|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
||
|
|
|
There is a crack, a crack in everything. That's how the light gets in. |
|
|
"Well here it is...CrackMe
v4.75 by me ;)
First i'd like to say
that if you're an average cracker don't even unZIP this.
This crackme is made
for newbies (hardcoded serial), so if you have other
things to do, do them
first :P Anyway...to everyone who want's to give this
a try: DON'T EDIT/HIEW/READ
the B-CRK475.EXE, this will be considered as
CHEATING since the serial
is hardcoded in the file. If you can't resists and
do it anyway always keep
in mind: "I'M A CHEATER - I'M A CHEATER....and so on"
I want you to think that
every time you even just SEE the file. OK ??
Hehehe...just kidding...but
plz try to do it without EDIT or similar appz."
|
|
If you enter bad serial, error message
will appear instaed
textbox, otherwise correct serial message
will appear!
GOOD MESSAGE = "Unlock succesfull, read
rulez above !"
BAD MESSAGE = "Wrong serial.....try again
;)"
|
|
After some unsucessful trying to break
Sice with
my *favourite* breakpoints (GetWindowTextA
and
GetDlgItemTextA), I set a breakpoint to
system function
Hmemcpy and Sice breaks!!
Ok, first run the program.
Enter any random unlock key.
Now fire up Sice with "CTRL-D"
type "BPX HMEMCPY" and
leave softice, again "CTRL-D".
Press "UNLOCK" button to
verify is our key correct.
Softice now breaks at the beginning of
Hmemcpy function.
To return to the programs code press...
"F11" - once,
"F12" - six times,
"F10" - twenty-three times
Congratulation, you just landed at comparation
routine code!
Now you can see this part of code:
:004408DA 8D55FC
lea edx, dword ptr [ebp-04]
:004408DD 8B83D0020000
mov eax, dword ptr [ebx+000002D0]
:004408E3 E8BC14FEFF
call 00421DA4
:004408E8 8B45FC
mov eax, dword ptr [ebp-04] ;Our fake
unlock key
:004408EB BA3C094400
mov edx, 0044093C
;"This program must be run under Win32"
:004408F0 E83732FCFF
call 00403B2C
;Comparation routine???
:004408F5 750F
jne 00440906
;If password is wrong display error????
:004408F7 B201
mov dl, 01
Press "F10" until you get
to 4408EB.
Now type "D EAX" to see
what is EAX containing.
It's our *fake* unlock code!
Press "F10" once.
Type "D EDX" to see what
is EDX containing.
Hmmm....something strange here!
EDX is containing this text "This
program must be run under Win32"!
We run program under Windows, didn't we??...of
course we did ;-)
Here is also one call at 4408F0
and (C)onditional jump at 4408F5!
Hmm...all that looks like comparation
routine, let's check it!
Press "F10" until you step
on 4408F5 JNE 440906!
If this is comparation routine then this
jump takes us
to part of code that displays error message!
Now type "R FL Z" to set zero flag and program will not jump!
Press "CTRL-D"
and you'll see message witch indicates
that our password
is correct!
Let's now see what
we have.
We have our *fake*
code located in EAX, we have
"This program must be run under Win32"
message located
in EDX! Program then compares EAX and
EDX and jump if not same!
Message in EDX is correct password???
There is only one way to find out!
Type "This program must be run under Win32"
into programs
text box and press "UNLOCK"
button!
Message "Unlock succesfull, read rulez
above!" appeared.
We were right, that was correct serial!
|
|
My thanks and gratitude goes to:-
The Sandman
for his great site(the best site for newbies) full of knowledge and for
his cracking forum(also the best on the
net)!
Eternal Bliss,
my best 'virtual' friend, for all what he done for me!
|
|
Ripping off software through serials and cracks is for lamers..
If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.
| Return |