|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
||
|
|
|
There is a crack, a crack in everything. That's how the light gets in. |
|
|
Hi, out there. This is my next crackme in VB5. It should be a bit
harder to find out the good serial. In fact, i haven't cracked it yet.
The serial generator is a bit more difficult than the one in crackme#1.
RuleZ: Patching is not allowed!!!
Greetz to anybody out there
Bye Magenta
|
|
|
|
Okay lets first open up the program...
Magenta has designed a nice liitle input box with a place for your name and a serial...
Lets go ahead and fill these areas in:
I would suggest that the first time you run thru this exercise... to use my input so you can SEE the following example work out in its entirity in the data window:
I will use
" The GypsyJoker "
... for the name
value:
and
7777767
for the serial value
Now lets open ice:
use your ctrl-d key combo (press the ctrl and d key together at same time) and ice pops:
now just type in:
bpx __vbastrcomp (NOTE: you use TWO underscores here; __ )
now type:
x
(to leave ice) (then
use your enter
key to execute)
you will leave softice and get back to windows:
now simply click on the OKAY button
Softice will now
pop; and you will be here:
We have landed inside
the __vbastrcomp Msvbvm50! code
area:
NOTE: I have found
that this works cleanly on a fresh boot; if you have been working on other
programs during the day and have lots of bpx's set in memory for some reason
ice will POP the Error box ;
instead of popping
directly back to __vbastrcomp area... (?)
in this case...no
problem...click on the error box and now re-fill in your user info...now
click on OKay and ice will now pop back to __vbastrcomp area of code)
Now we are going to move away from the natural impulse to begin f-10-ing and searching each register as we move along...
As I stated in my first VB5 essay; in the solution #5; I have found that by using a certain sequence of set-up we can produce a working serial # without searching any code at all...this is what I will demonstrate here:
Now do not use your f-10 key at all....
Look, now, to your 'data window'
Put your your mouse cursor
on the line that splits the data window and click on the word 'byte'
(which is probably the window that
most systems will pop first)
Your data window will now change and the data line will now say:
..........................................................................---------word------
Now click on the word............................................-----"word"-------
The data window will now change to this word...
...................................................................---------dword-------
It is in this data window that we want to be in;
Having arrived at this window now we will type:
dd esp
This will once again change our data window;
You will now see a lot of numbers in colums:
the first line will look like this:
0157:0063f194...0f00461b......00000000......00401d24......00412208
(NOTE: YOUR numbers in the third
and fourth stack just might be a different #; it does not matter; simply
use the # you see instead of the one I write in my
example)
(I think that the number in the
first colum at 0f00461b...is the line number assigned FROM WHERE THIS memory
location was called from...
...but I am not sure... when
I tpye "d 0f00461b" and hit the 'f-11 ' key it takes me to that line in
the
code...but I don't know
where to take it from there to continue backtracing; as yet)
Now with no further-a-do...
type: 'd 00412208 '...(or whatever # you see in the forth colum)
This should now display the USERNAME you entered... you'll see it in your data window.
For some reason beyond me if we are not in this mode and in this sequence then we will not SEE our serial being calculated:
In this mode we should now be able to see and watch your serial # being calculated and being generated while in this data window.
Now; hit your f-5
key... 3
times...
(this is ONLY if you are using my username as your test subject here:
if you use a different Username the number of times you hit f-5 and see
changes in the data window will
be different)
after pressing the f-5 key 3 times you will see in your data window:
the number "20"
continue pressing the f-5 key; watching this data window;
at; the 6th f-5 key pressed you will now see:
the number "2039"
at 7th f-5=
"203950"
at 9th
f-5="2039503"
10th f-5="20395036"
12th f-5="2039503637"
15th f-5="203950363713"
16th f-5=
The looser---"Better luck next time!"--- error
box....pops
Now just click the Okay button on the error box; enter the # 203950363713 into the serial area...and click Okay button...
WHOOPS ice pops; we did not clear out out __vbastrcomp
breakpoint;
type bd 00;
x ; (then enter key)
and Windows pops back with the:
Congratulations box ;... Job Well Done, Good Work!
CONGRATULATIONS!
This VB5 is Busted!
|
|
As we have continued to learn at the Sandmans projects site @
http://disc.server.com/Indices/33330.html
the crack is not done until the cracker ' knows' his crack.
My thanks and gratitude goes to:-
The Sandman
for providing possibly the greatest source of Reverse Engineering
knowledge for newbys
on the Web; and who told me to never give up when VB was strangeling me.
In this essay I would also like to extend special thanks to The Administrator; Pedro; Princess; Joseph; & Flying; who helped me work out my rough draft with their many suggestions; I would also like to extend additional special thanks to Eternal Bliss who is always one step ahead of me in figuring out just what it is I keep tripping over; and, his explanations, I am confident will soon lead us all to a new way of understanding VB and new ways to attack it...
And to all those of you who write, and post, and teach me each day,
no matter your depth of knowledge; Thanks!
|
|
Ripping off software through serials
and cracks is for lamers..
If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.