home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
E_bliss
/
eb_tut2.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
6KB
|
190 lines
Tutorial Number 2
Written by Etenal Bliss
Email: Eternal_Bliss@hotmail.com
Date written: 1st Jan 1999
Program Details:
Name: Volatility's CrackersConvert v1.0
Type: Dec/Bin/Hex converter
Language: Visual Basic
Tools Used:
NuMega Softice
NuMega SmartCheck
Cracking Method:
Serial Fishing
Code Analysis for Key Generator
Viewing Method:
Use Notepad with Word Wrap switched on
Screen Area set to 800 X 600 pixels (Optional)
__________________________________________________________________________
About this protection system
You will be shown a nag everytime you run the program saying that it is
a Unregistered version. No disabled function. To register, you need to
enter UserName and Registration Code
__________________________________________________________________________
The Essay
As this is a tutorial for newbies, I'll go into details about how I go about
cracking the program. I suggest that you read this tutorial first.
When you have completed the tutorial, try to re-do everything.
Then, the knowledge will be in you. 8)
__________________________________________________________________________
Serial Fishing
First, reboot your computer and get softice started if you haven't done so.
Since this is a VB program, normal breakpoints will not work. Reading
somewhere about breakpoints for VB program, I decided to use
bpx __vbastrcomp (string compare)
**bpx means "Breakpoint on execution".
Run the program. Go to the registration screen. Type in all your particulars.
In my case, I entered Eternal Bliss and 2353535.
Get into Softice by pressing Ctrl D.
Now set the breakpoint as mentioned above. Press Ctrl D or F5 to return
to the program.
Click on the "Validate" button.
You will break in Softice at
xxxx:7B2F3563 55 PUSH EBP
**xxxx are numbers. Since yours will be different from mine, I left them
out.
F10 a few steps till you get to
xxxx:7B2F3574 8B4510 MOV EAX, [EBP+10]
**F10 - step over (skip over function Calls)
(same as [F8], but will not go into function Calls)
type d eax and "Enter"
look in the data window. See your code in wide character 2.3.5.3.5.3.5
**If you can't see anything, type WC to activate or deactivate your code
window.
F10 a few more steps till you get to
xxxx:7B2F3585 8B4D0C MOV ECX, [EBP-0C]
type d ecx and 'Enter"
look in the data window. See your code in wide character R.E.G.-.1.3.8.0.-.C.O.D.E
__________________________________________________________________________
Code Analysis
Now, it is time to understand how the Registration code is calculated...
Run SmartCheck. Load the CrackersConvert using it by using "File", "Open"
and choose cconvert.exe.
If this is your first time using SmartCheck, do the following:-
Under Program Settings:-
Error Detection: "tick" all boxes except "Report errors immediately".
Advanced: "tick" first 4 boxes.
Make sure "Suppress system API and OLE calls" is not "ticked".
Reporting: All boxes "ticked" except for "Report MouseMove events
from OCX controls"
Run cconvert.exe in SmartCheck by pressing F5. Run through the program
as normal and go straight to the register screen. Type in all your particulars.
In my case, I entered Eternal Bliss and 2353535. Then Click on "Validate"
button. You will get the "Sorry, Better Luck Next Time" message.
Exit cconvert.exe.
**Do this quick or else you will get a LOT of lines!!!
Ok. You will see a lot of lines in the left window. Look for cmdValidate_Click.
**This is the subroutine in VB that is called when you click on the
"Validate" button.
Click on cmdValidate_Click. Under "View" in SmartCheck, choose
"Show All Events" and "Show Arguments".
**Make sure you click on cmdValidate_Click first or you will be lost
in a sea of codes!!!
Click on the + sign next to cmdValidate_Click to expand the threads
under it. You can go through every single thread if you want.
But what we are looking for is my usename and my code I typed.
You will see these:
1) Asc(String:"Etern")
Asc returns Integer:69
2) __vbaVarMul(VARIANT:String:"69",VARIANT:Interger:20)
next few lines, you see "REG-" added to the "1380" and then "-CODE" added as well.
3) __vbaVARTstEq(VARIANT:String:"2353535",VARIANT:String:"REG-1380-CODE")...
Explanation:
1) Asc is a command in VB (and other programming languages) that will convert
an ascii to a number. "E" will be converted to "69"
2) __vbaVarMul is used to multiply two variables here. So, 69 * 20 = 1380 !!!!!
**You should understand how the registration code is generated now...
3) __vbaVARTstEq is used to compare the two strings. In this case, it is
our registration code and the real code.
__________________________________________________________________________
Part of a Key Generator
Here is the calculation routine used in my key generator:
Private Sub Command1_Click()
On Error Resume Next
Dim han, Decy
han = Text1.Text
If han = "" Then
MsgBox "You have to enter something!!", vbOKOnly + vbCritical, "Handle field cannot be left empty"
GoTo Nex
End If
Decy = Asc(han)
Decy = Decy * 20
Label1.Caption = "REG-" & Decy & "-CODE"
Nex:
End Sub
__________________________________________________________________________
Final Notes
This tutorial is dedicated to all the newbies like me. I've tried to
explain everything in details.
And because I'm a newbie myself, I may have explained certain things wrongly
So, if that is the case, please forgive me.
My thanks and gratitude goes to:-
The Sandman
All the writers of Cracks tutorials