Tutorial Number 6 Written by Etenal Bliss Email: Eternal_Bliss@hotmail.com Website:http://crackmes.cjb.net http://surf.to/crackmes Date written:2nd Feb 1999 Program Details: Name: CrackMe v2.0a Author: Borna Janes Language: Visual Basic 6 Tools Used: NuMega SmartCheck 6.01 Cracking Method: Understanding and Analyzing Data in SmartCheck Viewing Method: Use Notepad with Word Wrap switched on Screen Area set to 800 X 600 pixels (Optional) __________________________________________________________________________ Foreword Before you read the following, I suggest that you go to my website and read my two essays on VB cracking first. You will find the common breakpoints and some uncommon ones. And there are explanation on what they are for. Also, I have described the common things you will see in SmartCheck as well. They will aid in understanding all the information given by SmartCheck and are definitely useful. __________________________________________________________________________ About this protection system No disabled function. Protection is based on a 9 digit combination which are compared one by one. Before any serial is checked, the length is compared first. If it is not 9 characters, no checking is done. __________________________________________________________________________ The Essay As this is a tutorial for newbies, I'll go into details about how I go about cracking the program. I suggest that you read this tutorial first. When you have completed the tutorial, leave this tutorial open and follow the instructions while using SmartCheck. Re-do it once more after you have completed the step by step guide... __________________________________________________________________________ Understanding and Analysis Run SmartCheck. Load the program using it by using "File", "Open" and choose Bjcm20a.exe If this is your first time using SmartCheck, do the following:- Under Program Settings:- Error Detection: "tick" all boxes except "Report errors immediately". Advanced: "tick" first 4 boxes. Make sure "Suppress system API and OLE calls" is not "ticked". Reporting: All boxes "ticked" except for "Report MouseMove events from OCX controls" **I have captured the images of the three boxes for better reference. They are available on http://crackmes.cjb.net or http://surf.to/crackmes Run Bjcm20a.exe in SmartCheck by pressing F5. Type in any registration code you want. (I used 99999999) Then click "Check It". You will get an error message. Exit the program. Ok. You will see a few lines in the left window. Look for Command1_Click. **This is the subroutine in VB that is called when you click on the "Check It" button. Click on the "+" sign next to Command1_Click to expand the thread in it. You will notice that there are only 3 lines. The most important line is Len(String:"99999999") returns LONG:8 **This means that the length of the code you entered is checked... So, I tried 9 characters... "999999999" Re-run the program and enter "999999999". You will get the error message again. Click on the "+" sign next to Command1_Click. This time, you will see more lines in it with other functions like Asc and Mid... So, we are right about the length check. Under "View" in SmartCheck, choose "Show All Events" and "Show Arguments". **This is also capture in a file called setting4.jpg file on http://crackmes.cjb.net or http://surf.to/crackmes **Make sure you click on Command1_Click first or you will be lost in a sea of codes!!! Interesting lines include: 1) Mid$(String:"999999999", long:1, VARIANT:Integer:1) **This means to get the first char of the code you entered. 2) __vbaVarTstNe(VARIANT:Const Double:9, VARIANT:String:"3")... where did the "3" come from?? And it is compared to our 1st char "9" **__vbaVarTstNe means VARiant type data is TeSTed to see if they are Not Equal So, we will presume that the first char must be 3. Choose "Show Errors and Specific Events" under "View" to reduce the number of lines. Then, re-run the program and this time, enter "399999999" Repeat the steps above. you will see even more lines now. Click on the "+" sign again. This time, after the 1st __VbaVarTstNe, you will see Mid$(String:"399999999", long:2, VARIANT:Integer:1) **It means get the 2nd char which is "9" Near the end, look for __vbaVarTstNe(VARIANT:Const Double:9, VARIANT:String:"0")... Again... a mysterious number "0" appeared. But you will know that we are on the right track because the 2nd char is now being compared... So, repeat the steps above again. Entering "309999999" **Reminder, make sure you reduce the number of lines first by choosing "Show Errors and Specific Events" under "View" Keep doing the same thing for 9 times and you will get this serial... 301674501 Program cracked... __________________________________________________________________________ Final Notes This tutorial is dedicated to all the newbies like me. I've tried to explain everything in details. And because I'm a newbie myself, I may have explained certain things wrongly So, if that is the case, please forgive me. Email me if there is anything you are not clear about. My thanks and gratitude goes to:- The Sandman All the writers of Cracks tutorials