" FireWorx Crackme8 "


This tutorial is coming from...
##########                     #######  ####                ####   #####    ########## 
  ###    ###                       ###     #   ###                    ###   #          #         ### 
  ###    ###        ###         ###  #      ###     ###          ###  #           #        ### 
  ###    ###      ## ##        ###  #      ###    ## ##         ####                     ### 
  ###   ###      ### ###     ######    ###   ### ###         ###                   ### 
  #######       #######    ###  #      ###   #######        ###                  ### 
  ### ###        ###           ###  #      ###   ###               ####                ### 
  ###  ###       ###           ###          ###   ###             #  ###               ###       # 
  ###   ###      ###           ###          ###   ###            #   ###              ###        # 
 ###    ####     ###  #      ###          ###    ###  #      #     ###            ###        ## 
####### ####   ####   #######    #####   ####   #####  ######    ########## 
ReFleXZ '99
Url: Http://ReFleXZ99.cjb.net
Email: ReFleXZ@fcmail.com

 
 
About the essay...
Written by:
DnNuke

Date:25th May 1999
Program name: FireWorx crackme8
Program type: W32
Program location: Here
Program filename: N/A
Program size: 171KB

Tools required:
SoftIce v3.**

Difficult level:
Easy (  )  Medium (   )  Hard (    )  Pro (    )
 

 
 
Introduction...
Sniffing Out The Correct Code, And Key File

 
 
About the protection...
Well It´s A Crackme With Three Levels.
Type of protection:
Level 1. Serial
L. 2 Name/Serial
L. 3 KeyFile

 
Type Of Color On Essay 
--> Brown. Because The Crackme Was A Peice Of Cake

 
The Essay...
I´m A Little Tired So I´ll Go Trough This Fast..
First Open The Program, Choose Serial And Press OK.
CTRL-D In Softice Do A Hmemcpy.
Enter Any Serial I Prefer "1133557799" Press OK.
Ahh Back in Sice. Press F11 Once And Then F12 "10 Times I Think" Until You See That The EAX="The Length Of Your Serial" In My Case ..000A.

Do F10 Untill You Reach The First Compare.
You´ll See This

:00445D98 8B45FC                  mov eax, dword ptr [ebp-04]
:00445D9B 803854                  cmp byte ptr [eax], 54
:00445D9E 757D                    jne 00445E1D
:00445DA0 8D55FC                  lea edx, dword ptr [ebp-04]
:00445DA3 8B83C4020000            mov eax, dword ptr [ebx+000002C4]

:00445DA9 E8EEF7FDFF              call 0042559C
:00445DAE 8B45FC                  mov eax, dword ptr [ebp-04]

:00445DB1 80780165                cmp byte ptr [eax+01], 65
:00445DB5 7566                    jne 00445E1D
:00445DB7 8D55FC                  lea edx, dword ptr [ebp-04]
:00445DBA 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:00445DC0 E8D7F7FDFF              call 0042559C
:00445DC5 8B45FC                  mov eax, dword ptr [ebp-04]
:00445DC8 80780248                cmp byte ptr [eax+02], 48

:00445DCC 754F                    jne 00445E1D
:00445DCE 8D55FC                  lea edx, dword ptr [ebp-04]
:00445DD1 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:00445DD7 E8C0F7FDFF              call 0042559C
:00445DDC 8B45FC                  mov eax, dword ptr [ebp-04]
:00445DDF 8078036E                cmp byte ptr [eax+03], 6E
:00445DE3 7538                    jne 00445E1D
:00445DE5 8D55FC                  lea edx, dword ptr [ebp-04]
:00445DE8 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:00445DEE E8A9F7FDFF              call 0042559C
:00445DF3 8B45FC                  mov eax, dword ptr [ebp-04]
:00445DF6 80780445                cmp byte ptr [eax+04], 45
:00445DFA 7521                    jne 00445E1D
:00445DFC 8D55FC                  lea edx, dword ptr [ebp-04]
:00445DFF 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:00445E05 E892F7FDFF              call 0042559C
:00445E0A 8B45FC                  mov eax, dword ptr [ebp-04]
:00445E0D 80780564                cmp byte ptr [eax+05], 64
:00445E11 750A                    jne 00445E1D

* Possible StringData Ref from Code Obj ->"Good Code"
 

Well What Is Does Here Is That It Sees If The Serial Matches With The Right One..
At :00445D9B You See That The Eax Hold Your Serial And 54 The First Letter Of The Right Serial.
Do ? 54 And You Get T..

Do This On Every CMP... And You´ll Get The Final Serial = TeHnEd
Press OK. Ahh GOOD CODE.
 

Ok Next One..

Enter Let´s Say DnNuke´99 / 1133557799
BPX On Hmemcpy Again..

Press Ok, Sice Pops Up. Do F11 Then F12 Untill You See That EAX="00000000A" "Or The Length Of Your Serial....
Do F10 Until You Reach ****:0446127    PUCH EAX
Do    d eax in Sice..
And Look You Serial!  Write It Down And Enter It! GOOD CODE NR.2!
 
 

Last One.

