Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / E_bliss / oche.txt < prev next >

Wrap

Text File | 2000-05-25 | 4KB | 77 lines

CrackMe tutorial for CrackMe 1 by ocHe sAtRiAnI ▀ ▓ ▄▄███▄▄ █ ▄█▀▀▀▀▀▀▀█▄ ▓ ▄████████▄ ▀█▄ ▒ ▐█▄▀▄▄▄▄▄▀▀██ ██ ▒░ ████▐████▌█▌▀█ █▌ ▒░▒ ████▌████▐██▌▀█ █ ▄ ░▓░ ▄██▄▄ █▀█▀█▐▀▀▄▀█▀█ ███ ▀ ░ ░ █░░░▓███▄ █▄▄▄▀▄█▄▀▄▄▄▄▀▌██ ▀ ░▄█░░░▒▒▓██████▄ ▐██▀▄▀▀▄█▄▄▄▄██▐▌ ▄ ▄ ▀█░░░▓███████████▄▄▄ █▌█▌▀▀▀██████▌█ ▄ █▀▀ ▀ ▀ █▄▄ ▄▄ ▀███▀▀▀▀▀▀▀▀▀▀▀████▄▄▄▀▀▀▀▄▀███▌█ ▄▄▄██▀ ▄▄██▀ ▄ ▀ ▀▀█ ▄ ▄▄▄ ▀ ▄ ▄ ▀ ▄▄█▌ ▀ ▄▄ ▀▀▀█▀██ ▄▀▄█▀█ ████▌ ▐███▌ ▐██▄ ▀ ▄ ▄▄██▌▄███▀ █▄ ▐█▀▀█▀ ▄ ▄ ▀▀▀ ▄ ▀██████▄▀ ▐████▄█▀████ ███▌▀▄▄█▄ █▄█▀▀██ ███▌ ▀ ██▄ ▄ ▐███▄ ▄███▄ ▀████▀ ▀ ████▌ ▐███▌ ▐███▌ ▐█▌ ▐███ ▐▌ ▐███ ▄ ▐█▌ ▐██ ███ █▌▐███ █ ▀ ▄█ ▐████ ████ ████ ▄██ ███▌▀ ███▌ ▐██ ██▄███▌▐██▌ █ ███▌ ▄██▀ ▀ ▀ █ ▄███▀▀ ▄▀▀▀ ▀██████▀█▀ ▐███▄ ▀ ▐███▄▀▐█▌▐████▀▀ ███▄ ████▄ ▄ ▀ ▄▄▄▄ ▄ ▄▄ ▄▄▄▄ ▄ ▄▄ ▀ █▄ ▀▄▄ ▀ ▀ ▀ ▀ ▄ ▀▀▄ █▀▀ ▀ ▀▀▀▀▀▀ ▀ ▀ ▀▀▀▀▀▀ ▀ ▄ ▀▀ ▄ ▀ »»»»» » » »»»»»»»»»»»»»»» »» » » »»»»»» Tutor : Ordoc Data Wrote : February 5, 1999 Editor : An NFO Viewer (wordwrap) *Notepad is fine if u don't wanna see the neat ASCII Art :)* Who : Beginner to Intermediate Greets : Harlem, WLW, #cracking4newbies Target : CrackMe 1 by ocHe sAtRiAnI (http://skyscraper.fortunecity.com/nexus/650/oche.zip) Size : 12kb Rev Date : 1/4/99 Well this is my first Crack Me tutorial. This is a Visual Basic 5 tutorial. As I have seen lately people aren't so weird about VB like they use to be. More people understand it now and realize it isn't impossible to crack. Anyways on with the tutorial! First run the program (v1.0.exe). Now you notice the register button is disabled. You *may* be thinking how am I suppose to hit Register. Well first type in some stuff. Ctrl-D into SI and set a bpx on hmemcpy. Now Ctrl-D back to the Crack Me. Hit the backspace key to delete a number/letter. Soft Ice will pop up. Knowing this is VB5 we can try the most obvious thing fisrt. Hit F11 then F12 a few times till you see MSVBVM5!.xxxxxxxx. Now lets do a search for the Visual Basic 5 compare routine. S 0 L ffffffff 56,57,8b,7c,24,10,8b,74,24,0c,8b,4c,24,14,33,c0,f3,66,a7 *NOTE its a good idea if you are cracking a lot of VB4 - VB5(maybe 6 too not familiar with it) programs to have this as a SI hot key such as Alt-F4 that is rarely used in your winice.dat file. AF4="^s 0 l ffffffff 56,57,8b,7c,24,10,8b,74,24,0c,8b,4c,24,14,33,c0,f3,66,a7;" This will save you the time of typing all that* Now you should see "search pattern found at blah blah blah". From my experience with Vb5 and this search it is always 017F:0F00D9EA. Set a bpx on that location that you get. Clear your hmemcpy bp (bc 0). Hit Ctrl-D and SI will pop out and back in. Hit F11 and you should see the following code: : 56 push esi : 57 push edi : 8B7C2410 mov edi, [esp + 10] ; Move real serial into edi : 8B7C240C mov esi, [esp + 0C] ; Move fake serial into esi : 8B4C2414 mov ecx, [esp + 14] From my comments you should be able to tell what to do. If not step past "mov edi, [esp + 10]" and type D EDI. You will see the real serial number. Type bc * to clear the breakpoints. Ctrl-D out of softice and enter the serial you nabbed. Congradulations! Look for more tutorials from Harlem soon.