(-\/\ dRaG0n´s CrAcKinG Lesson 7 /\/-)
Tools you need :
Softice V.3.X ( get it at cracking.home.ml.org & surf.to/harvestr)
W32dasm V8.X ( get it at cracking.home.ml.org & surf.to/harvestr)
Editor+ V3.0 Light ( get it at Click Here )
( get it at cracking.home.ml.org
hi aaaaggggaaaiin ;) ... Long time didnt write
a tut´ , its time to CRACK again ...
In thiz tutorial , i will show you , how easy it is to programm a [KeyGen] for Editor+ V3.0 ..
... YeAh ... KeYgens R cool , huh ;) ... let´S rOCK !
Cracking Editor+ V3.0 Light with
I will do thiz in Steps , so its better to Understand :-) .. like in the other Lessons ...
Step 1 : Run Editor+ V3.0 (What a fuckin´ bad Nag , hehe) and go to "?/Registration"
Step 2 : Enter "DrAg0n" as name
, and "77777" as dummy Code , enter S-iCE ...
Now we´ll set the most common Breakpoints .
GetDlgItemTextA and GetWindowTextA dont work , so we take ..
Now leave S-iCE .
Step 3 : Press "Ok"... "break duo to BPX Kernel!Hmemcpy ... "
Step 4 : Now press "F5" to get to the second (Serial) Box ... Press "F11" to go to Caller..
Now you´ll see that we arent in the right place, see "USER(03)" ..
K .. Hit "F10"
till you are in the "EDiTORPL!CODE+xxxxxxx" section ...
If you trace a bit (F10) , you´ll see that there are only many ret
commands here ,
so trace as long , till you´re at the right code ... on Location xxxx:004ACA3E ..
This is the only code we´ll need ...
:0042C940 33DB xor ebx,
:0042C942 8B45F8 mov eax, dword ptr [ebp-08]
:0042C945 E8926BFDFF call 04034DC
:0042C94A 83F802 cmp eax, 00000002
:0042C94D 7E3C jle 0042C98B
:0042C94F 83FE01 cmp esi, 00000001
:0042C952 7E37 jle 0042C98B
:0042C954 8B45F8 mov eax, dword ptr [ebp-08]
:0042C957 E8806BFDFF call 004034DC
:0042C95C 85C0 test eax, eax
:0042C95E 7E13 jle 0042C973
:0042C960 BA01000000 mov edx, 00000001
:0042C965 8B4DF8 mov ecx, dword ptr [ebp-08] ; Mov *our name* to ECX
:0042C968 0FB64C11FF movzx ecx, byte ptr [ecx+edx-01] ; Get first Char ->
; Decimal to ECX
; ex.: D -> 44 -> ECX ;-)
:0042C96D 03D9 add ebx, ecx ; Add Ecx (Name Decimal) to EBX
:0042C96F 42 inc edx ; not intresting(prog.Counter)
:0042C970 48 dec eax ; " " "
:0042C971 75F2 jne 0042C965 ; Is there a next Char after "D" ,
; Then goto 42C965 , get decimal
; and add it to EBX ...
; If finished , go on ..
:0042C973 81C3C0070 add ebx, 000007C0 ; Heres the clue, "7C0" ... It add
; 7C0 (1984) to our Decimal pool
; of our name ( EBX ) ..
:0042C979 3BF3 cmp esi, ebx ; Compare fake Reg with Real Ser.
; do "? esi" or "? ebx" to see it.
:0042C97B 7508 jne 0042C985 ; Good Buyer or Bad Cracker JMP !
Step 5 : Ok ... I´ll explain the things from above again ...
1 . The program gets every Decimal Value from every Char in the name and
them to the , we call it Decimal-Pool ...
ex.: D -> 44 -> Pool .. R --> 52 --> Pool ... etc.. Pool would be 96 (HEX) .. ok ?
2 . Then , when every char of Name has been added to the Pool ,
it simple adds 7C0 (HEX) = 1984 (Decimal) to the Pool ... Thats it !
3 . So , since my proged Keygen only calculate Chars to decimal , we have
add 1984 to the pool , cause 1984 is the Decimal of 7C0 .. do "? 7C0" in SiCE
to see it !
