CRACKING
TUTORIAL
BROUGHT
TO YOU BY PRABIN
|
Tools for every cracker |
Windows
disassembler/debugger latest version
Download it from http://www.Lockless.com
An HEX Editor. I prefer A.X.E.
Download it from www.kahei.com
|
Knowledge for every cracker |
Basic assembly (the one provided below)
|
ASM |
HEX | Meaning |
| je | 74/0F84 | jump if equal |
| jne | 75/0F85 | jump if not equal |
| jmp | EB/E9 | jump unconditionally |
| jg | 0F8F | jump if greater than |
| jl | 0F8C | jump if less than |
| jge | 0F8D | jump if greater than or equal to |
| jle | 0F8E | jump if less than or equal to |
Read W32Dasm/A.X.E. help files
Cracking, most of the times is an easy procedure.
First of all, run the target. Explore it and find exactly what you want to do
and perform the following steps according to your need.
Some common things for all four parts: |
|
1 Do you want to register it? |
Search with W32Dasm, words associated with the registration environment. (e.g. "Wrong registration")Some lines up, the first cmp followed by a je/jne is what you need. Read the Offset,and make the appropriate change. Remember that you don't want to see the message "Thank you", but you want to register the program. So you may need to run the target (step by step using W32Dasm and brakepoints), and see what change should be done. When you get some experience, you wiil be able to change the check the target does, just when you run it. |
|
2 Do you want to enable a function that is disabled because you are unregistered? |
Search with W32Dasm, words associated with the function environment. (e.g. If it is a disabled menu, it's name) Some lines up, the first cmp followed by a je/jne is what you need. Read the Offset,and make the appropriate change. Why don't you try to crack the registration of the target? Parts 1,2 can both be done, for getting the experience you would need to procced to 3,4. |
|
3 Do you want to remove a nag screen? |
Search with W32Dasm, words associated with the nag screen. (e.g. "This is an evaluation version of...) There you have a more complicated work to do. A nag shows up, after the execution of a call. If you haven't found this call to bypass it using a jmp, you must try to find it runing the target step by step using W32Dasm. You must never get bored in steping through the calls espessialy when you want to wipe out a nag that asks you to do something. (e.g. To press a button). When you have found The call, nop it and all the pushes that are glued over it. |
|
4 Do you want to try a trial for ever? |
There you can't search using W32Dasm's search. You must found what you need all alone. Running the program step by step using W32Dasm, is the only solution if you don't want to use softice (a great debugger, Cracking Tutorial #2). There you have to ways: 1st -> Find where the target checks (Time-Date)/(Times running it) in the start procedure, and change thecheck, or 2nd -> remove all the nags (3.), and following backwards the Exit Procedure, bypass it. But remember, ONLY from the correct point. |
|
Final Thoughts |
Detail
step by step instructions for different cracks are
provided in the hacking page.
For more informations and further details contact me at
[email protected]
Property of http://www.geocities.com/prabinpebam
|
The End |