|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
||
|
|
|
There is a crack, a crack in everything. That's how the light gets in. |
|
|
Name:
Registration Code:
Press "TRY IT!" button and
program will verify
is regestration code that you entered
correct
If you enter correct serial number good
message
appears, otherwise bad message appears
GOOD MESSAGE = "Good!, You got it! Now
contact us in #ESQUiRE with your Name and Registration code so we can verify
it"
BAD MESSAGE = "Nope, try again"
|
|
Program generates every number in Registration
code from every single character of Name!
That means that Registration Code has
same
number of character like an User Name!
Now run the program.
Press "Registration" button
on the toolbar.
Enter your handle and any random serial
number.
Pop up Sice with "CTRL-D",
set breakpoint on
the hmemcpy function "BPX HMEMCPY",
and
leave sice, again "CTRL-D".
Press "TRY IT!" button to
verify is serial that
you entered correct
Sice now breaks at the beginning of the
system function hmemcpy.
First disable breakpoint with "BD
0".
To leave hmemcpy code and return to the
programs
code press:
"F11" - once
"F12" - six times
"F10" - twenty-three times
You now landed at the beginning of the
programs code
witch called hmemcpy function.
Here is the part of code that you see:
:004410D9 8B45F4
mov eax, dword ptr [ebp-0C]
;EAX = your name
:004410DC E85329FCFF
call 00403A34
;Gets the lenght of name and puts it to EAX(AL)
:004410E1 84C0
test al, al
;Is lenght less then one(no name)?
:004410E3 7653
jbe 00441138
;If yes then display error
:004410E5 8845FB
mov byte ptr [ebp-05], al
;Save the lenght of name into memory
:004410E8 B301
mov bl, 01
;EBX(BL) = 1
Here is the beginning of serial calculation routine:
:004410EA 8D55F4
lea edx, dword ptr [ebp-0C]
;EDX = Memory location where stored location
of name
:004410ED 8B86C8020000
mov eax, dword ptr [esi+000002C8]
:004410F3 E89810FEFF
call 00422190
:004410F8 8B45F4
mov eax, dword ptr [ebp-0C]
:004410FB 33D2
xor edx, edx
:004410FD 8AD3
mov dl, bl
;EDX(DL) = EBX(BL)
:004410FF 0FB64410FF
movzx eax, byte ptr [eax+edx-01] ;EAX
= Next char of name
:00441104 B903000000
mov ecx, 00000003
;ECX = 3
:00441109 33D2
xor edx, edx
;EDX = 0
:0044110B F7F1
div ecx
;Divides EAX by ECX and puts result in EAX(remnant
:0044110D 33D2
xor edx, edx
;EDX = 0
puts in EDX)
:0044110F 8AD3
mov dl, bl
;EDX(DL) = EBX(BL)
:00441111 03C2
add eax, edx
;EAX = EAX + EDX(ordinal number of char)
:00441113 B90A000000
mov ecx, 0000000A
;ECX = A
:00441118 33D2
xor edx, edx
;EDX = 0
:0044111A F7F1
div ecx
;Divides EAX by ECX and puts result in EAX(remnant
:0044111C 83C230
add edx, 00000030
;EDX(remnant) = EDX + 30
puts in EDX)
:0044111F 8D45F0
lea eax, dword ptr [ebp-10]
;EDX = Next char of serial serial
:00441122 E83528FCFF
call 0040395C
:00441127 8B55F0
mov edx, dword ptr [ebp-10]
:0044112A 8D45FC
lea eax, dword ptr [ebp-04]
:0044112D E80A29FCFF
call 00403A3C
:00441132 43
inc ebx
;EBX = EBX + 1
:00441133 FE4DFB
dec [ebp-05]
;Lenght of name = lenght - 1
:00441136 75B2
jne 004410EA
;Loop this [lenght of name] times
:00441138 8D55F4
lea edx, dword ptr [ebp-0C]
:0044113B 8B86D0020000
mov eax, dword ptr [esi+000002D0]
:00441141 E84A10FEFF
call 00422190
:00441146 8B55F4
mov edx, dword ptr [ebp-0C]
;EDX = Fake serial that you entered
:00441149 8B45FC
mov eax, dword ptr [ebp-04]
;EAX = Yur CORRECT serial :))
:0044114C E8F329FCFF
call 00403B44
;Compare them
:00441151 7524
jne 00441177
;If not same then jump
To see your correct serial press "F10"
key until you step on
0044114C call 422190.
Now type "D EAX" and look
at data window. It's your correct serial!!
Also type "D EDX", it's
fake serial that you entered!
You can see from the code that calculation
routine is very simple and
program calculates each char of serial
from every single char of name!
Here is whole calculation routine wrote
in simpler form:
1. Take char from name
2. Divide char by "3"
3. Add to result chars ordinal number
4. Divide result by "A"
5. Add "30" to the remnant of result
6. That's first char of serial,
let's go for next char...
7. Loop this [lenght of name] times
---------------END OF CALCULATION----------------------
|
|
My thanks and gratitude goes to:-
The Sandman
for his great site(the best site for newbies) full of knowledge and for
his cracking forum(also the best on the
net)!
Eternal Bliss,
my best 'virtual' friend, for all what he done for me!
|
|
Ripping off software through serials and cracks is for lamers..
If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.
| Return |