CrackMe® Practices for Newbies ~ Moderated

Found something...
Sunday, 24-Jan-99 16:19:42
    195.147.133.223 writes:

    Greetings...

    Found something new. 8)

    Using Hexeditor, I found...
    Thank you for registering ( the second push) is stored at 10A00
    The second copy (the first push, when you enter the correct code) is stored at 13FA0
    If you look carefully at the hex, before "54" which is for "T", there is a 19 which is 25 for Dec and is the length of the string.
    If you change the 2nd copy to something else, even if you enter Hiboaf, you won't get "Deactivated"

    After the second copy, there is the "Sorry invalid code!" which is used as the first push if we have the wrong code. It is stored at 13FD4. There is a 14 in front which is 20 in Dec and is the length of this string.

    Why I explain all this is because, I found another method of bypassing the first check which is the tedious calculation... Oh boy... if only we have seen this...

    Ok, first, change the 14 to 19.
    Then change the string to "Thank you for registering" without quote
    Don't care about over writing what's there... Be careful about the spaces...
    Save it
    Then enter any 6 characters (Anything you want!!)
    And click on "Unlock Protection"
    You will see Thank you for registering which is nothing great...

    But, after clicking on the OK button, you get the "DEACTIVATED" as well!!!

    So, Borna is right about the string compare. and Princess is correct about the length because if you enter more or less than 6, you won't get deactivated.

    What left is to find out where it keeps the length check...

    bye!

    EB


Message thread:

Solved it!!! (EB) (23-Jan-99 20:10:43)

Back to main board


Message subject:

Name: (optional)

Email address: (optional)

Type your message here:




Back to main board

Copyright © ProSoft 1997-1998
All rights reserved.