home *** CD-ROM | disk | FTP | other *** search
- Numega Smartcheck 5.0
-
- Beginners Guide
-
-
- Target:
- Braga.exe - Braga's Little Crackme 1 in Visual Basic 5
-
- Tools:
- Smartcheck 5. ftp search for smchk50.exe
-
- While there are a few tutorials on Smartcheck at fravia.org, they didn't
- really help me to get started with SC, hopefully this tutorial will help you
- in learning this fantastic tool. This tut is to help you figure the basics, rather than
- just telling you how to complete braga's crackme.
-
- For those of you who are not familiar with SC, and what it is, heres a description
- from the Main Help File:
-
- SmartCheck is a run-time debugging tool that addresses the most problematic conditions encountered by Visual Basic developers:
-
- ╖ Fatal run-time errors that are cryptic and hard-to-solve
- ╖ Problems that result from a sequence of events
- ╖ Incorrect Windows API Usage from Visual Basic
- ╖ Bad values passed to built-in Visual Basic functions
- ╖ Problematic value coercions
- ╖ Errors in components, such as ActiveX controls, used by your program
-
- heh heh, well, not only can you use smartcheck for finding errors in your
- Visual Basic programs, you can also use SC to find out exactly what somebody
- elses program is doing, whether it is written in Visual Basic or not.Infact,
- heres news for all you crackers out there that hate cracking VB5 apps:
- SC makes it FUN!!
-
-
- Ok, enough of the intro. After you have run the setup program (and found
- the required password using sice) start Smartcheck. In the File menu, select
- open, and open braga.exe. Then, in the Program menu, select settings.
- Change whatever you have to this:
-
- All the chack boxes in the Error Detection tab should be checked.
-
- In Advanced, in the Error Detection tab, the first 4 checkboxes should
- be checked, the rest shouldnt be checked. Make sure 'Suppress API Calls' is NOT checked.
-
- In the Reporting tab, everything except 'Report mousemove events from
- OCX' should be checked.
-
- Phew! Ok, now, press the green 'play' button and let the fun begin. Hopefully,
- a new window will be opened in SC, split into three sections. The bottom section, we dont
- have to worry about, because we normally wont have the Source Code of our
- targets programs. In this should read: "No source file".
-
- In the section above that, on the left hand side, you should have many lines of
- function calls, clicking on one reveals more details in the right hand section.
- One of the function calls you should see, the first one on the list, is
- InitializeCriticalSection(PTR: xxxxxxxx)
- If you look down the very bottom right hand corner of the main SC window, you
- should see how many program events have occured. I have 1360, from just loading
- braga.exe. In the View menu, select Show All Events. When you get to know sc more,
- you can experiment with the Specific Events (The Object Events is usually good
- for our needs.)
-
- OK, Braga's crackme should have loaded, so enter a dummy name and serial, and
- click Register. You will probably now have a Dlg box saying "Keep Trying :)))"
- Well, lets see what Smartcheck has given us. Search for the first 4 characters of whatever
- name you entered (for me, i entered night_mastah[mgm], so i searched for nigh).
-
- The Program Results section should now be sitting at a
- __vbaVarMove(VARIANT:String:"night_m",VARIANT:Empty) returns DWORD:63F35C
-
- Well, it doesnt exactly take a genius to figure out whats happening here. You can see, your name has
- been taken and placed at mem location 63F35C or whatever. Follow the Program Results down, and it should
- really speak for itself.
-
- It gets your serial, and keeps it for later. It then finds the LENgth of
- your name, then finds the LEFTmost character, for me it was 'n'. It then finds
- the Ascii value for that letter, then changes this to HEX (6E). Then, the program finds the first 4 letters
- of your name, although I dont think what happens next is what Braga intended. I think,
- by looking at the output from SC, he intended to find the ascii value for the first 4 letters
- of your name, but all the program does is (again) find the Ascii value for the first letter. It then changes this to
- to HEX aswell.
-
- Scrolling down further, you should come to the __vbaVarCat section, where the crackme works out
- the correct serial. Again, its fairly easy to work out whats happening, but if its not, let me explain:
- 1) It takes the hex value for the first letter of your name, then adds a '-'
- 2)On the end of that, it adds the string 'Pt-Cracker', and another '-' (the string is now 'xx-Pt-Cracker-' where xx is the hex val etc.
- 3)It then adds the HEX value again for the first letter of your name (although I dont think he meant that, maybe...) 'xx-Pt-Cracker-xx
- 4)Then, another '-' is added to the string. 'xx-Pt-Cracker-xx-'
- 5)Finally, he adds 12345 to the string. The Final String is: 'xx-Pt-Cracker-xx-12345'
-
- Scroll down another few lines, and you will find __vbaVarTstEq(VARIANT:String:"111222333444555", VARIANT:String:"6E-Pt-Cracker-6E-12345")
- ^^^^^^^^^^^^^ or whatever you entered as your serial.
-
- Again, no prizes for guessing what thats about. If you favour patching the crackme, in Wdasm, the address you should start looking at is
- !0040239E (__vbaVarTstEq() location)
- To convert the address from SC to Wdasm, if the address has 000, change that to: 004.
-
- Hopefully this small tutorial has helped you figure out the basics of Smartcheck 5.0.
-
- If you this tutorial has helped you, please repay the favour by saying "Hi" to me (night_mas)
- on #Cracking4newbies or #Magnum on Effnet.
-
- See ya
-
- night mastah
- magnum 98
