By -=Para=- / TNT! cRACK tEAM '99
|
Program Name |
ICU version 2.21 | |
| Url location | http://www.mhsoftware.co.uk | |
| Tools Used | Wdasm | |
| Hiew |
| Ok , heres ia simple program to crack for
newbie's , I will show you a simple way of cracking ICU v2.21 for educational reasons
only . What we will achieve is to crack this program so we can register
this program with any serial number . So make sure you have ICU v2.21
installed on your PC .
First step I always Like to do is to start the program and go to the registration screen , and enter any number as the serial number . So lets do it with ICU ,( go to help , then register ,then enter key ) . Now of course we are going to get a error message box like this
Write down The message that appears , so here we take note it says ' Sorry , an Invalid Key has been entered ' . Ok click ok and exit the program . Start up Wdasm and disassemble ICU.exe
file . Once the exe file has been dissemble
Now we search down until we find our error message . Found it ? good , now double click it , and close this screen . 
You will now be main screen of Wdasm and you should now be looking at the code at that string.
This is start of the pop up message box that is called when we
entered the wrong serial number
Now what we need to do is to find a jmp.jne (jumps) that calls our error message , so scroll up until we find a * REFERENCED BY UNCONDITIONAL OR CONDITIONAL JUMP ADDRESS. this will be the address that jumps to our error message
Now we need to go to the location of this jump . 004BD803 in the above example . So scroll up to this code location .and lets look at it. This jump goes straight to our error message
Ok we know where the key is told to go if it is wrong . look at the next few lines after this jump? read the reffrences ? Its the registration process of the program ! so what now we think? what if the program didn't jump to the error message ?, and just keep going down the code ? yep it would go straight into the registeration process .
ok let change the code to do just that ! but first we need to get the offset location. point the mouse onto the (004bd803) jmp code line and look in the status bar of wdasm ( right at the bottom) and write down the @offset Location# (000bcc03) { note not the Code dat @ }with out the h at the end :)
Save the dissanbled file and exit both Wdasm and ICU . And start Hiew .
EDITING THE PROGRAM FILE Inside Hiew go to ICU folder and select ICU.exe .! press f4 once then scroll down to decode and press enter . Now press f5 ( search) and enter our offset number from above , press enter and you will be taken to the location of the jump we want to by pass . Press f3 (edit) .Now we need to change want the jump does , so for every 2 numbers we type 90 ( this is called nop , no operation ) . 756c . So in our case we have 75 6C so we replace this with 90 90 . Press f9 to update program and then f10 to exit . Ok now start ICU again and
go to the registration screen again and enter any number as a reg key ! Woola we get this message
" ICU has been registered for up to 1000 user ,
thank you for registering " .. Now do some test's to make sure everything works properly . exit the program and then restart making sure it stay's the full version , Set you clock date forwards pass the demo time limit and see if it still runs ! . etc..etc .Of course they all work fine !
|
d , we need to look for the error message the program gave us when we entered a wrong key . So to do this press the
Strn Ref (string
reference )button In wdasm
.This will bring up a new window with all the references in the program
.
