0 1 0 1 0 1 0 |
+=widYa@cL 2011=+ |
0 1 0 1 0 1 0 |
| from newbie to another | Tools Used : Softice 3.24 - W32Dasm 8.93 - Hiew 6.02 | Reverse Engineering Lab |
| WebFlix Pro 1.5.1 Build Date 19990104 |
| Author | : MediaWare Solutions Pty Ltd |
| : info@mediaware.com.au |
| Homepage | : http://www.mediaware.com.au |
Intro |
| Hi guys, you are now reading my 8th tutorial ... bla .. bla .. bla .. |
Overview |
| WebFlix Pro is a complete MPEG-1
video exploration and analysis tool. With WebFlix Pro you can : play MPEG-1 (.mpg) and Video CD (.dat) videos, quickly and accurately get to any location in a video, play a presentation as a continuous loop with auto repeat, analyze the action of your favorite sports star in slow motion by combining variable rate play with auto repeat, cut and paste from separate videos to create your own custom video, find key video events, such as film cuts and dissolves to create a shot index of your video which can be exported as an html summary page of thumbnail images, analyze the underlying MPEG-1 stream, convert a Video CD (.dat) video to a MPEG-1 (.mpg) file. This means that the entire video is at your fingertips from extracting your favorite frames as snapshots to put in your photo album to combining those special moments in your existing videos into your own movie creation. Best of all WebFlix Pro requires no special hardware to run on your computer. |
The Essay |
| Run Webflixpro and enter
registration dialog via Register-Register WebFlix Pro ... we're asked to enter : KEY : Fill out with your favour entry .. now we should set some breakpoints before pushing the OK button : [CTRL]+D push [OK] .. #bOOm# .. surprise .. break due to BPX32!MessageBoxA .. press F11 to get the caller .. #bOOm# .. "Sorry, I cannot recognise your registration key. Please re-enter." .. [OK] .. #bOOm# .. we're landing in tk80.dll code below messageboxa call .. huh we're break in the bad routine already ! .. we have to find this bad conditional jump .. tracing backwards now .. snip ... snip ... snip ... 3 minutes left ... 'DAMN' forget about it! ... clear all breakpoints & leave SoftICE at once .. Now let's see what can we get from deadlistings
... double click on our bad message ... heh seems we can easily registered this program
.. HOW ?! .. just avoid the bad routine (messages) and we'll lead automatically to
good routine ... yep we're gonna modified some bytes ! save us a lot of time ! (i've
cutted a lot of codes to save our time) .. here are our 'magic' conditional jumps .. i'm
sure you can easily locate these codes : :00456BE0 3BC1
cmp eax, ecx
;
another comparison :004568A0 (@offset 55CA0h) run hiew webfli~1.exe - select mode decode (F4-F3) - find the offset to patch (F5) - Edit (F3) 55CA0 : 0F842E010000 --> change to -->
E92F01000090 .. don't forget to update the changes (F9) .. i also written a simple byte patcher in asm .. not good enough but it works. After we patched it then we can enter any entry in registration dialog to make it registered. Then the program will create the license data in 'license.dat' located in our webflix directory . That'S aLL 4 now guys ... hope this tut can help u .. |
Asm patcher source |
; Webflix Pro 1.5.1 19990104 patcher ; bY widYa@cL 2011 (20/03/99) ; ; use tasm32 wfp151-p.asm and then tlink /3/t wfp151-p.obj ; to generate wfp151-p.com .model tiny .386P .code org 100h start: mov dx, offset intro call print ; print intro ; find target file mov dx,offset filename ; get filename into ds:dx mov cx,3fh ; any file attributes mov ah,4eh ; find first matching file int 21h jc notfound ; If carry is set, ax contains one of the following error codes ; 2: File not found - 18: No more files .. heh look the same .. ; good we found it .. now check the filesize ; after Find First File is called, we have a good information at the DTA:Offset 26 (decimal) File size in bytes ; let's use it .. shall we ?! .. mov ah,2fh ; get DTA address (returns pointer to the current DTA in es:bx) int 21h mov eax,[bx+26] ; get file size in bytes into eax cmp eax,[filesize] ; do they match ? jne wrongsize ; yes ? nope it .. no ? get the right version ! .. ; gotcha .. open the file mov dx,offset filename ; get filename into ds:dx mov ax,3D02h ; open file for reading & writing int 21h mov bx,ax ; put file handle in bx ; let's write the patch mov ax,4200h ; seek (move file pointer) from the beginning of file mov cx,5 ; hi order of offset mov dx,5ca0h ; lo order of offset int 21h ; move it .. mov ah,40h ; setup to write new byte(s) mov cx,6 ; six bytes to patch mov dx,offset byte1 ; point dx to patch data int 21h ; patch it .. ; woaah .. mov ax,4200h mov cx,5 mov dx,5cach int 21h mov ah,40h mov cx,6 mov dx,offset byte2 int 21h mov ax,4200h mov cx,5 mov dx,5ddfh int 21h mov ah,40h mov cx,6 mov dx,offset byte3 int 21h mov ax,4200h mov cx,5 mov dx,5fe2h int 21h mov ah,40h mov cx,6 mov dx,offset byte4 int 21h mov ax,4200h mov cx,5 mov dx,60a5h int 21h mov ah,40h mov cx,1 mov dx,offset byte5 int 21h mov ah,3eh ; done .. close the file int 21h ; available messages mov dx,offset msgsucc ; have fun .. call print jmp exit wrongsize: mov dx,offset msgver ; duh .. call print jmp exit notfound: mov dx,offset msgnotf ; waaah .. call print exit: mov ah,4ch ; back to real life int 21h ; our handy procedure print proc mov ah,9 ; print string int 21h ret print endp ; data byte1 db 0E9h,02Fh,01,00,00,090h,0
byte2 db 0E9h,023h,01,00,00,090h,0
byte3 db 0E9h,0EDh,01,00,00,090h,0
byte4 db 0E9h,0ABh,00,00,00,090h,0
byte5 db 0EBh,0
filename db 'webfli~1.exe',0
filesize dd 1121792
intro db 0ah,0dh, '╔───────────────────────────────────────╗'
db 0ah,0dh, '│ Crack for WebFlix Pro 1.5.1 19990104 │'
db 0ah,0dh, '│ -=widYa@cL 2011=- │'
db 0ah,0dh, '╚───────────────────────────────────────╝'
db 0ah,0dh,0ah,0dh,'$'
msgsucc db 'Patch Successful : Don''t Forget To Support',0ah,0dh,'$'
msgver db 'Patch Failed : Wrong Version',0ah,0dh,'$'
msgnotf db 'Patch Failed : File Not Found',0ah,0dh,'$'
end start
|
| Final notes |
... and we only
get for what we have done .. |
| Special greetz |
| CrackZ, SandMan, Torn@do |
|
Written bY : widYa@cL 2011 |