home *** CD-ROM | disk | FTP | other *** search
- CbD's Tutorial #4
- Alternitive to Serial # Locating
- Target : Business Cards 32 v 4.18
- Level: New to Intermediate
-
- Motive of Crack:
- Well we all know that sometimes we cant seem to find the right serail number
- when we are cracking a program, So this crack is to help you to better understand
- that there are other ways to register even if you cant find that " GooD " number
- I will show you that you can simply make the program take any number as a
- "GooD" one. This type of crack can be hard in some cases but for this example
- I have choosen a fairly simple program for us to use. If you have read my other
- Tutorials you should know that I crack in steps to help each of you new crackers
- to follow along and hopefully not get lost :-).
-
- About the Crack:
- This crack will have 3 main Parts to it each of them having there own steps for
- you to follow. I hope i have made it easy for you and if for some reason you
- have trouble with it please feel free to join us on EFNET in #cracking4Newbies
- and ask for help. Please note that we dont mind helping the newest of the
- Cracking world to better their skills as this is what we are here for.
-
-
- The Target: Business Cards 32 v4.18
- Get it From: http://www.midstream.com
- Protection Type: Serial Number Registration with a 30day time limit
- Requested by: None
- Tools Needed: SoftIce, Hiew(or other Hex Editor)
-
- The Crack
-
- Part #1
- Ok lets get the crack started, so go and get the prorgram from midstream
- and install it. Got it installed yet? well do it....
-
- Step 1
- Well let start this crack by looking at our little program, So load Bcards
- and then you will see the nag screen telling us that we are not a registered user
- (Not Yet anyway) and that you have 30 days to try the program. Well click and get rid
- of the nag and then click [HELP] [REGISTER] you will get the little box for you to
- put in your info. Well put the Name in you want then the company (if you want) and
- then the serial number.
-
- Step 2
- Now if we wanted to find the "GooD" serial number we would have to use softice
- to find the location that the "GooD" number get compared to ours, But we dont
- care what the number should be cause we are going to make the program
- take our bogus number ( And Like It ) and then give us a registered user status.
- But for us to do this we have to still use Softice so we can find where the program
- checks for a valid number then make it think any number is a good one
- so lets get in SoftIce and start the work. Do this Ctrl-D this put you in SI
- now we need to break when the programs reads our Serial number so
- we will set a BP(BreakPoint) on GetDlgItemTextA (I have already found the right
- function for you) so do this BPX GETDLGITEMTEXTA and press enter
- now we have the only break point we need for this crack. So get out of SI with
- Ctrl-D.
-
- Step 3
- Now you should be back in Bcards at the registration screen, so press enter
- and you will land back in SI at the GetDlgItemTextA function that was called
- by our program. Well this is not where we need to be, because our program
- has three different textboxes to read the data from (1) Name (2) company
- (3) serial number, and the one we want is the serail number one. So
- lets press F11 to return to the place the function was called then press F5
- and let the program continue to run, we will break again at the GetDlgItemTextA
- function, this is where the program gets our company info, this to is not what we
- want so Press F11 to return and then F5, now we break at the function once more
- so we Press F11 to get to where the function was called from. This is where we
- will start to do the real cracking of the program.
-
- Step 4
- Now that we are in the part of the code that will be checking our serial number
- and deciding if we are a (GooD Guy) or a (Bad Cracker) we will need to do some single
- stepping to see what happens here. So Press F10 and watch the lines of code as they
- pass. We will want to stop on the code below.
-
- Your addresses may differ but the code it's self should look the same
-
- :00412C3A ADD ESP,04
- :00412C3D CMP BX,AX [STOP HERE] <---- compares part of our serial # with parts of the good one
- :00412C40 JNZ 00412C7E <---- if all is good then go ahead and if not the jump
- :00412C42 LEA EAX, [EBP-0C] so this is one of our points we need to make a change to
-
-
- Ok we will need to change the JNZ (Jump if Not Zero) to JZ (Jump if Zero) and in doing this
- if we were to enter a valid serial number the program would not allow it to register as it
- will then think that it is a Bad number. So lets make a note of the the address we
- will need to change and also you should do a D xxxx:00412C40 and then write down
- the value from the data window for later use. Or if you just want to crack your program
- and not make a general crack to distribute you can make the change in SI like this
-
- A xxxx:00412C40 [ENTER] <----- Press the Enter Key
- xxxx:00412C40 JZ 00412C7E [ENTER] [ENTER] <---- Press Enter Twice
- (Note the xxxx is the starting value for the address as you see it on your system mine is 0137)
-
- now this will not modify your program on the disk only what is running in the system memory
- after you close the program the changes you made will be gone, but if you do all the right
- steps the program will still be registered.
