home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
Mendoza
/
dc_visualpage.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
13KB
|
363 lines
----------------------------------------
| How to crack Symantec Visual Page v1.0 | by da Cracker/CBE
----------------------------------------
Introduction:
────────────
How many percent of experienced computer users are crackers? Surely not more
than 0.1%... But many of these peoples label the word "cracking" as
"impossible". Well, I want to teach these guys how to crack, so that's why I
decided to write my fourth tutorial, requested by Ap0ll0 and pist0ls. In this
tutorial, I'll teach you how to crack Symantec Visual Page v1.0... (Sorry if
it's not the latest one, but I don't want to download it! It's too big... I
had that version on a cd) I hope that you'll enjoy it! If you have any
comment, suggestions, .... please e-mail me at dc_cbe@hotmail.com
┌────────────────────────────────────Index────────────────────────────────┐
| |
|1) Programs that you'll need to crack Symantec Visual Page |
|2) Finding the location that needs to be patched to remove the nag |
|3) Patching the location to remove the nag |
|4) Finding the location that needs to be patched to remove the expiration|
|5) Patching the location to remove the expiration date |
|6) Writing a patcher in Assembler |
|7) Final Notes |
└─────────────────────────────────────────────────────────────────────────┘
1) Programs that you'll need to crack Symantec Visual Page
───────────────────────────────────────────────────────
Here's the list of programs that you'll need to get to crack Symantec Visual
Page:
WinDisassembler
Visual Page (no, really? ;) )
Hacker's View
Don't expect to crack it without these utilities!
Note: You can get them at http://cracking.home.ml.org, or if you're a CBE
member, at CBE's memberz FTP Area
And you can get Visual Page at http://www.symantec.com
Are you ready? Ok, so let's start.
2) Finding the location that needs to be patched to remove the nag
───────────────────────────────────────────────────────────────
Now we're going to find the location that needs to be patched (where you have
to modify the program so that it removes the nag...)
Start Symantec Visual Page
What's that annoying message? This Trial Version of blabla expires in 30 days...
Ok, let's remove this nag.
Exit Visual Page
Go to the directory where Visual Page is installed (normally c:\VisualPage)
Copy the file vpage.exe to vpage.bak (for Backup) and to 1.exe (for use by
w32dasm... Why?? Because of the crappy "Application Running, can't modify it", well, anyways...
Done? ok, now run w32dasm.
Click on Disassembler --> Open File to Disassemble
Go to the directory of Visual Page and select 1.exe
Takes a while, heh? That's because this prog is quite big in size... Now,
click on the menu Search --> Find Text and search for "visual page expires in"
(that was part of the nag, remember?) Here's what we get:
*Possible Reference to String Resource ID=05046: "This Trial Version of Visual Page expires in %1" <-- %1 is a variable
:00419BFC 686B6130000 push 000013B6 <-- Saves the nag message
:00419C01 8D4DD0 lea ecx, dword ptr [ebp-30] <-- Pops the nag screen!
:00419C04 51 push ecx <-- Saves some shit to ecx
Do you UNDERSTAND what we have to do? Well, it's easy. Think a little bit...;)
We have a the nag message that gets saved and poped. We should just erase
these lines! No, we can't do that... So, what? We have to NOP it!!! nop is a
valid instruction that does ... nothing!
That's it!!! You found the location to patch and what to change!!!
And now you just need to patch it! (described in part 3)
3) Patching the location to remove the nag
───────────────────────────────────────
Click on the location right underneat the nag message (00419BFC)
In the status bar, you'll see: "Code Data @: 00419BFC @Offset 000089FCh"
So the offset address is A746 (you don't need the 0's in front and the h)
Ok, remember this.
Start Hacker's View to edit the exe file of Visual Page (hiew vpage.exe)
Press F4, select Decode and press enter
Press F5 (goto offset) and type 89FC (that's where we want to go) + Enter
Now, you're almost done....
Press F3 (To edit the program)
Now, you can see many numbers and letters... Keep on pressing 90 until the
call (419C05)
That means that you have to type "90" 9 times
Now, press F9 to update the file and F10 to exit.
Start Symantec Visual Page.
No more nag!
4) Finding the location that needs to be patched to remove the expiration
──────────────────────────────────────────────────────────────────────
Now we're going to find the location that needs to be patched (where you have
to modify the program so that it doesn't expire...)
Start Symantec Visual Page
Add one month to your system date (if you don't know how to do that, then
learn how to use Windows and come back ;) )
What the heck? blablabla has expired...
I didn't even try the program! Let's fix this "bug" :=)
Exit Visual Page (anyway, you have no other choice...)
Go to the directory where Visual Page is installed (normally c:\VisualPage)
Copy the file vpage.exe to vpage.bak (for Backup) and to 1.exe (for use by
w32dasm... Why?? Because of the crappy "Application Running, can't modify it",
well, anyways...
Done? ok, now run w32dasm.
Click on Disassembler --> Open File to Disassemble
Go to the directory of Visual Page and select 1.exe
Takes a while, heh? That's because this prog is quite big in size... Now,
click on the menu Search --> Find Text and search for "has expired"
(that was part of the error message, remember?) Here's what we get:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|: 00419C11 (C) <-- Conditional Jump (suX!)
|
:00419C24 BB01000000 mov ebx, 00000001 <- Saves 1 to ebx (Boolean flag)
*Possible Reference to String Resource ID=05043: "This Trial Version of Visual Page has expired."
:00419C29 686B6130000 push 000013B3 <-- Saves the error message
:00419C2E 8D4DD0 lea ecx, dword ptr [ebp-30] <-- Pops the error message
Do you UNDERSTAND what we have to do now? Well, it's easy. Think a little
bit...;)
The program jumped to here from 00419C11 BECAUSE the condition was false (or
true, whatever)... Ok, so we have to go to that part of the code and NOP it!!!
