December 1998 |
"AutoFTP Pro v1.5b" (The 3 minutes crack) |
Win '95/'98 PROGRAM Win Code Reversing
|
|
by Punisher |
|
|
Cracking 4 Newbies |
|
Program Details Program Name: 32psfp.zip Program Type: File Transfer Program Program Location: http://www.softseek.com/ Program Size: 1.49 MB |
||
Tools Used: Soft-Ice -- Debugger |
||
Rating |
Easy ( X ) Medium ( ) Hard ( ) Pro ( ) |
There is a crack, a crack in everything. That's how the light gets in. |
Primasoft's AutoFTP Pro v1.5b
( The thre minute crack )
Written by Punisher
Introduction |
" PrimaSoft AutoFTP is a yet another FTP client software. Its primary usage is transferring files between local and remote computers. Sending files from a local to a remote computer (usually located on the Internet) is commonly called uploading. Sending files from a remote to a local computer is commonly called downloading. PrimaSoft AutoFTP can both upload and download files. It can be used only on Windows 95 although it might work on Windows NT 4.0.
Before you start using AutoFTP you should have a working Dial-Up Internet connection (see Windows 95 help or Microsoft home page for more information). "
About this protection system |
This program uses your entered name to calculate you registration key. Registration is via the help Enter Decode Key menu item. You must enter:-
Name :
Registration Key :
THE ESSAY |
Install AutoFTP Pro and run it. Go to the Registration dialogbox. You will see two edit boxes, namely NAme and Registration key. Enter you name and a fake Regkey.
Go into Soft-Ice by pressing ctrl-d. Set a breakpoint on HMEMCPY. I am using hmemcpy here because the others don't work. eg:-
>>> bpx hmemcpy
Leave Soft-Ice by pressing ctrl-d.
You are in the Registration dialogbox again. Click the OK button and soft-ice breaks in Kernel at hmemcpy.
Type X and press the [ENTER] key. Soft-Ice will break again at hmemcpy.
Press F11 to get back to the caller. Now press F12 six times to get to Auto FTP code.
Do a search for your fake regkey. eg:-
>>> s 0 lffffffff '45454545'
When Soft-ICe finds it set a break point on that memory range so that when ever the program reads or writes to that memory range soft-ice will break. eg:
>>> bpr 013F:00C7247C 013F:00C7247C+8 rw
You must set the break point on the range that soft-ice found when you do your search. The plus 8 is the amount of characters I used in my fake regkey. You will have to put the number of characters you used in yours. The rw is for read or write.
So now we have the break point set we will let the program run. Do this by typing x and pressing the [ENTER] key.
Soft-Ice will break in this piece of code.
0137:00404009 MOV ECX, [ESI] ; the real regkey is in esi
0137:0040400B MOV EBX, [EDI] ; the fake regkey is in edi
0137:0040400D CMP ECX, EBX ; the two keys are compared
0137:0040400F JNZ 00404069 ; If the regkey is fake then bad cracker jump
Soft-Ice will break at MOV EBX, [EDI]. To get the real regkey dump the ESI and you will see the real regkey. eg:-
>>> D ESI
Write down the real regkey. Now clear all breakpoints. eg:-
>>> BC *
Type x and let the program run. A messagebox will pop up telling you that your was wrong. Click the OK button to get rid of this messagebox.
Now Enter the real regkey and click OK and the program is registered.
I will like to say thanks to +Fravia, Sandman, CrackZ, Cruehead, Iczelion and all the others out there who help by providing the knowledge to make this possible.