
 -{ How To Reverse }-
     bY fuzzyCaT
 
 
 Target...: GraphCalc 2.11
 Tools....: Win32Dasm, Hiew, eXecope and Brain (4000 CC is better :P)!
 
 
 
So our target is GRAPHCALC, i don't feel like loading a file monitor or a
registry monitor, so lets go directly to Win32Dasm.
Ok make 2 copies of GrphCalc.exe [Win32Dasm], one GrphCalc.crk.exe [for HIEW] and 
the other GrphCalc.bak. [SAFE]
Run GraphCalc try to register it, hmmm, looks like a bug to me what do you think?
Lets give a hand to the programmer and correct it :P
Load GrphCalc.exe into Win32Dasm goto to the String Reference window look for that 
string, found it? Cool!
Double-Click on it, again, looks like we ended at the same spot, so it probably 
doens't have another check.
So you got to this piece of code:
 
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046DADB(C)  <-- ? what do you think? (C)=Conditional [Jne,Je,Jz,etc]
|
:0046DC15 6A10                    push 00000010
 
* Possible StringData Ref from Data Obj ->"Unregistered Version of GraphCalc"
|
:0046DC17 68502A4C00              push 004C2A50
 
* Possible StringData Ref from Data Obj ->"Invalid Registration Code" <-- The String
|
:0046DC1C 68742A4C00              push 004C2A74
:0046DC21 8B8D74FFFFFF            mov ecx, dword ptr [ebp+FFFFFF74]
:0046DC27 E88A3C0200              call 004918B6

Did you seen the Conditional shit? Open GOTO CODE LOCATION window input "46DADB"
yee, we reached a Je by other words a compare Jump If Equal:
 
:0046DAD9 85C0                    test eax, eax
:0046DADB 0F8434010000            je 0046DC15  <-- Looks like the bug!!! :P
:0046DAE1 C60584534C0001          mov byte ptr [004C5384], 01
 
Ok, run Hiew load GrphCalc.crk.exe press F4 to DECODE mode, press F5 enter "46DADB" now 
press F3 then F2 and change the JE to JNE press ENTER, ESC now F9 to update.
Run it, looks ok, try to register it, hmm cool it accepted!! Exit, enter again, damn!
Didn't stay registered.
Ok, will be back to this soon!
GraphCalc says that you can only use it for 30 days after that.... But lets try to put
the pc clock up to 1 year more... Run GraphCalc and ..? Nothing!! It doesn't check if
you're using for 1 day or 1000 years!
But it still doesn't keep registered... Damn! Ok lets go to the AboutBox any important
information there?
.
.
.
.
Yes! The text "GraphCalc is a shareware....", remember when u regist it this disappears
right? Ok back to Win32Dasm, look out for that string.......
Nothing!! But what is the inverse of that? Hmmmm.... Find "Registered To:" string
So u arrived here:
  
* Possible StringData Ref from Data Obj -> "Registered To: "
  
:00456999 68F4034C00		push 004C03F4
.
.
.

Ok go up a little, see anything familiar? Maybe a conditional jump? Yeah!
This:
  
:00456989 A084534C00	mov al, byte ptr [004C5384] <- Hmmm ?!
:0045698E 85C0		test eax,eax <- Very familiar and interesting!!
:00456990 744A		je 004569DC <- Yeah!!!!! BOOMMM!!! [Label1]
.
.
.
  
Got the offset from [Label1]?
Run Hiew F4 "Decode", F5 "56990", F3 change 74 -> 75, F9, boom!
Run it cool!!!! Registered to you!!!
But theres still a prob, the register button isnt disabled and it should be!!
This is where eXeScope comes up, open GraphCalc with it and look out for that menu
now just check the GRAYED and DISABLED! oki! done!!! TIP the menu is the first!
Easy eh?
  
Easy prog dont u think?
A little cheating but u cares? It works, doesnt it? ;)

Now if u want to make a patch and make the menu disabled at same time, u'll
have to use your brain, because if it is DISABLED u cant regist it and so
it'll show "Registered To: " only! TIP: graphcalc.ini it auto fills whats 
missing!!! 
  
Cya!!! 
  
A newbie tut written by ONE!! :P

Greetz:
iNNU3NDo :: Duelist :: Northpole :: hmemcpy :: Ac|FuSiO :: R!SC :: PROF.X 
tKC :: PinguTM :: DarkShadow :: LaZaRuS :: SiR_DawG :: cokine :: CiA[File] :)
fuzzyCaT [ey it's me!! :)] :: All other CiA members :: #C.i.A & #CRACKiNG4NEWBiES
 
CiA :: EVC :: CORE :: Phrozen Crew :: eMINENCE :: MiB :: DREAD :: CLASS :: RAZOR

fuzzyCaT  [fuzzyCaT@Gmx.net] [www.fuzzyCaT.tsx.org]
Crackers In Action 2000