NUKEM

Who'sWeb version 1.12

Da-Breaker-Crew

Download Programm: http://www.logipole.com

Download Tutorial: http://kickme.to/dbc

Tools:

NuMega Softice 4.00

Easy [X]___Medium [ ]___Hard [ ]

|
|

Protection

This small application calls a *.lic license file on startup if it not there it start at unregistered.
But with a valid Name Serial combination we can create this *.lic file.

Start Cracking

Start Who`sWeb and turn to the Registration Dialog.
So type your dummy data in it,

Nom: NUKEM

Prenom: DBC

Clef: 121212

hit the OK button and wow wonder, it be the wrong data :-Þ
Ha but we type our dummy data again in it but before we hint the OK button let us set a Breakpoint in Softice.

Crtl+D and set bpx getdlgitemtexta [Enter]
Now hit the OK button and *wam* we are back in Softice again.

:0040430D 85C0 test eax, eax // we start here
:0040430F 7538 jnz 00404349 // jump below to location
:00404311 6A10 push 00000010
:00404313 6864454100 push 00414564
:00404318 6814454100 push 00414514
:0040431D 55 push ebp
:0040431E FF1594214100 Call dword ptr [00412194]
:00404324 6871040000 push 00000471
:00404329 55 push ebp
:0040432A FF15B8214100 Call dword ptr [004121B8]
:00404330 50 push eax
:00404331 FF15F0214100 Call dword ptr [004121F0]
:00404337 B801000000 mov eax, 00000001
:0040433C 5F pop edi
:0040433D 5E pop esi
:0040433E 5D pop ebp
:0040433F 5B pop ebx
:00404340 81C484070000 add esp, 00000784
:00404346 C21000 ret 0010

:00404349 8B1D98214100 mov ebx, dword ptr [00412198] // land here

Trace two times trough the code and stop at PUSH EDX

:0040434F 8D542414 lea edx, dword ptr [esp+14]
:00404353 52 push edx

look what behind the EDX , NUKEM, DBC, 121212
yeah it looks our data, fine the first part be finishd now we have to find the valid data.

:00404354 8D44246C lea eax, dword ptr [esp+6C]
:00404358 6868404100 push 00414068
:0040435D 50 push eax
:0040435E 8D8C24A0050000 lea ecx, dword ptr [esp+000005A0]
:00404365 680C454100 push 0041450C
:0040436A 51 push ecx
:0040436B FFD3 call ebx
:0040436D 8DBC24A8050000 lea edi, dword ptr [esp+000005A8]
:00404374 83C9FF or ecx, FFFFFFFF
:00404377 33C0 xor eax, eax
:00404379 83C414 add esp, 00000014
:0040437C F2 repnz
:0040437D AE scasb
:0040437E F7D1 not ecx
:00404380 2BF9 sub edi, ecx
:00404382 8D942490010000 lea edx, dword ptr [esp+00000190]
:00404389 8BC1 mov eax, ecx
:0040438B 8BF7 mov esi, edi
:0040438D 8BFA mov edi, edx
:0040438F C1E902 shr ecx, 02
:00404392 F3 repz
:00404393 A5 movsd
:00404394 8BC8 mov ecx, eax
:00404396 8D842490010000 lea eax, dword ptr [esp+00000190]
:0040439D 83E103 and ecx, 00000003
:004043A0 F3 repz
:004043A1 A4 movsb
:004043A2 8A8C2490010000 mov cl, byte ptr [esp+00000190]
:004043A9 84C9 test cl, cl
:004043AB 741F je 004043CC
:004043AD 80385F cmp byte ptr [eax], 5F // land from :004043CA 75E1 jnz 004043AD
:004043B0 7503 jne 004043B5
:004043B2 C60020 mov byte ptr [eax], 20
:004043B5 0FBE08 movsx ecx, byte ptr [eax]
:004043B8 334C2410 xor ecx, dword ptr [esp+10]
:004043BC 81F1CE9A5713 xor ecx, 13579ACE
:004043C2 40 inc eax
:004043C3 894C2410 mov dword ptr [esp+10], ecx
:004043C7 803800 cmp byte ptr [eax], 00

:004043CA 75E1 jnz 004043AD // jumps up

in the lines above, if you look behind the eax we can se that our NOM: and PRENOM: added to the Application Name " DBCWho`sWebNUKEM "
In a LOOP it take every Chr. after this Loop step nine times F10 trough the code

:004043CC 8B442410 mov eax, dword ptr [esp+10]
:004043D0 8D9424BC000000 lea edx, dword ptr [esp+000000BC]
:004043D7 35F0BD6824 xor eax, 2468BDF0
:004043DC 52 push edx
:004043DD A3CC654100 mov dword ptr [004165CC], eax
:004043E2 E818480000 call 00408BFF
:004043E7 8B0DCC654100 mov ecx, dword ptr [004165CC]
:004043ED 83C404 add esp, 00000004
:004043F0 3BC1 cmp eax, ecx // compare our dummy serial with the valid one
:004043F2 742E je 00404422 // bad boy

so look at EAX = 000000121212 ECX = 003684123206 [? EAX ? EDX]

he let us test and great it be the right.

Closing remark

This Application be very easy to crack, maximum 4 minutes you'll need to find your Serial.

Greets to:

ploppy, Manycracker, DYCUS, FuzzyCat, draXXter, Mr.White[WKT], fREaKaZoiD, rAidri, gloryx, Kylock, Kelly, cELTICa, figugegl, notice!, Milhouse, WAHNS, Hamst,
Cassandra, +fravia, PlAyEr, Satanic_Brain, ManKind, Savatage, |NEO|, uzZi, SiNa, Shockwave, s@nDOk@n.