That's it!!! You found the location to patch and what to change!!!
And now you just need to patch it! (described in part 5)
5) Patching the location to remove the expiration date
───────────────────────────────────────────────────
Go to the location where the conditional jump occured (00419C11) and click on
the line.
In the status bar, you'll see: "Code Data @: 00419C11 @Offset 00008A11h"
So the offset address is 8A11 (you don't need the 0's in front and the h)
Ok, remember this.
Start Hacker's View to edit the exe file of Visual Page (hiew vpage.exe)
Press F4, select Decode and press enter
Press F5 (goto offset) and type 8A11 (that's where we want to go) + Enter
Now, you're almost done....
Press F3 (To edit the program)
Now, you can see 74 and some other things... Type "90" twice. Why "90"?? Ah,
because 90 is the code for NOP... I really have to explain you all ;)
Now, press F9 to update the file and F10 to exit.
Start Symantec Visual Page.
It worked! No more expiration date!
6) Writing a patcher in Assembler
──────────────────────────────
Now, to release the crack, you have to make what we call a patch.
Yeah, you can't distribute the exe for two reasons:
1) It's illegal (a patch isn't illegal: it's your prog; but when a persons uses
it, it's illegal)
2) It's quite big for a crack
In the last tutorial, the patcher was in Pascal, so I decided to make this one
in assembler... Humm, next time will be errrrr.... dunno! ;) Maybe VB.
Here's the Assembler source code of the patcher:
-------------------------------cut here---------------------------------------
code segment byte public
assume cs:code, ds:code
org 100h
start:
mov dx,offset logo
call write
call open_file
mov filehandle,ax
mov dx,offset fsize
call write
call check_size
mov di,offset data
mov si,offset ofs
mov cx,2
mov dx,offset crackfile
call write
crackit:
push cx
call seek_file
call read_file
call seek_file
call write_file
add si,4
add di,2
pop cx
loop crackit
mov dx,offset cracksucc
jmp short goback
already_patched:
mov dx,offset alreadycrk
jmp short goback
size_mismatch:
mov dx,offset sizemismtch
jmp short goback
error:
mov dx,offset erroropen
goback:
call write
call close_file
mov ah,4Ch
int 21h
Write proc near
push ax
mov ah,9
int 21h
pop ax
retn
Write endp
open_file proc near
mov ah,3Dh
mov al,2
mov dx,offset filenaam
int 21h
jb error
retn
open_file endp
close_file proc near
mov ah,3Eh
mov bx,filehandle
int 21h
retn
close_file endp
check_size proc near
mov bx,ax
mov ax,4202h
xor cx,cx
xor dx,dx
int 21h
jb error
cmp ax, lowsize
jne size_mismatch
cmp dx, highsize
jne size_mismatch
retn
check_size endp
read_file proc near
mov ah,3fh
mov bx,filehandle
mov cx,1
mov dx,offset readbyte
int 21h
mov ah,readbyte
cmp [di],ah
jne already_patched
jb error
retn
read_file endp
write_file proc near
mov ah,40h
mov bx,filehandle
mov cx,1
mov dx,di
inc dx
int 21h
jb error
retn
write_file endp
seek_file proc near
mov ah,42h
mov al,0
mov bx,filehandle
mov dx,[si]
mov cx,[si+2]
int 21h
jnc here
jmp error
here:
retn
seek_file endp
filenaam db 'VPAGE.EXE', 0
filehandle dw 0
lowsize dw 21020
highsize dw 19
readbyte db 0
logo db ' ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄', 0Dh, 0Ah
db '█▀ ▀█', 0Dh, 0Ah
db '█ Visual Page v1.0 █', 0Dh, 0Ah
db '█ REMOVES EXPIRATION DATE + NAG █', 0Dh, 0Ah
db '█ █', 0Dh, 0Ah
db '█ E-mail: dc_cbe@hotmail.com █', 0Dh, 0Ah
db '█ Website: http://www.cbe98.org █', 0Dh, 0Ah
db '█ IRC: #cbe98 on Efnet █', 0Dh, 0Ah
db '█▄ ▄█', 0Dh, 0Ah
db ' ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀', 0Dh, 0Ah
db '■ OPENING FILE : ','$'
fsize db 'OK!',0Dh,0Ah,'■ CHECKING FILESIZE : $'
crackfile db 'OK!',0Dh,0Ah,'■ CRACKING FILE : $'
cracksucc db 'OK!',0Dh,0Ah,'■ CRACK SUCCESSFULL!',0Dh,0Ah,'$'
alreadycrk db 'ERROR!',0Dh,0Ah,'■ FILE ALREADY CRACKED OR DIFFERENT!',0Dh,0Ah,'$'
sizemismtch db 'ERROR!',0Dh,0Ah,'■ WRONG VERSION OF FILE!',0Dh,0Ah,'$'
erroropen db 'ERROR!',0Dh,0Ah,'■ CAN', 027h,'T OPEN FiLE !!',0Dh,0Ah,'$'
ofs dw 35345 , 0 , 35346 , 0
data db 116, 144 , 17, 144
code ends
end start
----------------------------------cut here------------------------------------
Now, compile this patcher (with TASM or MASM) and you can distribute your
crack!
7) Final Notes
───────────
I hope that you enjoyed reading this tutorial as much as I did writing it!
I wrote it for Ap0ll0 and pist0ls who are newbies! I feel that you two are
going to be good crackers :)
Good luck, dudes!
btw, my next cracking tutorial is going to be about patchers... Yup, don't
miss it!
-da Cracker/CBE
dc_cbe@hotmail.com
http://www.cbe98.org
#cbe98 on Efnet
Come and chat with us on IRC!