--Softice Tutorial--- Date written: 23.4.2001 Program Details: Name: nIabI's crackMe 1.0 Author: Bengaly Tools Used: Softice 32dasm hex-editor Rank: easy[X] medium[ ] hard[ ] ________________________________________________________________________ -About this protection system- Protection which based on serial protection. __________________________________________________________________________ The Essay As this is a tutorial for newbies, I'll go into details about how I go about cracking the program. I suggest that you read this tutorial first. When you have completed the tutorial, leave this tutorial open and follow the instructions. Re-do it once more after you have completed the step by step guide... In this essay, when I write type "d EAX" or similar commands in Softice, I mean it without the quotes. __________________________________________________________________________ Lets Crack The Bitch ;) ok, this is easy to..in all of my tut i will try give u many tut's which are using only serial/code sniffing, to give u the idea how to find serial/code in many ways (some the same with only diff registers). ok open the crackMe..u will see 2 text box..fill the first box not the the second one to..(some may to confused)..so our first text field is where we put the serial...i entered this: serial: 1234567890 <= some crackme does a compare with cirtain letters/num so the best is 1-0 i will show you 3 diffrent ways to crack the crackMe: 1.using SoftIce 2.D32asm <= mostly much easier...in this case it is 3.patching using hex-editor Method 1: "SoftIce" -------------------- do a bpx hmemcpy, f5,...enter serial, press "check it" button..softice pop-up press f12 (12 times) untill we will reach the code..u will be here: ----snip---- xxxx:yyyy MOV EAX,[ENP-04] ; our fake serial xxxx:yyyy MOV EDX,0042D590 ; 0042D590 = real serial move to edx xxxx:yyyy CALL 004238D0 ;good boy "u made it" xxxx:yyyy JZ 0042D555 ;bad boy "wrong code DUDE" since the crackme use a little compare we can assume the serial is somewhere in the begginig. so if u will do: d 0042D590 u will see in the data window this: Benadryl serial = Benadryl Method 2: "D32ASM" ------------------- disassmble the crack me, click the str-ref button..look carfully..click the "u made it" scroll up a bit and u will see "Benadryl" <= hmm..what is it?? lol..it's a serial. heh ;) Method 3: "patching" ------------------- so..so dont close the 3dasm cuz we will need some data from it. click the str-ref button..look carfully..click the "Wrong code DUDE"..scroll up a little but till u will see this: MOV EDX,0042D590; serial CALL 004038D0 ; good boy JE 0042D555 ;<= patch this line to move above the badboy massage to the good boy massage now move on to the JE location and look down u will see @offset 0002c941h (dont write the h, it's only mean hex), now open hex-editor (hView)..press f4->decode->f5 (search) 2c941->f3 change the instruction 74 to 75..(meaning je->jne)..perss f9 to save the file, press 10 to quit hview. now evertything u will enter to the crackme it will be registered ;) CrackMe cracked ;) ________________________________________________________________________________________________ My thanks and gratitudes goes to: ----CODE_INSIDE----- ;for helping in cracking -----BLAcKgH0sT------ ;for being good friend :) -------FusS------ ;asm / keygenning helper All the writers of Cracks tutorials and CrackMes