Cracking ETDict V1.0 - English-Tagalog/Tagalog-English

This tutorial are coming from

Acid Cool 178

Tutorial Number 48

Target

Program_____________ETDict V1.0 - English-Tagalog/Tagalog-English

Protection___________Code / Demo (10 uses before expires)
Downlaod it at ______http://users.skynet.be/sky80483/scarindx.html   
Date________________30 April 2000

Toolz

W32Dasm and Soft Ice
Download it at protools.cjb.net

Essay

This program will expire after 10 uses and after that so must you register it, open and close the program 10 times and on you 11 time so will you see one register window. And there can you enter your code, first di tid i try "2951" and OK. I did get this messagebox "This is not a valid registration code etc etc etc"

Remember that and open the ETDict.exe in W32Dasm, when that are finished so goto "String Data References" and look for the messagebox. Bubbleclick on that string and close the "String Data References" box. Now you can see this code.

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00459084(C)
|
:004590FC 6A00                    push 00000000

* Possible StringData Ref from Code Obj ->"                             ETDict "
                                        ->"REGISTRATION"
                                  |
:004590FE B908924500              mov ecx, 00459208

* Possible StringData Ref from Code Obj ->"This is not a valid code you entered "
                                        ->"! NO REGISTRATION POSSIBLE !"

                                  |
:00459103 BA3C924500              mov edx, 0045923C		<-- U will land here

Now, scroll up until you can see this code..

:0045907B 8B55F0                  mov edx, dword ptr [ebp-10]
:0045907E 58                      pop eax
:0045907F E884ABFAFF              call 00403C08				<-- Compare routing
:00459084 7576                    jne 004590FC				<-- Jump to bas messagebox
:00459086 8D55F4                  lea edx, dword ptr [ebp-0C]
:00459089 8B83F4020000            mov eax, dword ptr [ebx+000002F4]

Now, lets find the serial.

Run the program and enter inn a dummy code, DON'T PRESS ON THE OK BUTTON YET!!!
Open up Soft ICe and set a breakpoint at hmemcpy and close Soft ICe
Now, press on the OK button and you will be back in Soft Ice..
Press F12 7 Times and clear all breakpoints.
Set a new breakpoint at the call where the compare routine are, and Close Soft Ice.
Back in Soft ICe again, and you stands at the call. Just look what are in EAX and EDX.
EAX= Fake code
EDX=Real Code :)

Program cracked..

Ending

LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do, ^AlX^ , AC|D, Dark Wolf, Marton and all the other i have forgotten