home *** CD-ROM | disk | FTP | other *** search
/ KeyGen Studio 2002 / KeyGen_Studio_2002.iso / Tutorials / Code Inside / Tut18.txt < prev    next >
Encoding:
Text File  |  2001-09-21  |  3.1 KB  |  79 lines
  1. ********************************************************************************************************************************
  2.                     CrackMe #1
  3. ********************************************************************************************************************************
  4.  
  5. Author:        n0p3x
  6. Protection:    Serial
  7. URL:        http://www.phrozencrew.co.uk/crackme1.zip
  8. Tools:        SoftICE V4.05
  9.  
  10.  
  11. --->    Intro...
  12.  
  13. Welcome to my next Tutorial !!!
  14. This is a very easy little beginners CrackMe but fun ;P
  15.  
  16.  
  17. --->    Let's Begin...
  18.  
  19. Open the CrackMe and it'll ask you for a Serial fill in something i've used:
  20.  
  21. Serial:        1234567890
  22.  
  23. Then get into SoftICE (CTRL+D) and type "bpx hmemcpy" followed by "enter" and then out of
  24. SoftICE (CTRL+D).
  25. Then press "Ok" and SoftICE should popup.
  26. Now type "BC *" to clear the breakpoint and press (F12) 9 times and you'll see this:
  27.  
  28. --------------------------------------------------------------------------------------------------------------------------------
  29.  
  30. :00401105 8D4DF4                  lea ecx, dword ptr [ebp-0C]        <--- ECX now points to our "fake" Serial
  31. :00401108 51                      push ecx                <--- Save ECX
  32.  
  33. * Reference To: cw3220._atol, Ord:0000h
  34.                                   |
  35. :00401109 E8D4030000              Call 004014E2                <--- Hmmm...
  36. :0040110E 59                      pop ecx                <--- Pop ECX
  37. :0040110F 3DA93E0F00              cmp eax, 000F3EA9            <--- Compare EAX with 000F3EA9 (interesting ;)
  38. :00401114 7518                    jne 0040112E                <--- If not equal jump to bad Message Box, else continue
  39. :00401116 6800100000              push 00001000
  40.  
  41. * Possible StringData Ref from Data Obj ->"Congrats"
  42.                                   |
  43. :0040111B 68F2204000              push 004020F2
  44.  
  45. * Possible StringData Ref from Data Obj ->"Well done, You cracked this -EASY- "
  46.                                         ->"crackme"
  47.                                   |
  48. :00401120 68C7204000              push 004020C7
  49. :00401125 6A00                    push 00000000
  50.  
  51. * Reference To: USER32.MessageBoxA, Ord:0000h
  52.                                   |
  53. :00401127 E8E6030000              Call 00401512
  54. :0040112C EB16                    jmp 00401144
  55.  
  56. --------------------------------------------------------------------------------------------------------------------------------
  57.  
  58. Ok, no need for a big explanation, when you trace into the CALL 004014E2 your "Fake" Serial will be put in EAX in Decimal format.
  59. Then it comes back to this place and Compares it with 000F3EA9.
  60. So to get the valid Serial type "? 000F3EA9" to show the Decimal Format of this value.
  61. Which is "999081" that's the valid Serial :)
  62. You can NOP (90) the "jne 0040112E" if you want so that every Serial works, but that's up to you ;)
  63. Ok, that's all there is very -EASY- ;)
  64.  
  65.  
  66. --->    Greetings...
  67.  
  68. Everyone from TrickSoft            (www.TrickSoft.net)
  69. Everyone from Cracking4Newbies        (www.Cracking4Newbies.com)
  70. Everyone from Keygenning4Newbies    (Keygenning4Newbies.cjb.net)
  71. And You...
  72.  
  73.             Don't trust the Outside, trust the InSiDe !!!
  74.  
  75.                       Cya...
  76.  
  77.                     CoDe_InSiDe
  78.  
  79. Email:    code.inside@home.nl