Tutorial Number 27 Written by Etenal Bliss Email: Eternal_Bliss@hotmail.com Website: http://crackmes.cjb.net http://surf.to/crackmes Date written: 18th Jul 1999 Program Details: Name: VB5-CrackMe 1.0 by Blaster99 [DCD] Tools Used: SmartCheck Cracking Method: Serial Sniffing Viewing Method: Use Notepad with Word Wrap switched on Screen Area set to 800 X 600 pixels (Optional) __________________________________________________________________________ About this protection system This program requires a Regcode to register. This code is hard-coded into the program and you can see it when you open up the file with a hexeditor at offset 11DC. _________________________________________________________________________ About this tutorial Since this is my 27th tutorial, I will presume that you have read the previous ones. So, my description on how to use the tools will be reduced unless there are new methods. This is a very short tutorial to show what serial fishing is like and how easy it can be in SmartCheck. Configuration of SmartCheck for new crackers can be found on my website. _________________________________________________________________________ SmartCheck First, run SmartCheck and load the CrackMe. Press F5 to start running the CrackMe using SmartCheck. There is a nag box which I think is impossible to get rid of in VB. So, lets forget about it for the time being. Type in any Code you want and click on Registrieren. You will receive a message about wrong serial. (I don't understand the language) You can stop running the CrackMe now. What you can see in SmartCheck is a line called Commang1_Click and there is a + sign next to it. Click on the + sign to open up the threads. There are just 3 lines: Text1.Text Text1.Text MsgBox(VARIANT:String:"Error!..."...)... Well, not much information there. Click on the first Text1.text and then choose "Show All Events" in SmartCheck under the "View" option. Now you get a lot of info. Immediately below the Text1.Text that I told you to click on, there is a line that says __vbaStrCmp(String:"2G83G35H...",String:"12345678...") returns... If you had read my 2 essays on VB cracking before, you would know that __vbaStrCmp is a very common breakpoint to use in Softice for VB cracking. What this command does is to compare 2 strings. So, if 12345678 is what I entered, what do you think 2G83G35H... is for? Click on that line and look at the right hand window. The whole string is 2G83G35Hs2 and that is the hard-coded code I have talked about. CrackMe Cracked! __________________________________________________________________________ Additional If you were to use Softice instead, just set the breakpoint on __vbaStrCmp and trace into the calls. You will be able to see the Regcode in ECX after a while. It will be in w.i.d.e. .c.h.a.r.a.c.t.e.r format. __________________________________________________________________________ Final Notes This tutorial is dedicated to all the newbies like me. My thanks and gratitude goes to:- All the writers of Cracks tutorials and CrackMes and also to all the crackers that have been supporting my site and project forum.