Kanal23 Documentation

KANAL23 Tutorial

http://www.kanal23.net

Deadly Dozen Cd check
Download it from	Nowhere(buy it)

Written by	<bLaCk-eye>

Tools	W32dasm Hiew

Rating	Easy {X } Medium {} Hard { } Pro { }

Introduction

Wellcome to my 3rd tut.I dont know if it can be really considered a tut.Because of it's really simple(quite stupid!hehe)
 protection scheme, if u take into consider that the hole game is over 500Mb.Ok, u got it:it's a game!Deadly Dozen.I dare 
to say it's a copy of Mohaa(Medal of Honour), a pretty good one.So what can u crack at a game?Of course:it's Cd check routine.
And u'll see it's very eaaasy.
Please excuse my bad english!I hope u like this really litlle piece.

The Essay

	Y don't usualy crack games,but  y was surprised by it's easyness so i decided to write a tut.
	Be sure that your cd ISN't in the CD-drive and try to launch the game:
"Please insert the Deadly Dozen Cd-rom into your Cd-drive and restart the game"-->Nice try!
	Remember the message and open the tatget file in w32dasm.After the file loads search our meesage.Here is what we find:

* Possible StringData Ref from Data Obj ->"DEADLYDOZEN"
                                  |
:0043FFAD 68C0F44E00              push 004EF4C0
:0043FFB2 51                      push ecx
:0043FFB3 E828FC0800              call 004CFBE0
:0043FFB8 83C408                  add esp, 00000008
:0043FFBB 85C0                    test eax, eax
:0043FFBD 7406                    je 0043FFC5  --> another posibility

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043FF7A(C)
|
:0043FFBF 43                      inc ebx
:0043FFC0 83FB1A                  cmp ebx, 0000001A
:0043FFC3 7C8A                    jl 0043FF4F

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043FFBD(C)
|
:0043FFC5 83FB1A                  cmp ebx, 0000001A
:0043FFC8 6A00                    push 00000000
:0043FFCA 752F                    jne 0043FFFB   -->is the cd in drive?

* Possible StringData Ref from Data Obj ->"Error"
                                  |
:0043FFCC 68B8F44E00              push 004EF4B8

* Possible StringData Ref from Data Obj ->"Please insert the Deadly Dozen "
                                        ->"CD-ROM into your CD Drive and "
                                        ->"restart the game"
                                  |
:0043FFD1 6868F44E00              push 004EF468  --> here is were we land
:0043FFD6 6A00                    push 00000000
	Scroll up a little bit and u come over the conditional jump (0043FFCA).Could it be so simple?Try it 
(change in hiew the jne -->je)!Does it work? If not shoot me!
	One more thing you can change the je-->jne at 0043FFBD if you like,it has the same efect.
Thats it!(i told you it was to simple)

Final thoughts

In my opinion: 8 for the game and 4 for the protection.In american grades: -B for the game and -F for the protection.That's all...

Greetings

Groups:Kanal23
Individuals: Acid_Cool_178, +Orc, +Fravia and all the crackers from which i've learned something!!

This Document is copyrighted to kanal23 and its members. Please mail the author of this document for complains and those things.
Kanal23 are signing out for now.

n if you run across a program with it, just open the