__I'''''''''''''''''''''''''''''''''''''''''''I__ The Ultimate Begginer Cracker's Book v1.5__I'''''''''''''''''''''''''''''''''''''''''''I__ I by basdog22 I ------------------------------------------------------------------------------------------------------------------------------------------------- Well i started writing this tut cause there are NOT a lot of them availiable on the NET even now that knowledge is wide spreaded. This tut is aimed at the very newbies so if you are an advanced or an intermediate cracker through it away cause it just occupies space in your HDD and nothing more. I would like to apologise for my bad English and some spelling mistakes that i will for sure make here.English isn't my mother tongue so don't blame me ;) First of all: Make your notepad's resolution so that the line below will be shown in it's all length <------------------------------------------------------------------------------------------------------------------------------------------------> """""""""""""""""""""""""""""""""""Cracking IDA (Interactive Disassembler) part2""""""""""""""""""""""""""""""""""" Ok this one is really late and i am sorry. So in my last tut we cracked the timelimit that IDA had and now we found another limitation that IDA Demo has.It can't disassemble itself. We are going to crack it the same way we cracked the timelimit.Disassemble Idag.exe in W32Dasm and search for the string "The demo version will not disassemble itself" .If you found it D-click on it and you land (Pay big attention here) here: ------------------------------------------------------------------Cut here--------------------------------------------------------------------- * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00427522(C), :00427534(C), :00427546(C) | * Possible StringData Ref from Data Obj ->"Sorry, the demo version will not " ->"disassemble itself" | :0042755A 682CDF4B00 push 004BDF2C <-------------------- We are here :0042755F E860CEFDFF call 004043C4 :00427564 59 pop ecx :00427565 33C0 xor eax, eax :00427567 8B55D8 mov edx, dword ptr [ebp-28] :0042756A 64891500000000 mov dword ptr fs:[00000000], edx :00427571 E9E4010000 jmp 0042775A ------------------------------------------------------------------Cut here--------------------------------------------------------------------- If you scroll up you will see all of the code: ------------------------------------------------------------------Cut here--------------------------------------------------------------------- :00427512 680DDF4B00 push 004BDF0D :00427517 57 push edi :00427518 E85F900700 call 004A057C :0042751D 83C408 add esp, 00000008 :00427520 85C0 test eax, eax <--------------------- See if the file we want to disasseble is Idag.exe :00427522 7436 je 0042755A <---------------------- If it is jump to the "can't disassemble itself" message * Possible StringData Ref from Data Obj ->"ida.wll" | :00427524 6816DF4B00 push 004BDF16 :00427529 57 push edi :0042752A E84D900700 call 004A057C :0042752F 83C408 add esp, 00000008 :00427532 85C0 test eax, eax <--------------------- See if the file we want to disasseble is Idag.wll :00427534 7424 je 0042755A <---------------------- If it is jump to the "can't disassemble itself" message * Possible StringData Ref from Data Obj ->"pc.w32" | :00427536 681EDF4B00 push 004BDF1E :0042753B 57 push edi :0042753C E83B900700 call 004A057C :00427541 83C408 add esp, 00000008 :00427544 85C0 test eax, eax <--------------------- See if the file we want to disasseble is pc.w32 :00427546 7412 je 0042755A <---------------------- If it is jump to the "can't disassemble itself" message * Possible StringData Ref from Data Obj ->"pe.ldw" | :00427548 6825DF4B00 push 004BDF25 :0042754D 57 push edi :0042754E E829900700 call 004A057C :00427553 83C408 add esp, 00000008 :00427556 85C0 test eax, eax <--------------------- See if the file we want to disasseble is pc.w32 :00427558 751C jne 00427576 <---------------------- If it is NOT jump to the "can't disassemble itself" message * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00427522(C), :00427534(C), :00427546(C) | * Possible StringData Ref from Data Obj ->"Sorry, the demo version will not " <--- All jumps land here except ->"disassemble itself" the last one at 00427558 | :0042755A 682CDF4B00 push 004BDF2C <-------- This is where we land after we D-clicked the "Sorry" :0042755F E860CEFDFF call 004043C4 message. :00427564 59 pop ecx :00427565 33C0 xor eax, eax :00427567 8B55D8 mov edx, dword ptr [ebp-28] :0042756A 64891500000000 mov dword ptr fs:[00000000], edx :00427571 E9E4010000 jmp 0042775A ------------------------------------------------------------------Cut here--------------------------------------------------------------------- So we have a message that is referenced by 3 jumps.Time for patching.Look at the table below: ____________________________________________________________________________________ | Address From To Old instruction New instruction Offset | -------------------------------------------------------------------------------------------------------------------------------------- | 00427522 7436 7536 je jne 00026B22 | | 00427534 7424 7524 je jne 00026B34 | | 00427546 7412 7512 je jne 00026B46 | | 00427558 751C EB1C jne jump 00026B58 | * | ___________________________________________________________________________________| * If we change the last jump from 751C to 741C, sometimes might not work and if we change it to 9090 then it will not work at all. =========================================================================================== OK IDA cracked.(Is it realy???) IDA as i said before is a powerfull tool.Even though i use W32Dasm more maybe the reason for this is that W32Dasm is easier.When i first used IDA i got lost and very confused with it but now things start to get clear.I suggest you use this tool more and more each day and you will soon master it's power. On the way you will find out that there are more things to crack in IDA.For example the screen on EXIT of the prog which reminds you that you use a DEMO version of IDA and that it has expired ;=) =========================================================================================== -------------------------------------------------------------------------------------------------------------------------------------------------- """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" Thanks for reading this shit.I hope you gained some knowledge from this tut. My main goal was to help people who are interested in starting with the art of cracking (Not even newbies) but didn't know what tools to get and how to make them work. If you think that i should add some stuff in this tut or anything else you can send me your ideas to basdog22@yahoo.com i would apreciate it. """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" In my next tutorial version 1.6 we will talk about Microsoft and the reasons why cracker's and not only hate B.Gates and his slaves too.Sometimes it is good to know how companies think and how we can escape and destroy their plans.I think that my next tut has much more to say than the previous ones to the Newbie cracker but if you think that it has nothing to offer to you, just skip to the next version. Till then go out there and have a drink with your girl and have fun cause the real life is out there... to be continued...