Please Read The Disclaimer Before Continuing.
Prepare To Crack:
My entire motive for cracking this program, is that PrimaSoft puts out some goofy ass software that literally annoys the piss outta me! This program is about the most normal one of the bunch!
Anyway... run the program, and you'll see a nag screen, telling you that you have 30 days to evaluate the product. When the program comes up, you'll see there is no place to enter your registration information. Hmm... a hidden registration? Click on the "Exit" button, and there's our answer, another nag screen, but this one with the option to enter registration.
Go to the registration screen and enter some test data. For this program, let's try the HMEMCPY function. Press Cntrl+D to enter Soft-Ice, and set a breakpoint on HMEMCPY (BPX HMEMCPY).
Making The Crack:
Press Cntrl+D again to
exit out of Soft-Ice, and click on the "Ok" button. Soft-Ice breaks.
Press F11 to get into the code. You'll see down on the line above the
command window the string "USER(0A). This isn't where we want to be,
so step through the code using F10 until you see the string "PSDIAL!CODE"
on the line. You should now be here:
If you step through this routine, looking for a compare and a jump, you can find the place where the user name you entered is stored. This isn't where we want to be either. We want to be in the routine where our serial number is stored. So... step ALL the way through the code again using F10 until you see the string 'PSDIAL!CODE" on the line again.
Now we're in the serial
number routine. Slowly step through the code using F10, until we get
to the compare and jump. You should be here:
From my comments above, you should be able to find your correct serial number. If not, you need to press F10 until the line "0137:00480C5B TEST AL,AL" is highligted. Then, since your serial number is stored in EDX, display it by typing: d EDX. (you'll need to press ALT+Up Arrow keys a couple times to see your serial).
My serial number was 674482699-214 (Cracked By Volatility [ID] for my user name). Don't be a lamer, use your own serial number.
If time permits, I'll add more to this essay, showing you how to crack by getting a dead-listing and patching with a hex editor.
Copyright © 1998 Volatility And The Immortal Descendants. All Rights Reserved.
why do programmers bother creating long and or complicated serial numbers for their programs when it's usually so easy to simply sniff out the *real* serial code just by following a few lines of code.
Since I cracked this program without using
a Dead Listing I won't tell you to go and create one using W32Dasm but
if you really want to learn more about this program it might be a good
idea to create one all the same..
First things first..
Run up the program then select the 'File' menu then the 'Register..' option.
You should now be in a simple looking Registration Screen.
Fill in your Name/Handle and a fake serial number.
Before clicking on the 'Ok' button press 'Ctrl-D' to activate Softice then type: bpx messageboxa. Now press 'x' to leave Softice.
Now you can click
on the 'OK' button.
Softice now breaks at the start of the messageboxa system function.
Press the 'F11'
key once and click on the 'OK' button to the message saying your serial
code was invalid. Softice should break here..
:00423815 68A7E04400 push 0044E0A7 ;Messagebox Title
:0042381A 6842DF4400 push 0044DF42 ;"You've entered invalid.."
:0042381F 53 push ebx
:00423820 E848550100 Call USER32.MessageBoxA
:00423825 E979010000 jmp 004239A3 ;We return here
What I normally do here is to scroll the Softice Assembly window until I come across the first occurrence of the following assembler instructions which are nearly always very close by:-
cmp Register,Register (or test Register,Register)
The first set of
these instructions I came across I discounted because it was to do with
creating a messagebox:-
push 0044DE6C ;"Thank you for registering"
:004237F0 53 push ebx
:004237F1 E877550100 Call USER32.MessageBoxA
:004237F6 85F6 test esi, esi
:004237F8 7430 je 0042382A
OK, no problem, I now scrolled up a few more lines and Bingo!, I found another classic set of my favorite set of instructions here:-
:004237CF E80C960000 call 0042CDE0 ;Compare serials
;eax=ffffffff if fail
;eax=1 if correct
:004237D4 83C408 add esp, 00000008
:004237D7 85C0 test eax, eax ;serial correct?
:004237D9 7502 jne 004237DD ;No? then jump
If you have a dead
listing close by for this program then you'll see how close all these instructions
are to our original Softice breakpoint on messageboxa.
At this point I cleared all of Softice's previous breakpoints by typing: bc *
then I type: bpx 004237cf then x to leave Softice.
Now re-run the registration process again and once again Softice breaks but this time on our newly created breakpoint at: 004237cf
Press the 'F10' key once, yep that's right don't trace into this call, just step over it. Now it's interesting to monitor the state of the pc's registers after you've just skipped over a call because this can reveal quite a lot about what the call has just been doing.
So now type: D ecx and you'll see in Softice's code window the *real* serial number you need to use to register this babe!.
If you type D edx then you'll see your *fake* serial.
Now re-run this program
but now use the *real* serial number you've just sniffed out.
My thanks and gratitude goes to:-
Fravia+ for providing possibly the greatest source of Reverse Engineering
knowledge on the Web.
+ORC for showing me the light at the end of the tunnel.
Ripping off software through serials
and cracks is for lamers..
If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks etc.
|Next||Return to Essay Index||Previous|
, dword ptr [ecx+01] ;