VictorKaum
May 20th, 2002, 01:37 PM
Recent demand (s0nIc, JP, Smirc) for good posts have made me post this... however I'm not saying that this is a good post... perhaps it's bad.
The information I'm going to provide is how crackers can make let your prog think that they did registered and payed while they did not. I'm only explaining a principle, I hope you ppl are smart enough to use it appropriate.
I'm not sure about the solution for this cause I'm not good in programming, but the way to crack is not so difficult. However feel free to comment or adjust it.
crack software:
many software apps that you can download as shareware look for a certain value (registered or not) and then jump to a certain routine / part in the program.
The program will make you jump to a regristrationfield when you are not registered. This means it needs to compare a certain value and then do some action (jump). That can be the weak part of the software registration. An example in asm:
# cmp ax, rkey
# jne registrationfield
This means that it compares with 'rkey' and if it is not similar it will jump to registrationfield. If we can change the jne to je then it will do the opposite thing. Jump to registrationfield if you are registered. So that way we will not need to register. While 'jne' is jump if not the same, 'je' is jump if it's the same.
If you want to do this with a real program you will need to search for things that look interesting since asm progs are not easy (IMHO) and relative big. Therefor execute the prog and look what it says when you input a wrong key. Note that down. Then close the prog and open your dissasembler. Search for the thing you found earlier. This will get you to the part were the 'cmp' and 'jne' happens.
(for instance search on 'invalid key', 'unregistered user', 'wrong key' etc...)
You will find a line that jumps to a certain adress in the prog. This is were we do not want to jump to. Therefor you need to change the line after the 'cmp', that says 'jne' to 'je'
This can be done with the hexeditor.
first we need to get the offset code in order to know the position of the jne we want to change. If you use win32 Disassembler standing on the line will show the offset code.
When you have that you can open hexworkshop and go to the position we mentioned. You can see the offsetcodes on the left side. Scroll to that offset code. Then go to the right to the hex code you need. Probably something with 75 or 85 in. You will need to change that in 74 or 84 in order to change the 'jne' in 'je'. Now close your disassembler and save the modified file, make sure you made backups before, in case you screw up.
Now you can restart the prog, and it will skip the registration field.
# disclaimer -> I'm not encouraging to do illegal things.
hmm and perhaps this was all general knowledge...?
The information I'm going to provide is how crackers can make let your prog think that they did registered and payed while they did not. I'm only explaining a principle, I hope you ppl are smart enough to use it appropriate.
I'm not sure about the solution for this cause I'm not good in programming, but the way to crack is not so difficult. However feel free to comment or adjust it.
crack software:
many software apps that you can download as shareware look for a certain value (registered or not) and then jump to a certain routine / part in the program.
The program will make you jump to a regristrationfield when you are not registered. This means it needs to compare a certain value and then do some action (jump). That can be the weak part of the software registration. An example in asm:
# cmp ax, rkey
# jne registrationfield
This means that it compares with 'rkey' and if it is not similar it will jump to registrationfield. If we can change the jne to je then it will do the opposite thing. Jump to registrationfield if you are registered. So that way we will not need to register. While 'jne' is jump if not the same, 'je' is jump if it's the same.
If you want to do this with a real program you will need to search for things that look interesting since asm progs are not easy (IMHO) and relative big. Therefor execute the prog and look what it says when you input a wrong key. Note that down. Then close the prog and open your dissasembler. Search for the thing you found earlier. This will get you to the part were the 'cmp' and 'jne' happens.
(for instance search on 'invalid key', 'unregistered user', 'wrong key' etc...)
You will find a line that jumps to a certain adress in the prog. This is were we do not want to jump to. Therefor you need to change the line after the 'cmp', that says 'jne' to 'je'
This can be done with the hexeditor.
first we need to get the offset code in order to know the position of the jne we want to change. If you use win32 Disassembler standing on the line will show the offset code.
When you have that you can open hexworkshop and go to the position we mentioned. You can see the offsetcodes on the left side. Scroll to that offset code. Then go to the right to the hex code you need. Probably something with 75 or 85 in. You will need to change that in 74 or 84 in order to change the 'jne' in 'je'. Now close your disassembler and save the modified file, make sure you made backups before, in case you screw up.
Now you can restart the prog, and it will skip the registration field.
# disclaimer -> I'm not encouraging to do illegal things.
hmm and perhaps this was all general knowledge...?