Copy Link
Add to Bookmark
Report

dRaG0n´s CrAcKinG Lesson 7

eZine's profile picture
Published in 
dRaG0n CrAcKinG Lesson
 · 5 months ago

Tools you need

  • Softice V.3.X
  • W32dasm V8.X
  • Editor+ V3.0 Light
  • Hiew 5.xx

Introduction

hi aaaaggggaaaiin ;) ... Long time didnt write a tut´ , its time to CRACK again ...
In thiz tutorial , i will show you , how easy it is to programm a [KeyGen] for Editor+ V3.0 ..
... YeAh ... KeYgens R cool , huh ;) ... let´S rOCK !

Cracking Editor+ V3.0 Light with Softice

I will do thiz in Steps , so its better to Understand :-) .. like in the other Lessons ...

Step 1

Run Editor+ V3.0 (What a fuckin´ bad Nag , hehe) and go to "?/Registration"

Step 2

Enter "DrAg0n" as name , and "77777" as dummy Code , enter S-iCE ...
Now we´ll set the most common Breakpoints .

GetDlgItemTextA and GetWindowTextA dont work , so we take ..

"Bpx hmemcpy"

Now leave S-iCE .

Step 3

Press "Ok"..."break duo to BPX Kernel!Hmemcpy ... "

Step 4

Now press "F5" to get to the second (Serial) Box ... Press "F11" to go to Caller..

Now you´ll see that we arent in the right place, see "USER(03)" .. K .. Hit "F10" till you are in the "EDiTORPL!CODE+xxxxxxx" section ...

If you trace a bit (F10) , you´ll see that there are only many ret commands here , so trace as long , till you´re at the right code ... on Location xxxx:004ACA3E ..


This is the only code we´ll need ...

           :0042C940  33DB        xor ebx, ebx 
:0042C942 8B45F8 mov eax, dword ptr [ebp-08]
:0042C945 E8926BFDFF call 04034DC
:0042C94A 83F802 cmp eax, 00000002
:0042C94D 7E3C jle 0042C98B
:0042C94F 83FE01 cmp esi, 00000001
:0042C952 7E37 jle 0042C98B
:0042C954 8B45F8 mov eax, dword ptr [ebp-08]
:0042C957 E8806BFDFF call 004034DC
:0042C95C 85C0 test eax, eax
:0042C95E 7E13 jle 0042C973
:0042C960 BA01000000 mov edx, 00000001
:0042C965 8B4DF8 mov ecx, dword ptr [ebp-08] ; Mov *our name* to ECX
:0042C968 0FB64C11FF movzx ecx, byte ptr [ecx+edx-01] ; Get first Char ->
; Decimal to ECX
; ex.: D -> 44 -> ECX ;-)
:0042C96D 03D9 add ebx, ecx ; Add Ecx (Name Decimal) to EBX
:0042C96F 42 inc edx ; not intresting(prog.Counter)
:0042C970 48 dec eax ; " " "
:0042C971 75F2 jne 0042C965 ; Is there a next Char after "D" ,
; Then goto 42C965 , get decimal
; and add it to EBX ...
; If finished , go on ..
:0042C973 81C3C0070 add ebx, 000007C0 ; Heres the clue, "7C0" ... It add
; 7C0 (1984) to our Decimal pool
; of our name ( EBX ) ..
:0042C979 3BF3 cmp esi, ebx ; Compare fake Reg with Real Ser.
; do "? esi" or "? ebx" to see it.
:0042C97B 7508 jne 0042C985 ; Good Buyer or Bad Cracker JMP !

Step 5

Ok ... I´ll explain the things from above again ...

1 . The program gets every Decimal Value from every Char in the name and add them to the , we call it Decimal-Pool ...

ex.: D -> 44 -> Pool .. R --> 52 --> Pool ... etc.. Pool would be 96 (HEX) .. ok ?

2 . Then , when every char of Name has been added to the Pool , it simple adds 7C0 (HEX) = 1984 (Decimal) to the Pool ... Thats it !

3 . So , since my proged Keygen only calculate Chars to decimal , we have to add 1984 to the pool , cause 1984 is the Decimal of 7C0 .. do "? 7C0" in SiCE to see it !

Here´s the code of my keygen ... I wrote thiz in "C" with some Creditz to "CrAckZ" for help !

I Think , its self explaining ... Compile it with any Dos - C - Compiler ;)


The Source Code :

// This Code is copyrighted to Drag0n FFO99 .. Do with it what ya want ;) 

#include <stdio.h>
#include <string.h>

int main(void)
{
char Name[30];
int NameLength, Offset;
long int Regsum = 0;

// Display Logo

printf(" \n");
printf(" EDiTOR+ LIGHT v3.0 [KeyGen] \n\n");
printf(" ÜÜÜÜÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜÜÜÜÜ \n");
printf(" ÜÛß ÜÜÜÜÜÜÜ Û ÜÛß ÜÜÜÜÜÜÜ Û \n");
printf(" ÜÛßß ÜÛÛÛÛÛÛÛß Ûß ÜÛÛÛÛÛÛÛÛ Û ÜÜÜÜÜÜÜÜ \n");
printf(" Ûß ÜÛÛÛÛßß ÜÜÜÜß ÜÛÛÛÛßß ÜÜÜÜÜßÜß ÜÜÜÜÜÜ ßÛ \n");
printf(" Û ÛÛÛÛß Üßß Û ÛÛÛÛß Üßß Üß ÛÛÛÛÛÛÛÛ ßÛÜ \n");
printf(" Û ÛÛÛÛ Û Û ÛÛÛÛ Û Ûß ÜÛÛÛß ßÛÛÛÜ ßÛ \n");
printf(" Û ÛÛÛÛÜ ßÜ Û ÛÛÛÛÜ ßÜÜÜÜÜÛ ÛÛÛÛ ÛÛÛÛ Û \n");
printf(" Û ßÛÛÛÛÛ Û Üß ßÛÛÛÛÛÜÜÜÜÜÜ ßßßß ÛÛÛÛ Û \n");
printf(" ÛÜ ÛÛÛÛÜ ßßß ÜÜÜÜÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ ÛÛÛÛ Û \n");
printf(" Üß ÜÜÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛßßßß ÜÜÜÜ ÛÛÛÛ Û \n");
printf(" Û ÛÛÛÛÛÛÛÛÛÛÛÛÛßßß Ü ÛÛÛÛ ÛßßÛ ÛÛÛÛ ÛÛÛÛ Û \n");
printf(" ÛÜ ßßßßÛÛÛÛ ÜÜÜÜÛßßÜ ÛÛÛÛ Û ÛÜ ÛÛÛÛÜ ÜÛÛÛÛ ÜÛ \n");
printf(" ßßßÛ ÛÛÛÛ Û Û ÛÛÛÛ Û ÛÜÜ ÛÛÛÛÛÛÛÛ ÜÜÛ \n");
printf(" Û ÛÛÛÛ Û Û ÛÛÛÛ Û ÛÜ ßßßßßß ÜÛ \n");
printf(" Û ÛÛÛÛ Û Û ÛÛÛÛ Û ßßßßßßßßßß \n");
printf(" Û ÛÛÛÛ Û Û ÛÛÛÛ Û <Crash>\n");
printf(" ÛÜÜÜÜÜÜÛ ÛÜÜÜÜÜÜÛ \n\n");
printf(" - bY drAg0n [FFO99] - \n\n");
printf("eNTER yA nAME : ");

// Get Name - Decimal Values

gets(Name);
NameLength = strlen(Name);

for (Offset = 0; Offset < NameLength; Offset++)
{
Regsum = Regsum + Name[Offset];
}

printf("\nyOUR sERiAL iS : ");

// Regsum is the Decimal Pool ... With all Decimal Chars from the name...
// You see, we just add 1984 (7C0) to it , and its done ...

printf("%d ", (Regsum + 1984));

return 0;
}

- Heres the KEygen in a File if you dont want to copy all thiz shit - keygen.c

Last Words

Ok , you have done your (first) Keygen ;) ... I think , it wasnt that hard ...
I had some problems to write Keygens when i started to do Keygens ..
How and in which language to program in..
... I think "C" is very good / easy to write Keygens ... so ... enjoy it ;)

l8rz , [DrAg0n FFO99]

- See ya all in Lesson 8 soooon ;) -

← previous
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT