Welcome to Cracking Tutorial #87! Hiya guys, Sorry for delays, again I was busy with coding and all shit... And now, I would like to present my tKC's Tutorial Viewer 2000 v1.1! It's a fast, better Viewer and Tutor Editor, and more features added! Also released tKC's Tutorial Viewer 2000 Lite, for those who have problems with their 3D cards. You can find them at http://www.crackersinaction.org... enjoy it! Here's a tut87.tKC... OK, let's rave! ...or crack babes? :) You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.05 W32Dasm v8.93 Hacker's View v6.50 SmartCheck v6.03 ProcDump32 v1.6.2 TRW2000 v1.22 IDA v4.04 Windows Commander v4.03 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good sites where you can grab tools from: http://protools.cjb.net http://w3.to/protools http://www.crackstore.com or ask any crackers to get you these tools! Are you ready?! OK! ;) How to get a serial in _PIRO_'s VB Crackme #2 and how keygen it! Target : _PIRO_'s VB Crackme #2 Protection : Name/Serial check Toolz : SmartCheck v6.*, Visual Basic What we will do ? : We will find a valid serial and keygen it! Ok, i will try to explain how to get a valid serial for this crackme and how to keygen it, first sorry for my very bad english i hope you understand me =) Lets go, run Smartcheck and open the crackme. Press the F5 key to run it and try to register you with your name (sure) and any serial. Name : TiMeLoRD Serial : 12344321 Click on the "Check" button and you must have a this messagebox: "AHH! You Fux0red Up" H‚h‚ pas de problŸme! Arf, no problem. Now comeback in Smartcheck and on the left window you should see a "+ _Click" double click on that. (Do u understand me ?) When now for me I see this : Len (String:"TiMeLoRD")returns LONG:8 <--- this is the number of letter in my sn (8) Mid$(String:"TiMeLoRD",long:1, VARIANT:Integer:1) Asc(String:"T") returns Integer:84 <--- ascii val of "T" = 84 Mid$(String:"TiMeLoRD",long:2, VARIANT:Integer:1) Asc(String:"i") returns Integer:105 <--- ascii val of "i" = 105 Mid$(String:"TiMeLoRD",long:3, VARIANT:Integer:1) Asc(String:"M") returns Integer:77 <--- ascii val of "M" = 77 Mid$(String:"TiMeLoRD",long:4, VARIANT:Integer:1) Asc(String:"e") returns Integer:101 <--- ascii val of "e" = 101 Mid$(String:"TiMeLoRD",long:5, VARIANT:Integer:1) Asc(String:"L") returns Integer:76 <--- ascii val of "L" = 76 Mid$(String:"TiMeLoRD",long:6, VARIANT:Integer:1) Asc(String:"o") returns Integer:111 <--- ascii val of "o" = 111 Mid$(String:"TiMeLoRD",long:7, VARIANT:Integer:1) Asc(String:"R") returns Integer:82 <--- ascii val of "R" = 82 Mid$(String:"TiMeLoRD",long:8, VARIANT:Integer:1) Asc(String:"D") returns Integer:68 <--- ascii val of "D" = 68 Left$(String:"4243128", long:31337) <--- Hmmmm remember this for later Right$(String:"4243128", long:0) Msgbox(VARIANT:String:"AHH! You Fux0red Up", Integer:16......... <--- bad cracker message That's what SmartCheck tell me for the name TiMeLoRD, if your name is not TiMeLoRD (Hey it's me) you must have different code in Smartcheck. Now, do you remember this line : Left$(String:"4243128", long:31337) Is the serial is "4243128" ? Run the crackme and try as name TiMeLoRD Serial: 4243128 click on check and.... fuck! Don't work. Hmmm is the serial is not "4243128" it must be "424312831337" Name : TiMeLoRD Serial : 424312831337 Now you have the serial, its pretty good, but the best is to code a keymaker. Don't worry it's very easy to do it. First of