Make A New File Write In 1133557799 In It..
Choose KeyFile "OK" - "Browse" Open It And BPX On hmemcpy Again....
OK..
F11 Once F12 ten times!
Go With F10 Until You See...

:0044643C 8B45FC                  mov eax, dword ptr [ebp-04]
:0044643F 803846                  cmp byte ptr [eax], 46
:00446442 0F85E5000000            jne 0044652D
:00446448 8D55FC                  lea edx, dword ptr [ebp-04]
:0044644B 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:00446451 E846F1FDFF              call 0042559C
:00446456 8B45FC                  mov eax, dword ptr [ebp-04]
:00446459 80780169                cmp byte ptr [eax+01], 69
:0044645D 0F85CA000000            jne 0044652D
:00446463 8D55FC                  lea edx, dword ptr [ebp-04]
:00446466 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:0044646C E82BF1FDFF              call 0042559C
:00446471 8B45FC                  mov eax, dword ptr [ebp-04]
:00446474 80780272                cmp byte ptr [eax+02], 72
:00446478 0F85AF000000            jne 0044652D
:0044647E 8D55FC                  lea edx, dword ptr [ebp-04]
:00446481 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:00446487 E810F1FDFF              call 0042559C
:0044648C 8B45FC                  mov eax, dword ptr [ebp-04]
:0044648F 80780365                cmp byte ptr [eax+03], 65
:00446493 0F8594000000            jne 0044652D
:00446499 8D55FC                  lea edx, dword ptr [ebp-04]
:0044649C 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:004464A2 E8F5F0FDFF              call 0042559C
:004464A7 8B45FC                  mov eax, dword ptr [ebp-04]
:004464AA 80780450                cmp byte ptr [eax+04], 50
:004464AE 757D                    jne 0044652D
:004464B0 8D55FC                  lea edx, dword ptr [ebp-04]
:004464B3 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:004464B9 E8DEF0FDFF              call 0042559C
:004464BE 8B45FC                  mov eax, dword ptr [ebp-04]
:004464C1 80780568                cmp byte ptr [eax+05], 68
:004464C5 7566                    jne 0044652D
:004464C7 8D55FC                  lea edx, dword ptr [ebp-04]
:004464CA 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:004464D0 E8C7F0FDFF              call 0042559C
:004464D5 8B45FC                  mov eax, dword ptr [ebp-04]
:004464D8 80780633                cmp byte ptr [eax+06], 33
:004464DC 754F                    jne 0044652D
:004464DE 8D55FC                  lea edx, dword ptr [ebp-04]
:004464E1 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:004464E7 E8B0F0FDFF              call 0042559C
:004464EC 8B45FC                  mov eax, dword ptr [ebp-04]
:004464EF 80780733                cmp byte ptr [eax+07], 33
:004464F3 7538                    jne 0044652D
:004464F5 8D55FC                  lea edx, dword ptr [ebp-04]
:004464F8 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:004464FE E899F0FDFF              call 0042559C
:00446503 8B45FC                  mov eax, dword ptr [ebp-04]
:00446506 80780872                cmp byte ptr [eax+08], 72
:0044650A 7521                    jne 0044652D
:0044650C 8D55FC                  lea edx, dword ptr [ebp-04]
:0044650F 8B83C4020000            mov eax, dword ptr [ebx+000002C4]
:00446515 E882F0FDFF              call 0042559C
:0044651A 8B45FC                  mov eax, dword ptr [ebp-04]
:0044651D 80780C2E                cmp byte ptr [eax+0C], 2E
:00446521 750A                    jne 0044652D

* Possible StringData Ref from Code Obj ->"Good Code"
 
 

Look Familiar? It´s Like The First Serial..
Just Do Like In The First One   ?46, 69, 72
After That You´ve Done All You´ll Get..
 

FirePh33r   .   WITH A DOT!!! 4 SPACES AWAY! DON´T MISS IT:!

Then We´re Done!! GOOD CODE Once Again!
 

Hope You´ve Learned Something On This Tutor.. 

Bye For Now 
// DnNuke'99 [ReFleXZ] 

 
 
Final Notes...
Greetz And Thanx To:
Bjanes - MiZ       ----------------------------> For Letting Me In The Best Group Of The All. 
VisionZ, R!SC, ^Inferno^, Hac, AB4DS, Acid Burn, Cyber Blade, Klefz, Carpathia 
---> 4 Being So Good Friends To Me.
And Of Course _y A Very Funny Guy! =)

The Sandman, tkC, Eternal Bliss  ----> For Their Cracking Tuts... 

                                        .....And All Otherz Fellow Crackers That Knows We....

And Don´t Forget To Visit Us At #ReFleXZ99, #Cracking4Newbies On Efnet

 
 
Disclaimer...
This tutorial is written for EDUCATIONAL purposes only.
So if you want to use the program after its trial period ends please BUY IT!
Support shareware (and its authors), this is our learning tool!

ReFleXZ is not responsible for any damage caused with this essay or any of its parts.
So everything what you're doing and 'experimenting' is on your own responsibile!

Also, in this tutorial you'll not find any serial numbers, so try to search
elsewhere under Cracks and Warez.
Copyright © 1999 By ReFleXZ '99
All Rights Reserved