|
|
|
|
|
|
|
|
O.k This program needs a User Name and a Password to register it , !! in this tutorial we will try to find or patch the program to take any user name and password !! , but as i found out that this program has the mose ever stupid protection i have ever seen !!!, read and see for yourself !!!
|
O.k you know what to do first , yes run the program !! , click on register , and enter any use name and password in my case i entered :
NAME : FaT[BiT]
Password : TNT!CRACK!TEAM!
and *boom* there is our error message , now you know what to do , yes copy the exe file to your w32dasm Dir. and dasm it , is it finished !!! wow !!! so fast , at my pc took alot of time , never mind let's look for our error message , o.k did you find it , kool !!! double click on it !! and scroll up a little bit to see like this :
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
* Possible StringData Ref from Code Obj ->"Incorrect username and password."
:0046F592 B890F64600 mov eax, 0046F690
|:0046F4DC(C), :0046F504(C) <-- nice !!! ha !!! Let's go there
:0046F597 E81839FEFF call 00452EB4
o.k so you see the address let's go them i like first to go to address 0046F4DC , so click on find enter tha address and you should see something like this :
* Possible StringData Ref from Code Obj ->"12aew"
:0046F4D0 BAC0F54600 mov edx, 0046F5C0
* Possible StringData Ref from Code Obj ->"9j8f5"
:0046F4F8 BAC8F54600 mov edx, 0046F5C8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:0046F504 0F8588000000 jne 0046F592 <-- where have i seen this address before ??
:0046F4D5 E80699F9FF call 00408DE0
:0046F4DA 85C0 test eax, eax
:0046F4DC 0F85B0000000 jne 0046F592 <-- jump to error message
:0046F4E2 8D55FC lea edx, dword ptr [ebp-04]
:0046F4E5 8B8318030000 mov eax, dword ptr [ebx+00000318]
:0046F4EB E86017FCFF call 00430C50
:0046F4F0 8B45FC mov eax, dword ptr [ebp-04]
:0046F4F3 E8784AF9FF call 00403F70
:0046F4FD E8DE98F9FF call 00408DE0
:0046F502 85C0 test eax, eax
|:0046F49D(C)
:0046F50A A1686B4A00 mov eax, dword ptr [004A6B68]
:0046F50F 8B00 mov eax, dword ptr [eax]
Well ... we have found our two jumps , and what can you tell from this code !!! , will we jump the first one at address 0046F4DC cuz our string is not equal to "12aew" , and we don't get to the next jump cuz we have allready jumped to the error message !!! hmmm !!! but if you look down in w32dasm you will see something like this :
* Possible StringData Ref from Code Obj ->"Registration is complete. Thanks "
->"for purchasing the Button Factory! "
->"Would you like to print the codes "
->"for future reference?" <-- our Thank you message !!!
So... it compares our user name and password with :
12aew <-- if our user name is not like this jump to error message
9j8f5 <-- if our password is not like this jump to error message
hmm !! o.k kool !!! let's try them run Applet Button Factory and click on register , and enter as user name 12aew and as a password enter 9j8f5 , click o.k and !!! yes yes yes yes yes !!!
|
O.k there you have it , i hope you have enjoyed this tutorial as much as i did writeing it !! , and cya in another
tutorial !!!
FaT[BiT]_FaTsO GreetZ :
tKC ( you really Showed us the LIGHT !!! thanx alot )
LW2000 ( Thanx !!! i now use my brain !!)
Xasx (Hola !! the Best founder ever)
Sir_dReAm ( Nice CrackME !!! )
Bonez (Thanx for the support !! )
and to all TNT!CRACK!TEAM! members
cya FaT[BiT] \ TNT!