all is to get the serial for nothing, I mean for no letter, run Smartcheck, open the crack me and for name don't enter anything and click "Check" the last line in Smartcheck must be this : Left$(String:"4242424", long:31337) Right$(String:"4242424", long:0) We have it "4242424". Take a calculator (in windows you have one) and try this : Take the ascii value of any letter, for this exemple i will take the "D" letter, ascii for "D" is 68. Are u ok ? Well in the calculator made this : 4242424 + 68 = 4242492 The result is 4242492, add 31337 it must be 424249231337, the serial for the "D" letter is this! Do you have Vb ? Any version is good =) Creat two textbox and on the duble click on the first text box and enter this code in : -----------------------------------------VB CODE--------------------------------------------- 'This is my lame source code 'don't use it to made your release because you will be a lamerz =) ' For i = 1 To Len(Text1.Text) Ascii = Asc(Mid(Text1.Text, i, 1)) A = A + Ascii Next i A = A + 4242424 Serialnumber = LTrim(Str(A)) Serialnumber = Serialnumber & 31337 Text2.Text = Serialnumber ---------------------------------------END VB CODE------------------------------------------- Yeah you did it! Alors c'etais pas facile ? haha Happy cracking to all. If you want to contact me for anything: timelordfr@hotmail.com Greetz (not in specifical order) tKC for all ur great work, TibOo, Gaelle, M‚lanie, M‚lody, WiiTiGo (t un dieu), Smeita, Kspr, BuL-LeT yeah ur pretty cool, Satan_Is_Watching_u alors boulette h‚h‚, ACiD BuRN toi t'es pas cool sur caramail, Static REvenge, Xeuj, ShadowRUNNER hey man getup crackstore seems to be dead, R!SC thanks for all ur work, aTm, PC, CiA, CLASS, C4A, CrackingForNewbies, Paradigm, G- RoM, TERAPHY, ceux que j'oublie mais qui devrait etre la comme tout les amis sur IRC et ailleurs! Happy cracking for all! ! AND FuCK THE LAMERZ! ! How to find the protection of Mrphilex CrackMe v1.0 and done it! Target : MrPhilex CrackMe v1.0 Protection : You must find it and crack it =) Toolz : We don't know right now ;-) What we will do ? : We will find the protection of this crackme and done it. Where Can i get it: http://mrphilex.cjb.net Hmm, first, sorry for my bad english, i hope you understand me. Ok, lets go.... You must find the protection of this crackme and crack/patch it, but for find the protection we must run the crackme to take a look =). I run, I have a windows, you can see "Unregistered Version" and another one that tell me "Vous n'etes pas enregistrez!" For people who don't understand french, "Vous n'etes pas enregistrez!" means "You are not registered!" Ok but i don't see where i can enter a serial !? I think no serial for crack it. Well I will find by another way so run Smartcheck and load the crackme. You must see a "+ _Load" double click on, you must see this : Dir(VARIANT:String:"PathWhereTheCrackMeIs", FLAGS:00000000) Now click on it and you see on the right window this piece of code : ___ patchname (variant) | |- String .bstrVal = 00510AE4 | |_____ = "*:\PathWhereTheCrackMeIs\Panneau.dll | |_ Integer attributes = 0 0x0000 Hmm nice representation of the "Right" window in SmartCheck =) I think we have found the protection, the crackme check for the "Panneau.dll" file on his directory. Now exit SmartCheck and try to creat a file named "Panneau.dll" in the same directory as the crackme. Run the crackme and..... it work! Go0d j0b, now you can open the "Panneau.dll" file and enter anything to it like "Cracked by YourScreenName". It s done but remember, some prog use this type of protection but he check anything on the file. Creat a file with anything in will not work for some prog and you will must find the string to enter in. See u later.... A 1 2 c 4 For contact me email me at: timelordfr@hotmail.com Greetz (not in specifical order) tKC for all ur great work, TibOo, Gaelle, M‚lanie, M‚lody, WiiTiGo (t un dieu), Smeita, Kspr, BuL-LeT yeah ur pretty cool, Satan_Is_Watching_u alors boulette h‚h‚, ACiD BuRN toi t'es pas cool sur caramail, Static REvenge, Xeuj, ShadowRUNNER hey man getup crackstore seems to be dead, R!SC thanks for all ur work, aTm, PC, CiA, CLASS, C4A, CrackingForNewbies, Paradigm, G- RoM, TERAPHY, ceux que j'oublie mais qui devrait etre la comme tout les amis sur IRC et ailleurs! Happy cracking for all! ! AND FuCK THE LAMERZ! ! How to get a valid serial and made a keygen for Magic Raph 2EZ Crackme #1! Target : Magic Raph 2EZ Crackme #1 Protection : Name/Serial Toolz : SmartCheck - Visual Basic - a brain - cigarette - coke cola =) What we will do ? : We will *fish* a valid serial and write a keygen. Hmm, first, sorry for my bad english, i hope you understand me. Ok, lets go.... Run SmartCheck and load the crackme, press F5 to run it. Well now enter any registration information, me i've enter this : Name : TiMeLoRD Serial : 007007007 Click on the "Check!" button and it tell you: "Sorry but your serial is incorrect. You aren't yet registered to this SexyCrackme..." Hmmm sexy =) Now comeback in Smartcheck and on the left window you should see a "+ _Click" double click on that. For my name i see this piece of code : ------------------------------------SmartCheck Piece Of Code--------------------------------- Len(String:"TiMeLoRD")returns LONG:8 Len(String:"TiMeLoRD")returns LONG:8 Mid$(String:"TiMeLoRD",long:1, VARIANT:Integer:1) Asc(String:"T")returns Integer:84 <--- ascii value of "T" is 84 Left$(String:"1036987",long:7) Mid$(String:"TiMeLoRD",long:2, VARIANT:Integer:1) Asc(String:"i")returns Integer:105 <--- ascii value of "i" is 105 Left$(String:"1296238",long:7) Mid$(String:"TiMeLoRD",long:3, VARIANT:Integer:1) Asc(String:"M")returns Integer:77 <--- ascii value of "M" is 77 Left$(String:"950570",long:7) Mid$(String:"TiMeLoRD",long:4, VARIANT:Integer:1) Asc(String:"e")returns Integer:101 <--- ascii value of "e" is 101 Left$(String:"1246834",long:7) Mid$(String:"TiMeLoRD",long:5, VARIANT:Integer:1) Asc(String:"L")returns Integer:76 <--- ascii value of "L" is 76 Left$(String:"938211",long:7) Mid$(String:"TiMeLoRD",long:6, VARIANT:Integer:1) Asc(String:"o")returns Integer:111 <--- ascii value of "o" is 111 Left$(String:"1370296",long:7) Mid$(String:"TiMeLoRD",long:7, VARIANT:Integer:1) Asc(String:"R")returns Integer:82 <--- ascii value of "R" is 82 Left$(String:"1012301",long:7) Mid$(String:"TiMeLoRD",long:8, VARIANT:Integer:1) Asc(String:"D")returns Integer:68 <--- ascii value of "D" is 68 Left$(String:"839467",long:7) Msgbox(VARIANT:ByRef String:"Sorry bu...",Integer:16...... ------------------------------------SmartCheck Piece Of Code--------------------------------- Look the line before the msgbox it's 'Left$(String:"839467",long:7)' Is 839467 the serial for TiMeLoRD ? Well i will try, Name: TiMeLoRD Serial: 839467, it work! Good j0b but now we must code a keygen but before do this you must have the serial calculation method. Click