Norton Utilities v3.0
Greetings and welcome to the noble art of reverse engineering!
Numega Softice v3.22
Ok! the first thing we are going to do, is to fool the program that we have been connected to symantec and recived the unlockingcode!
The reason we do that, is to get the hidden "Unlocking-window".
Step1. Run Norton Utilities and click on [Buy Now].
Step2. Then exit Norton and go to: "c:\windows " and open rsagent.
xxxxxx If you trace down in the file you will soon find:
xxxxxx change the value to: '1'.
Step3. Run Norton again and choose [Buy Now].
Step4. Start Softice by holding down Ctrl and D.
Step5. Type: bpx getdlgitemtexta and press enter!
Step6. Press 'F5' to return to norton, back in norton type in: first name, last name and
xxxxxx this fake code: 1234567890, then press
xxxxxx [OK] and softice will break due to getdlgitemtexta.
Step7. Press 'F11' once!
Step8. Trace through the code with 'F10' intill you see...
xxxxxxxxx :100056A8xx 51xxxxxxxxxxxxxxxxxxxx PUSHxx ECX
xxxxxxxxx :100056A9xx 52xxxxxxxxxxxxxxxxxxxx PUSHxx EDX
xxxxxxxxx :100056AAxx 50xxxxxxxxxxxxxxxxxxxx PUSHxx EAX
xxxxxxxxx :100056ABxx E8D0620000xxxxxxxxxx CALLxx 1000B980
xxxxxxxxx :100056B0xx 83C40Cxxxxxxxxxxxxxxx ADDxxx ESP, 0C
xxxxxxxxx :100056B3xx 8D8C24D8000000xxxxxx LEAxxx ECX,[ESP+000000D8]
xxxxxx Type: d ecx =>The valid unlocking code!
Step9. Well...ok, now for the push!
xxxxxx Go to....
xxxxxxxxx :100056BFxx 51xxxxxx PUSHxxx ECX =>Push valid unlocking code to the stack!
xxxxxx and dump (d ecx) =>Valid unlocking code!
Step10. Type: bc* to delete all breakpoints.
OK! that`s it!
sp; ADD ESP,04
:00401476 MOV EBX,EAX
:00401478 PUSH 00414094 ; "Gregory Braun"
:0040147D PUSH EDI ; "cRACKiNG tUT0RiAL"
:0040147E CALL [KERNEL32!lstrcmp] ; compare them
:00401484 TEST EAX,EAX
:00401486 JNZ 004014AC
:00401488 PUSH 00414080 ; "Software By Design"
:0040148D PUSH EBP ; "N/A"
:0040148E CALL [KERNEL32!lstrcmp] ; compare them
:00401494 TEST EAX,EAX
:00401496 JNZ 004014AC
:00401498 CMP EBX,0000038D
:0040149E JNZ 004014AC
:004014A0 PUSH EBP
:004014A1 PUSH EDI
:004014A2 CALL 00403500
:004014A7 ADD ESP,08
:004014AA MOV EBX,EAX
:004014AC PUSH EBP ; "N/A"
:004014AD PUSH EDI ; "cRACKiNG tUT0RiAL"
:004014AE CALL 00403500 ; calculate real code
:004014B3 ADD ESP,08
:004014B6 CMP EAX,EBX ; compare real & fake code
:004014B8 JZ 004014D8 ; JMP if Reg # is ok
So you just have to do a
"? EAX" at 4014B6 in SoftICE and you get the real code - the fake code is stored
in EBX.You should know how to crack File Shredder 2.5 now.
Another target has been Reverse Engineerd. Any questions?
If you're USING File Shredder 2.5 BEYOND it's FREE TRIAL PERIOD, then please BUY IT.
Copyright © 1998 by TORN@DO and The Immortal Descendants. All Rights Reserved.