hi everybody !!!
today , i will make a tut on a crackme , it is a modified
version
of notepad (M$).
Protections:
- Time Limit
- NaG ScReeN
- Packed
i will just explain you how to crack the protection , not
how to
unpack it.this will be very easy , lets Go !!!!
so , move your windows clock to the future !! in 2002 for
exemple
and run crakpad !!!
A messagebox say you : This version has expired ...
So , set a breakpoint on getlocaltime like this: BPX
GetLocalTime
run the prog and he we break in softice !!!!
Cool !! , press F12 to go back to the call and we see:
40623D 66813FCF07 CMP WORD PTR [EDI],07CF <= 7CF(h) =
1999(d) it compare with the year 1999
406242 7F3C JG 406280 <= if it geater than 1999 goto
bad boy :(
406244 7C07 JL 40624D <== if less goto good boy :)
...... .......... .......................
heheh , so how to crack this ?
Very easy , it compares with the year 1999 , and jump to
error message if the year is greater
that 1999.We can nop it , but it not needed coz , he test
if is less than this year with the
command : JL 40624D , it jump to the program if the year
is good , so we will make it jump for
ever !!
so JL 40624D become jump 40624D
to try this in memory , without patching the file coz it
is packed , type:
a 40624D and press enter
then type : jump 40624D and press enter. Press escape and
now F5 to let him runing !
Cool , we have now a nag sreen , but we don't see the
error message , for expirer verion ..
you did it !!
Now , we need to kick this nag , but it is very easy !!!!
type : BPX MessageBoxA
you have to patch the memory again , for the time limit.
run the prog , and he will break on the messageboxa API
!!
heheh , i am sure it will be finish in 30 secondes now !!
F12 to get out the call and we see :
40625B FF1530744000 Call [USER32!MessageBoxA] <== this
is the call for the messagebox !
..... ............ .........................
So , if we want to kill the nag , we just have to nop the
call !!
replace : FF1530744000
909090909090
so to try the crack completely , put a bpx on
getlocaltime , do the modification like we
do first and atfer type : a 40625B nop enter
then type nop , 5 times again and escape after this
type bd * for disable all breakpoint and press F5 , you
will go in Crakpad without a time limit
message or NAG !!!!!
Another One cracked !!
now , you have to unpack it to patch it after , coz
process patcher are not allowed
and we have just patched the memory !!
but it is not my job to say how to do that !! :)
i hope you have understand this tut and you learn
something with !!
If you have any question mail me to : acid2600@hotmail.com
Thx to read this Tut !!
cya ...
ACiD
BuRN [ReFleXZ'99]
|