on the 'Left$(String:"839467",long:7)' line and on "View/Show all event" now you must be in this piece of code : ------------------------------------SmartCheck Piece Of Code--------------------------------- __vbaVarMul(VARIANT:Integer:68,VARIANT:Integer:12345) returns... __vbaVarXor(VARIANT:Long:839460,VARIANT:Integer:15) returns... __vbaVarMove(VARIANT:Integer:839467,VARIANT:Integer:68) returns... __vbaStrVarVal(VARIANT:Integer:839467)returns... Left$(String:"839467",long:7" __vbaVarMul = Made a * of a value in this code it's: 68*12345 __vbaVarXor = Xor a value in this code it's: 839460/15 The serial is made by an operation with the last letter of your name, for TiMeLoRD the last letter is "D" and "D" is "68" in ascii. The ascii of the last caracter of your name is * by 12345 and the result is Xor by 15 and you have a valid key =) This is my keygen source code: -------------------------------------VB KeyGen Source Code----------------------------------- X = Asc(Right(Text1.Text, 1)) X = X * 12345 X = X Xor 15 yeah = LTrim(Str(X)) Text2.Text = yeah -------------------------------------VB KeyGen Source Code----------------------------------- Cya all! A 1 2 c 4! For contact me email me at: timelordfr@hotmail.com Greetz (not in specifical order) tKC for all ur great work, TibOo, Gaelle, M‚lanie, M‚lody, WiiTiGo (t un dieu), Smeita, Kspr, BuL-LeT yeah ur pretty cool, Satan_Is_Watching_u alors boulette h‚h‚, ACiD BuRN toi t'es pas cool sur caramail, Static REvenge, Xeuj, ShadowRUNNER hey man getup crackstore seems to be dead, R!SC thanks for all ur work, aTm, PC, CiA, CLASS, C4A, CrackingForNewbies, Paradigm, G- RoM, TERAPHY, ceux que j'oublie mais qui devrait etre la comme tout les amis sur IRC et ailleurs! Happy cracking for all! ! AND FuCK THE LAMERZ! ! Find the protection in MrPhilex CrackMe v2.0 and patch/crack it! Target : MrPhilex CrackMe v2.0 Protection : We don't know for the moment =) Toolz : We don't know for the moment (I know because i've cracked it but you must find the protection and use the all cracking toolz for do it) What we will do ? : Find the protection and patch/crack it! Where i can d/l it: http://mrphilex.cjb.net Hmm, first, sorry for my bad english, i hope you understand me. Ok, lets go.... This crackme v2.0 look's like the v1.0 from MrPhilex but the protection is different.... When I run it I see two different window, one is in the middle of my screen and say "Unregistered Version" and the second is up and say "Vous n'etes pas enregistrez!" for people who don't understand french this word mean "Your are not registered!". No textbox for enter a serial, hmm the protection look like the MrPhilex CrackMe v1.0 (check only for a file on the current directory). Because it's a vb crackme, run SmartCheck and load the crackme in. Press F5 to launch it and.... what's this fucking message ? SmartCheck give me a messagebox for terminate the process!?! Hit the no button... the message come back again and again etc.... I think this crackme have an Anti-Smartcheck verification. No prob, we will fix it. Made two copy of Crackme.exe, name the first "Cckmecrk.exe" and the second "backcrackme.exe" Run WDASM v8.93 and disassemble the original file, click on the string data references you should see this : ------------------------WHAT YOU MUST FOUND iN THE STRiNG DATA REFERENCES-------------------- <---- is my comment =) My comment are only on the interresting line not to