|
|
|
Win Code Reversing |
|
|
|
|
|
|
|
|
|
Program Details Program Name: rsvrmled.exe Program Type: 3D Graphic Program Program Location: Here Program Size: 681KB |
||
|
Softice V3.2 - Debugger |
||
|
|
|
There is a crack, a crack in everything. That's how the light gets in. |
RenderSoft VRML Editor v1.0
Crack
Written by KLee8084
|
|
Rsvrmled.exe is a good program for newbies
to create virtual worlds. It has the ability to export your creations to
VRML 2.0 format.
|
|
The protection system consists of checking
a registration number that the user inputs. When I had cracked this program,
I had to laugh. Perhaps the creators of this program were tired after a
long day of coding?
|
|
When the program screen comes up, click on Help and then click on Register.
Press CTRL-D to go into Softice, and then set a breakpoint on GetWindowTextA (type BPX GETWINDOWTEXTA), then exit back to the program by typing x.
Back in the program, enter a fake registration number in the text box and click on "OK".
You'll be thrown back into Softice at the start of USER32!GetWindowTextA. Hit F11 to step out of this call. I took the liberty, at this point, of stepping through the next several calls, but they aren't very interesting from our point of view.
Hit F10 until you get to:
:0043A391 CMP CL, 70
A couple of lines down from that is: :0043A396
CMP CL, 50
Well! It seems as if the program is looking for a 'p' or a 'P' as the first character of the registration number ( if you type: d esp+1c you'll see the fake serial number that you entered ).
To satisfy the CMP, type: r cl=70 ( or r cl=50 ).
Type F10 until you get to the next CMP instruction.
:0043A3A1 CMP CL, 72
Now the program is checking to see whether the second character of the registration number is an 'r' or an 'R'.
Satisfy this check, too, by typing r cl=72
Type F10 until you jump to :0043A3B1 CMP CL, 73
Here, the program is checking to see if the third character of the registration number is an 's' or an 'S'. As above, satisfy the program by typing r cl=73
Type F10 until you come to the next compare. :0043A3BD CMP BYTE PTR [ESP+23], 31
Not only is the program now looking for a '1' ( in hex the code for 1 is 31h ), but it is looking to see if that '1' is the eighth character that you entered!
Satisfy the program by typing eb esp+23 31 ( this allows you to edit the byte at esp+23 and change it to 31 ).
Type F10 until you get to the next compare. :0043A3CA CMP CL, 7A
Now the program is looking for a 'z' or a 'Z' at esp+27, which is the 12th character of the registration number.
Type r cl=7a to satisfy this check.
Type F10 a couple of times. Hmmm...no more compares. I'm curious, now.
Disable the breakpoint ( type bd * ) and type x to return to the program.
Hey! We get a messagebox thanking us for registering. Click on OK and then exit the program ( I told you that I was curious, didn't I? ). Now restart the program. What's this?? The nag screen is back! Hmm...Click on "I Agree". Now try to register the program with prsxxxx1xxxz ( the x in the registration code can be anything that you want since the program never checks these characters).
It works! Program cracked.
NOTE:
We got prsxxxx1xxxz because the program checked to see if the first
character was a 'p', the second character an 'r', the third character an
's', the eighth character a '1', and the 12th character a 'z'.
|
|
In the registration number box type in
PRSxxxx1xxxZ.
The x's can be anything that you want. Just make sure that the first
character is a 'p' or 'P', the second an 'r' or 'R', the third an 's' or
'S', the eighth a '1', and the 12th character is a 'z' or 'Z'.
|
|
Now do you see why I wondered whether the
programmers who made this program were tired after a long day of coding?
Very lazy work.
My thanks and gratitude goes to:-
Fravia+ for providing possibly the greatest
source of Reverse Engineering
knowledge on the Web.
+ORC for showing me the light at the end
of the tunnel.
|
|
Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will continue to produce even *better* software for us to use and more importantly, to continue offering even more challenges to breaking their often weak protection systems.
If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks etc.
Essay by: KLee8084
Page Created: 24th July
1998