Miscellaneous VB - Tutorial

"Well, if you were ever in any doubt as to how lame VB programmers actually are then this collection of decompiled forms and very basic HEX edited cracks by Bubba ought to leave you with no doubts. I recall reversing several of CT Softwares' earlier incarnations and finding the good code sat in memory lazily. Maybe real newbies to VB can gleen some small basic snippets from the decompiled forms." "Slightly edited by CrackZ."

http://www.ultisoft.com - Webpage.

Animated Chinese Checkers v1.x

I've personally hacked 75% of the programs from this company and it had been a while since my last visit. So, I downloaded a few of their new Windows 95 programs to see what they were like. Their previous titles were mostly VB3 & VB4, but this one was not, so as a challenge to myself, I thought I'd have a go.

This one caught my eye as it was one of my favourite types of board games - Animated Chinese Checkers (even though we'd spell it in the UK as chequers ... but we're like that over here!). I remember the original stuff I did as being available in Windows 3.1 and Windows 95 versions. I decompiled the 16-bit versions and 9 times out of 10, the serial number was listed in the source code in the first module..... and for some of the 32-bit only versions, the serial number was visible inside the code using a standard hex viewer.

So, just in case they had not learnt at all ... I dived in with HIEW under DOS. Searching for "reg", I found the text where the program informs the user that the serial is invalid .... I pressed Page Up and there it was .... in 3 locations !. If Ultisoft are never going to put in a decent key-generator routine to stop the programs being downloaded and registered within seconds then how are they ever going to make money for the authors ?.

Brickanoid

This one is different to the usual games published by Ultisoft. A so-so arcade game (of the ZX Spectrum era) created using Corel Click and Create .... one small-ish EXE file with the main data being stored in the file "BRICKAN.CCA". Never tried using Click & Create to make any games etc. - let alone hack something written with it.

I looked through the EXE for the usual ASCII references for "reg" and "invalid" etc. but nothing found. So, I try this large data file in case it contains something other than the graphics and sound for the game ..... Well, look what I found :) Searching for "reg", comes up with a number just above it ... *sigh* it can't be that easy, can it ?

Afraid it is ... another one bytes the dust :)

(CrackZ - Here we have a collection of decompiled registration forms, I assume obtained using DoDi's decompiler, read them and weep, especially if you happen to be called CT Software).

'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for YahtC v2.6 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

' FRMREGIN.FRM
Option Explicit

Sub Command1_Click ()
Dim l001A As String		
Dim l001E As Variant		
Dim l0022 As String		
    l001a = String(255, Chr$(0))			 ' Store Windows directory
    l001E = Left$(l001A, Get_Win_Dir(l001A, Len(l001A))) ' Get it's location
    l0022$ = l001E + "\win.ini"				 ' add \WIN.INI to it 

 
    ' The code below is the key that is checked .... I used a simple ASCII Table HLP file that
    ' I downloaded to work out this tough protection :)
    ' gv0032$ = "VCS,*24486"

    gv0032$ = Chr$(86) + Chr$(67) + Chr$(83) + Chr$(44) + Chr$(42) + Chr$(50) + Chr$(52) + Chr$(52) + Chr$(56)

    ' If a valid key is entered, but no name, then alert the dumb user and exit form :)

    If  Text2.Text = gv0032$ Then
    If  Text1.Text = "" Then
    MsgBox "Valid user name is required.", 48
    Text1.SetFocus
    Exit Sub
    End If

    ' extfn00CE (when examining the main declarations is WriteProfileString
    ' Stick users name into YahtC section of WIN.INI
    gv0022$ = Text1.Text
    gv0020% = extfn00CE("YahtC", "Name", gv0022$, l0022$)

    ' Stick users secret (?) code into YahtC section of WIN.INI
    gv0022$ = Text2.Text
    gv0020% = extfn00CE("YahtC", "Number", gv0022$, l0022$)
    
    ' Thank you for not paying and goodbye :)

    MsgBox "Registration information verified.", 64
    End

    ' You naughty pirate, you should enter the correct number :)

    Else MsgBox "Invalid registration information entered!", 48
    Text1.Text = ""
    Text2.Text = ""
    End If
End Sub

Sub Command2_Click ()
frmRegInfo.Hide
End Sub

'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for Craps v2.1 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

' FRMREGIN.FRM
Option Explicit

Sub Command1_Click ()
    '
    ' Well, looky here, he's using the same "protection" as the other titles .... dig out an ASCII
    ' table and the string works out to be ......
    '
    ' gv0014$ = "RC,PPT,757"
    '
    gv0014$ = Chr$(82) + Chr$(67) + Chr$(44) + Chr$(80) + Chr$(80) + Chr$(84) + Chr$(44) + Chr$(55) + Chr$(53) + Chr$(55)

    ' Correct text entered but no name ?