all. "HandPoint.ico" <--- The icon file coming with the crackme "Ah ben voila vous y " <--- Message box tell to us that the crack is ok "An I/O operation initiated by " "AutoRedraw" "by use of a log or alternate copy. " "Cannot create a stable subkey " "Cannot create a symboloc link " "copy or log was absent or corrupt." "dbgviewClass" "DrawMode" "DrawWidth" "Error" "FileMonClass" <--- FileMonClass check for the FileMonitor Window! Pretty cool, maybe the crackme check a file anywhere on ur hd ? "Good" "HandleEx" "has subkeys or values." "Illegal operation attempted on " "is corrupt, or the file could " "Line" "mailto:MrPhilex@post.com" <--- email of the programmer =) "NMSCMW50" <--- It's the CLASS of SmartCheck, the crackme check for this and close SmartCheck, ahhh ok ok.. "Not registered" <--- That's in the middle screen window "One of the files in the Registery " "Open" "OpenList" "Registery data is corrupt, or the " "RegMonClass" <--- The CLASS of RegisteryMonitor =), i think if we have loaded the crackme in Registery Monitor we will have the same prob as SmartCheck! Anti-SmartCheck and Registery Monitor! "requested operation." "ScaleHeight" "ScaleMode" "ScaleWith" "specified file is not in a Registery " "StdFileEditing" "System could not allocate the " "that contain the system's image " "The configuration registery database " "The configuration resistery key " "The Registery could not read in, " "The Registery is corrupt. The structure " "The system has attempted to load " "The transaction state of a Registery " "VB.Form\Protocol" <--- It's an key in the registery, maybe the crackme check for it ? "You have not provided a registery " "Yoy have not provided a sub key." -----------------------WHAT YOU MUST FOUND iN THE STRiNG DATA REFERENCES--------------------- Whaouou, putain c'etais chiant, h‚h‚. Now we know how the crackme work and his protection. Anti-Smartcheck, Anti-Registery monitor and Anti-File monitor. As you can see we have many prob, but why the programmer have made this protection ? I think I made it because why must use this toolz to crack it and he don't want =)! If we want to crack this crackme we MUST use one or all of this toolz SmartCheck/Registery monitor/File monitor. Take a piece of paper and write on it this : RegMonClass, FileMonClass and NMSCMW50. Edit with an hex editor (I use HEdit) and search this string "RegMonClass" (ctrl+f in HEdit), fuckk nothing :p, why ? We have found nothing because this crackme is in 32bits not 16, for the 16bits you will found it, look : Text : RegMonClass Hex 16bits : 52 65 67 4D 6F 6E 43 6C 61 73 73 Hex 32bits : 00 52 00 65 00 67 00 4D 00 6F 00 6E 00 43 00 6C 00 61 00 73 00 73 00 So search for this string in HEXADECIMAL: "00 52 00 65 00 67 00 4D 00 6F 00 6E 00 43 00 6C 00 61 00 73 00 73 00" Yes! Found! Now change the caption of RegMonClass to XegMonClass, look : "00 52 00 65 00 67 00 4D 00 6F 00 6E 00 43 00 6C 00 61 00 73 00 73 00" change to: "00 58 00 65 00 67 00 4D 00 6F 00 6E 00 43 00 6C 00 61 00 73 00 73 00" Now the crackme will check the XegMonClass window and no the RegMonClass window you say what ? XregMonClass window don't exist and you will use now Registery Monitor, so the Anti- Registery monitor protection is by passed. Take a look now for "FileMonClass" in 32bits, insert 00 in each number if you don't understand search this string in Hexadecimal : "00 46 00 69 00 6C 00 65 00 4D 00 6F 00 6E 00 43 00 6C 00 61 00 73 00 73 00" and change