KeyGenning_32bit_Convert_It_vc9.64.01.txt

(5 KB) Pobierz
============================================================================
TITLE.:
32bit Convert It c9.64.01
============================================================================
BEST VIEWED.:
Notepad with word wrap enabled, and in restored window mode
============================================================================
TOOLS USED.:
OllyDbg v1.10(step 2)
============================================================================
TARGET.:
32BC.EXE 671744 bytes.
Written in Microsoft Visual C++ 6.0
============================================================================
LOCATION OF TOOLS AND PROGRAM.:
http://www.grinders.withernsea.com/tools/odbg110b1.rar
http://www.grinders.withernsea.com/tools/32bcsx.rar
http://www.grinders.withernsea.com/tools/Krugerstoolbox.rar
http://www.grinders.withernsea.com/patches/32bit_Convert_It_vc9.64.01_Inside_KeyGen.rar
============================================================================
WEBSITE.:
http://cracking.accessroot.com/
============================================================================
CONTACT INFORMATION.:
kruger48@hotmail.com
============================================================================
TUTORIAL VERSION.:
v1.0 Written 12th of May 2004
============================================================================
AUTHOR AND OTHER ALIASES.:
Kruger
AKA.:(Swat'98) (Swat'99) (Swat)
============================================================================
First, to make this crack easy to follow I have used few references
so you won't loose the grip of the crack.
A lot of tutors bombs you with jumps and calls ;-)
I try to keep it Plain, Simple, Stupid!

I remember in the mid 90's that I got a crack creating a inside "KeyGen"
It was for a program called WinPatch.
I was very impressed and used a lot of time to try to do the same. (With no luck!)
Now, with Olly it's quite easy to do this. 
Let's follow this tutor and you will create a inside KeyGen!
============================================================================
Install app, and load in Olly.
F9, and insert.:
Register Name (Kruger)
Register Email Address (kruger@soft.com)
Registration Code (1234567890)
Click apply...nag...(Timer)...click Order later...OK... 
You are now back in main program window.
Push F12, then Push Ctrl+N.
Browse and find "lstrlenA"
Right click put brakes on all references...
Now push F9... Breaks on address
0040A882  |.  8B2D CC414300 MOV EBP,[DWORD DS:<&KERNEL32.lstrlenA>]  ;  KERNEL32.lstrlenA
Insert 1234567890
push F8
Loops some times...Have a look on
0040A892 . BF E0FB4400 MOV EDI,32BC.0044FBE0 ; ASCII "30353A383D3E"
ASCII "30353A383D3E" Cool!
Finally we got the same ASCII string repeated some times and ends up at address.:
0040BD88 . BF E0054500 MOV EDI,32BC.004505E0 ; ASCII "30353A383D3E"
Now, we got a valid serial.
============================================================================
***Turning app into Inside KeyGen***
Before starting to explain "how to" it's important with some basic knowledge.
The problem.:
1. You need to know the address that refers to the serial is the same all the time.
To verify this try to register with long and short name/address/serial 
and check that the address is unchanged.
If it changes this crack will fail, or just work with the same lenght in Name/Serial!
2. We need to show the serial somewhere in the app, a MsgBox is the easiest way.
============================================================================
So, with this knowledge let's try to KeyGen!
Reload app, go to top in CPU window - right click - choose search for all referenced text strings.
Search for "Don't push this button"
Found it at address .:
0040C1AF 68 EC8B4400 PUSH 32BC.00448BEC ; ASCII "Don't press this button"
F2+enter - into cpu window
Change jump to.:
Old.:
0040C1AF 68 EC8B4400 PUSH 32BC.00448BEC
New.:
0040C1AF 68 E0054500 PUSH 32BC.004505E0
Try app...shit I can only see the serial fore some secs..
Ok, let's dig this out.
After the first txtstring, it's replaced with a new one (using a timer)
"Press one of these buttons, order now"
Hmmm...Go to References search for  ASCII "Press one of these buttons, order now"
Found it at address.:
0040C343
F2+enter
Put brake on JNZ two lines up at.:
0040C33C 75 26 JNZ SHORT 32BC.0040C364
Breaks at address...0040C33C
push F7... and look carefully...loops and finally shows the text that covers the serial 4 us.
0040C353 68 FB030000 PUSH 3FB
Hmm... "PUSH 3FB"
Use Kruger's ToolBox, try to convert 3FB to Decimal.
3FB (Hex) =  1000 (Decimal)
This is the counter for the timer, counting from 0 to 1000!
So, lets kill the timer.
We are going to count from 0 to 0!
Old.:
0040C364 68 E8030000 PUSH 3E8 (1000)
New.:
0040C364 6A 00000000  PUSH 0   (0)
Let's kill the loop.
Old.:
JNZ SHORT 32BC.0040C364
New.:
JMP SHORT 32BC.0040C364
Save changes run app.
The serial is now shown all time, and counter is disabled.
Congrat's! We have just made a inside KeyGen!
============================================================================
SHOUTZ AND GREETZ:
To all Members of AR Team, TSRh Club, the creator of Olly! 
And to all of you reading my Tuts!
============================================================================
Plik z chomika:

gabriel-ak
Inne pliki z tego folderu:

Results_of_Bad_Protection_Implementation_by_Danny_2.rar (2431 KB)
Generating_Keys_For_TimePassages_ENSP_by_NachoDJ.rar (3615 KB)
Primer_on_Reversing_Symbian_S60_Applications_v14_by_Shub-Nigurrath.rar (3691 KB)
ASProtect_2.3_SKE_inline_patching_tutorial_by_ThunderPwr.rar (3985 KB)
ActiveMark62_63_superior_inline_patching_method_by_SSlEvIN.rar (4402 KB)
KeyGenning_32bit_Convert_It_vc9.64.01.txt

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:
