Tutorial Number 5 Written by Etenal Bliss Email: Eternal_Bliss@hotmail.com Date written: 23rd Jan 1999 Program Details: Name: CrackMe v4.0 Author: Magenta Language: Visual Basic Tools Used: NuMega SmartCheck 6.01 Cracking Method: Analyzing Data in SmartCheck Viewing Method: Use Notepad with Word Wrap switched on Screen Area set to 800 X 600 pixels (Optional) __________________________________________________________________________ About this protection system No disabled function. Protection is based on a 8 digit combination which must satisfy an algorithm. __________________________________________________________________________ The Essay As this is a tutorial for newbies, I'll go into details about how I go about cracking the program. I suggest that you read this tutorial first. When you have completed the tutorial, leave this tutorial open and follow the instructions while using SmartCheck. Re-do it once more after you have completed the step by step guide... __________________________________________________________________________ Data Analysis in SmartCheck Run SmartCheck. Load the program using it by using "File", "Open" and choose Crackme#4.exe If this is your first time using SmartCheck, do the following:- Under Program Settings:- Error Detection: "tick" all boxes except "Report errors immediately". Advanced: "tick" first 4 boxes. Make sure "Suppress system API and OLE calls" is not "ticked". Reporting: All boxes "ticked" except for "Report MouseMove events from OCX controls" **I have captured the images of the three boxes for better reference. They are available on http://crackmes.cjb.net Run Crackme#4.exe in SmartCheck by pressing F5. Type in any registration code you want. (I used 26398457) Then click "Ok". You will get a "You failed, try again loser" message. Exit the program. Ok. You will see a few lines in the left window. Look for Command1_Click. **This is the subroutine in VB that is called when you click on the "Ok" button. Click on Command1_Click. Under "View" in SmartCheck, choose "Show All Events" and "Show Arguments". **This is also capture in a file called setting4.jpg file on http://crackmes.cjb.net **Make sure you click on Command1_Click first or you will be lost in a sea of codes!!! Click on the + sign next to Command1_Click to expand the threads under it. You can go through every single thread if you want. I'm saving you time now by telling you what to look for... Note: what I entered is 26398457 Interesting lines include: 1) __vbaVarMul(VARIANT:String:"2", VARIANT:String:"6") ... **1st number multipied by 2nd = 12 2) __vbaVarAdd(VARIANT:String:"3", VARIANT:String:"9") ... **3rd number joined with 4th = 39 and not 12!! 3) __vbaVarSub(VARIANT:Double:12, VARIANT:String:"39") ... **Answer from step 1 subtracted by answer from step 2 = -27 4) __vbaVarMul(VARIANT:String:"8", VARIANT:String:"4") ... **5th number multiplied by 6th number = 32 5) __vbaVarAdd(VARIANT:Double:-27, VARIANT:Double:32) ... **Answer from step 3 plus answer from step 4 = 5 6) __vbaVarAdd(VARIANT:Double:5, VARIANT:String:"5") ... **Answer from step 5 plus 7th number = 10 7) __vbaVarSub(VARIANT:Double:10, VARIANT:String:"7") ... **Answer from step 6 subtracted by 7 = 3 3rd line from step 7 you will see 8) __vbaVarTstEq(VARIANT:Double:3, VARIANT:Const Integer:10)... **Answer from step 7 is compared to 10 Overall formula for the protection scheme: ((a * b) - (c & d)) + (e * f) + g - h = 10 where a = 1st number, b = 2nd number, c = 3rd number etc... So, by understanding this, we can create our own correct serial. For example, g = 1 and h = 1 So, ((a * b) - (c & d)) + (e * f) = 10 If (a * b) = 16, (c & d) = 12 and (e * f) = 6, we will get 10 So, a = 2, b = 8, --> 2 * 8 = 16 c = 1, d = 2, --> 1 & 2 = 12 e = 2, f = 3, --> 2 * 3 = 6 So, (16 - 12) + 6 = 10 One of the correct serial will be 28122311 __________________________________________________________________________ Final Notes This tutorial is dedicated to all the newbies like me. I've tried to explain everything in details. And because I'm a newbie myself, I may have explained certain things wrongly So, if that is the case, please forgive me. My thanks and gratitude goes to:- The Sandman All the writers of Cracks tutorials