    If  Text2.Text = gv0014$ Then
    If  Text1.Text = "" Then
    MsgBox "Valid user name is required.", 48
    Text1.SetFocus
    Exit Sub
    End If

    ' Number is corrent and person remembered to type in their name this time, so let's write it to 
    ' WIN.INI ........

    gv0018$ = Text1.Text
    gv0012% = extfn00BE("Craps", "Name", gv0018$, gv0028$)
    gv0018$ = Text2.Text
    gv0012% = extfn00BE("Craps", "Number", gv0018$, gv0028$)
    MsgBox "Registration information verified.", 64
    End

    ' For those people unfortunate enough not to know how to use a VB Decompiler .....
 
    Else MsgBox "Invalid registration information entered!", 48
    Text1.Text = ""
    Text2.Text = ""
    End If
End Sub

'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for CT DiskCopy v1.2 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

' FRMREGIN.FRM
Option Explicit

Sub Command1_Click ()
Dim l0028 As String
Dim l002E As Integer

  ' This time, he has defined the "secret code" somewhere else in the code, but I've pasted the line here
  ' so you can see what he was doing (it was in the main code file DISK16)

  ' gv002A$ = Chr$(82) + Chr$(69) + Chr$(65) + Chr$(42) + Chr$(44) + Chr$(57) + Chr$(48) + Chr$(52) +     '           Chr$(44)
  ' Which in reality, equates to:-
  '
  ' gv002A$ = "REA*,904,"

  ' So his code is the same as the other programs, check the code and the name can be anything you like !

    If  Text2.Text = gv002A$ Then
    If  Text1.Text = "" Then
    MsgBox "Valid user name is required.", 48
    Text1.SetFocus
    Exit Sub
    End If
    
    ' Paying (?) customer found, dump contents of Name & Number into Registry.

    l0028$ = Text1.Text
    l002E% = extfn00D6("DiskCopy", "Name", l0028$, gv001E$)
    l0028$ = Text2.Text
    l002E% = extfn00D6("DiskCopy", "Number", l0028$, gv001E$)
    MsgBox "Registration information verified.", 64
    End

    ' What shall we do with a non-user of VB Discompiler ?  Kick him/her out :)

    Else MsgBox "Invalid registration information entered!", 48
    Text1.Text = ""
    Text2.Text = ""
    End If

End Sub

'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for CT Hotspot v1.02 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

' FRMREGIN.FRM
Option Explicit

Sub Command1_Click ()


  ' This time, he has defined the "secret code" somewhere else in the code, but I've pasted the line here
  ' so you can see what he was doing (it was in the main code file)


  '    gv0018$ = Chr$(115) + Chr$(52) + Chr$(48) + Chr$(48) + Chr$(44) + Chr$(57) + Chr$(49) + Chr$(51) +                   '              Chr$(44) + Chr$(42) + Chr$(49) + Chr$(49) + Chr$(51)

  ' The real code (decryption took a long time to work it out .... hmmm :) 
  ' gv0018$ = "s400,913,*113"

    If  Text2.Text = gv0018$ Then
    If  Text1.Text = "" Then
    MsgBox "Valid user name is required.", 48
    Text1.SetFocus
    Exit Sub
    End If
    gv0008$ = Text1.Text
    gv0006% = extfn00CB("HotSpot", "Name", gv0008$, gv001C + "\win.ini")
    gv0008$ = Text2.Text
    gv0006% = extfn00CB("HotSpot", "Number", gv0008$, gv001C + "\win.ini")
    MsgBox "Registration information verified.", 64
    End
    Else MsgBox "Invalid registration information entered!", 48
    Text1.Text = ""
    Text2.Text = ""
    End If
End Sub


'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for CT Swapper v1.1 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' FRMREGIN.FRM
Option Explicit

Sub Command1_Click ()
Dim l0028 As String
Dim l002E As Integer

    ' Oh gosh, what a surprise, it's the same routine again.... must go an grab my DES chip
    ' so that I can work out the code ........

