Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / Mendoza / dc_wrl.txt < prev next >

Wrap

Text File | 2000-05-25 | 9.6 KB | 226 lines

--------------------------------- | How to crack WinRoute Lite v3.0 | by da Cracker/CBE --------------------------------- Introduction: ──────────── Many peoples these days are asking me "Can you teach me how to crack?" That's why I decided to write my third tutorial, requested by (don't remember). In this tutorial, I'll teach you how to crack WinRoute Lite v3.0... I hope that you'll enjoy it! If you have any comment, suggestions, .... please e-mail me at dc_cbe@hotmail.com ┌────────────────────Index──────────────────────────┐ | | |1) Programs that you'll need to crack WinRoute Lite| |2) Finding the location that needs to be patched | |3) Patching the location | |4) Changing text in the program | |5) Writing a patcher in Pascal | |6) Final Notes | └───────────────────────────────────────────────────┘ 1) Programs that you'll need to crack WinRoute Lite ──────────────────────────────────────────────── Here's the list of programs that you'll need to get to crack WinRoute Lite: WinDisassembler WinRoute Lite (no, really? ;) ) Hacker's View Don't expect to crack it without these utilities! Note: You can get them at http://cracking.home.ml.org, or if you're a CBE member, at CBE's memberz FTP Area And you can get WinRoute Lite at http://www.winroute.com 2) Finding the location that needs to be patched ───────────────────────────────────────────── Now we're going to find the location that needs to be patched (where you have to modify the program so that it doesn't expire...) Start WinRoute Lite What do I see? WinRoute 3.0, 30 days evaluation... Hehe, it's a 30-day evaluation. Ok, let's crack this piece of shit ;) Exit WinRoute Lite Now, add one month to your system date (you should know how to do that)... Start WinRoute Lite again. Trial Expired! You surely still want to use this nice little proggie... Ok, let's go: let's CRACK it. Remember the message (Trial Period Expired). Now, exit WinRoute Lite (again!) Go to the directory where WinRoute Lite is installed (normally c:\Program Files\WinRoute 3.0) Copy the file wrlite.exe to wrlite.bak (for Backup) and to 1.exe (for use by w32dasm... Why??? Because of the crappy "Application Running, can't modify it" Done? ok, now run w32dasm. Click on Disassembler --> Open File to Disassemble Go to the directory of WinRoute Lite and select 1.exe Disassembles quite fast, heh? That's because this prog is small... Now, click on the menu Search --> Find Text and search for "trial period expired" (that was our error message, remember?) Here's what we get: *Possible StringData Ref from Data Obj -> "#5Trial period has expired" <-- Sux :0040B348 6898704200 push 00427098 <-- Saves some useless info :0040B34D E80E7D0000 call 00413060 <-- Calls some shit :0040B352 83C404 add esp, 00000004 <-- Adds 4 (not base 10!) to esp ummm, so, what can we do are you going to ask me... But... What do we see one line up? :0040B346 750D jne 040B355 <-- Jump there if trial period not expired Do you understand what we have to do? Yes? jne stands for jump if not equal and je stands for je if equal... So, what should we do? Change jne to je? Nah, because if the trial period hasn't expired, it will go to the place where it sayz that it has expired. So, what else can we do? Replace jne with jmp, of course! jmp jumps directly there, no matter what happens. That's it!!! You found the location to patch!!! And now you just need to patch it! (described in part 3) 3) Patching the location ───────────────────── Click on the location where the conditional jump (0040B346) has occured. In the status bar, you'll see: "Code Data @: 0040B346 @Offset 0000A746h" So the offset address is A746 (you don't need the 0's and the h) Ok, remember this. Start Hacker's View to edit the exe file of WinRoute Lite (hiew wrlite.exe) Press F4, select Decode and press enter Press F5 (goto offset) and type A746 (that's where we want to go) + Enter Now, you're almost done.... Press F3 (To edit the program) You can see 75 and some other things. 75 stands for jne (jump if not equal) Ok, so now we have to replace jne to jmp (jump directly) The Hex code for jmp if EB, so type EB. Now, press F9 to update the file and F10 to exit. Start WinRoute Lite. WinRoute Lite isn't expired!! Voila!!! WinRoute Lite will never expire! You've made it! Oh, another thing, put your system date at the right date back (one month before...) 4) Changing text in the program ──────────────────────────── Because I had some more time for this tutorial, I decided to write another section that is NOT required for the crack to work, but makes the program *pretty* ;) What I mean is that instead of the "30 days evaluation" it could be written "Cracked by dC/CBE", well you know what I mean... Oh yeah, before doing this, copy the cracked wrlite.exe to wrlite.cra for a 2nd backup (in case you mess up with the exe...). Ok, now, you can use either Hacker's View or HexWorkshop, or any other Hex Editor... In this tutorial, I'll use Hacker's View because it's my favorite. Ok, so let's go! Start Hacker's View (type "hiew wrlite.exe"). How are we going to proceed? Well, start the program to know... Which text(s) would you like to change? Ummm, "WinRoute v3.0, 30 days evaluation <-- hahaha" ok, we'll change this one first. In Hacker's View, press F4, but this time, choose Hex (+Enter). Damn! This program is ugly! ;) Ok, we're going to search for "30 days evaluation" Press F7. Type "30 days evaluation" (+Enter)... I found out that the first one that you find isn't the right one (there are only two such messages)... Ok, so press on the right arrow once. Now, press F7 and then enter. Now we found the thing that we wanted to change! Here's what we found: %s %s, 30 da ys evaluation Press F3 to Edit the program... Now you can edit it with HEX values... DON'T do so! Press tab and now, you can edit it with characters... Change "30 days evaluation" to "Cracked by dC/CBE", but be AWARE that if you change more than 17 characters, the program WON'T work. Why 17 characters? Because, count how many characters there are in "30 days evaluation"... 17! If you don't want to put anything, but you don't want it to display "30 days evaluation", just put spaces. Once you're done, press F9 and then F10 to exit. 5) Writing a patcher in Pascal ─────────────────────────── Now, to release the crack, you have to make what we call a patch. Yeah, you can't distribute the exe for two reasons: 1) It's illegal (a patch isn't illegal: it's your prog; but when a persons uses it, it's illegal) 2) It's quite big for a crack In the last tutorial, the patcher was in C++, so I decided to make this one in pascal... Humm, next time will be assembler ;) Here's the Pascal source code of the patcher: -------------------------------cut here--------------------------------------- Const Offset : Array [1..18] Of LongInt = ( 42822, 154843, 154844, 154845, 154846, 154847, 154848, 154849, 154851, 154852, 154853, 154854, 154855, 154856, 154857, 154858, 154859, 154860 ); Const Data : Array [1..36] Of Byte = ( 117, 235, 51, 67, 48, 114, 32, 97, 100, 99, 97, 107, 121, 101, 115, 100, 101, 98, 118, 121, 97, 32, 108, 100, 117, 67, 97, 47, 116, 67, 105, 66, 111, 69, 110, 32 ); Var Filename: File; Counter : Word; Readbyte : Byte; Begin Write (' ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄'); Write (#13+ #10+ '█▀ ▀█'); Write (#13+ #10+ '█ WinRoute Lite 3.0 █'); Write (#13+ #10+ '█ REMOVES EXPIRATION DATE █'); Write (#13+ #10+ '█ by da Cracker/CBE █'); Write (#13+ #10+ '█ █'); Write (#13+ #10+ '█ E-mail: dc_cbe@hotmail.com █'); Write (#13+ #10+ '█ Website: http://www.cbe98.org █'); Write (#13+ #10+ '█ IRC: #cbe98 on Efnet █'); Write (#13+ #10+ '█ Affiliate: PGC █'); Write (#13+ #10+ '█▄ ▄█'); Write (#13+ #10+ ' ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀'); Write (#13+ #10+ #13+ #10+ '■ OPENING FILE : '); Assign (Filename, 'WRLITE.EXE'); {$I-} Reset (Filename, 1); {$I+} If IOResult = 0 Then Begin Write ('OK!'+ #13+ #10+ '■ CHECKING SIZE : '); If FileSize (Filename) = 192000 Then Begin Write ('OK!'+ #13+ #10+ '■ CRACKING FILE : '); For Counter:= 1 To 18 Do Begin Seek (Filename, Offset [Counter] ); BlockRead (Filename, Readbyte, 1); If Readbyte = Data [Counter* 2- 1] Then Begin Seek (Filename, Offset [Counter] ); BlockWrite (Filename, Data [Counter* 2], 1); End Else Begin WriteLn ('SJiT!'+ #13+ #10+ '■ FILE ALREADY CRACKED OR DIFFERENT!'); Close(Filename); Halt; End; End; Close (Filename); WriteLn ('OK!'+ #13+ #10+ '■ CRACK SUCCESSFULL!'); End Else WriteLn ('ERROR!'+ #13+ #10+ '■ WRONG VERSiON OF FILE!'); End Else WriteLn ('ERROR!'+ #13+ #10+ '■ CAN''T OPEN FILE !'); End. ----------------------------------cut here------------------------------------ Now, compile this patcher (with Turbo Pascal) and you can distribute your crack! 6) Final Notes ─────────── I hope that you enjoyed reading this tutorial as much as I did writing it! I wrote it for someone who is a newbie and who wants to learn how to crack... Good luck, (I don't remember his name!)! -da Cracker/CBE dc_cbe@hotmail.com http://www.cbe98.org #cbe98 on Efnet Come and chat with us on IRC!