is not valid", Now type something in the
password field and hit OK, you should get the same error: "the password you entered
is not valid", kool so we have now defeated the 1st part of the protection.
On with the show...
OK, go back to the first code location we found:
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
:00460DC4 0F845C010000 je 00460F26 <-jump if password is correct
and change it to:
:00460DC4 0F855C010000 jne 00460F26 <-jump if password is incorrect
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
Now any code entered will work except the correct one.
Get it? instead of passing up that jump when you type in a bad password the
program will now take the jump on a bad password and load.
OK, the prog is cracked now, you can leave the password field blank and the prog
will still start up, thats what we took care of the first time.
Well now for a little extra, lets personalize the program so everyone knows we
cracked it....
Grab a copy of ultraedit 9, a nice program! Greetz to the dOOd that keygen'd it:
TO personalize tag wizard you can edit the startup that says:
Loading Tag Wizard, Please wait..
Open tagwizard up with ultraedit and do a search for tag and trace
it (F3) until you find the string (Loading Tag Wizard, Please wait..)
I changed mine to Cracked bY sLeEpY please wait...
The place is here in ultraedit:00010030h
Start tag wizard and press enter (who needs the password), and now you'll see
you modification "cracked bY: (you nic), please wait...
Ok it's 6:09, my job sucks still as always....hope you enjoyed this tutorial
don't worry we'll be getting into softice and other stuff soon enough, but
this foundation is needed so you will slowly see how things work.
Laterz!
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
email me if you are bored: sleepy@linuxwaves.com
._Tutorialz_.
[-------------------------------------------------------------------]
[1. Cracking Cosmi's Generic Installshield Protection ]
[2. CRACKING(?) MATH WORKSHOP 2.0 ]
[3. CrAcKiNG DLSuperCBT Resynchronizing Byte Compare Program ]
[4. CrAcKiNG the nag on DLSuperCBF - Dir Binary File Compare Program]
[5. CrAcKiNG n)0(va crackme v3 (crazy approach) ]
[6. CrAcKiNG mIRC(R) v5.91 Internet Relay Chat Client ]
[7. CrAcKiNG Actionizer 1.4 ]
[8. CrAcKiNG Tag Wizard 4.3.0 ]
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
gReEtz: MiNioN, GreycZ, KlutCh, KiNgEr, MidNight, FWA, NWA, FTPiRatEz! HAR! BEASTFXP!
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
CopyLeft:
__ ______ __ __ _
_____/ / ___ / ____/__\ \/ /(_)
/ ___/ / / _ \/ __/ / __ \ // /
(__ ) /__/ __/ /___/ /_/ / / _/_
/____/_____|___/_____/ .___/_/\___/
/_/
[all rights reversed]
Boredom causes crackers and babies.
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