    ' gv002C$ = Chr$(50) + Chr$(56) + Chr$(52) + Chr$(51) + Chr$(44) + Chr$(80) + Chr$(66) 
    '           + Chr$(83) + Chr$(44) + Chr$(55) + Chr$(42)

    ' Which in reality, is really ....
    '
    ' gv002C$ = "2843,PBS,7*"

    ' Not much point in describing what goes on here as I am tired of finding new ways to 
    ' describe writing to INI files etc. etc.  Look at the first of these tutorials/hacks to
    ' see my comments :)

    If  Text2.Text = gv002C$ Then
    If  Text1.Text = "" Then
    MsgBox "Valid user name is required.", 48
    Text1.SetFocus
    Exit Sub
    End If
    l0028$ = Text1.Text
    l002E% = extfn009B("Swapper", "Name", l0028$, gv0018$)
    l0028$ = Text2.Text
    l002E% = extfn009B("Swapper", "Number", l0028$, gv0018$)
    MsgBox "Registration information verified.", 64
    End
    Else : MsgBox "Invalid registration information entered!", 48
    Text1.Text = ""
    Text2.Text = ""
    End If
End Sub

Sub Command2_Click ()
frmRegInfo.Hide
End Sub

'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for CT Swapper v1.1 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

' FRMREGIN.FRM
Option Explicit

Sub Command1_Click ()

    ' Hmmm ...... I think you all know by now what this little line is setting up a variable for ?

    gv0052$ = Chr$(122) + Chr$(107) + Chr$(105) + Chr$(44) + Chr$(44) + Chr$(50) + Chr$(44) + Chr$(42) + Chr$(56) + Chr$(51) + Chr$(55) + Chr$(52) + Chr$(50)

    ' Decoded version is:-
    '
    ' gv0052$="zki,,2,*83742"

    If  Text2.Text = gv0052$ Then
    If  Text1.Text = "" Then
    MsgBox "Valid user name is required.", 48
    Text1.SetFocus
    Exit Sub
    End If
    gv0062$ = Text1.Text
    gv0060% = extfn011A("Notebook", "Name", gv0062$, gv006E$)
    gv0062$ = Text2.Text
    gv0060% = extfn011A("Notebook", "Number", gv0062$, gv006E$)
    MsgBox "Registration information verified.", 64
    End
    Else MsgBox "Invalid registration information entered!", 48
    Text1.Text = ""
    Text2.Text = ""
    End If
End Sub

Sub Command2_Click ()
frmRegInfo.Hide
End Sub

'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for CT Swapper v1.1 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

' FRMREGIN.FRM
Option Explicit

Private Sub Command1_Click ()
Dim l0028 As String
Dim l002A As String

' gv0022$ = Chr$(55) + Chr$(49) + Chr$(103) + Chr$(112) + Chr$(44) + Chr$(42) + Chr$(99)
' gv0022$ = gv0022$ + Chr$(109) + Chr$(112) + Chr$(44) + Chr$(52) + Chr$(57) + Chr$(57) + Chr$(52)

' gv0022$ was stored in another module, but I've brought it in here to make it easier :)
'
' gv0022$ = "71gp,*cmp,4994"

    If  Text2.Text = gv0022$ Then
    If  Text1.Text = "" Then
    MsgBox "Valid user name is required.", 48
    Text1.SetFocus
    Exit Sub
    End If
    l0028$ = Text1.Text
    l002A$ = Text2.Text
    gv0014% = extfn00C6("Safety Net", "Name", l0028$, gv001E$)
    gv0014% = extfn00C6("Safety Net", "Number", l002A$, gv001E$)
    MsgBox "Registration information verified.", 64
    End
    Else : MsgBox "Invalid registration information entered!", 48
    Text1.Text = ""
    Text2.Text = ""
    End If
End Sub

Private Sub Command2_Click ()
frmRegInfo.Hide
End Sub

Private Sub Form_Load ()
sub01A1 Me
frmRegInfo.Icon = Form1.Icon
End Sub

You have finished reading another tutorial courtesy of CrackZ's Reverse Engineering Page.
Find a quick way back to more documents with this link.

Back to Main Index
© 1998 Hosted by CrackZ. Bubba_Hacks 29th December 1998.
push ax