hello dudes =) today i will teach u how to crack vb apps with 3 Nags screens and a time limit!! i am sure you are saying : Fucking hard !! heheh !! i was tracing with S-ice when i got an idea !! i will explain how i did it !! 1)tools required : - Smart-check 6 - Hex editor - a brain =) 2)how to crack the nags !! so , for this we will use Smart check ! Load Oyc in SC and run it , click on the nag , wait for the ok button enable and then exit this shitty app... In smart check double clik on : frmOYCMain_load and look down until you found the ".show" of the form in smart check ! you will see this :
so, in this case the important thing is : frmstart.Show. At the right of smart check , you will see the offset where this is located and the file. for this nag we see that it is in : OYC.exe at the offset : 000FDA4D OK ! I suppose you are thinking what the hell i want to show u !! heheh now , i used my brain to kick that nag , coz we now that a nag can be called by a call , so i though why don't we go at this offset and look for the 1st call near it ? So , fire up your hex editor and go at this offset : 000FDA4D. ok , now you know that a call start with : E8.... in hex and his longer is 5 bytes !!! So , in your favourite hex editor do a search a E8 above this offset you will found : E8986FF0FF :) replace it by nop (90) and you will obtain : 9090909090 save your files (do a backup before) and run the file ! Like magic , the first Nag is killed !!!!!!!!!! Good !! hehe Now , it is time to kick the second nag !! you see on my picture above that there is another ".show" do the same that for the first nag and the timer and the nag will be out !! i won't show u the value to replace , coz it is exaclty the same that in the first nag. And it is good for you to practice :) i want to say u that , when we kicked this nag , we kicked the Time Limit of the prog too !! Good Feeling ! Ok , now the 3rd nag that won't be easy like the others !! So, in smart check , double clik on : "mnuFExit_click" (you will found it at the end of the smart check report) then double click on "frmOYCMain_Unload" and scroll down until u see : "frmEnd.Show" so look at the right and take the offset : 1001A1 Ok , now you say , we will do like the 2 others , and that will be good ! heheh , nop!! doesn't work !!! Ok , i though a little and i remembered that you can look for a jump to kick a nag , and in vb apps i always see JUMP like this : OF84 or OF85 =) so, use your hex editor and go to this offset : 1001A1. Do a seach of "0F" in the upper direction.And we have found : 0F849A000000 so replace it by 0F859A000000 (the je become jne) and save your files... Now , run it !! No more nags , time limit !!!!!! Great , we made it !! 3)Notes: i wrotte this tut to show , that we can patch VB apps and sometimes a brain is more useful that tracing with Sice (i said : sometimes). So, this way to crack vb nags don't work all the time , but i cracked some apps using this way , so , don't be mad on me :) if you see that the offset is in the MSVBVM50 or 60 dll , just do a copy of it and place it in the app direcoty and now patch it.Like that the Prog will use this Dll and not the one in Windows\system. You won't be have prob with others apps who use the dll !! I hope this tutorial was not too boring and sorry for my bad english... if you have any questions , mail me to : ACiD_BuRN@nema.com or email@example.com if you crack one app a day using this way , tell me plz :) Greetings to : ALl ReFLeXZ TeaM , All ECLiPSE TeaM , ALL PWA team , ALL Toxic TeaM and all CrossOver Team coz i am member in this cool groups !! Also greets to : tKC , BuLLeT , Duelist , Eternal Bliss , HarvestR, Parker, Agora , duelist , R!SC , Lucifer48 , tC , Pozeidon ... if i forget to put ur name here , sorry coz too many people to greets !! and Maybe you can found me on IRC on Effnet under this channel : #c.i.a , #cracking4newbies ... ACiD BuRN
rough the code until you find........
Double (209952)-->Long (209952)
Hmm, this was
very interesting, can this be a part of the valid serial?
Three strings down we can see......
Long (209952)-->String ("209952")
An other tree strings down we find......
Long (xxxxxxx)-->String ("xxxxxxx")
And farther down we find.............
Long (xxxxx)-->String ("xxxxx")
i think that this can be the valid serial, but to confirm and see so that
missing anything let`s check the routine!
Go up to: Long(209952)-->String ("209952")!
Make sure the blue bar is on it!
Go to "View" and choose: "Show All Events" now you will see almost everything
that happens inside the program.
This is what we see.............
Long(209952)-->String ("209952") <= Here we are!
__vbaStrMove returns DWORD:4D4F08
__vbaStrCat returns DWORD:481BB8
__vbaStrMove returns DWORD:481BB8
Len returns LONG:9
__vbaStrMove returns DWORD:4D0BC4
__vbaStrCat returns DWORD:4D8814
__vbaStrMove returns DWORD:4D8814
__vbaStrMove returns DWORD:4E0E88
= "y" <= This 'y' symbolize a sign!
__vbaStrCat returns DWORD:4D62AC
__vbaStrMove returns DWORD:4D62AC
__vbaStrVarVal returns DWORD:4D4E28
Asc returns Integer:67
Len returns LONG:9
__vbaStrVarVal returns DWORD:4D5418
Asc returns Integer: 111
__vbaStrMove return DWORD:4E0760
__vbaStrCat returns DWORD:4D87D0
__vbaStrMove return DWORD:4D87D0
If you jump down to...........
__vbaStrCmp returns DWORD:FFFFFFFF
compare string1 and string2
string1= valid serial
string2= fake serial
__vbaFreeStr returns DWORD:1
I would like to thank:
Razzia, for making me interested in VB in the first place!
Jeff, for making me come back to the VB environment after a long vacation!
Eternal Bliss, for providing us with a great VB source!
MiZ, Bjanes, The Sandman and my friends in TRES2000!
The information in this essay is for educational purpose only!
You are only allow to crack, reverse engineer, modify code and debugg programs that you legaly bought and then for personal use only!!
To ignore this warning is a criminell act and can result in lawful actions!
So please note!
I take no responebility for how you use the information in this essay, i take NO responebility for what might happen to you or your computer! You use this information on your own risk!!
What i mean is: Please buy the software!