MERRY XMAS & Happy NEW YEAR ...Surabaja 23 December 1998.
@eAsy crAcking for duMmies ...
MERRY XMAS & Happy NEW YEAR ...
[DISCLAIMER]
This simple tutor wont make you to become a GREAT CRACKER, but maybe can add your CRACKING KNOWLEDGE. First let's thanks to HARVESTR for putting my silly tuts in his NICE Page, and remember, if you use some PROGRAM and you like it make sure you BUY it !
TOOLS:
TARGET:
WINXFILES 32-BIT v3.5
Enough BULLSHIT let's BEGIN
Open W32DASM and Dissamble WINXFILES after doing that go to STRING DATA REFERENCES and find the string that you receive when you entered the wrong code. The message should say : 'INVALID REGISTRATION PASSWORD'
Double Click this STUPID string and you'll see something like this :
* Referenced by a (U)nconditional or
(C)onditional Jump at Address:
|:0046E194(C)
|:0046E1CF 6A00 push 00000000
-------------->>>>>>>>>>>>>>Remember
the OFFSET (mark in RED)!
:0046E1D1 668B0D64E24600 mov cx, word ptr [0046E264]
:0046E1D8 B202 mov dl, 02
* Possible StringData Ref from Code Obj ->"Invalid Registration Password."
Just scroll it Up ......
:0046E18F E89C57F9FF call
00403930
-------------->>>>>>> remember this OFFSET
too !
:0046E194 7539 jne 0046E1CF
--------->>>>>>>>>>>> jump to
BAD GUY if our Password is wrOng
:0046E196 8B45FC mov eax, dword ptr [ebp-04]
:0046E199 E8FA030000 call 0046E598
:0046E19E 6A00 push 00000000
:0046E1A0 668B0D64E24600 mov cx, word ptr [0046E264]
:0046E1A7 B202 mov dl, 02
* Possible StringData Ref from Code Obj ->"WinXFiles is
now registered. Thanks "
->"a lot!"
Now this one is interesting ......
What inside the call 00403930 will be like this :
:00403930 53 push ebx
:00403931 56 push esi
:00403932 57 push edi
:00403933 89C6 mov esi, eax ---------->>>>>>>>>>>
EAX = Our CODE
:00403935 89D7 mov edi, edx---------->>>>>>>>>>>
EDX = REAL CODE
:00403937 39D0 cmp eax, edx---------->>>>>>>>>>>
Compare our CODE with the REAL CODE
:00403939 0F848F000000 je 004039CE
After the COMPARE instruction the FLAG REGISTER wiil depend on our CODE if its right then REGISTER FLAG will set to ZERO that mean get out from the CALL and display the BEAUTIFUL MESSAGE, I guess that is very easy to understand.
FAQ
[READER] : How do you know that EAX contain our CODE and EDX contain the REAL one ?
[OCHE] : You fOOl, use sOftICE and set some BREAKPOINTS.
[READER] : What BREAKPOINT ?
[OCHE] : BPX SHOWWINDOW and BPX 0046E18F .
[READER] : I don't understand with the last BREAKPOINT .........
[OCHE] : You remember this call 00403930 ...? look at the OFFSET and TRACE with F8 in sOftICE,
coz that's the last call before the PROGRAM decide that your PASSWORD is wrong or NOT.
[READER] : How do I see the REAL CODE ?Why don't you just write it with this tuts so I can register the WINXFILES quickly ?
[OCHE] : Use D EDX. F@CK YOU if you are just looking for the REAL SERIAL NUMBER
don't read this TUTS go and FIND it SOMEWHERE ELSE !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[READER] : F@CK YOU TOO OCHE !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
oche_satriani@start.com.au
oblek@start.com.au
ITS OE'97 4397100xxx Corp.