it to : "00 58 00 69 00 6C 00 65 00 4D 00 6F 00 6E 00 43 00 6C 00 61 00 73 00 73 00" So like RegMonClass the Anti-File monitor protection is by passed, for the same reason. The last protection we will remove is the Anti-SmartCheck, search in 32bits for this "NMSCMW50" and change it to "XMSCMW50" look : "00 4E 00 4D 00 53 00 43 00 4D 00 57 00 35 00 30 00" and change it to: "00 58 00 4D 00 53 00 43 00 4D 00 57 00 35 00 30 00" Save the change on the exe file and exit your hex editor. It's time to think where the crackme check if we are registered ? For me it must be check the registery, so run Registery Monitor and run the crackme, wait a few second and close it, go back in SmartCheck and you must see this piece of code: --------------------------------PiECE OF REGiSTERY MONiTOR CODE------------------------------ Crackme OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion SUCCESS hKey: 0xC18EA490 Crackme QueryValueExHKLM\Software\Microsoft\Windows\CurrentVersion\SubVersionNumber SUCCESS Crackme CloseKey HKLM\Software\Microsoft\Windows\CurrentVersion SUCCESS Crackme QueryValueEx 0xC18A9650\C:\WINDOWS\SYSTEM\VB6FR NOTFOUND Crackme OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion SUCCESS Crackme QueryValueEx HKLM\Software\Microsoft\Windows\CurrentVersion\SubVersionNumber SUCCESS Crackme CloseKeyHKLM\Software\Microsoft\Windows\CurrentVersion SUCCESS Crackme OpenKey HKCR\ClsID SUCCESS hKey: 0xC18AB010 Crackme OpenKey HKCR\AppID SUCCESS hKey: 0xC29BAB20 Crackme OpenKey HKLM\SOFTWARE\Microsoft\OLESUCCESS hKey: 0xC29BA910 Crackme QueryValueEx HKLM\SOFTWARE\Microsoft\OLE\EnableDCOM SUCCESS "Y" Crackme QueryValueEx HKLM\SOFTWARE\Microsoft\OLE\EnableRemoteLaunch NOTFOUND Crackme QueryValueEx HKLM\SOFTWARE\Microsoft\OLE\EnableRemoteConnect SUCCESS "N" Crackme OpenKey HKLM\SOFTWARE\Microsoft\VBA\Monitors NOTFOUND Crackme OpenKey HKLM\SOFTWARE\Microsoft\VBA\Monitors NOTFOUND Crackme OpenKey HKCR\VB.Form\protocol SUCCESS hKey: 0xC18EA490 Crackme QueryValueEx HKCR\VB.Form\protocol\StdFileEditing NOTFOUND Crackme QueryValueEx HKCR\VB.Form\protocol\StdFileEditing NOTFOUND Crackme OpenKey HKLM\Software\Microsoft\Windows SUCCESS hKey: 0xC29AB870 Crackme OpenKey HKLM\Software\Microsoft\Windows\HTML Help SUCCESS hKey: 0xC18EA4C0 Crackme QueryValueEx HKLM\Software\Microsoft\Windows\HTML Help\.HLP SUCCESS Crackme CloseKey HKLM\Software\Microsoft\Windows\HTML Help SUCCESS Crackme CloseKey HKLM\Software\Microsoft\Windows SUCCESS --------------------------------PiECE OF REGiSTERY MONiTOR CODE------------------------------ My attention was attired by this one : QueryValueEx HKLM\SOFTWARE\Microsoft\OLE\EnableRemoteLaunch NOTFOUND OpenKey HKLM\SOFTWARE\Microsoft\VBA\Monitors NOTFOUND OpenKey HKLM\SOFTWARE\Microsoft\VBA\Monitors NOTFOUND QueryValueEx HKCR\VB.Form\protocol\StdFileEditing NOTFOUND QueryValueEx HKCR\VB.Form\protocol\StdFileEditing NOTFOUND ** HKLM = HKEY_LOCAL_MACHiNE HKCR = HKEY_CLASSES_ROOT ** Why not found ? Hmmm this fuck*ng crackme check for this reg key but they don't exist and as long as they don't exist we will never be registered! I will try to create this reg key. Run regedit do it. Start the CrackMe and... Ok it's registered! Whaouou nice j0b the congratulation message is : "Ah ben voilê vous y ‚tes arriver h‚h‚! Envoyer moi un mail svp ê: MrPhilex@post.com pour me dire comment vous avez fait." In english it mean "Oh nice, you have did it h‚h! Please send me a mail: MrPhilex@post.com to