|
by +Indian_Trail , 04 May 1998 |
f | |
|
IF visual basic THEN cracked at once Protectors working in visual basic should be aware of the existence of Smartcheck (I can't imagine anyone working vith ANY programming language that doesn't know of this GREAT incredible reversing tool..., as I have written myself repeatedly :-) |
f | That's how the light gets in |
|
(x)Beginner ( )Intermediate ( )Advanced (
)Expert
We have all seen fine examples on how to use smartcheck. This essay will be about how to get a valid serial number from smartcheck rather than finding a byte to patch. I don't think it's possible to write a clever protection in visual basic so thereof this protection is not interesting at all... |
|
Pluckit 3.0 Hip Hip Hurray for Smartcheck
Written by +Indian_Trail |
|
A friend of mine asked me to crack this program. It a newsscanner that downloads pictures from newsgroups, probably written for porno lusers. Anyway I didn't know that Pluckit was written with Visual Basic. So this was my first attempt at a visual basic program. I never liked Visual Basic or delphy, I don't see the point in using a language that produce bad code. The obvious way shuld be to try to write as small and efficent programs as possible and to do that -as you all know- you have to write tha meain routines in pure assembler. Anyway I don't mind people using Visual Basic as an introduction language to computer programming. Most of us learned basic as a start on the first home computers like Zx80 or Sinclair Spectrum and C64. But, programs that are written in toy languages like this should be free for all people. Applications that are slow and filled with bugs should not be commercial, they should be freeware (this is valid for word an Excel as well, btw). Unfortunatley the author of this lame crap has another idea about this. On startup there is an ugly nagscreen with some text inside it and an "ok_ button" and a "cancel_button". After the nagscreen is a register screen where you can input a serialnumber, if you don't have a serial# you'll only be able to download 15 files. We will focus on the serial#. |
|
Smartchecker 5.0 Win32Dasm ~ www.pluckit.com |
H E E S S A Y |
Step I: loading the target through smartcheck.
As I mentioned this is my first attempt to crack a VB program. In my
first approach I changed some jumps in memory, but there were too many
jumps to change so I decided to go for the serialnumber. I'm not gonna
cover how to set up smartcheck cause Fravia+ has already done that. Well
lets fire smartcheck... After the "invalid..." dialogbox appears, terminate Pluckit3 and go to smartcheck and look around. At sequence# 16745 you'll see your false serial number. Now what follows is: 16752 Trim (variant: string"false#") 4d4260 16763 Val (string"false": | | 16931 msgbox ----- Now it's time to choose view "All events". I reached this point after 3 seconds, and What you'll see now is the first barricade of the protection scheme. The last things that are done before the messagebox as you'll see (if you chosen view all events) is : 16926 __VbaVarOr() 16927 __VbaBoolVarNull() Return dword FFFFF 16928 _vbaVarDup(VARIANT: string "invalid", Variant boolean false) ----This looks very strange, no manipulations at all so far execpt from the basic ones ie calculate length of string and so on. I don't know what __vbaVarOr or __vbaBoolVarNull does exactly but judging from their names they must check something from beeing either true or false. That was what I thought when I first glanced at it. But what could it be? It could be three things: 1 A letter 2 A char ie "%" or whatever 3 both of them
So start all over again and this time enter your name as registration#.
Remeber to choose view "specific events and errors" if you want to skip
alot of unimportant "code".
This means that double:0 should have a value equal to one of these numbers and the registration code must contain a letter(s) for us to pass __vbaBoolVarNull(). We also know that double:0 is zero when we only entered letters. So the registration code must have some numbers and one or more letters step IIStart again (I know this begins to be boring but we are almost finished). This time we must use systematical inputs. Lets begin with 123A and see what happens what value is given to double:0. Hmmn we didn't pass the __vbaBoolVarNull() function with 123A. Well my experience in registration codes tells me that the letter may be a separator of two numbers. Lets try 123A123.
Great (balls of fire) we passed the evil __vbaBoolVarNull(), lets find
out if double:0 has a value. Just click on one of the __vbaVarTestEq at
sequence# 14909 for example wich is the first one. As you'll see
double:0 has the value of 15129 and is therefore called double:15129
instead of double:0. How did it get that value?
(Saddle all the horses far on the Indian Trail, 'til it's time to change the key and jump to a different scale...a boogie woogie on the run) |
|
I wont even bother explaining you that you should BUY this target program if you intend to use it for a longer period than the allowed one. Should you want to STEAL this software instead, you don't need to crack its protection scheme at all: you'll find it on most Warez sites, complete and already regged, farewell. |
|
I don't know why one should choose visual basic to make an application like this one. But this Author is probably just a greedy looser, who only want to make some fast money instead of taking pride in a good, lean and fast program. |
|
Back to Visual Basic --> homepage links anonymity +ORC students' essays academy database tools cocktails antismut CGI-scripts search_forms mail_fravia+ Is reverse engineering legal? |