| Target Program: |
GoldWave 4.02 |
| Description: |
GoldWave is a sound editor, player, recorder, and
converter. It can create entertaining sound files for Web pages, answering machines, or
Windows sounds. A rich set of effects and editing features are included for professional
sound production. High quality audio CDs can be created by using GoldWave in conjunction
with CD writer software. |
| Location: |
http://www.goldwave.com |
| Protection: |
Name (First & Last) & Password |
| Tools needed: |
- SoftICE 3.24 |
| Ob duh: |
Do I really have to remind you
all that by BUYING and NOT stealing the software you use will ensure that these software
houses will continue to produce even *better* software for us to use and more importantly,
to continue offering even more challenges to breaking their often weak protection systems.
BTW, It's illegal to use cracked Software!
If you're looking for
cracks or serial numbers from these pages then your wasting your time, try to search
elsewhere on the Web under Warez, Cracks, etc. |
| Info: |
Brand and product names are trademarks or registered
trademarks of their respective holders. |
| Level: |
(X)Beginner ( )Intermediate ( )Advanced ( )Expert |
|
Chose "Options -
Register" from the GoldWave menu bar. Now a dialog box asking for a First Name, Last
Name and Password Pops up. As First Name enter "CRACKING TUTORIAL" as Last Name
enter "BY TORN@DO" and as Password enter "12345". Now press the
OK-Button. A dialog box pops up, telling us that our registration is invalid and that we
should check our password and try it again. The guy who requested this tutorial set a BPX
to GetWindowTextA and tried "his luck" - and he got lost in the code. So set a BPX to
MessageBoxExA and leave SoftICE. Press the OK-Button. SoftICE will pop up now and you'll
be confrontated with the following code snippet:
:004863E5 6A01
PUSH
01
:004863E7 53 PUSH EBX
:004863E8 E83B180000 CALL 00487C28
:004863ED 83C408 ADD ESP,08
:004863F0 897DFC MOV [EBP-04],EDI
:004863F3 8975F8 MOV [EBP-08],ESI
:004863F6 8B4510 MOV EAX,[EBP+10]
:004863F9 8945F4 MOV [EBP-0C],EAX
:004863FC 8B550C MOV EDX,[EBP+0C]
:004863FF 8955F0 MOV [EBP-10],EDX
:00486402 6A00 PUSH 00
:00486404 FF75FC PUSH DWORD PTR [EBP-04]
:00486407 FF75F8 PUSH DWORD PTR [EBP-08]
:0048640A FF75F4 PUSH DWORD PTR [EBP-0C]
:0048640D FF75F0 PUSH DWORD PTR [EBP-10]
:00486410 E89BDF0400 CALL USER32!MessageBoxExA
... ...
...
:0048642A C3 RET |
At 4863F0 just have a look
at EBP (D EBP) - something like the following get's now displayed in our data window:
:013F:0077EF54
04 F1 77 00 F1 D3 42 00-54 F6 77 00 08 03 00 00 ..w...B.T.w.....
:013F:0077EF64 52 C5 4D 00 28 C5 4D 00-30 00 00 00 54 F6 77 00 R.M.(.M.0...T.w.
:013F:0077EF74 00 00 00 00 54 F6 77 00-31 32 33 34 35 00 9C 00 ....T.w.12345...
:013F:0077EF84 12 01 00 00 95 F0 00 00-00 00 00 00 20 D6 4A 00 ............ .J.
:013F:0077EF94 A0 F4 77 00 43 52 41 43-4B 49 4E 47 20 54 55 54 ..w.CRACKING TUT
:013F:0077EFA4 4F 52 49 41 4C 00 00 00-18 01 59 00 28 42 59 20 ORIAL.....Y.(BY
:013F:0077EFB4 54 4F 52 4E 40 44 4F 00-12 01 00 00 95 F0 00 00 TORN@DO.........
:013F:0077EFC4 54 F6 77 00 00 00 55 46-55 42 4E 45 44 00 00 00 T.w...UFUBNED... |
Well 12345
is our fake password; CRACKING TUTORIAL is our first name; BY TORN@DO is our last name - and what's that UFUBNED?
Yeah, the right password! So clear all breakpoints and leave SoftICE. Now enter our
registration details and you'll get the message "GoldWave is now registered. Thank
you!". BTW, don't be a lamer and use those registration details!
Another target has been Reverse Engineered. Do you have any questions?
|