Posted by MotorHead on 1/14/2000, 10:25 pm
195.44.200.121
Greetings, I downloaded the latest newbie practice project this evening and have managed to
successfully crack it. To do so, I used SoftICE 3.25 and W32Dasm (surprise, surprise!).
I started off using SoftICE and setting a break point on GetDlgItemTextA which broke
3 times (name,company,code) and then traced through fairly quickly to see if the code
was lying around in a register somewhere. Needless to say, my haphazard approach yeilded
no code, but at least I had some picture of the program.Next, I disassembled the program in W32Dasm and, using the string references, located
the area of the program which dealt with displaying good/bad reg code messages. From
this I discovered that the line00447294 call 00446A74
was the reg code validation call, because the conditional jump after it, based on the
returned value of 'al' was the good code/bad code jump. So, back to SoftICE and set a
bpx on 00447294 and this time I stepped IN to this routine. From W32Dasm, I knew that
the code had to get back to around the 00446F55 area, the area dealing with which
message (good code/bad code) was displayed, so I traced through the code
fairly quickly, keeping an eye on any likely memory addresses/registers, until I
neared the 00446xxx area.When I moved closer to this area, I slowed down and investigated more thoroughly.
I watched the loop running from 00446B21 - 43 take in my name then a similar loop
after it take in my company . After I saw my test code taken in, I really slowed down
and took greater care to check memory values.When I got to line 00446BA0, I struck gold! I saw the value of the ECX watch I had
set change to ASCII values representing alphabetical and numerical values. A quick
'd ecx' and I had my code!I have not been 'cracking' very long ( 6-9 months ) and have no programming skills
except for a fair understanding of BASIC which I have found has stood me in good
stead. The concepts of call routines, conditional jumps etc being a common factor.
In total I took 45mins to 1hr to get my code.The main thing I learned from this project was the value of setting a bpx on
lstrcmp ( which I presume stands for 'Long String Compare' - don't quote me! )
This, as you well know takes the 2 strings, the real code and the entered code,
and compares them. I have not used this API before but shall certainly bear this
useful API in mind in future.Thanks to Sandman and LaZaRus for a useful and educational source of info presented
in an uncommonly unpretentious way (ie - no +++++++cRACKER rubbish).For your info my details are -
Name - Cracked by
Company - MotorHead
Code - AC200-58627Keep 'em coming!
Cheers.