| | | |
| | | |
| | | |
| |
||
| |
||
| | | There is a crack, a crack in everything. That's how the light gets in. |
| |
Welcome another time. This is a crackme differs from those i have
written till yet in the way that you have to enter the valid serial,
or the button won't be activated. I have written this crackme to show
this sort of protections. I want to crack WebWhacker some time ago.
This tool uses such a protection. First i don't know where to start,
but then after some time of thinking i found the way. So i have written
this crackme for everybody who want to try his skills on such a
protection. I don't think it should be too hard to crack this babe,
because ther are only a few differences to crackme#2.
So hope you enjoy it!!
RuleZ: Patching is not allowed!!!
Greetz to Jeff, The Sandman and everybody else out there
Bye Magenta
| |
I have found several ways of doing this...and it also works on several VB5 programs other than this one that I have tried it on...!
| |
Okay lets first open up the program...
Magenta has designed a nice liitle input box with a place for your name and a serial...
Lets go ahead and fill these input areas for Username and Serial:
You will notice right off that the OKAY button is greyed out...
Normally , I have learned from reading many essays, that the way to by-pass this greyed out function would be to:
open the program;
fill in user input;
Now, open ice and set a bpx hmemcpy;
x to leave ice ;
type ONE MORE NUMBER in the serial number area ;
and ICE will then pop back to hmemcpy...
In this excercise I will show the same procedure as above; but...I will use a different breakpoint, rather than hmemcpy...
I would suggest that the first time you run thru this exercise... to use my input so you can SEE the following example work out in its entirity in the data window:
I will use:
" The GypsyJoker "
... for the name value:
and I will use:
7777767
...for the serial value.
Now lets open ice:
use your ctrl-d key combo (press the ctrl and d key together at same time) and ice pops:
now just type in:
bpx __vbastrcomp (NOTE: you use TWO underscores here; __ )
now type:
x (to leave ice) (then use your enter key to execute)
you will leave softice and get back to windows:
In my serial box I had previously typed in the numbers..."777776"
now simply type one more number (7) into the 'serial' box...
The serial is now..."7777767"
(However ice will pop so quickly that you won't see this, unless you hit your f-4 key to return to windows viewing)
Softice has now popped; even though the OKAY button is still "greyed out"...
and you will be here:
We have landed inside the __vbastrcomp Msvbvm50! code area:
MSVBVM50!___vbastrcomp
014f : 0f003563.....55......push ebp
014f : 0f003564...8bec....mov...ebp,esp
Now we are going to move away from the natural impulse to begin f-10-ing and searching each register as we move along...
I have found that by using a certain sequence of set-up we can produce a working serial # without f-10-ing thru any code at all...this is what I will demonstrate here:
Now do not use your f-10 key at all....
Look, now, to your 'data window'
Put your your mouse cursor on the line that splits the data window and click on the word 'byte'
(which is probably the window that most systems will pop first)
Your data window will now change and the data line will now say:
..........................................................................---------word------
Now click on the word............................................-----"word"-------
The data window will now change to this word...
...................................................................---------dword-------
It is in this data window that we want to be in;
Having arrived at this window now we will type:
dd esp
This will once again change our data window;
You will now see a lot of numbers in columns:
the first line will look like this:
0157:0063f204...0f00461b......00000000......00401E54......00412268
0157:0063f214...0f100640.......00000000......00401E54......00412268
(NOTE: YOUR numbers in the third and fourth stack just might be a different #, then what I have written above; it does not matter; simply use the # you see in the fourth stack, instead of the one I write in my example)
(I think that the number in the first colum at 0f00461b...is the line number assigned FROM WHERE THIS memory location was called from...
...but I am not sure... when I tpye "d 0f00461b" and hit the 'f-11 ' key it takes me to that line in the
code...but I don't know where to take it from there to continue backtracing; as yet)
Now with no further-a-do...
type: 'd 00412268 '...(or whatever # you see in the fourth column)
This should now display the USERNAME you entered... you'll see it in your data window.
For some reason beyond me if we are not in this mode and in this sequence then we will not SEE our serial number:
you will see something similar to this in your data window:
(I have not been able to figure out how to make a copy of my ice window- to text form, yet, so here's the best I can do)
Data window=: lots of columns of numbers here ......................................dword.......................
..................................................................................................................................................T.h.e.. .G.y.p.s.
...................................................................................................................................................y.J.o.k.e.r...2..
9.6.3.2.9........
......3.4.2.......
...!.A...A.d.#A
d........M.a.g.e.
n.t.a. .[.G.D..].
.....4.........T.h.
e.....G.y.p.s.y.J
o.k.e.r......2.9.6
3.2.9...4...*....
This begins your real serial-->> > > 2.9.2.1.7.4.3.1.
3.3.4.2.3.5.7.2.
9.6.3.2.9.......$
So now make a note of your serial: # 292174313342357296329
and type bd 00 to disable your __vbastrcomp breakpoint;
and now type this number into the serial box and you will see as you type in the Last number... that your greyed out OKAY button is enabled......press Okay...
and Windows pops back with the:
Congratulations box ;... Well Done, Please send your code to Magenta!
...you can now type in YOUR own name... and a fake #;
Now, pop ice again (control d keys together);
type be 00...... to re-enable __vbastrcomp breakpoint...
type x to leave ice;
windows pops;
add one more number to serial# you had typed in;
ice pops
and you now see the new Username...
AND the new serial number in the data box as shown above.....
Write down this serial #
type bd 00 (to disable the __vbastrcomp breakpoint)
type x; to leave ice;
type in the new serial number;
once again as you type in the last number you will see the Okay button is enabled;
Click the Okay.....:)
hey; hey hey!
CONGRATULATIONS!
This VB5 is Busted!
| |
As we have continued to learn at the Sandmans projects site @ http://disc.server.com/Indices/33330.html the crack is not done until the cracker ' knows' his crack.
My thanks and gratitude goes to:-
The Sandman for providing possibly the greatest source of Reverse Engineering
knowledge for newbys on the Web; and who told me to never give up when VB was strangeling me.
In this essay I would also like to extend special thanks to +Waj; who makes it a point to visit every Tuesday to leave me with invaluable things to study all week! :)
And to all those of you who write, and post, and teach me each day, no matter your depth of knowledge; Thank you!
| |
Ripping off software through serials and cracks is for lamers..
If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks etc.