home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
E_bliss
/
eb_tut19.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
5KB
|
150 lines
Tutorial Number 19
Written by Etenal Bliss
Email: Eternal_Bliss@hotmail.com
Website: http://crackmes.cjb.net
http://surf.to/crackmes
Date written: 9th Apr 1999
Program Details:
Name: CrackMe 3
Author: MiZ
Language: Visual Basic
Tools Used:
SoftIce
Cracking Method:
Code sniffing
Viewing Method:
Use Notepad with Word Wrap switched on
Screen Area set to 800 X 600 pixels (Optional)
__________________________________________________________________________
About this protection system
Protection is based on a code which is calculated from the Name you enter.
There is anti-SmartCheck routine which will stop SmartCheck usage.
__________________________________________________________________________
The Essay
In this essay, when I write type "d edx" or similar commands in Softice,
I mean it without the quotes.
_________________________________________________________________________
Softice
Since there is anti-SmartCheck routine, we will try to use Softice only.
As this is a Visual Basic CrackMe, we will use the two common breakpoints
first.
Run the CrackMe, type in "Eternal Bliss" for the Name and "123456" for the
Code.
Set the two breakpoints as below:
1) bpx __vbastrcomp
2) bpx __vbavartsteq
Click on the "Check" picture.
You will break into Softice with __vbastrcomp. Disable the breakpoints now.
Before you go on, I'd have to say that I've listed out only some parts
for easy reference. There are a few conditional jumps around but
just follow the jumps.
What you need to do is to F10 your way around until the call at :7B2F35A6
Then trace into it.
**This is a very common place for visual basic programs. So, if you have cracked
enough VB programs, you will more or less recognise the codes.
Break due to BPX MSVBVM50!__vbaStrComp (ET=1.26 seconds)
MSVBVM50!__vbaStrComp
:7B2F3564 8BEC MOV EBP,ESP
:7B2F3566 53 PUSH EBX
:7B2F3567 56 PUSH ESI
:7B2F3568 57 PUSH EDI
: __________Snip___________
:
:7B2F359F 50 PUSH EAX
:7B2F35A0 FF750C PUSH DWORD PTR [EBP+0C]
:7B2F35A3 FF7510 PUSH DWORD PTR [EBP+10]
:7B2F35A6 E83FA40000 CALL 7B2FD9EA
**Go into this call using F8
==========================================================================
:7B2FD9EA 56 PUSH ESI
:7B2FD9EB 57 PUSH EDI
:7B2FD9EC 8B7C2410 MOV EDI,[ESP+10]
After this line, you will notice edi having a new value.
Type "d edi" and you will see something like this in your data window.
:00411B50 75 00 36 00 2D 00 33 00-31 00 7D 00 20 00 3C 00 u.6.-.3.1.}. .<.
:00411B60 2C 00 41 00 2C 00 35 00-30 00 00 00 29 00 00 A0 ,.A.,.5.0...)...
F10 one more line so that :7B2FD9F0 has been processed.
:7B2FD9F0 8B74240C MOV ESI,[ESP+0C]
You will see esi having a new value as well.
Type "d esi" and see what is in esi.
:00411AAC 31 00 32 00 33 00 34 00-35 00 36 00 00 00 20 00 1.2.3.4.5.6... .
Does 1.2.3.4.5.6 look familiar to you? Because this is visual basic, things
get "bigger" using w.i.d.e. .c.h.a.r.a.c.t.e.r format. So, in fact, esi
contains the code you entered. So, what do you think is in edi? 8)
Ok, I know the problem. So what if I can see the value in edi.
Where do the correct code stop?
Take the hex values of edi and see...
75 00 36 00 2D 00 33 00-31 00 7D 00 20 00 3C 00 u.6.-.3.1.}. .<.
^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^
2C 00 41 00 2C 00 35 00-30 00 00 00 29 00 00 A0 ,.A.,.5.0...)...
^^ ^^ ^^ ^^ ^^ ^^ ^^
Do you see all the 00s in between other values? And on the second line,
there is 3 sets of 00 together? That's where the correct code stops.
Now, we need to get the correct code from the hex values. You can just use
the ascii values in the data window. Remove the "." that is in between and
you will get u6-31} <,A,50
**There is a space between "}" and "<"
Now, re-enter "u6-31} <,A,50" as the code and click on the "Check" picture.
You will get the message "You made it! Now write up an essay and send it
to: ReFleXZ@fcmail.com"
That is what I am doing. 8P
CrackMe Cracked!!
__________________________________________________________________________
Final Notes
This tutorial is dedicated to all the newbies like me.
And because I'm a newbie myself, I may have explained certain things wrongly
So, if that is the case, please forgive me. Email me if there is anything
you are not clear about.
My thanks and gratitude goes to:-
The Sandman
All the writers of Cracks tutorials and CrackMes