dRaG0n´s CrAcKinG Lesson 3
Tools you need
- Softice V.3.X
- W32dasm V8.X
- Winamp V2.X
- Hiew 5.xx
Introduction
Hey ya ...
Welcome to Lesson 3 =) ...
Our target is Winamp V2.0 ... i think very much ppl are using it , cause it´s a very great
program ...
I hope u will enjoy thiz Lesson ... so Lets ´rOck.. :-)
Cracking Winamp V2.0 with Softice
I will do thiz in Steps , so its better to Understand :-) .. like in the other Lessons ...
Step 1
Run Winamp , go to "Winamp..." / "Shareware" / "Enter licence info" ....
Step 2
Enter "dRag0n FFO98" as name and "777777" as dummy serial .. enter S-iCE ...
Now we´ll set the most common Breakpoints .
"Bpx GetDlgItemTextA"
"Bpx GetWindowTextA"
Now leave S-iCE .
Step 3
Press "Ok" button and let S-iCE break ... wHat dA heLl is thAt ?!?
We cannot press the "OK" button ... hmmm .. hehe ...
To let S-iCe break we just have to enter any more number to the sErial box ...
Ahh..."break duo to BPX GetDlgItemTextA ... "
Step 4
Now press "F11" to go to where it was called from ... You will see following Code now ..
:00403717 FF15E8664400 Call [User32!GetDlgItemTextA] ; Get text in Box
:0040371D 53 Push EBX ; Push Ebx to Stack
:0040371E 53 Push EBX ; Push Ebx to Stack
:0040371F 688C040000 Push 0000048C ; Push 48C to
:00403724 FF7508 Push Dword Ptr [Ebp+08] ; Push Value from
; [Ebp+08] to Stack
:00403727 FF15B0664400 Call [User32!GetDlgItemInt] ; Get Text in Box
:0040372D 8BF0 Mov Esi,Eax ; Move Eax -> Esi
:0040372F 8D4580 Lea Eax,[Ebp-80] ; Eax = Ebp-80
:00403732 50 Push Eax ; Push Eax to Stack
:00403733 E8407C0000 Call 0040B378 ; The Call to the
; Calculation algor. ;)
:00403738 83C404 Add Esp,04 ; Add 04 to Esp
:0040373B 3BC6 Cmp Eax,Esi ; After Calculating
; the code in the call
; above , it Compares
; our dummySerial with
; the right one ...
:0040373D 7509 Jnz 00403748 ; Jump to "BAD
; CRACKER" else to
; "Good Buyer" =)Step 5
So ... After haveing a good look at the asm code, we notify , that there´s a compare between Eax,Esi ... Trace with "F10" till you are on this "Cmp Eax,Esi" command .
Step 6
Now do a "? esi" and you will see your dummy code ... like thiz ...
" 00012FD1 0000077777 Ascii here "Now do a "? eax" .. and what do we see ?
" 0101E7CE 0016902094 Ascii here " ... our real Serial ... =)Step 7
Write "16902094" down and do " BD * " to disable all breakpoints ... and leave SiCE ..
Replace our dummy serial with the number we got ... WoW .. we can press the "OK" button now , kewl ..
----- Licenced to : dRag0n FFO98 (16902094) -----
Last Words
Great , we got it ;) ... Now remove the last "RegisteredTo" line in your Winamp.ini ...andtry to crack it without thiz tutorial =)
So , that wasn´t that hard ... hehe ... but like i always say .. Learning by doing .. =) ..
Ok , Star Trek Voyager comes now on tv .. have to see it .. hehe ;-)
Hope to see you in Lesson 4 =) ..
L8r . . . dRag0n FFO98