tell me how you did it." I've write a mail in french sure and he tell me i'm the first to crack it =) pretty good, but i don't think i'm the first...... Cya all and happy crack! A 1 2 c 4! For contact me email me at: timelordfr@hotmail.com Another one done by TiMeLoRD ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greetz (not in specifical order) tKC for all ur great work, TibOo, Gaelle, M‚lanie, M‚lody, WiiTiGo (t un dieu), Smeita, Kspr, BuL-LeT yeah ur pretty cool, Satan_Is_Watching_u alors boulette h‚h‚, ACiD BuRN toi t'es pas cool sur caramail, Static REvenge, Xeuj, ShadowRUNNER hey man getup crackstore seems to be dead, MrPhilex, eGIS, Hambo, SiraX, R!SC thanks for all ur work, aTm, PC, CiA, CLASS, C4A, CrackingForNewbies, Paradigm, G-RoM, TERAPHY, ceux que j'oublie mais qui devrait etre la comme tout les amis sur IRC et ailleurs, tous les crackers au monde, un grand WESH a toutes les cit‚ francaise ou etrangŸre, and! Happy cracking for all! ! FuCK THE LAMERZ! ! FuCK RACiST! ! FuCK THE PEDOPHiLE! ! How to find a valid serial/unlock key in Frogger's VB CrackMe 2! [ [s [sc sc]orp[ [sc] p[sc]or c]orp]s [sc]o [sc]orp ]orp p[sc]or orp[ orp[ p[sc]orp rp[s rp[s p[sc]orp[ [sc]orp[sc]o p[sc p[sc p[sc]orp[sc]or sc]orp[sc]or [sc] rp[sc rp[sc]orp[sc] p[sc]orp[s [sc] p[sc]orp[sc]orp c]orp sc]o p[sc]o [sc]orp[sc]or sc]orp[sc]o orp[sc] p[sc]orp[ ]orp[ p[sc]or ]orp c]o rp[ ]or ]orp rp[sc]o p[sc]orp orp[s [sc]orp rp[s orp[sc]orp[sc rp[sc]orp[s p[sc]or rp[sc [sc] p[sc]orp[sc [sc]orp[sc p[sc]o p[sc] [sc] c]or sc] [sc] c]or p[sc] [sc]orp[sc]o c]orp[sc]orp[ [sc ]orp orp[ p[sc sc]orp[sc]or orp[sc]orp[sc c]o p[sc p[sc p[s p[ p Target : Frogger's VB CrackMe 2 Protection : Name/Serial/Unlock-key Toolz : SmartCheck v6.* / A piece of paper / coca-cola / cigarette =) What we will do ? : We will find the good serial for your name and the Unlock-Key Hmm, first, sorry for my bad english, i hope you understand me. Ok, lets go.... Run the crackme and try to enter any registration information and hit the "Check" button. Nothing, no message box or anything else... hmm no prob, close the crackme and run SmartCheck, load the crackme in and press F5 to run it. Me, i've entered this registration info : Name : TiMeLoRD /Shmeit Corp Serial : 1234 Unlock key : nothing Heuu for the unlock key, nothing mean I've enter nothing not the word nothing, I'm not sure you understand me here =) Well, now click on Check and...... nothing. Comeback in Smartcheck click on the END button to terminate the process and on the left window you should see a "+ _Click" double click on it, you should see this on the five last line: ---------------------------------------SmartCheck Code--------------------------------------- Mid(VARIANT:ByRef String:"64C687D...", long:52, VARIANT:Integer:5 LCase(VARIANT:String:"39367") Len(String:"TiMeLoRD...")returns LONG:21 UCase(VARIANT:String:"xgty") Len(String:"64C687DF...")returns LONG:105 Mid(VARIANT:ByRef String:"",long:35, VARIANT:Integer:5) UCase(VARIANT:String:"orn") ---------------------------------------SmartCheck Code--------------------------------------- Click one time on the last line: UCase(VARIANT:String:"orn") and click IN SmartCheck on view/show all event, you will be here: ---------------------------------------SmartCheck Code--------------------------------------- UCase(VARIANT:String:"orn") <--- you will be here __vbaVarAdd(VARIANT:String:"XGTY",VARIANT:String:"") <--- hmm is this the