-
- Step 5
- Ok that was one of the 3 changes that will need to be made becasue if you scroll down with the
- Ctrl-downarrow you will see the following code after you locate it Press F10 till you get to the
- CMP then if you wish you can make your changes.
-
- :00412C62 ADD ESP,04
- :00412C65 CMP SI,AX [STOP HERE] <---- compares part of our serial # with parts of the good one
- :00412C68 JNZ 00412C7E <---- Notice that the jump is to the same address as before
- :00412C6A LEA EAX, [EBP-0C] so we will need to do the same as we did above
-
- do a D xxxx:00412C68 the write down the value from the data window for this one
- and again if you want to you can make the change from right here in softice
-
- A xxxx:00412C68 [ENTER] <----- Press the Enter Key
- xxxx:00412C68 JZ 00412C7E [ENTER] [ENTER] <---- Press Enter Twice
-
- now that is the second change now we have one more then the crack will be done
-
- Step 6
- Now F10 just a few lines and you will see this code below
-
- :00412C62 ADD ESP,04
- :00412C65 CMP EAX, [EBP-0098] [STOP HERE]
- :00412C68 JZ 00412C91 <--- Jump if all the code is good
- :00412C6A LEA EAX, [EBP-0C]
-
- Remeber to do a D xxxx:00412C68 and write down the values.
- Now here we will need to change the JZ to a JNZ and once we have done this we can disable our
- breakpoints and hit F5 or Ctrl-D and let the program continue and as we pop back to the program we
- will see that we are now a registered owner of this program .......
-
-
- Ok we ahve now Cracked this program and if we want to we can make a general crack
- so everyone can crack there copy. to do this just follow the steps below
-
- Part 2
-
- Step 1
- Ok remember the values I told you to write down ? did you ? well if not i have provided them below
-
- First one was
- xxxx:00412C40 75 3C 8D 45 F4 50 E8 59
- ^ ^ ^ ^ ^ ^ ^ ^ <--- Values you will need
-
- Second one
- xxxx:00412C68 75 14 8D 45 F4 50 E8 31
- ^ ^ ^ ^ ^ ^ ^ ^ <--- Values you will need
-
- Third one
- xxxx:00412C7C 75 13 8D 45 F4 50 E8 1D
- ^ ^ ^ ^ ^ ^ ^ ^ <--- Values you will need
-
- The following instructions are for users of HIEW only if you are using a different
- Hex editor then you will need to find the commands that do the same procedures
-
- ok Start Hiew by editing the bcards.exe file (Make a backup first)
- then do the following
-
- 1) when hiew starts press the F4 key to get Hex view
- 2)press F7 to search
- 3) enter the first string from above(only the ones marked)
- 4)press F2 to get the Code view
- 5)press F3 to edit the code
- 6)press F2 for ASM mode
- 7)change the JNZ to a JZ
- (This may show as a JE or a JNE depending on the step you are in 1,2 or 3)
- 8)press F9 to update
- 9)Press F10 to exit
-
- now do the same for each of the three strings, you will need to restart Hiew each time
- to insure that you are able to get the proper search result
- (Note for the last on make sure you change the JZ to a JNZ)
- after you are done with all three you can then exite Hiew and continue to part 3
-
- Part 3
-
- Makeing a Patch with Gpatch
-
- ok remember I told you to make a back up copy of your file before you used HIEW
- well you should name it like this Bcards32.bak and the one you edited should be
- Bcards32.exe (note you should read the Doc that comes with gpatch to full understand
- how to use it) if you want you can make a txt file named gpatch.txt and put any nfo
- about your patch you want. now run gpatch like this gpatch bcards32.exe
- it will make you a patch and name it patch.com you can now rename it to whatever you
- like and distribute it . well thats it for this tut.
-
- I hope this Tutorial has been helpful and showed you another way to crack
- those serial number protections. Well even if you cant seem to make the crack work
- (Dont see why you couldn't) i have included the crack with the tutorial.
-
- Enjoy and Happy Cracking......... _CbD_ ME/C4N'97
-
- EFNET #Cracking4Newbies stop by and see us sometime....
-
-
-
-
-
-
-
-
-
-
-
-
-
