A Cheater's Key Generator
Please Read The Disclaimer
Initially, I thought this program would be a bit tougher to bust. Even upon disassembly, it looked like I'd need to patch in at least a couple areas. But, as you'll see, we need only change one byte, and in the process (was a pleasant surprise to me), we force the program to give us our PROPER serial number :)
Prepare To Crack
Let's gather a bit of information about our target first (you'll see why later). Open Regmon, and if an initial screen doesn't greet you, you'll need to choose "Filter" from the "Options" menu item. Type "Actionpl" into the "Process Include(s)" box (this is the handle of the program).
Run the program, then
close it right away. Now we can look at the data in Regmon, to
see if anything interests us. There are quite a few lines, but
the two areas that interest us are as follows:
We now know that this program utilizes the Windows 95 registry to store our information. Two keys will be required -- HKCU\Software\Slackerz 'R' Uz\ActionPlayer\Settings\UserName and HKCU\Software\Slackerz 'R' Uz\ActionPlayer\Settings\RegCode. Remember this for later. (I'm wondering where "Slackerz 'R' Uz" came from -- wonder if he was referring to his protection?)
Make The Crack
Load the program into
Wdasm ("Disassemble", "Open file to disassemble"). Once your dead-listing
is complete, open the SDR window ("Refs", "String Data References").
Look for anything of interest -- the most promising is obviously "Thank
you for registering ActionPlayer". Double click on this string,
and you'll land here:
Since we saw in Regmon that the registration information is stored in the registry, I assumed patching the conditional jump above would give me the "Thank you..." message, but that I'd still need to reverse the registry access routine in order to make the program accept any information I entered. I was wrong!!!
Highlight the line "jne 0040523E" and get the offset from below (should be 000045C4h (45C4)). Make a copy of the program, and open it in HIEW.
1) Press F4 to get
to hex view
Now you can register the program with any information. As usual, I assumed this was just the first part of the crack, but upon closing and restarting the program, I was still registered!!! We also know where our registration information is stored now, because of our preparations with Regmon.
So, open up regedit, and find the proper key (HKCU\Software\Slackerz 'R' Uz\ActionPlayer\Settings\), and there it is, our correct serial number -- we've successfully created a "Slackerz" key generator :)
Copyright © 1999 Volatility And The Immortal Descendants. All Rights Reserved.