unlock key? __vbaVarAdd(VARIANT:String:"XGTY-",VARIANT:String:"") <--- Add "-" to XGTY __vbaVarAdd(VARIANT:String:"XGTY-451...",VARIANT:String:"") __vbaVarAdd(VARIANT:String:"XGTY-451...",VARIANT:String:"") __vbaStrVarMove(VARIANT:String:"XGTY-451...",VARIANT:String:"") <--- I think it's the Unlock Key __vbaStrMove(String:"XGTY-451...",LPBSTR:0063F4E0) <--- I think it's the Unlock Key __vbaStrCopy(String:"XGTY-451...",LPBSTR:005104B8) <--- I think it's the Unlock Key __vbaFreeStrList()returns DWORD:30 SysFreeString(Bstr:00410954) SysFreeString(BSTR:00410930) SysFreeString(BSTR:004108B8) SysFreeString(BSTR:0041099C) SysFreeString(BSTR:004108CC) SysFreeString(BSTR:00410890) SysFreeString(BSTR:00410DB4) SysFreeString(BSTR:004108A4) __vbaStrCmp(String:"CrKME-64...",String:"1234") returns...... <--- Pretty cool, the crack me compare "CrKME- 64..." with "1234" and if you remember "1234" is the serial i've enter =)! ---------------------------------------SmartCheck Code--------------------------------------- Click on this line '__vbaStrCopy(String:"XGTY-451...",LPBSTR:005104B8)' and on the right window in SmartCheck you should see this : ___ unsigned short * pSource = 00410A2C | |__ = "XGTY-45194-ORN" | |_ unsigned short * * pDest = 005104B8 |__ unsigned short * = NULL It's now the time to use our piece of paper, write on XGTY-45194-ORN because i'm sure it must be the Unlock Key. Now click on this line : '__vbaStrCmp(String:"CrKME-64...",String:"1234") returns......' and again in the right SmartCheck window you should see this : ___ unsigned short - string1 = 00410F34 | |__ = "CrKME-64c687df825c60a-ae88c44865e0-39367u" | |_ unsigned short * string2 = 004109C0 |__ = "1234" Well, the crackme compare the fake serial i've entered "1234" with the real =). Now close SmartCheck and run the CrackMe again, and enter this : Name : TiMeLoRD /Shmeit Corp Serial : CrKME-64c687df825c60a-ae88c44865e0-39367u Unlock-Key: XGTY-45194-ORN Hit the check button and a messagebox come: "Congrats cracker!" We done it! Good j0b Cya all and happy crack! A 1 2 c 4! For contact me email me at: timelordfr@hotmail.com Another one done by TiMeLoRD ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greetz (not in specifical order) tKC for all ur great work, Gaelle, M‚lanie, M‚lody, WiiTiGo (t un dieu), Smeita, Kspr, BuL-LeT yeah ur pretty cool, Satan_Is_Watching_u alors boulette h‚h‚, ACiD BuRN toi t'es pas cool sur caramail, Static REvenge, Xeuj, ShadowRUNNER hey man getup crackstore seems to be dead, MrPhilex, eGIS, Hambo, SiraX, R!SC thanks for all ur work, aTm, PC, CiA, CLASS, C4A, CrackingForNewbies, Paradigm, G-RoM, TERAPHY, ceux que j'oublie mais qui devrait etre la comme tout les amis sur IRC et ailleurs, tous les crackers au monde, un grand WESH a toutes les cit‚ francaise ou etrangŸre, and... Happy cracking for all! ! FuCK THE LAMERZ! ! FuCK RACiST! ! FuCK THE PEDOPHiLE! I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #88 soon! ;) Credits goto: PeeWee for Splash Logo. TiMeLoRD for providing 5 tuts in this version. To ALL the crackers: You are welcome to send me your tutors to publish them .. see below for my email address! *** 95 chars per line in textfile please! *** And all the tutors can be found at: http://www.crackersinaction.org (or on IRC, ask CiA ops for urls!) Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action 2000 Compiled with Delphi 5 on 11 June 2000 Cracking Tutorial #87 is dedicated to Sonia...