home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
E_bliss
/
eb_tut4.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
5KB
|
142 lines
Tutorial Number 4
Written by Etenal Bliss
Email: Eternal_Bliss@hotmail.com
Date written: 12th Jan 1999
Program Details:
Name: CrackMe v1.0
Author: CarLitoZ
Language: Visual Basic
Tools Used:
NuMega SmartCheck 6.01
Cracking Method:
Analyzing Data in SmartCheck
Viewing Method:
Use Notepad with Word Wrap switched on
Screen Area set to 800 X 600 pixels (Optional)
__________________________________________________________________________
About this protection system
No disabled function. To register, you need to enter Registration Code. On
first run, a file "MTR.dat" is placed in your Windows directory and upon
successful registration, data is written into it and the program will
always be registered till you delete the file...
__________________________________________________________________________
The Essay
As this is a tutorial for newbies, I'll go into details about how I go about
cracking the program. I suggest that you read this tutorial first.
When you have completed the tutorial, leave this tutorial open and follow
the instructions while using SmartCheck. Re-do it once more after you have
completed the step by step guide...
__________________________________________________________________________
Data Analysis in SmartCheck
Run SmartCheck. Load the program using it by using "File", "Open"
and choose Bpe_cme1.exe.
If this is your first time using SmartCheck, do the following:-
Under Program Settings:-
Error Detection: "tick" all boxes except "Report errors immediately".
Advanced: "tick" first 4 boxes.
Make sure "Suppress system API and OLE calls" is not "ticked".
Reporting: All boxes "ticked" except for "Report MouseMove events
from OCX controls"
**I have captured the images of the three boxes for better reference. They are
available on http://crackmes.cjb.net
Run Bpe_cme1.exe in SmartCheck by pressing F5. Type in any registration
code you want. Then click "Register". You will get a "Wrong Code! Try Again!"
message. Exit the program.
Ok. You will see a few lines in the left window. Look for reg_Click.
**This is the subroutine in VB that is called when you click on the
"Register" button.
Click on reg_Click. Under "View" in SmartCheck, choose
"Show All Events" and "Show Arguments".
**This is also capture in a file called setting4.jpg file on
http://crackmes.cjb.net
**Make sure you click on reg_Click first or you will be lost
in a sea of codes!!!
Click on the + sign next to reg_Click to expand the threads
under it. You can go through every single thread if you want.
I'm saving you time now by telling you what to look for... I did
it by looking at every single line... 8(
Interesting lines include:
1) __vbaVarAdd(VARIANT:String:"r",VARIANT:String:"k")returns DWORD:63F258
2) __vbaVarAdd(VARIANT:String:"rk",VARIANT:String:"h")returns DWORD:63F258
3) __vbaVarAdd(VARIANT:String:"rkh",VARIANT:String:"1")returns DWORD:63F258
4) __vbaVarAdd(VARIANT:String:"rkh1",VARIANT:String:"o")returns DWORD:63F258
5) __vbaVarAdd(VARIANT:String:"rrkh1o",VARIANT:String:"y")returns DWORD:63F258
etc...
On the 8th line from 1),
you will see __vbaVarTstEq(VARIANT:Const String:"",VARIANT:String:"rkh1oyie")returns DWORD:0
Three lines below this, you will see a SysFreeString(BSTR:00412F80)
Left click on it and look at the right window. 8)
**This is the second SysFreeString. By the way, if you are keen, left click
on the first SysFreeString and look at the right window as well.
Explanation:
__vbaVarAdd is to tell the program to add a variant to a string... look at
1) to 5) you will see k added to r, h added to rk, 1 added to rkh etc...
__vbaVarTstEq is to compare the two strings, the correct code and the one
you entered.
__________________________________________________________________________
Additional Information
When using SmartCheck, you will see a lot of unnecessary lines...
Look out for the following:
1) __vbastrcomp
2) varR8FromStr
3) __vbaVarTstEq
If you see these few lines:
1) __vbaVarMul
2) Asc
3) __vbaVarAdd
etc...
It usually means that the calculation routine is here...
__________________________________________________________________________
Final Notes
This tutorial is dedicated to all the newbies like me. I've tried to
explain everything in details.
And because I'm a newbie myself, I may have explained certain things wrongly
So, if that is the case, please forgive me.
My thanks and gratitude goes to:-
The Sandman
All the writers of Cracks tutorials