home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
E_bliss
/
fw-cm4.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
6KB
|
139 lines
FireWorx Crackme #4 Tuturial
░
░ ░ ░ ▄▓
▄▄ ░░ ▄▄▄▄■ ░░▀ ■▄▄▄ ▄▄ ▐█▓▌
▄▀▀ ▀■ ▀ ░░ ▀ ■▀ ▀▀▄ ██▌
■ ▄▄▀▀ ▄▄██▀██▄▄ ▄▄▄███▄▄ ▀▄▄ ■ ▄▄▄███▄▄▐██ ▄▄████▄▄
▀▄▄ ▄▀▀ ▄███▀ ▀██▓▄ ▄████▀ ▀██▓▄ ▀▄ ▄▄▀ ▄████▀ ▀██▓██ ▄████▀ ▀██▓▄
▀▀ ▄ ▐███▌ ░ ▐██▓▌ ▐████▌ ░ ▐██▓▌ ▄ ▀▀ ▐████▌ ░ ▐████▌ ▐████▌ ▐██▓▌
■██▄▄▓▌ ████ ░▒░ ████ █████▄▄▄ ▀▀▀▀ ▐█▄▄█▓ █████ ░ █████ █████▄▄▀▀▀▀▀▀▀
▐████ ░░ ▓██▌ ░▒▓▒░ ▐███ ▄▄▄▄▄ ▀▀▀████▄ ████▌ ▓███▌ ▐████ ▓███▌ ░░░░░░
░ ███▌ ░ ▐▓███ ░▒▓▒░ ▓███▌▓███▌ ░░░ ▐████ ▐▓██ ▓███▌ ▄▀▀ ▐████ ▓███▌ ░░░░░░░
▓██▌ ▐▓███ ░▒░ ▓███▌▐▓███ ░ ▓███▌ ▐▓██ ▐▓███ ▓███▌ ▐▓███
▐▓███ ▐▓▓██▌ ░ ▐▓███▌ ▓▓██▌ ▐▓███ ▓███▌ ▓▓██▌ ░ ▐▓███ ▓▓██▌
▓▓▓██▌ ■▓▓▓▓██ ░ ▓█████■ ▀▓▓█▄ ▄▓██▀ ▐▓████ ▄ ▀▓██▄ ▄▓██▀ ▀▓██▄
▀▓███▄ ▀▀▀██▄ ▄▓█▀▀▀ ▀▀█▀▀ ▄▓▓▓▀▀ ▀▀█▀▀ ▀▀▀▀ js
▀▀▀▀▀▄▄ ░ iNSiDE ▄▄▀▀▀▀▀
░ ▀▄ ░ ░░ ▄▀
░░ ░ ░░
Tutor : duelist
Data Wrote : April 6, 1999
Who : Intermediate
Target : CrackMe #4 by FireWorx
Size : 338kb (!)
Tools Used : SoftIce
Method : Key Generator
-=* Welcome *=-
Well hi there. Although i've been cracking 'crackmes' for long time, i'd
never written a tuturial for one of those, and this will be my second one
due to a request from Eternal Bliss :)
-=* Protection *=-
Well after cracking FireWorx crackme #3 i was something better this time, and
i can really say i'm happy with this one because it will help you understand
the basics of keygenning (i hope!)
-=* Our Aproach *=-
Let's do it using softice since it's the best tool out there and almost everybody
should have it :)
1) Fire up the crackme exe, click register, enter any name and password you want!
2) Switch to softice (Control + D) and "bpx hmemcpy" (without the quotes... i use
hmemcpy because delphi apps don't usually call GetWindowTextA and so)
3) Before continuing, one tip: we'll be looking for a MOVSX instruction because
it's used in almost every serial protection app (remember this!)
4) Click 'Ok' and blamm! You're into softice. Press F5 to let the program read the
other text box and you should be back in softice in about 1 sec :)
5) Press F12 exactly 12 times to get back to the program code, you will arrive here:
.00047AEB: E868BDFDFF call .000023858
--> .00047AF0: 8B45F4 mov eax,[ebp-0C] ;we land here!
.00047AF3: E83CBFFBFF call .000003A34
.00047AF8: 85C0 test eax,eax
.00047AFA: 7E4B jle .000047B47
.00047AFC: 8D55F4 lea edx,[ebp-0C]
.00047AFF: 8B83D4020000 mov eax,[ebx+02D4]
.00047B05: E84EBDFDFF call .000023858
.00047B0A: 8B45F4 mov eax,[ebp-0C]
.00047B0D: E822BFFBFF call .000003A34 ;adds a null value to the beggining
.00047B12: 8BF8 mov edi,eax ;of our name
/-- .00047B14: 85FF test edi,edi
| .00047B16: 7C2F jl .000047B47 ;name is complete, serial done :)
| .00047B2E: 8B45F4 mov eax,[ebp-0C]
| .00047B31: 8B55F8 mov edx,[ebp-08]
| .00047B34: 0FB64410FF movzx eax,[eax+edx-01] ;gets actual char from name (!)
| .00047B39: 03F0 add esi,eax ;adds its ascii value to serial (esi)
| .00047B3B: 03B314030000 add esi,[ebx+314] ;and adds 11111 to the current serial (esi)
| .00047B41: FF45F8 inc d,[ebp-08]
| .00047B44: 4F dec edi ;decrease number of chars left
\-- .00047B45: 75D9 jne .000047B20 ;next letter if not end of name
5) Note that since the prog adds a null value to the beginning of the name, the first
loop will only add 11111 to the serial (esi) since eax (actual letter, null) is 0!
6) Now go write a key generator for it! (or check the pascal source below heh :)
-=* Key Generator *=-
-------------- fw-cm4.pas -------------------- cut here ------------------
var name: string; i: integer; esi, eax: longint;
procedure drawlogo;
begin
writeln('');
writeln('FireWorx''s Crackme #4');
writeln('KeyGenerator written April 6 99 by Duelist [iSD]');
writeln;
writeln;
end;
procedure doquit;
begin
writeln;
halt(1);
end;
begin
drawlogo;
write(' Enter your name: ');
readln(name);
if length(name) = 0 then
begin
writeln(' No name entered... Aborting!');
doquit;
end;
esi:=11111; {since the first value is null, we do the calc here }
for i:=1 to length(name) do
begin
eax:=ord(name[i]); { calculate ascii value of letter and store in eax }
esi:=esi + eax; { add eax to the serial }
esi:=esi + 11111; { add 11111 to the serial }
end;
writeln(' Serial number: ', esi);
doquit;
end.
-------------- fw-cm4.pas -------------------- cut here ------------------
-=* Final Notes *=-
Well hope you liked this tuturial dedicated to keygenning and you learn the basic tricks
of it...