(-\/\ dRaG0n´s CrAcKinG Lesson 7 /\/-)



Tools you need :

Softice V.3.X        ( get it at  cracking.home.ml.org & surf.to/harvestr)

W32dasm V8.X         ( get it at  cracking.home.ml.org & surf.to/harvestr)

Editor+ V3.0 Light   ( get it at Click Here )

Hiew 5.xx            ( get it at  cracking.home.ml.org & surf.to/harvestr )

Introduction :

hi aaaaggggaaaiin ;) ... Long time didnt write a tut´ , its time to CRACK again ...
In thiz tutorial , i will show you , how easy it is to programm a [KeyGen] for Editor+ V3.0 ..
... YeAh ... KeYgens R cool , huh ;) ... let´S rOCK !

 Cracking Editor+ V3.0 Light with Softice :

I will do thiz in Steps , so its better to Understand :-)  .. like in the other Lessons ...

Step  1 :  Run Editor+ V3.0 (What a fuckin´ bad Nag , hehe) and go to "?/Registration"

Step  2 :  Enter "DrAg0n" as name , and "77777" as dummy Code , enter S-iCE ...
           Now we´ll set the most common Breakpoints .

           GetDlgItemTextA and GetWindowTextA dont work , so we take ..

           "Bpx hmemcpy"

           Now leave S-iCE .

Step 3  :  Press "Ok"... "break duo to BPX Kernel!Hmemcpy ... "

Step 4  :  Now press "F5" to get to the second (Serial) Box  ... Press "F11" to go to Caller..

           Now you´ll see that we arent in the right place, see "USER(03)" .. K .. Hit "F10"
           till you are in the "EDiTORPL!CODE+xxxxxxx" section ...

           If you trace a bit (F10) , you´ll see that there are only many ret commands here ,
           so trace as long , till you´re at the right code ... on Location xxxx:004ACA3E ..

           This is the only code we´ll need ...

           :0042C940  33DB        xor ebx, ebx
           :0042C942  8B45F8      mov eax, dword ptr [ebp-08]
           :0042C945  E8926BFDFF  call 04034DC
           :0042C94A  83F802      cmp eax, 00000002
           :0042C94D  7E3C        jle 0042C98B
           :0042C94F  83FE01      cmp esi, 00000001
           :0042C952  7E37        jle 0042C98B
           :0042C954  8B45F8      mov eax, dword ptr [ebp-08]
           :0042C957  E8806BFDFF  call 004034DC
           :0042C95C  85C0        test eax, eax
           :0042C95E  7E13        jle 0042C973
           :0042C960   BA01000000 mov edx, 00000001
           :0042C965   8B4DF8     mov ecx, dword ptr [ebp-08]         ; Mov *our name* to ECX
           :0042C968   0FB64C11FF movzx ecx, byte ptr [ecx+edx-01]    ; Get first Char ->
                                                                      ; Decimal to ECX
                                                                      ; ex.: D -> 44 -> ECX ;-)
           :0042C96D  03D9        add ebx, ecx                  ; Add Ecx (Name Decimal) to EBX
           :0042C96F   42         inc edx                       ; not intresting(prog.Counter)
           :0042C970   48         dec eax                       ;     "        "        "
           :0042C971   75F2       jne 0042C965               ; Is there a next Char after "D" ,
                                                             ; Then goto 42C965 , get decimal
                                                             ; and add it to EBX ...
                                                             ; If finished , go on ..
           :0042C973   81C3C0070  add ebx, 000007C0          ; Heres the clue, "7C0" ... It add
                                                             ; 7C0 (1984)  to our Decimal pool
                                                             ; of our name ( EBX ) ..
           :0042C979   3BF3       cmp esi, ebx               ; Compare fake Reg with Real Ser.
                                                             ; do "? esi" or "? ebx" to see it.
           :0042C97B  7508        jne 0042C985               ; Good Buyer or Bad Cracker JMP !

Step 5  :   Ok ... I´ll explain the things from above again ...

            1 . The program gets every Decimal Value from every Char in the name and add
                them to the , we call it Decimal-Pool ...

            ex.: D -> 44 -> Pool .. R --> 52 --> Pool ... etc.. Pool would be 96 (HEX) .. ok ?

            2 . Then , when every char of Name has been added to the Pool ,
                it simple adds 7C0 (HEX) = 1984 (Decimal) to the Pool ... Thats it !

            3 . So , since my proged Keygen only calculate Chars to decimal , we have to
                add 1984 to the pool , cause 1984 is the Decimal of 7C0 .. do "? 7C0" in SiCE
                to see it !

