|
|
|
|
|
|
|
|
iNTROdUCTION :
hi there !!! it has been along ... long time ... since my last tutorial !! , but here i am again !! ....
You know something , it is strange how sometimes we act like we know everything !! , and at the end what we now
is nothin' , for example lsn to this story, before i wrote this tutorial , i installed the prog. and started cracking it,
the thing is i couldn't crack it !! can u believe it !! , i just couldn't, but then for some strange reason i did ,
and guess what, i cracked it using a diff. approach than the first time i cracked it !! , so my point here
!!! NEVER EVER think that u know everything !!
pROTEcTION :
This program is like any other !! , it needs an email address and a registration key , so our job here is to find the correct registration key for our email and then make a keygen for this program !!
|
o.k let's start !! , now after u install the program, run it to take a look at it !! , you will see on the menu something like this '?', click it , then click about [ mp3 .... , now as u can see we have found were to put our info , click on the registration tab then click on enter registration info , let's enter our info in my case i wrote :
E-mail address : FaTzBiT@tntcrackers.ws
Registation Key : 1234567890
now click on the o.k button and u will be hit by this messagebox :
now you know what to do !! , that's right let's dasm the exe file , and look for our message , now i know some of you don't like to dasm the exe file , but you like the live approach , hmm !! if that's what u want then skip ahead to were i start using softice in this tutorial , but remember if you were a newbie , then i think this is the best approach !! , anyway after we dasm the file, we look for our error message in the SDR ref . and look ... above the error message u will find our thank u message !! let's double click on it and u will see something like this code :
* Possible Reference to String Resource ID=00153: "Thanks for registering [ m p 3 - e x p l o r e r ] !" <-- good boy
:00401B0C 6899000000 push 00000099
* Possible Ref to Menu: MenuID_0080, Item: ""
:00401B15 C7052C354B0001000000 mov dword ptr [004B352C], 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
* Possible Reference to String Resource ID=00154: "Registration info are not correct ! Please try again." <-- bad boy
:00401B2F 689A000000 push 0000009A
:00401B11 8D4C2410 lea ecx, dword ptr [esp+10]
:00401B1F E8D0430500 call 00455EF4
:00401B24 8B44240C mov eax, dword ptr [esp+0C]
:00401B28 6A40 push 00000040
:00401B2A 6A00 push 00000000
:00401B2C 50 push eax
:00401B2D EB17 jmp 00401B46
|:00401AA4(C) <-- hmmm !!! let's check this out
:00401B34 8D4C2410 lea ecx, dword ptr [esp+10]
o.k i think eveything is clear right , the error message is displayed cuz of the jump at 00401AA4 let's check it out , click on search/find and enter 00401AA4 and make sure that the direction is set to up , and we will be at this code in no time :
:00401A90 B918334B00 mov ecx, 004B3318
:00401A95 C684248C00000001 mov byte ptr [esp+0000008C], 01
:00401A9D E83E6A0100 call 004184E0 <-- our algo ...
:00401AA2 85C0 test eax, eax <-- our test ...
:00401AA4 0F8485000000 je 00401B2F <-- our jump if zero ...
:00401AAA 8D4C2474 lea ecx, dword ptr [esp+74]
now i think we have to step into this call , to see what is in it . but we will do it with softice this time !! now run the program !! , enter ur info and before u click on the o.k button , fire softice [ctrl + d] and set a breakpoint like this one !!
Bpx Hmemcpy
then press F5 and we are back , now press the o.k buttn softice will break !! , press F11 once then press F12 for (7) times now clear alll the breakpoints and set a new one on address 00401A9D , then press F5 , softice will break again at the call now press F8 , and we are inside the call , with F10 trace the code until u are here :
:00418535 83FF04 cmp edi, 00000004 <-- the length of our email in edi
:00418538 7D35 jge 0041856F <-- compare it with 4, jump if greater or equal
o.k now continue with the trace until u r at this code :
:00418573 8B442420 mov eax, dword ptr [esp+20] <-- eax point to our email
:00418577 0FBE0C06 movsx ecx, byte ptr [esi+eax] <-- ecx has our 1st char in email
:0041857B 51 push ecx <-- store ecx
:0041857C E871490200 call 0043CEF2 <-- convert the char. from small letter to capital
:00418581 83C404 add esp, 00000004
:00418584 03E8 add ebp, eax <-- add the char. to ebp
:00418586 46 inc esi <-- add 1 to esi (counter)
:00418587 3BF7 cmp esi, edi <-- check if the counter="email" string length
:00418589 7CE8 jl 00418573 <-- if less loop again (take next char)
:0041858B 8B4C240C mov ecx, dword ptr [esp+0C] <-- ecx has our fake key
:0041858F BAC0D40100 mov edx, 0001D4C0 <-- put in edx 1D4C0h="120000"
:00418594 2BD5 sub edx, ebp <-- subtract our email sum from edx
:00418596 33C0 xor eax, eax
:00418598 3BCA cmp ecx, edx <-- compare it with our fake key
now i know some of u will not look at the code , so i'll explain it again .... the algo. is simple , first our string (email address) must be 4 char and more , then it takes our first char. from our email and see if it's small letter, if it is small , it convert it to capital letter and add it ebp register , then take the 2nd char. and do the same , until it finish our email address string , then put in edx the value of 120000 and subtract our char. sumation from edx , and compare it with our fake key , now at address 00418598 , write in softice '? edx' write down the value cuz this is our real key , then clear all breakpoints and try and there u go !! our thank u message !!
but wait a min here i think this alog. it to simple so let's code a keygen for it ... here is my source code, it is written in C , and compiled in Turbo C++ v3.0 , if u want to try it :
// a keygen for mp3-explorer v4.3.0 by FaT[BiT] \ TNT!
#include <stdio.h>
int main (void)
clrscr();
code -= emailchsum;
#include <conio.h>
{
long i, emailchsum = 0;
long code = 120000;
char ch;
unsigned char email[50];
printf("------------------------------------------------------------------\n");
printf("[ m p 3 - e p l o r e r ] v 4.3.0 - Keymaker - by FaT[BiT] \\ TNT!\n");
printf("------------------------------------------------------------------\n\n");
printf("E-Mail address : ");
gets (email);
if (strlen (email)<4) {
printf("Err : E-Mail address is too short.");
exit (1);
}
for(i=0;i<=strlen(email);i++) {
ch = email[i];
if ((ch >= 97 ) && (ch <= 122)) ch = ch - 32;
emailchsum += ch ;
}
printf("Registration key : %ld", code);
return 0 ;
}
o.k there u have it !!
compile this code , then run it and enter ur email , to have ur code and try it !!!, and ...
|
tKC ... (for showing me the light !! )
LW2000 ... ( Thanx alot i now use my brain )
[XasX] ... (a very good founder and a very good friend also!)
AzmO ... (yes!! man we are different !! )
Sir dReAm ... (i will be seeing u soon !! )
ASTAGA ... (keep up the good work !!)
BoneZ ... (thanx alot for the support !!)
BillGameZ, VaibLitzeR, MezUz , and ShaQ ... (good luck to u all !! )
and to all TNT!CRACK!TEAM! members ... (keep up the good work !!)
any comments mail me : fattnt@linuxmail.org
See ya in another tut !!! Soon !!!
--= EOF =--