|
|
|
Win32 Code Reversing |
|
|
|
|
|
|
|
|
|
Program Name:Mirc v5.81 Program Type: Chat Utile Program Location: [ here ] Program Size: 1+MB
|
||
|
W32Dasm - Win'95/98 Dissasembler Softice V4.X - De-Bugger (Optional) Hex-Edior - Any |
||
|
|
|
"The Better We read, the better We Crack, The Better you Crack, The Better you Teach " |
Cracking A Win32 Chat
Utility
('Simple Protection, Simple Patch')
Written by Bengaly
|
|
Welcome to mIRC, an Internet Relay Chat Client.mIRC attempts to provide a user-friendly interface for use with
the Internet Relay Chat network. The IRC network is a virtual
meeting place where people from all over the world can meet and
talk.To IRC all you need to do is Connect to a server, Join a channel,
and Chat!
| About this protection |
This program is registered by selecting the 'Help' button, then
the 'Register...' button.
User name:
Registration:
if you want to use this software please Buy it, it's on 25$ the program is very good, please support it!
|
|
Hello and welcome to my 31'th Tutorial.
mIRC old and fashioned and not even a slightly Changed.
There are allot mIRC tutorials out there, Cheyenne tutorials and etc..
But i made this tut not because no one made this version or anything,
actually
This tutorial was made cuz my isp has killed my connection and the
only Unregistered application
I had installed was mIRC :-)
So i was bored and tried to reverse and make it registered...why not
? :-)
Actually i don't even know what the registrated version does offer
us..mabye some cash to the author ?..:-)
Any way, here begins the journey to reverse mIRC 5.81 .
Thank to +Sandman techniques (yeah i do love his tuts..sue me) i could
imitate his way to crack that app.
First thing i did was to disassembly mIRC...well we don't really need
SoftICE unless you want
To check where the name/serial are in the code no more..(mabye to check
the generated serial..dunno,
Franctly i don't care, since we gonna make this baby self-Registerd
:-)..no need to spend time downloading
Some Keygen...(altalavista? ;-)) or even in mirc it self...there is
a good places for Keygens channels, do a
Search and be happy...but still time consuming :-) a 30k gaygen :-)
for 1 opcode changed in ½ second...
Still prefer the good old Opcode changing, also will give you the same
effect..Registered :-).
A good thing about mIRC is that it provide us a beautiful patch demand,
clean one, fast and not dirty with
Other opcodes :-).
I will check up 5.91 later, until my isp will bring back the internet
:-(
Starting our mission...Load up mIRC, about,Regiter..
Enter anything, or even leave the text boxes blank..not matter, press
OK button:
"Hmm, your registration name and
number don't match"
Nice message no ? :-) i wonder why mIRC
author doen't kill this messagebox,
I assume he saw alot of cracks of his app no
? hehe :-)
Any way Disassemble our Target...
Sit back, drink something cold (coca-cola ? :-) ) i prefer with ice...
Ok done disassembled...fewwww took some time on my P1 :-(
Well the Strn-ref is pretty long and it's annoy to search for our message
box there..
Clicking on the 'Search-->Find Text" will
help us allot, insert "Hmm" and we click 'Find Next'
With direction point Down, ok takes alittle time..waiting...waiting...ahh
found, few i though it isn't there :-)
Let see what we have here:
-----------------------------------------------------------------------------------------------------------------------------------------------------
*Possible Reference to string resource ID=01913: "Hmm,
your registration name and number don't match..."
|
:0049D971 6879070000
push 0000779
----------------------------------------------------------------------------------------------------------------------------------------------------
Now we can suspect there is a Conditional / Unconditional jump to this
Message, but there isn't...hm...
Lets Back Trace, try to search for the first JE/JNE we will encounter,
i found it in this address:
|
PUSH
000543BD3h
PUSH 0005437ECh CALL LOC_0049D3C5 TEST EAX,EAX 49D877 JZ LOC_0049D92D |
Store name
Store Serial Call the check routine is EAX = 0 ? Bad_Boy Message |
We see the nice JZ that takes us to the message
we found earlier.
Now a good place to search is the Call to LOC_0049D3C5
.
Lets Examine the call...hm...there is allot of
code. a good thing i can tell is that it is started with Push EBP :-)
Anyway, let's see the code:
| PUSH
EBP
MOV EBP,ESP PUSH EBX PUSH ESI PUSH EDI MOV ESI,DWORD PTR [EBP+00Ch] ;ESI = Serial MOV EBX,DWORD PTR [EBP+008h] ;EDX = Name PUSH ESI ;Store Name MOV ESI,000554A00h ;Crap ;--------------------------------------------------------------------------------------------- UseLess Code Here ;--------------------------------------------------------------------------------------------- PUSH 000554B04h ;Save Name PUSH 000554A00h ;Save Serial 49D427 CALL LOC_0049D2D2 ; Algo TEST EAX,EAX ; Enter good serial ? JZ LOC_0049D437 ; Nope you haven't, Go away Bad_Cracker MOV EAX,000000001h ; Good_Boy JMP LOC_0049D4AB ; Jump to Good Message |
Well, it seems we have found the Treasure Aren't we ? :-)
We have here 2 choised that both will give us a registered Version.
1. Enter the call 0049D2D2 and face the
algo and will eventually we will get a working serial
2. Using a short Cut and change JZ to
JNZ which will give us a clean crack working 100%
Hmm...I think that my intuition takes me to the ALGO but still it's
a waste of time :-)..but i got time, so i will
Try do a keygen, but i like ShortCuts as well, so lets Change JZ->JNZ
Open Hex Editor,Load Mirc32.exe into it, Decode Mode, goto offset 9CA2E
and change the 7407->7507
Save the file, and take your money Back
:-)
And remember Cracking is more than a Crime, it's
a Survival trick ;-)
*No metter which name you enter, it will be accepted
:-)
Have Fun
|
|
Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will continue to produce even *better* software for us to use and more importantly, to continue offering even more challenges to breaking their often weak protection systems.
If your looking for cracks or serial numbers then your wasting your time, try searching elsewhere on the Web under Warez, Cracks and etc.
+SandMan...
|
|
I would like to say thank you to all who has supported me, and helped
me through my cracking days:
|
|
For his Great Essays And Skills |
|
|
For his awesome Tutorials |