| |
||
| Thereis a crack, a crack in everything. That's how the light gets in. |
Hi, out there. This is my next crackme in VB5. It should be a bit
harder to find out the good serial. In fact, i haven't cracked it yet.
The serial generator is a bit more difficult than the one in crackme#1.
RuleZ: Patching is not allowed!!!
Greetz to anybody out there
Bye Magenta
Okay lets first openup the program...
Magenta has designeda nice liitle input box with a place for your name and a serial...
Lets go ahead andfill these areas in:
I would suggest that the first time you run thru this exercise... touse my input so you can SEE the following example work out in its entirityin the data window:
I will use " The GypsyJoker "
... for the namevalue:
and
7777767
for the serial value
Now lets open ice:
use your ctrl-d keycombo (press the ctrl and d key together at same time) and ice pops:
now just type in:
bpx __vbastrcomp (NOTE: you use TWO underscores here; __ )
now type:
x (to leave ice) (thenuse your enterkey to execute)
you will leave softiceand get back to windows:
now simply clickon the OKAY button
Softice will nowpop; and you will be here:
We have landed insidethe __vbastrcomp Msvbvm50! codearea:
NOTE: I have foundthat this works cleanly on a fresh boot; if you have been working on otherprograms during the day and have lots of bpx's set in memory for some reasonice will POP the Error box ;
instead of poppingdirectly back to __vbastrcomp area... (?)
in this case...noproblem...click on the error box and now re-fill in your user info...nowclick on OKay and ice will now pop back to __vbastrcomp area of code)
Now we are goingto move away from the natural impulse to begin f-10-ing and searching eachregister as we move along...
As I stated in myfirst VB5 essay; in the solution #5; I have found that by usinga certain sequence of set-up we can produce a working serial # withoutsearching any code at all...this is what I will demonstrate here:
Now do not use your f-10 key atall....
Look,now, to your 'data window'
Put your your mouse cursoron the line that splits the data window and click on the word 'byte'
(which is probably the window thatmost systems will pop first)
Your data window will now changeand the data line will now say:
..........................................................................---------word------
Now click on the word............................................-----"word"-------
The data window will now changeto this word...
...................................................................---------dword-------
Itis in this data window that we want to be in;
Havingarrived at this window now we will type:
ddesp
Thiswill once again change our data window;
Youwill now see a lot of numbers in colums:
thefirst line will look like this:
0157:0063f194...0f00461b......00000000......00401d24......00412208
(NOTE: YOUR numbers in the thirdand fourth stack just might be a different #; it does not matter; simplyuse the # you see instead of the one I write in myexample)
(I think that the number in thefirst colum at 0f00461b...is the line number assigned FROM WHERE THIS memorylocation was called from...
...but I am not sure... whenI tpye "d 0f00461b" and hit the 'f-11 ' key it takes me to that line inthe
code...but I don't knowwhere to take it from there to continue backtracing; as yet)
Now with no further-a-do...
type: 'd 00412208 '...(or whatever# you see in the forth colum)
This should now display the USERNAME you entered... you'll see it inyour data window.
For some reason beyond me if we are not in this mode and in this sequencethen we will not SEE our serial being calculated:
In this mode we should now be able to see and watch your serial # beingcalculated and being generated while in this data window.
Now; hit your f-5key... 3times...
(this is ONLY if you are using my username as your test subject here:if you use a different Username the number of times you hit f-5 and seechanges in the data window willbe different)
after pressing the f-5 key 3times you will see in your data window:
the number "20"
continue pressing the f-5 key; watchingthis data window;
at; the 6th f-5key pressed you will now see:
the number "2039"
at 7th f-5="203950"
at 9thf-5="2039503"
10th f-5="20395036"
12th f-5="2039503637"
15th f-5="203950363713"
16th f-5=The looser---"Better luck next time!"--- errorbox....pops
Now just click the Okay button on the error box; enter the # 203950363713into the serial area...and click Okay button...
WHOOPS ice pops; we did not clear out out __vbastrcompbreakpoint;
type bd 00; x ; (then enter key)
and Windows pops back with the:
Congratulations box ;... Job Well Done, Good Work!
CONGRATULATIONS!
This VB5 is Busted!
As we have continued to learn at the Sandmans projects site @ http://disc.server.com/Indices/33330.htmlthe crack is not done until the cracker ' knows' his crack.
My thanks and gratitude goes to:-
The Sandmanfor providing possibly the greatest source of Reverse Engineering
knowledge for newbyson the Web; and who told me to never give up when VB was strangeling me.
In this essay I would also like to extend special thanks to The Administrator;Pedro; Princess; Joseph; & Flying; who helped me work out myrough draft with their many suggestions; I would also like to extend additionalspecial thanks to Eternal Bliss who is always one step ahead of me in figuringout just what it is I keep tripping over; and, his explanations,I am confident will soon lead us all to a new way of understanding VB andnew ways to attack it...
And to all those of you who write, and post, and teach me each day,no matter your depth of knowledge; Thanks!
Ripping off software through serialsand cracks is for lamers..
If your looking for cracks or serialnumbers from these pages then your wasting your time, try searching elsewhereon the Web under Warze, Cracks etc.