NUKEM

Hubble Telescope Screen Saver

Da-Breaker-Crew

Download Programm: http://www.alwaysgreat.com

Download Tutorial: http://kickme.to/dbc

Tools:

Softice

Beginner [x]___Improved [ ]___Medium [ ]___Hard [ ]

 
|
|

Start Cracking

 
So again back with a small tutorial,
it be more an explanation as a Essay about the Cracking, but follow my steps and we hope that you learn a little bit.

So Install the Screensaver and open the Registration Dialog.
Type your dummy Serial in and open Softice by Crtl+D and set a Breakpoint to GetWindowTextA [bpx getwindowtexta]
Step switch back to the Registration Dialog and hit the OK button.
Now you be back in Softice and step per F12 into the Code of the Screensaver
---Hubble Telescope!.text+00041BA1------
and you`ll be here,
* Reference To: USER32.GetWindowTextA, Ord:013Fh

                                  |

:00442BA1 FF1520344500            Call dword ptr [00453420]            // you`ll stop here

:00442BA7 8B4C2408                mov ecx, dword ptr [esp+08]          



* Possible Reference to Dialog: DialogID_009B, CONTROL_ID:00FF, ""

                                  |

:00442BAB 6AFF                    push FFFFFFFF

:00442BAD E8BE2C0000              call 00445870

:00442BB2 EB0C                    jmp 00442BC0



* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|:00442B84(C)

|

:00442BB4 8B01                    mov eax, dword ptr [ecx]

:00442BB6 FF742408                push [esp+08]

:00442BBA FF9090000000            call dword ptr [eax+00000090]



* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|:00442BB2(U)

|

:00442BC0 5E                      pop esi

:00442BC1 C20400                  ret 0004


Trace till the Return and over it and you`ll be here,

:00414214 8B44240C                mov eax, dword ptr [esp+0C] // Stopd here

:00414218 BEF49C4600              mov esi, 00469CF4



* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|:0041423F(C)

|

:0041421D 8A10                    mov dl, byte ptr [eax]

:0041421F 8A1E                    mov bl, byte ptr [esi]

:00414221 8ACA                    mov cl, dl

:00414223 3AD3                    cmp dl, bl

:00414225 751E                    jne 00414245              // Jump to adress

:00414227 84C9                    test cl, cl

:00414229 7416                    je 00414241

:0041422B 8A5001                  mov dl, byte ptr [eax+01]

:0041422E 8A5E01                  mov bl, byte ptr [esi+01]

:00414231 8ACA                    mov cl, dl

:00414233 3AD3                    cmp dl, bl

:00414235 750E                    jne 00414245

:00414237 83C002                  add eax, 00000002

:0041423A 83C602                  add esi, 00000002

:0041423D 84C9                    test cl, cl

:0041423F 75DC                    jne 0041421D



* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|:00414229(C)

|

:00414241 33C0                    xor eax, eax

:00414243 EB05                    jmp 0041424A



* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:

|:00414225(C), :00414235(C)

|

:00414245 1BC0                    sbb eax, eax         // stopd here and look in ESI, well here you havnt ESI but in the

:00414247 83D8FF                  sbb eax, FFFFFFFF    // code before it calls the valid Serial to ESI


d ESI = Celestial

Closing remark

Greets to:

ploppy, Manycracker, DYCUS, FuzzyCat, draXXter, Mr.White[WKT], fREaKaZoiD, rAidri, gloryx, Kylock, Kelly, cELTICa, figugegl, notice!, Milhouse, WAHNS, Hamst,
Cassandra, +fravia, PlAyEr, Satanic_Brain, ManKind, EinZtein, Savatage, |NEO|, uzZi, SiNa, |-SHI-|, Shockwave, s@nDOk@n, ScareByte, VandalJax, pHAT_tEQ, dazm, viruz666,KeNkAnIfF.