home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
E_bliss
/
oche.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
4KB
|
77 lines
CrackMe tutorial for CrackMe 1 by ocHe sAtRiAnI
▀
▓ ▄▄███▄▄
█ ▄█▀▀▀▀▀▀▀█▄
▓ ▄████████▄ ▀█▄
▒ ▐█▄▀▄▄▄▄▄▀▀██ ██
▒░ ████▐████▌█▌▀█ █▌
▒░▒ ████▌████▐██▌▀█ █
▄ ░▓░ ▄██▄▄ █▀█▀█▐▀▀▄▀█▀█ ███
▀ ░ ░ █░░░▓███▄ █▄▄▄▀▄█▄▀▄▄▄▄▀▌██
▀ ░▄█░░░▒▒▓██████▄ ▐██▀▄▀▀▄█▄▄▄▄██▐▌
▄ ▄ ▀█░░░▓███████████▄▄▄ █▌█▌▀▀▀██████▌█
▄ █▀▀ ▀ ▀ █▄▄ ▄▄ ▀███▀▀▀▀▀▀▀▀▀▀▀████▄▄▄▀▀▀▀▄▀███▌█
▄▄▄██▀ ▄▄██▀ ▄ ▀ ▀▀█ ▄ ▄▄▄ ▀ ▄ ▄ ▀ ▄▄█▌ ▀ ▄▄ ▀▀▀█▀██ ▄▀▄█▀█
████▌ ▐███▌ ▐██▄ ▀ ▄ ▄▄██▌▄███▀ █▄ ▐█▀▀█▀ ▄ ▄ ▀▀▀ ▄ ▀██████▄▀
▐████▄█▀████ ███▌▀▄▄█▄ █▄█▀▀██ ███▌ ▀ ██▄ ▄ ▐███▄ ▄███▄ ▀████▀
▀ ████▌ ▐███▌ ▐███▌ ▐█▌ ▐███ ▐▌ ▐███ ▄ ▐█▌ ▐██ ███ █▌▐███ █ ▀
▄█ ▐████ ████ ████ ▄██ ███▌▀ ███▌ ▐██ ██▄███▌▐██▌ █ ███▌ ▄██▀ ▀ ▀
█ ▄███▀▀ ▄▀▀▀ ▀██████▀█▀ ▐███▄ ▀ ▐███▄▀▐█▌▐████▀▀ ███▄ ████▄ ▄ ▀
▄▄▄▄ ▄ ▄▄ ▄▄▄▄ ▄ ▄▄ ▀ █▄ ▀▄▄ ▀ ▀ ▀ ▀ ▄
▀▀▄ █▀▀ ▀ ▀▀▀▀▀▀ ▀ ▀ ▀▀▀▀▀▀ ▀
▄ ▀▀ ▄
▀ »»»»» » » »»»»»»»»»»»»»»» »» »
» »»»»»»
Tutor : Ordoc
Data Wrote : February 5, 1999
Editor : An NFO Viewer (wordwrap) *Notepad is fine if u don't wanna see the
neat ASCII Art :)*
Who : Beginner to Intermediate
Greets : Harlem, WLW, #cracking4newbies
Target : CrackMe 1 by ocHe sAtRiAnI
(http://skyscraper.fortunecity.com/nexus/650/oche.zip)
Size : 12kb
Rev Date : 1/4/99
Well this is my first Crack Me tutorial. This is a Visual Basic 5 tutorial.
As I have seen lately people aren't so weird about VB like they use to be. More
people understand it now and realize it isn't impossible to crack. Anyways on
with the tutorial!
First run the program (v1.0.exe). Now you notice the register button is
disabled. You *may* be thinking how am I suppose to hit Register. Well first
type in some stuff. Ctrl-D into SI and set a bpx on hmemcpy. Now Ctrl-D back to
the Crack Me. Hit the backspace key to delete a number/letter. Soft Ice will
pop up. Knowing this is VB5 we can try the most obvious thing fisrt. Hit F11
then F12 a few times till you see MSVBVM5!.xxxxxxxx. Now lets do a search for
the Visual Basic 5 compare routine.
S 0 L ffffffff 56,57,8b,7c,24,10,8b,74,24,0c,8b,4c,24,14,33,c0,f3,66,a7
*NOTE its a good idea if you are cracking a lot of VB4 - VB5(maybe 6 too not
familiar with it) programs to have this as a SI hot key such as Alt-F4 that is
rarely used in your winice.dat file.
AF4="^s 0 l ffffffff 56,57,8b,7c,24,10,8b,74,24,0c,8b,4c,24,14,33,c0,f3,66,a7;"
This will save you the time of typing all that*
Now you should see "search pattern found at blah blah blah". From my experience
with Vb5 and this search it is always 017F:0F00D9EA. Set a bpx on that location
that you get. Clear your hmemcpy bp (bc 0). Hit Ctrl-D and SI will pop out and
back in. Hit F11 and you should see the following code:
: 56 push esi
: 57 push edi
: 8B7C2410 mov edi, [esp + 10] ; Move real serial into edi
: 8B7C240C mov esi, [esp + 0C] ; Move fake serial into esi
: 8B4C2414 mov ecx, [esp + 14]
From my comments you should be able to tell what to do. If not step past "mov
edi, [esp + 10]" and type D EDI.
You will see the real serial number. Type bc * to clear the breakpoints. Ctrl-D
out of softice and enter the serial you nabbed. Congradulations!
Look for more tutorials from Harlem soon.