Cracking Tutorial for Notizen 98.10.0189 |
||||||||||||||||
|
||||||||||||||||
As my 23rd Tutorial, this is
also a KeyGEN Tutorial. However this one will be much easier than my last one. Before we
can start, I just want to let you know that buying SmartCheck will support NuMega
developing useful tools for programmers and crackers. If there's a award for a
"Visual Basic Cracking Tool" than SmartCheck will get it ... For this tutorial I
assume that you have the knowledge on how to use SmartCheck - if not, read my 19th
tutorial. Enough said. Let's start the Cracking Session: If you haven't already configured SmartCheck, do this now (read what to do in my 19th Tutorial). Then open NOTIZEN.EXE in SmartCheck. After it has been successfully loaded, go to "Hilfe - Freischaltung". Now a dialog box asking for your "Freischalt-Name" and "Freischalt-Nummer" get's displayed. As Name enter "Cr@cking Tutori@l" and as Number "12345". Then press the "OK"-Button. A message box informing you that your Code is incorrect get's displayed. Press "OK" and leave the program. Now we're back in SmartCheck. Click on "mnuFreischaltung_Click". Then click on "befFreischalten_Click". Now click on "Show all events". Now press the "Page Down" Key about 74 times till you see something like this: Len returns LONG:14 __vbaVarForInit returns DWORD:1 __vbal4Var returns DWORD:1 Mid$ __vbaStrMove returns DWORD:4D0DC8 InStr returns LONG:3 __vbaVarMul returns DWORD:6EE770 Then click on Len returns LONG:14. Now our Debug Window will display the string crckingtutoril. So it converts our enterd string "Cr@cking Tutori@l" - and erases all *special* chars. Then it converts it to lower case (LCase$). Just click on __vbaVarForInit returns DWORD:1. Now our Debug Window will display the 'counter' settings. It starts from 1 and ends with 14 - and the step is 1. 14? Yeah - the length of the converted name ("crckingtutorial"). Click on InStr returns LONG:3. Our Debug Window will now display the following info: string1="abcdefghijklmnopqrstuvwxyz0123456789." string2="c" So the function InStr returns the position in which the character, defined as the parameter, is found at. For "a" this would be "1" ... Wait a second. Look again at crckingtutoril! All characters of our converted string are a character of string1 - so they were simply ignored for the calculation. After the InStr function, 3 is multiplied by 1. Well, 3 is the String-Position - and 1?? Well, we *don't* know, did we? Now, let's go on with the 'tracing': __vbalVar returns DWORD:3 __vbaFreeStr returns DWORD:0 __vbaFreeVar returns DWORD:0 __vbaVarMul returns DWORD:6EE780 __vbaVarAdd returns DWORD:6EE770 __vbal4Var returns DWORD:48 __vbaFreeVar returns DWORD:48 __vbaVarForNext returns DWORD:1 __vbal4Var returns DWORD:2 Another multipy? Well in the Debug Window we see that 72 is multiplied by 1. 72? How did we come to that result?? Maybe our String-Position value get's multiplied by something? Just check it: 72 / 3 = 24. Then this is added to a 'new' variable. After that __vbaVarForNext is called. Now let's go on with the 'tracing': Mid$ __vbaStrMove returns DWORD:4D0DC8 InStr returns LONG:18 __vbaVarMul returns DWORD:6EE770 __vbalVar returns DWORD:24 __vbaFreeStr returns DWORD:0 __vbaFreeVar returns DWORD:0 __vbaVarMul returns DWORD:6EE780 __vbaVarAdd returns DWORD:6EE770 __vbal4Var returns DWORD:708 __vbaFreeVar returns DWORD:708 __vbaVarForNext returns DWORD:1 __vbal4Var returns DWORD:3 Ok now the next character (r) of our registration name is read in. The StringPosition is 18. Now we want to check that __vbaVarMul returns DWORD:6EE770. Our Debug Window will 'tell' you that 18 is multiplied by 2. Hmm 18 is the StringPosition - and 2? Well kind of a counter, maybe? However, the result is 36. Then 864 is multiplied by 2 = 1728. Now to check if we were right at our previous supposition, we check if 864 / 36 is 24 - and it is our 'hoped' 24. So 24 is used for every calculation. Then the value of this calculation is added to the value of the previous calculation: 72 + 1728 = 1800. Now we need to check if the same things are done with *all* characters of our name. Just check the next calculations - and of course the last one. And as you might already have guessed: they were the same. So our formula for each calculation looks like the following: StringPosition * Counter * 24 * Counter So now code your KeyGEN in your favourite programming language - like C++.
|
||||||||||||||||
|
||||||||||||||||
Copyright © 1999 by TORN@DO and The Immortal Descendants. All Rights Reserved. |