home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
E_bliss
/
eb_tut27.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
3KB
|
110 lines
Tutorial Number 27
Written by Etenal Bliss
Email: Eternal_Bliss@hotmail.com
Website: http://crackmes.cjb.net
http://surf.to/crackmes
Date written: 18th Jul 1999
Program Details:
Name: VB5-CrackMe 1.0 by Blaster99 [DCD]
Tools Used:
SmartCheck
Cracking Method:
Serial Sniffing
Viewing Method:
Use Notepad with Word Wrap switched on
Screen Area set to 800 X 600 pixels (Optional)
__________________________________________________________________________
About this protection system
This program requires a Regcode to register. This code is hard-coded into
the program and you can see it when you open up the file with a hexeditor
at offset 11DC.
_________________________________________________________________________
About this tutorial
Since this is my 27th tutorial, I will presume that you have read the
previous ones. So, my description on how to use the tools will be reduced
unless there are new methods.
This is a very short tutorial to show what serial fishing is like and
how easy it can be in SmartCheck. Configuration of SmartCheck for new
crackers can be found on my website.
_________________________________________________________________________
SmartCheck
First, run SmartCheck and load the CrackMe. Press F5 to start running
the CrackMe using SmartCheck.
There is a nag box which I think is impossible to get rid of in VB. So,
lets forget about it for the time being.
Type in any Code you want and click on Registrieren. You will receive
a message about wrong serial. (I don't understand the language)
You can stop running the CrackMe now.
What you can see in SmartCheck is a line called Commang1_Click and there
is a + sign next to it. Click on the + sign to open up the threads.
There are just 3 lines:
Text1.Text
Text1.Text
MsgBox(VARIANT:String:"Error!..."...)...
Well, not much information there.
Click on the first Text1.text and then choose "Show All Events" in SmartCheck
under the "View" option.
Now you get a lot of info.
Immediately below the Text1.Text that I told you to click on, there is
a line that says
__vbaStrCmp(String:"2G83G35H...",String:"12345678...") returns...
If you had read my 2 essays on VB cracking before, you would know that
__vbaStrCmp is a very common breakpoint to use in Softice for VB cracking.
What this command does is to compare 2 strings.
So, if 12345678 is what I entered, what do you think 2G83G35H... is for?
Click on that line and look at the right hand window.
The whole string is 2G83G35Hs2 and that is the hard-coded code I have talked
about.
CrackMe Cracked!
__________________________________________________________________________
Additional
If you were to use Softice instead, just set the breakpoint on
__vbaStrCmp and trace into the calls. You will be able to see the Regcode
in ECX after a while. It will be in w.i.d.e. .c.h.a.r.a.c.t.e.r format.
__________________________________________________________________________
Final Notes
This tutorial is dedicated to all the newbies like me.
My thanks and gratitude goes to:-
All the writers of Cracks tutorials and CrackMes
and also to all the crackers that have been supporting my site and project forum.