Spynet Internet Mail


Level: Easy
Date: 10/31/1999 Happy Halloween :)
File: spymail.zip (175KB)





Spynet Internet Mail is a small email program that can be used to quickly send or get E-Mail. I know the programmer, but as soon as he got recognized by software magazines, he became an ass hole, so I chose this program to do a tutorial on. This is actually the first program I ever cracked...ahh sweet revenge. He seems to be a good programmer, but lacks in protecting his software. This program comes down to reversing a single jump. First, load the program in W32DASM. If you don't have it, go to http://zencrack.cjb.net/ and download it from the tools section. This is my favorite site by the way :) Let's get back on track. When you load it, go into the string data refs section (ALT + R + S). Search for the string "error: inc...". Wow, it's right there. This promises to be easy. Double click it and you see this:

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409F66(C)
|
:00409FB1 6A10 push 00000010

* Possible StringData Ref from Data Obj ->"Spynet Internet Mail - application "
->"error"
|
:00409FB3 6824C44100 push 0041C424

* Possible StringData Ref from Data Obj ->"error: incorrect registration "
->"key."
|
:00409FB8 68CCCE4100 push 0041CECC
:00409FBD 55 push ebp

* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:00409FBE FF1510384200 Call dword ptr [00423810]

Go to the blue highlighted address, 00409F66. You see this:

:00409F66 7449 je 00409FB1
:00409F68 6A30 push 00000030

* Possible StringData Ref from Data Obj ->"Spynet Internet Mail"
|
:00409F6A 6850C44100 push 0041C450

* Possible StringData Ref from Data Obj ->"Thank you for registering Spynet "
->"Internet Mail 1.0!"
|
:00409F6F 68F8CE4100 push 0041CEF8
:00409F74 55 push ebp

* Reference To: USER32.MessageBoxA, Ord:01BEh
|
:00409F75 FF1510384200 Call dword ptr [00423810]

Wow! This looks EXTREMELY easy :) Let's go into our hex editor and change the blue highlighted bytes. You should always search for the few bytes before the jump with the jump, in order to get an accurate position. If you don't, you may change something...important :) After searching for it in your hex editor, change it from 7449 to 9090 and note down the offset. This will make it go straight to "you registered". You COULD change it to JNE, but then it would only jump if they entered an invalid serial. Test it by running the program and entering any serial...Wow! It works. Now to make a patch. I do everything in Windows 32 Assembly language.


from these tuts, I know that in