Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / Mendoza / dc_visualpage.txt < prev next >

Wrap

Text File | 2000-05-25 | 13KB | 363 lines

---------------------------------------- | How to crack Symantec Visual Page v1.0 | by da Cracker/CBE ---------------------------------------- Introduction: ──────────── How many percent of experienced computer users are crackers? Surely not more than 0.1%... But many of these peoples label the word "cracking" as "impossible". Well, I want to teach these guys how to crack, so that's why I decided to write my fourth tutorial, requested by Ap0ll0 and pist0ls. In this tutorial, I'll teach you how to crack Symantec Visual Page v1.0... (Sorry if it's not the latest one, but I don't want to download it! It's too big... I had that version on a cd) I hope that you'll enjoy it! If you have any comment, suggestions, .... please e-mail me at dc_cbe@hotmail.com ┌────────────────────────────────────Index────────────────────────────────┐ | | |1) Programs that you'll need to crack Symantec Visual Page | |2) Finding the location that needs to be patched to remove the nag | |3) Patching the location to remove the nag | |4) Finding the location that needs to be patched to remove the expiration| |5) Patching the location to remove the expiration date | |6) Writing a patcher in Assembler | |7) Final Notes | └─────────────────────────────────────────────────────────────────────────┘ 1) Programs that you'll need to crack Symantec Visual Page ─────────────────────────────────────────────────────── Here's the list of programs that you'll need to get to crack Symantec Visual Page: WinDisassembler Visual Page (no, really? ;) ) Hacker's View Don't expect to crack it without these utilities! Note: You can get them at http://cracking.home.ml.org, or if you're a CBE member, at CBE's memberz FTP Area And you can get Visual Page at http://www.symantec.com Are you ready? Ok, so let's start. 2) Finding the location that needs to be patched to remove the nag ─────────────────────────────────────────────────────────────── Now we're going to find the location that needs to be patched (where you have to modify the program so that it removes the nag...) Start Symantec Visual Page What's that annoying message? This Trial Version of blabla expires in 30 days... Ok, let's remove this nag. Exit Visual Page Go to the directory where Visual Page is installed (normally c:\VisualPage) Copy the file vpage.exe to vpage.bak (for Backup) and to 1.exe (for use by w32dasm... Why?? Because of the crappy "Application Running, can't modify it", well, anyways... Done? ok, now run w32dasm. Click on Disassembler --> Open File to Disassemble Go to the directory of Visual Page and select 1.exe Takes a while, heh? That's because this prog is quite big in size... Now, click on the menu Search --> Find Text and search for "visual page expires in" (that was part of the nag, remember?) Here's what we get: *Possible Reference to String Resource ID=05046: "This Trial Version of Visual Page expires in %1" <-- %1 is a variable :00419BFC 686B6130000 push 000013B6 <-- Saves the nag message :00419C01 8D4DD0 lea ecx, dword ptr [ebp-30] <-- Pops the nag screen! :00419C04 51 push ecx <-- Saves some shit to ecx Do you UNDERSTAND what we have to do? Well, it's easy. Think a little bit...;) We have a the nag message that gets saved and poped. We should just erase these lines! No, we can't do that... So, what? We have to NOP it!!! nop is a valid instruction that does ... nothing! That's it!!! You found the location to patch and what to change!!! And now you just need to patch it! (described in part 3) 3) Patching the location to remove the nag ─────────────────────────────────────── Click on the location right underneat the nag message (00419BFC) In the status bar, you'll see: "Code Data @: 00419BFC @Offset 000089FCh" So the offset address is A746 (you don't need the 0's in front and the h) Ok, remember this. Start Hacker's View to edit the exe file of Visual Page (hiew vpage.exe) Press F4, select Decode and press enter Press F5 (goto offset) and type 89FC (that's where we want to go) + Enter Now, you're almost done.... Press F3 (To edit the program) Now, you can see many numbers and letters... Keep on pressing 90 until the call (419C05) That means that you have to type "90" 9 times Now, press F9 to update the file and F10 to exit. Start Symantec Visual Page. No more nag! 4) Finding the location that needs to be patched to remove the expiration ────────────────────────────────────────────────────────────────────── Now we're going to find the location that needs to be patched (where you have to modify the program so that it doesn't expire...) Start Symantec Visual Page Add one month to your system date (if you don't know how to do that, then learn how to use Windows and come back ;) ) What the heck? blablabla has expired... I didn't even try the program! Let's fix this "bug" :=) Exit Visual Page (anyway, you have no other choice...) Go to the directory where Visual Page is installed (normally c:\VisualPage) Copy the file vpage.exe to vpage.bak (for Backup) and to 1.exe (for use by w32dasm... Why?? Because of the crappy "Application Running, can't modify it", well, anyways... Done? ok, now run w32dasm. Click on Disassembler --> Open File to Disassemble Go to the directory of Visual Page and select 1.exe Takes a while, heh? That's because this prog is quite