Tutorial Number 3 Written by Etenal Bliss Email: Eternal_Bliss@hotmail.com Date written: 9th Jan 1999 Program Details: Name: Immortal Descendants CrackMe v1.0 Author: Volatility Language: Visual Basic Tools Used: NuMega Softice 3.23 NuMega SmartCheck 6.01 Cracking Method: Serial Fishing Code Analysis for Key Generator Viewing Method: Use Notepad with Word Wrap switched on Screen Area set to 800 X 600 pixels (Optional) __________________________________________________________________________ About this protection system No disabled function. To register, you need to enter UserName and Registration Code. __________________________________________________________________________ The Essay As this is a tutorial for newbies, I'll go into details about how I go about cracking the program. I suggest that you read this tutorial first. When you have completed the tutorial, try to re-do everything. Then, the knowledge will be in you. 8) __________________________________________________________________________ Serial Fishing First, reboot your computer and get softice started if you haven't done so. Since this is a VB program, normal breakpoints will not work. Reading somewhere about breakpoints for VB program, I decided to use bpx __vbastrcomp (string compare) **bpx means "Breakpoint on execution". **__vbastrcomp is my favourite breakpoint for VB programs... Run the program. Type in all your particulars. In my case, I entered Eternal Bliss and 2353535. Get into Softice by pressing Ctrl D. Now set the breakpoint as mentioned above. Press Ctrl D or F5 to return to the program. Click on the "Register" button. You will break in Softice at xxxx:7B2F3563 55 PUSH EBP **xxxx are numbers. Since yours will be different from mine, I left them out. F10 a few steps till you get to xxxx:7B2F3574 8B4510 MOV EAX, [EBP+10] **F10 - step over (skip over function Calls) (same as [F8], but will not go into function Calls) **The reason why you should F10 till this part is because I have done the following: 1) When I broke in Softice, I used F10 and type "d register" for every register change. Register can be eax, ebx, ecx, edx, edi, esi etc type d eax and "Enter" look in the data window. See your code in wide character 2.3.5.3.5.3.5 **If you can't see anything, type WC to activate or deactivate your code window. F10 a few more steps till you get to xxxx:7B2F3585 8B4D0C MOV ECX, [EBP+0C] type d ecx and 'Enter" look in the data window. See your code in wide character 1.1.0.1.1.4.1.0.1.1.1.6.6.9 Exit Softice and type in Eternal Bliss as the Username and 11011410111669 as the serial. You will get this message: "Nice Work! On to Harder Things!" You are registered... I did the following as well: 1) delete the space between "l" and "B" ie, EternalBliss as Username and it still uses the same serial. 2) Eternalbliss and Eternal uses the same serial too. 3) eternalbliss uses a different serial which can be found using the serial fishing method as above. serial = 110114101116101 **notice the similarity between the two serials? __________________________________________________________________________ Code Analysis Now, it is time to understand how the Registration code is calculated... Run SmartCheck. Load the program using it by using "File", "Open" and choose IDCrackMe.exe. If this is your first time using SmartCheck, do the following:- Under Program Settings:- Error Detection: "tick" all boxes except "Report errors immediately". Advanced: "tick" first 4 boxes. Make sure "Suppress system API and OLE calls" is not "ticked". Reporting: All boxes "ticked" except for "Report MouseMove events from OCX controls" Run IDCrackMe.exe in SmartCheck by pressing F5. You might get a notice saying that the program is compiled in P-code. Just continue loading the program. Type in all your particulars. In my case, I entered Eternal Bliss and 2353535. Then Click on "Register" button. You will get the "Just kidding" message. Exit IDCrackMe.exe. Ok. You will see a lot of lines in the left window. Look for cmdCommand1_Click. **This is the subroutine in VB that is called when you click on the "Register" button. Click on cmdCommand1_Click. Under "View" in SmartCheck, choose "Show All Events" and "Show Arguments". **Make sure you click on cmdCommand1_Click first or you will be lost in a sea of codes!!! Click on the + sign next to cmdCommand1_Click to expand the threads under it. You can go through every single thread if you want. But what we are looking for is my usename and my code I typed. You will see these: 1) Asc(String:"nr") returns Integer:110 2) Asc(String:"ret") returns Integer:114 3) Asc(String:"etE") returns Integer:101 4) Asc(String:"tE") returns Integer:116 5) Asc(String:"E") returns Integer:69 Explanation: Asc is a command in VB (and other programming languages) that will convert an ascii to a number. "nr" will be converted to "110". In actual fact, only "n" is converted. So we got n=110, r=114, e=101, t=116, E=69 Now, scroll up this tutorial and take a look at what the correct serial should be for Eternal Bliss... Geddit? 8) __________________________________________________________________________ Part of a Key Generator Here is the part of the calculation routine used in my key generator: Private Sub Command1_Click() On Error Resume Next Dim han, Decy han = Text1.Text length = Len(han) If length < 5 Then 'check to make sure there are at least 5 chars MsgBox "You have to enter at least 5 characters!!", vbOKOnly + vbCritical, "Error" GoTo Nex End If one1 = Mid(han, 5, 1) 'get 5th char one = Asc(one1) 'number of it two1 = Mid(han, 4, 1) 'get 4th char two = Asc(two1) 'number of it three1 = Mid(han, 3, 1) 'get 3rd char three = Asc(three1) 'number of it four1 = Mid(han, 2, 1) 'get 2nd char four = Asc(four1) 'number of it five1 = Left(han, 1) 'get 1st char five = Asc(five1) 'number of it Label1.Caption = one & two & three & four & five 'combine them together Nex: End Sub __________________________________________________________________________ Final Notes This tutorial is dedicated to all the newbies like me. I've tried to explain everything in details. And because I'm a newbie myself, I may have explained certain things wrongly So, if that is the case, please forgive me. My thanks and gratitude goes to:- The Sandman All the writers of Cracks tutorials