home *** CD-ROM | disk | FTP | other *** search
- FireWorx Crackme #4 Tuturial
-
- ░
- ░ ░ ░ ▄▓
- ▄▄ ░░ ▄▄▄▄■ ░░▀ ■▄▄▄ ▄▄ ▐█▓▌
- ▄▀▀ ▀■ ▀ ░░ ▀ ■▀ ▀▀▄ ██▌
- ■ ▄▄▀▀ ▄▄██▀██▄▄ ▄▄▄███▄▄ ▀▄▄ ■ ▄▄▄███▄▄▐██ ▄▄████▄▄
- ▀▄▄ ▄▀▀ ▄███▀ ▀██▓▄ ▄████▀ ▀██▓▄ ▀▄ ▄▄▀ ▄████▀ ▀██▓██ ▄████▀ ▀██▓▄
- ▀▀ ▄ ▐███▌ ░ ▐██▓▌ ▐████▌ ░ ▐██▓▌ ▄ ▀▀ ▐████▌ ░ ▐████▌ ▐████▌ ▐██▓▌
- ■██▄▄▓▌ ████ ░▒░ ████ █████▄▄▄ ▀▀▀▀ ▐█▄▄█▓ █████ ░ █████ █████▄▄▀▀▀▀▀▀▀
- ▐████ ░░ ▓██▌ ░▒▓▒░ ▐███ ▄▄▄▄▄ ▀▀▀████▄ ████▌ ▓███▌ ▐████ ▓███▌ ░░░░░░
- ░ ███▌ ░ ▐▓███ ░▒▓▒░ ▓███▌▓███▌ ░░░ ▐████ ▐▓██ ▓███▌ ▄▀▀ ▐████ ▓███▌ ░░░░░░░
- ▓██▌ ▐▓███ ░▒░ ▓███▌▐▓███ ░ ▓███▌ ▐▓██ ▐▓███ ▓███▌ ▐▓███
- ▐▓███ ▐▓▓██▌ ░ ▐▓███▌ ▓▓██▌ ▐▓███ ▓███▌ ▓▓██▌ ░ ▐▓███ ▓▓██▌
- ▓▓▓██▌ ■▓▓▓▓██ ░ ▓█████■ ▀▓▓█▄ ▄▓██▀ ▐▓████ ▄ ▀▓██▄ ▄▓██▀ ▀▓██▄
- ▀▓███▄ ▀▀▀██▄ ▄▓█▀▀▀ ▀▀█▀▀ ▄▓▓▓▀▀ ▀▀█▀▀ ▀▀▀▀ js
- ▀▀▀▀▀▄▄ ░ iNSiDE ▄▄▀▀▀▀▀
- ░ ▀▄ ░ ░░ ▄▀
- ░░ ░ ░░
-
- Tutor : duelist
- Data Wrote : April 6, 1999
- Who : Intermediate
- Target : CrackMe #4 by FireWorx
- Size : 338kb (!)
- Tools Used : SoftIce
- Method : Key Generator
-
-
- -=* Welcome *=-
-
- Well hi there. Although i've been cracking 'crackmes' for long time, i'd
- never written a tuturial for one of those, and this will be my second one
- due to a request from Eternal Bliss :)
-
-
- -=* Protection *=-
-
- Well after cracking FireWorx crackme #3 i was something better this time, and
- i can really say i'm happy with this one because it will help you understand
- the basics of keygenning (i hope!)
-
-
- -=* Our Aproach *=-
-
- Let's do it using softice since it's the best tool out there and almost everybody
- should have it :)
-
- 1) Fire up the crackme exe, click register, enter any name and password you want!
-
- 2) Switch to softice (Control + D) and "bpx hmemcpy" (without the quotes... i use
- hmemcpy because delphi apps don't usually call GetWindowTextA and so)
-
- 3) Before continuing, one tip: we'll be looking for a MOVSX instruction because
- it's used in almost every serial protection app (remember this!)
-
- 4) Click 'Ok' and blamm! You're into softice. Press F5 to let the program read the
- other text box and you should be back in softice in about 1 sec :)
-
- 5) Press F12 exactly 12 times to get back to the program code, you will arrive here:
-
- .00047AEB: E868BDFDFF call .000023858
- --> .00047AF0: 8B45F4 mov eax,[ebp-0C] ;we land here!
- .00047AF3: E83CBFFBFF call .000003A34
- .00047AF8: 85C0 test eax,eax
- .00047AFA: 7E4B jle .000047B47
- .00047AFC: 8D55F4 lea edx,[ebp-0C]
- .00047AFF: 8B83D4020000 mov eax,[ebx+02D4]
- .00047B05: E84EBDFDFF call .000023858
- .00047B0A: 8B45F4 mov eax,[ebp-0C]
- .00047B0D: E822BFFBFF call .000003A34 ;adds a null value to the beggining
- .00047B12: 8BF8 mov edi,eax ;of our name
- /-- .00047B14: 85FF test edi,edi
- | .00047B16: 7C2F jl .000047B47 ;name is complete, serial done :)
- | .00047B2E: 8B45F4 mov eax,[ebp-0C]
- | .00047B31: 8B55F8 mov edx,[ebp-08]
- | .00047B34: 0FB64410FF movzx eax,[eax+edx-01] ;gets actual char from name (!)
- | .00047B39: 03F0 add esi,eax ;adds its ascii value to serial (esi)
- | .00047B3B: 03B314030000 add esi,[ebx+314] ;and adds 11111 to the current serial (esi)
- | .00047B41: FF45F8 inc d,[ebp-08]
- | .00047B44: 4F dec edi ;decrease number of chars left
- \-- .00047B45: 75D9 jne .000047B20 ;next letter if not end of name
-
-
- 5) Note that since the prog adds a null value to the beginning of the name, the first
- loop will only add 11111 to the serial (esi) since eax (actual letter, null) is 0!
-
- 6) Now go write a key generator for it! (or check the pascal source below heh :)
-
-
-
- -=* Key Generator *=-
-
- -------------- fw-cm4.pas -------------------- cut here ------------------
-
- var name: string; i: integer; esi, eax: longint;
-
- procedure drawlogo;
- begin
- writeln('');
- writeln('FireWorx''s Crackme #4');
- writeln('KeyGenerator written April 6 99 by Duelist [iSD]');
- writeln;
- writeln;
- end;
-
- procedure doquit;
- begin
- writeln;
- halt(1);
- end;
-
- begin
- drawlogo;
- write(' Enter your name: ');
- readln(name);
- if length(name) = 0 then
- begin
- writeln(' No name entered... Aborting!');
- doquit;
- end;
- esi:=11111; {since the first value is null, we do the calc here }
- for i:=1 to length(name) do
- begin
- eax:=ord(name[i]); { calculate ascii value of letter and store in eax }
- esi:=esi + eax; { add eax to the serial }
- esi:=esi + 11111; { add 11111 to the serial }
- end;
- writeln(' Serial number: ', esi);
- doquit;
- end.
-
- -------------- fw-cm4.pas -------------------- cut here ------------------
-
-
- -=* Final Notes *=-
-
- Well hope you liked this tuturial dedicated to keygenning and you learn the basic tricks
- of it...