Norton Utilities v3.0

Written by McCodEMaN

Introduction


Greetings and welcome to the noble art of reverse engineering!


This is a very nice and useful utility, the only disadvantageis that it may slow down the preformance on old computers withvery little physmb.
Norton will however solve and fix many of your problems!

The protection is the same as in the antivirus and uninstall, so if you have read any of this tuts..try to solve this one by yourself...you will learn mutch more this way!!!



Tools required

Numega Softice v3.22



Target's URL

http://shop.symantec.com/cgi-bin/trialware/



Essay

 



Ok! the first thing we are going to do, is to fool the program that we have been connected to symantec and recived the unlockingcode!
The reason we do that, is to get the hidden "Unlocking-window".


Step1. Run Norton Utilities and click on [Buy Now].

Step2. Then exit Norton and go to: "c:\windows " and open rsagent.
xxxxxx If you trace down in the file you will soon find:

xxxxxx mailstat=0
xxxxxx change the value to: '1'.

Step3. Run Norton again and choose [Buy Now].

Step4. Start Softice by holding down Ctrl and D.

Step5. Type: bpx getdlgitemtexta and press enter!


Step6. Press 'F5' to return to norton, back in norton type in: first name, last name and
xxxxxx this fake code: 1234567890, then press
xxxxxx [OK] and softice will break due to getdlgitemtexta.

Step7. Press 'F11' once!


Step8. Trace through the code with 'F10' intill you see...

xxxxxxxxx :100056A8xx 51xxxxxxxxxxxxxxxxxxxx PUSHxx ECX
xxxxxxxxx :100056A9xx 52xxxxxxxxxxxxxxxxxxxx PUSHxx EDX
xxxxxxxxx :100056AAxx 50xxxxxxxxxxxxxxxxxxxx PUSHxx EAX
xxxxxxxxx :100056ABxx E8D0620000xxxxxxxxxx CALLxx 1000B980
xxxxxxxxx :100056B0xx 83C40Cxxxxxxxxxxxxxxx ADDxxx ESP, 0C
xxxxxxxxx :100056B3xx 8D8C24D8000000xxxxxx LEAxxx ECX,[ESP+000000D8]

xxxxxx Type: d ecx =>The valid unlocking code!

Step9. Well...ok, now for the push!
xxxxxx Go to....

xxxxxxxxx :100056BFxx 51xxxxxx PUSHxxx ECX =>Push valid unlocking code to the stack!

xxxxxx and dump (d ecx) =>Valid unlocking code!

Step10. Type: bc* to delete all breakpoints.



OK! that`s it!

Final Notes



When ever there is a door,
there is an entrance.
And behind an entrance can no secret hide,
when a cracker takes his knowledge for a ride



ObDuh 

The information in this essay is for educational purpose only!
You are only allow tocrack, reverse engineer, modify code and debugg programs that you legaly bought andthen for personal use only!!
To ignore this warning is a criminell act and can result in lawful actions!

So please note!
I take noresponebility for how you use the information in this essay, i take NO responebilityfor what might happen to you or your computer! You use this information on your own risk!!

What i mean is: Please buy the software!





BACK




Essay written by McCodEMaN ŠTRES2000. All Rights Reserved.

sp; ADD     ESP,04
   :00401476    MOV     EBX,EAX
   :00401478    PUSH    00414094                 ; "Gregory Braun"
   :0040147D    PUSH    EDI                      ; "cRACKiNG tUT0RiAL"
   :0040147E    CALL    [KERNEL32!lstrcmp]       ; compare them
   :00401484    TEST    EAX,EAX
   :00401486    JNZ     004014AC
   :00401488    PUSH    00414080                 ; "Software By Design"
   :0040148D    PUSH    EBP                      ; "N/A"
   :0040148E    CALL    [KERNEL32!lstrcmp]       ; compare them
   :00401494    TEST    EAX,EAX
   :00401496    JNZ     004014AC
   :00401498    CMP     EBX,0000038D
   :0040149E    JNZ     004014AC
   :004014A0    PUSH    EBP
   :004014A1    PUSH    EDI
   :004014A2    CALL    00403500
   :004014A7    ADD     ESP,08
   :004014AA    MOV     EBX,EAX
   :004014AC    PUSH    EBP                      ; "N/A"
   :004014AD    PUSH    EDI                      ; "cRACKiNG tUT0RiAL"
   :004014AE    CALL    00403500                 ; calculate real code
   :004014B3    ADD     ESP,08
   :004014B6    CMP     EAX,EBX                  ; compare real & fake code
   :004014B8    JZ      004014D8                 ; JMP if Reg # is ok

So you just have to do a "? EAX" at 4014B6 in SoftICE and you get the real code - the fake code is stored in EBX.You should know how to crack File Shredder 2.5 now.
 
Another target has been Reverse Engineerd. Any questions?

 
 

 
If you're USING File Shredder 2.5 BEYOND it's FREE TRIAL PERIOD, then please BUY IT.


Copyright © 1998 by TORN@DO and The Immortal Descendants. All Rights Reserved.

BACK