Here´s the code of my keygen ... I wrote thiz in "C" with some Creditz
for help !
I Think , its self explaining ... Compile it with any Dos - C - Compiler
The Source Code :
// This Code is copyrighted to Drag0n FFO99 .. Do with it what ya want ;)
int NameLength, Offset;
long int Regsum = 0;
// Display Logo
printf(" EDiTOR+ LIGHT v3.0 [KeyGen] \n\n");
printf(" ÜÜÜÜÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜÜÜÜÜ \n");
printf(" ÜÛß ÜÜÜÜÜÜÜ Û ÜÛß ÜÜÜÜÜÜÜ Û \n");
printf(" ÜÛßß ÜÛÛÛÛÛÛÛß Ûß ÜÛÛÛÛÛÛÛÛ Û ÜÜÜÜÜÜÜÜ \n");
printf(" Ûß ÜÛÛÛÛßß ÜÜÜÜß ÜÛÛÛÛßß ÜÜÜÜÜßÜß ÜÜÜÜÜÜ ßÛ \n");
printf(" Û ÛÛÛÛß Üßß Û ÛÛÛÛß Üßß Üß ÛÛÛÛÛÛÛÛ ßÛÜ \n");
printf(" Û ÛÛÛÛ Û Û ÛÛÛÛ Û Ûß ÜÛÛÛß ßÛÛÛÜ ßÛ \n");
printf(" Û ÛÛÛÛÜ ßÜ Û ÛÛÛÛÜ ßÜÜÜÜÜÛ ÛÛÛÛ ÛÛÛÛ Û \n");
printf(" Û ßÛÛÛÛÛ Û Üß ßÛÛÛÛÛÜÜÜÜÜÜ ßßßß ÛÛÛÛ Û \n");
printf(" ÛÜ ÛÛÛÛÜ ßßß ÜÜÜÜÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ ÛÛÛÛ Û \n");
printf(" Üß ÜÜÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛßßßß ÜÜÜÜ ÛÛÛÛ Û \n");
printf(" Û ÛÛÛÛÛÛÛÛÛÛÛÛÛßßß Ü ÛÛÛÛ ÛßßÛ ÛÛÛÛ ÛÛÛÛ Û \n");
printf(" ÛÜ ßßßßÛÛÛÛ ÜÜÜÜÛßßÜ ÛÛÛÛ Û ÛÜ ÛÛÛÛÜ ÜÛÛÛÛ ÜÛ \n");
printf(" ßßßÛ ÛÛÛÛ Û Û ÛÛÛÛ Û ÛÜÜ ÛÛÛÛÛÛÛÛ ÜÜÛ \n");
printf(" Û ÛÛÛÛ Û Û ÛÛÛÛ Û ÛÜ ßßßßßß ÜÛ \n");
printf(" Û ÛÛÛÛ Û Û ÛÛÛÛ Û ßßßßßßßßßß \n");
printf(" Û ÛÛÛÛ Û Û ÛÛÛÛ Û <Crash>\n");
printf(" ÛÜÜÜÜÜÜÛ ÛÜÜÜÜÜÜÛ \n\n");
printf(" - bY drAg0n [FFO99] - \n\n");
printf("eNTER yA nAME : ");
// Get Name - Decimal Values
NameLength = strlen(Name);
for (Offset = 0; Offset < NameLength; Offset++)
Regsum = Regsum + Name[Offset];
printf("\nyOUR sERiAL iS : ");
// Regsum is the Decimal Pool ... With all Decimal Chars from the name...
// You see, we just add 1984 (7C0) to it , and its done ...
printf("%d ", (Regsum + 1984));
- Heres the KEygen in a File if you dont want to copy all thiz shit - keygen.c
Last Words :
Ok , you have done your (first) Keygen ;)
... I think , it wasnt that hard ...
I had some problems to write Keygens when i started to do Keygens ..
How and in which language to program in..
... I think "C" is very good / easy to write Keygens ... so ... enjoy it ;)
l8rz , [DrAg0n FFO99]
- See ya all in Lesson 8 soooon ;) -