            Here´s the code of my keygen ... I wrote thiz in "C" with some Creditz to "CrAckZ"
            for help !

            I Think , its self explaining ... Compile it with any Dos - C - Compiler ;)

The Source Code :

// This Code is copyrighted to Drag0n FFO99 .. Do with it what ya want ;)

#include <stdio.h>
#include <string.h>

int main(void)
        char Name[30];
        int NameLength, Offset;
        long int Regsum = 0;

        // Display Logo

        printf("              \n");
        printf("             EDiTOR+ LIGHT v3.0 [KeyGen] \n\n");
        printf("         ÜÜÜÜÜÜÜÜÜÜÜ   ÜÜÜÜÜÜÜÜÜÜÜ \n");
        printf("       ÜÛß ÜÜÜÜÜÜÜ Û ÜÛß ÜÜÜÜÜÜÜ Û \n");
        printf("    ÜÛßß ÜÛÛÛÛÛÛÛß Ûß  ÜÛÛÛÛÛÛÛÛ Û  ÜÜÜÜÜÜÜÜ \n");
        printf("   Ûß ÜÛÛÛÛßß ÜÜÜÜß ÜÛÛÛÛßß ÜÜÜÜÜßÜß ÜÜÜÜÜÜ ßÛ \n");
        printf("   Û ÛÛÛÛß Üßß   Û ÛÛÛÛß Üßß     Üß ÛÛÛÛÛÛÛÛ ßÛÜ \n");
        printf("   Û ÛÛÛÛ Û      Û ÛÛÛÛ Û      Ûß ÜÛÛÛß  ßÛÛÛÜ ßÛ \n");
        printf("   Û ÛÛÛÛÜ ßÜ    Û ÛÛÛÛÜ ßÜÜÜÜÜÛ ÛÛÛÛ      ÛÛÛÛ Û \n");
        printf("   Û ßÛÛÛÛÛ Û   Üß ßÛÛÛÛÛÜÜÜÜÜÜ  ßßßß      ÛÛÛÛ Û \n");
        printf("    ÛÜ ÛÛÛÛÜ ßßß ÜÜÜÜÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ   ÛÛÛÛ Û \n");
        printf("  Üß ÜÜÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛßßßß  ÜÜÜÜ      ÛÛÛÛ Û \n");
        printf("  Û ÛÛÛÛÛÛÛÛÛÛÛÛÛßßß Ü ÛÛÛÛ ÛßßÛ ÛÛÛÛ      ÛÛÛÛ Û \n");
        printf("  ÛÜ ßßßßÛÛÛÛ ÜÜÜÜÛßßÜ ÛÛÛÛ Û  ÛÜ ÛÛÛÛÜ  ÜÛÛÛÛ ÜÛ \n");
        printf("    ßßßÛ ÛÛÛÛ Û      Û ÛÛÛÛ Û   ÛÜÜ ÛÛÛÛÛÛÛÛ ÜÜÛ \n");
        printf("       Û ÛÛÛÛ Û      Û ÛÛÛÛ Û     ÛÜ ßßßßßß ÜÛ \n");
        printf("       Û ÛÛÛÛ Û      Û ÛÛÛÛ Û      ßßßßßßßßßß \n");
        printf("       Û ÛÛÛÛ Û      Û ÛÛÛÛ Û <Crash>\n");
        printf("       ÛÜÜÜÜÜÜÛ      ÛÜÜÜÜÜÜÛ              \n\n");
        printf("              - bY drAg0n [FFO99] - \n\n");
        printf("eNTER yA nAME  : ");

        // Get Name - Decimal Values

                NameLength = strlen(Name);

                        for (Offset = 0; Offset < NameLength; Offset++)
                                Regsum = Regsum + Name[Offset];

          printf("\nyOUR sERiAL iS : ");

          // Regsum is the Decimal Pool ... With all Decimal Chars from the name...
          // You see, we just add 1984 (7C0) to it , and its done ...

          printf("%d ", (Regsum + 1984));

          return 0;

- Heres the KEygen in a File if you dont want to copy all thiz shit - keygen.c

Last Words :

Ok , you have done your (first) Keygen ;) ... I think , it wasnt that hard ...
I had some problems to write Keygens when i started to do Keygens ..
How and in which language to program in..
... I think "C" is very good / easy to write Keygens ... so ... enjoy it ;)

l8rz , [DrAg0n FFO99]

- See ya all in Lesson 8 soooon ;) -