big in size... Now, click on the menu Search --> Find Text and search for "has expired" (that was part of the error message, remember?) Here's what we get: * Referenced by a (U)nconditional or (C)onditional Jump at Address: |: 00419C11 (C) <-- Conditional Jump (suX!) | :00419C24 BB01000000 mov ebx, 00000001 <- Saves 1 to ebx (Boolean flag) *Possible Reference to String Resource ID=05043: "This Trial Version of Visual Page has expired." :00419C29 686B6130000 push 000013B3 <-- Saves the error message :00419C2E 8D4DD0 lea ecx, dword ptr [ebp-30] <-- Pops the error message Do you UNDERSTAND what we have to do now? Well, it's easy. Think a little bit...;) The program jumped to here from 00419C11 BECAUSE the condition was false (or true, whatever)... Ok, so we have to go to that part of the code and NOP it!!! That's it!!! You found the location to patch and what to change!!! And now you just need to patch it! (described in part 5) 5) Patching the location to remove the expiration date ─────────────────────────────────────────────────── Go to the location where the conditional jump occured (00419C11) and click on the line. In the status bar, you'll see: "Code Data @: 00419C11 @Offset 00008A11h" So the offset address is 8A11 (you don't need the 0's in front and the h) Ok, remember this. Start Hacker's View to edit the exe file of Visual Page (hiew vpage.exe) Press F4, select Decode and press enter Press F5 (goto offset) and type 8A11 (that's where we want to go) + Enter Now, you're almost done.... Press F3 (To edit the program) Now, you can see 74 and some other things... Type "90" twice. Why "90"?? Ah, because 90 is the code for NOP... I really have to explain you all ;) Now, press F9 to update the file and F10 to exit. Start Symantec Visual Page. It worked! No more expiration date! 6) Writing a patcher in Assembler ────────────────────────────── Now, to release the crack, you have to make what we call a patch. Yeah, you can't distribute the exe for two reasons: 1) It's illegal (a patch isn't illegal: it's your prog; but when a persons uses it, it's illegal) 2) It's quite big for a crack In the last tutorial, the patcher was in Pascal, so I decided to make this one in assembler... Humm, next time will be errrrr.... dunno! ;) Maybe VB. Here's the Assembler source code of the patcher: -------------------------------cut here--------------------------------------- code segment byte public assume cs:code, ds:code org 100h start: mov dx,offset logo call write call open_file mov filehandle,ax mov dx,offset fsize call write call check_size mov di,offset data mov si,offset ofs mov cx,2 mov dx,offset crackfile call write crackit: push cx call seek_file call read_file call seek_file call write_file add si,4 add di,2 pop cx loop crackit mov dx,offset cracksucc jmp short goback already_patched: mov dx,offset alreadycrk jmp short goback size_mismatch: mov dx,offset sizemismtch jmp short goback error: mov dx,offset erroropen goback: call write call close_file mov ah,4Ch int 21h Write proc near push ax mov ah,9 int 21h pop ax retn Write endp open_file proc near mov ah,3Dh mov al,2 mov dx,offset filenaam int 21h jb error retn open_file endp close_file proc near mov ah,3Eh mov bx,filehandle int 21h retn close_file endp check_size proc near mov bx,ax mov ax,4202h xor cx,cx xor dx,dx int 21h jb error cmp ax, lowsize jne size_mismatch cmp dx, highsize jne size_mismatch retn check_size endp read_file proc near mov ah,3fh mov bx,filehandle mov cx,1 mov dx,offset readbyte int 21h mov ah,readbyte cmp [di],ah jne already_patched jb error retn read_file endp write_file proc near mov ah,40h mov bx,filehandle mov cx,1 mov dx,di inc dx int 21h jb error retn write_file endp seek_file proc near mov ah,42h mov al,0 mov bx,filehandle mov dx,[si] mov cx,[si+2] int 21h jnc here jmp error here: retn seek_file endp filenaam db 'VPAGE.EXE', 0 filehandle dw 0 lowsize dw 21020 highsize dw 19 readbyte db 0 logo db ' ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄', 0Dh, 0Ah db '█▀ ▀█', 0Dh, 0Ah db '█ Visual Page v1.0 █', 0Dh, 0Ah db '█ REMOVES EXPIRATION DATE + NAG █', 0Dh, 0Ah db '█ █', 0Dh, 0Ah db '█ E-mail: dc_cbe@hotmail.com █', 0Dh, 0Ah db '█ Website: http://www.cbe98.org █', 0Dh, 0Ah db '█ IRC: #cbe98 on Efnet █', 0Dh, 0Ah db '█▄ ▄█', 0Dh, 0Ah db ' ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀', 0Dh, 0Ah db '■ OPENING FILE : ','$' fsize db 'OK!',0Dh,0Ah,'■ CHECKING FILESIZE : $' crackfile db 'OK!',0Dh,0Ah,'■ CRACKING FILE : $' cracksucc db 'OK!',0Dh,0Ah,'■ CRACK SUCCESSFULL!',0Dh,0Ah,'$' alreadycrk db 'ERROR!',0Dh,0Ah,'■ FILE ALREADY CRACKED OR DIFFERENT!',0Dh,0Ah,'$' sizemismtch db 'ERROR!',0Dh,0Ah,'■ WRONG VERSION OF FILE!',0Dh,0Ah,'$' erroropen db 'ERROR!',0Dh,0Ah,'■ CAN', 027h,'T OPEN FiLE !!',0Dh,0Ah,'$' ofs dw 35345 , 0 , 35346 , 0 data db 116, 144 , 17, 144 code ends end start ----------------------------------cut here------------------------------------ Now, compile this patcher (with TASM or MASM) and you can distribute your crack! 7) Final Notes ─────────── I hope that you enjoyed reading this tutorial as much as I did writing it! I wrote it for Ap0ll0 and pist0ls who are newbies! I feel that you two are going to be good crackers :) Good luck, dudes! btw, my next cracking tutorial is going to be about patchers... Yup, don't miss it! -da Cracker/CBE dc_cbe@hotmail.com http://www.cbe98.org #cbe98 on Efnet Come and chat with us on IRC!