Acid_Cool_178
presents he's
| #18 Tutorial |
| For Hellforge |
This Text Are Only Ment To Edcucational Purpose And Not To Be Used Illegaly, I Take No Response For Illegal Use Of This Text. Move On On Your Risc.
| Athour Information |
| acid_cool_178@hotmail.com | ||
| Age | 17 | |
| Web Page | http://acidcool.cjb.net/ | |
| Date | February 2K/March 2K | |
| Member in | Hellforge | Flying Horse Cracking Force |
| Groups Web Page | Hellforge Login | FHCF Login |
| Program Infromation |
| Name | ECLiPSE Official Trial Crackme *FiNAL* | |||
| ecl-crkme.exe | ||||
| Athour | ACiD BuRN | |||
| Where to Downlaod | The crackmes webpage | |||
| Size | 452KB (Only the EXE file) | |||
| Tools used | W32Dasm Hiew soft Ice 4.0x |
Downlaod At | ||
| 1. Player Tools | ||||
| 2. Programmer Tools | ||||
| What kind of a program | Crackme | Shareware | ||
| Skill | Easy | Not so easy | Hard | X-pert |
| Information about the Protection I |
This protection has one Name and one code. It takes the name and generates a code and comparing it with the code you entred.
| Before we start |
NOP means No OPeration and are 90 in HEX
Task 1 Patching
Task 2 Serial Sniffing
| The Process |
Task 1
Fire up the crackme in W32Dasm and goto "String Data References" and there you
can see "good work mate!" dubbleclick on thet strin and you will end here.
:00458D65 E8A6AFFAFF call 00403D10
<-- Generating the code
:00458D6A 750A jne 00458D76
<-- If bad code the jump to bad messagebox, else move on to the good messagebox
* Possible StringData Ref from Code Obj ->"good work mate!"
<-- The title of the good messagebox
|
:00458D6C B8DC8E4500 mov eax, 00458EDC
<--
Properties for the good messagebox
:00458D71 E89AB9FEFF call 00444710
<--
Properties for the good messagebox
Scroll up to the jump and you can see in W32Dasm's statusbar @Offset xxxxxxx, note the
offset.
Open the crackme in Hiew and press enter twice and now you will be in "decode
mode". If you not are in "decode mode" the press F4 (Mode) and choose
"Decode"
Now, sa you are in "decode mode" so goto (F5) the offset of the jump.
If you have done everything correct so will you be on the jump now and we will do this.
Orginal
| Location | Bytes | ASM Code |
| 00458D6A | 750A | jne 00458D76 |
And we will change it to
| Location | Bytes | ASM Code |
| 00458D6A | 9090 | jne 00458D76 |
Just press F3 (Edit) when you are on the jump and fill in 9090.
Update the file (F9) and exit hiew (F10 or Esc)
Run the crackme and every dummy serial are sccepted
Task2
Here have you some Soft Ice (SI) information.
Open SI = CTRL+D
Exit SI = X ot CTRL+D
Goto = G Location
Dump = D (D EDX)
Preakpoint on Execution = BPX
Clear all breakpoints = BC *
F12="^p ret;"
In W32Dasm so can you see this.
:00458D65 E8A6AFFAFF call 00403D10
<-- Generating the code
:00458D6A 750A jne 00458D76
<-- If bad code the jump to bad messagebox, else move on to the good messagebox
Trace the call in W32Dasm and you can see this.
:00403D10 53 push ebx
:00403D11 56 push esi
:00403D12 57 push edi
:00403D13 89C6 mov esi, eax
:00403D15 89D7 mov edi, edx
:00403D17 39D0 cmp eax, edx
<-- compare the code with the entred one
:00403D19 0F848F000000 je 00403DAE
1. Run the crackme
2. Fill in the information I wrote Name:AC_178 Code:2951
3 pen SI
4. bpx hmemcpy
5. Exit SI
5. Check the serial
6. Your now in SI
7. F12 x 7 times
8. Clear all breakpoints
9. bpx 00403D17
10. Exit SI
11. Youre back in SI
12. Exit SI
13 Youre back again
14 D EDX <-- You can now see you code
in you data window in SI :)
15 Note the serial
16 clear all breakpoints
17 Register the crackme
18 Congratulations :)
| Ending |
Cracked, the keygen will come later when i'm skilled to to thet stuff.
| Information about the Protection II |
No Information
| Greetings |
LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do, ^AlX^ and all the other i have forgotten