ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ÛÛÛÛÛÛÛÛ ÛÛÛÛÛÛÛÛ ³± ³ ÛÛÛÛÛÛÛÛ° ÛÛÛÛÛÛÛÛ° ³±° ³ ÛÛ°°°°ÛÛ° ÛÛ°°°°°°° GenocideCrew ³±° ³ ÛÛ° °° ÛÛ° www.genocidecrew.cjb.net ³±° ³ ÛÛ° ÛÛ° ³±° ³ ÛÛ° ÛÛÛ ÛÛ° Author : balitog ³±° ³ ÛÛ° ÛÛ° ÛÛ° Target : trial.exe ³±° ³ ÛÛÛÛÛÛÛÛ° ÛÛÛÛÛÛÛÛ Protection: name/serial ³±° ³ ÛÛÛÛÛÛÛÛ° ÛÛÛÛÛÛÛÛ° ³±° ³ °°°°°°°° °°°°°°°° ³±° ³ ³±° ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ±° ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±° °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° Intro ------------------------------------------------------------------------------------------------- We are always in the process of learning. In this case I tried my skills in cracking a program written I believe in delphi or c++. In a way, this is a straight forward crackme. You crack this trial crackme and you can receive trial status with nuclear cracking group. But hey, don't be a lamer and steal this tute. Make your own so you can experience the fun of cracking. Tools Needed ------------------------------------------------------------------------------------------------- SoftIce trial.exe <--- www.fr1c.cjb.net Let's Rock ------------------------------------------------------------------------------------------------- With sice's symbol loader in the background, run our crackme. Hmemcpy is a guaranteed bpx, that's why i used it often, you dont have to guess what call the code uses. After our program loads, key-in our name and serial ("Balitog" and "123456789") then dive-into sice by pressing "ctrl-d" and type "bpx hmemcpy" click the "crack me" button. You should now be here: --------SNIP--------- KERNEL32!HMEMCPY 0147:9EA6 PUSH BP <----- address may vary 0147:9EA7 MOV BP,SP 0147:9EA9 PUSH DS --------SNIP--------- Press F12 12 times until you land here: --------SNIP--------- 0167:00427A02 CALL 00415BC0 0167:00427A07 MOV EAX,[EBP-14] <------ you land here 0167:00427A0A CALL 004037A8 0167:00427A0F MOV [EBP-10],EAX 0167:00427A12 LEA EDX,[EBP-14] --------SNIP--------- Then single step(f10) until you land at this code: --------SNIP--------- 0167:00427AA5 CALL 004038B8 <------ trace through here by pressing t followed by a return 0167:00427AA5 JNZ 00427AE8 0167:00427AA5 PUSH 00 --------SNIP--------- Trace the call by pressing t followed by a carriage return and you should now be here: --------SNIP--------- 0167:004038B8 PUSH EBX <---- you will land here 0167:004038B9 PUSH ESI 0167:004038BA PUSH EDI 0167:004038BB MOV ESI,EAX 0167:004038BD MOV EDI,EDX 0167:004038BF CMP EAX,EDX <---- guess what is being compared here! 0167:004038BF JZ 00403956 --------SNIP--------- Well, if you follow this tute closely and you landed in this location(0167:4038BF), congratulations. type d edx and you will see your valid serial. Clear all bpx then try your newly found serial... if you can do better you can trace how the serial was computed make a keygen and submit it to fr1c. You can earn a trial status in their group. Greetz ------------------------------------------------------------------------------------------------- GC, Jonah and Jeramheel of AOL, to my beautiful wife, Corbio (ey! man i need yer help), and to all the ppl who made cracking possible ---> Carpe Diem! Fr1c, tnx for the info in yer ezine. Mabuhay Pinoy. ------------------------------------------------------------------------------------------------- mail me ===>>> balitog@joymail.com (so I will know somebody loves me =()