|
|
|
Win32 Code Reversing |
|
|
|
|
|
|
|
|
|
Program Name:BlowFish v2.2 Program Type: Encryption Utile Program Location: [ here ] Program Size: 253 kb
|
||
|
W32Dasm - Win'95/98 Dissasembler Softice V4.X - Debugger Hex-Edior - Any (optional) |
||
|
|
|
"A Crack will never die as long as the Cracker still lives" |
Cracking A Win32 Web
Utility
('Simple Protection, Simple Sniff Out')
Written by Bengaly
|
|
BlowFish 2000 is a small, easy to use, file encryption utility. Simply drag and drop files and folders to quickly protect your sensitive documents, and then enter an encryption key to encode and decode the files you want to protect from prying eyes. You can also select files to be encrypted using the MS Windows Explorer right-click method.
Drag and Drop Files.
Files and folders can be quickly selected for encryption and decoding by simply dragging them to the desired file list windows.MS Windows Explorer Encryption
Files can also be quickly encrypted and decoding directly from the MS Windows File Explorer.
Simply select the files to be processed and then right-click your mouse to display a pop-up context menu. Specify either Encrypt with BlowFish or Decrypt with BlowFish on the Send To menu.
| About this protection |
This program is registered by selecting the 'Help' button, then
the 'Register' button.
User name:
Organization:
Registration:
On successful registration the program will save your User/serial in
the registry:
HKEY_CURRENT_UDER/Software/Software By Design/BlowFish 2000/Registration
Code: Bengaly
User: ThunderCats
Name: 3404118051
<-- This is Generated by the program! (it will
transform the serial into HEX : cae6b823)
if u want to use this software please Buy it, it's on 25$ the program is very good, please support it!
|
|
Hello and welcome to my 28'th Tutorial.
Software By Design has allot of software
on their page that uses the same Protection, but only the
Serial generator is diff...Not so hard
to keygen as well...
OK so let us begin this essay.
Run BlowFish..enter the Help->Register...
We will see the
Info Boxes we need to Fill Out.
So let's fill them.
User Name: Bengaly
Organization: ThunderCats
Registration: 1234567890
Now we will Open Soft-Ice In order to trace
the whole thing.
Ok...Open Up Sice (CTRL+D), Fill
in 'BPX GETDLGITEMTEXTA'
Now We will exit Sice...type F5 Or
X
Or Ctrl+D again.
Click the OK button and Sice Pop.
EAX=00000007 EBX=00000032
ECX=80008790 EDX=80008DE0 ESI=0042A3D0
EDI=0042A402 EBP=00000F3C
ESP=0066F7E0 EIP=004106A1 o d I S z a P c
CS=0177 DS=017F
SS=017F ES=017F FS=12D7 GS=0000
======================================================================PROT32
0177:0041069B CALL
[USER32!GetDlgItemTextA]
0177:004106A1 POP
EDI ; We Land Here
0177:004106A2 POP
ESI
0177:004106A3 MOV
EAX,00000001
0177:004106A8 POP
EBX
0177:004106A9 RET
0177:004106AA NOP
0177:004106AB NOP
0177:004106AC NOP
0177:004106AD NOP
===============================================================================
Hm..this is weird..only some pops and a
Mov 000001 to eax [wich means flag - register?)
The only thing Left to do is to go over
the RET instruction cuz there is nothing to do here.
Press F10 until u pass the RET instruction,
and you will be in this code snippest:
0177:00408A12 CALL 00410670
;call API
0177:00408A17 LEA EDI,[ESI+32]
;move it to EDI
0177:00408A1A PUSH 32
; save 32 "2"
0177:00408A1C PUSH EDI
; save it
0177:00408A1D PUSH 66
;save 66 "3"
0177:00408A1F PUSH EBP
;save EBP
0177:00408A20 CALL 00410670
;call API
0177:00408A25 LEA EAX,[ESP+30]
;mov it to EAX
0177:00408A29 PUSH 00000100
; max 256 chars
0177:00408A2E PUSH EAX
;save
0177:00408A2F PUSH 67
;save 67 "g"
0177:00408A31 PUSH EBP
;save EBP
0177:00408A32 CALL 00410670
;call API
0177:00408A37 LEA ECX,[ESP+40]
;get fake serial
0177:00408A3B PUSH ECX
;save it
0177:00408A3C CALL 00411AF5
;eax=fake serial
0177:00408A41 PUSH ESI ;name&origanization
0177:00408A42 MOV EBX,EAX
;ebx=fake serial
0177:00408A44 CALL 00410600
;Not inportant
0177:00408A49 ADD ESP,38
;fake serial+38
0177:00408A4C CMP EAX,0119A792
;compare
0177:00408A51 JNZ 00408A6B
;not equal jump <---|
0177:00408A53 MOV EBX,[KERNEL32!lstrcpy]
|
0177:00408A59 PUSH 0041CD4C
|
0177:00408A5E PUSH ESI
|
0177:00408A5F CALL EBX
|
0177:00408A61 PUSH 0041CD3C
|
0177:00408A66 PUSH EDI
|
0177:00408A67 CALL EBX
|
0177:00408A69 JMP 00408A72
|
0177:00408A6B CMP EAX,0D5FCE3C
;we land here <---|
0177:00408A70 JNZ 00408A7E
;not euqal<-|
0177:00408A72 PUSH EDI
|
0177:00408A73 PUSH ESI
|
0177:00408A74 CALL 00410030
|
0177:00408A79 ADD ESP,08
|
0177:00408A7C MOV EBX,EAX
|
0177:00408A7E PUSH EDI ;we
land here<---|
0177:00408A7F PUSH ESI
;save esi
0177:00408A80 CALL 00410030
;call Algo?
0177:00408A85 ADD ESP,08
;esp + 8
0177:00408A88 CMP
EBX,EAX ;Fake Vs Real Serial
0177:00408A8A POP EDI
;pop information
0177:00408A8B JZ
00408AAA ;jump not equal
Not so Hard To understand, But you will
find your self landing in the memory area where the
Fake serial is compared with the generated
serial!
While on the CMP type '? EAX' & '?
EBX' You see the Compare??
? EBX = '1234567890'
(Fake)
? EAX = '3404118051'
(Real serial)
By the way we use here the '?' because
the program convert the serial into Dec and not Hex therefore
We can't use "D" command to dump the memory
address .
I must say, although "software for design"
has made alot of sharwares, They didn't changed the
Protection System, only the generator.
So this tutorial refers to all Sharware
by them!. ;D
|
|
Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will continue to produce even *better* software for us to use and more importantly, to continue offering even more challenges to breaking their often weak protection systems.
If your looking for cracks or serial numbers then your wasting your time, try searching elsewhere on the Web under Warez, Cracks and etc.
+SandMan...
|
|
I would like to say thank you to all who has supported me, and helped
me through my cracking days:
|
|
For his Great Essays And Skills |
|
|
For his awesome Tutorials |
|
|
For Help Me in Cracking & Hosting |
|
|
For Help Me in W32Asm |
|
|
For Being A Good Friend |