  
Reverse Code Engineering - Software By Design Software 
            Finding Correct Serial Numbers 
            Author: Volatility 
            Please Read The Disclaimer Before Continuing. 
            

            
            TargetAL Software By Design Software
                        Locationhttp://www.execpc.com/~sbd/
                        Protection(s)User Name/Organization/Serial Number
                        Tools NeededNuMega Soft-Ice (Any Version)
                        Level(X) Beginner ( ) Intermediate ( ) Advanced ( ) 
                        Expert

            

            The programs I've cracked here so far, all work with this method, so 
            I'm assuming they all will. 
            Gregory Braun puts out some damn good, useful and innovative 
            software, so please pay for these programs.  Don't be a lamer and 
            use my registration info either. 
            All the programs I've seen have a registration screen that looks 
            like this: 
            
            
            
            So, we have a User Name, Organization, and Serial Number to enter.  
            Judging by this, we could get more easily lost trying to patch, than 
            we could just hunting for a correct serial number.  
            The program we'll use for this example is "RGB Editor".  The first 
            method I tried for this target was the HmemCpy function in Soft-Ice, 
            and it works just fine.  So, Type some dummy data into the text 
            boxes (Cracked by Volatility [ID], Immortal Descendants and 272727 
            for mine).  
            Making The Crack:  
            With your dummy data entered, press Cntrl+D to enter Soft-Ice.  Set 
            a breakpoint on HmemCpy (BPX HMEMCPY).  Press Cntrl+D or X to exit 
            back to the program, and click "OK".  
            Soft-Ice will pop up.  Now, we could step through the code, but if 
            we think about it, the procedure will be called THREE times... once 
            for your user name, once for your organization, and a final time for 
            the serial number.  So, press Cntrl+D two times, so that we're at 
            the third occurence.  
            Press F11 once to exit the code, and you should be here: 
              177F:0B40  9A189E1701           CALL    KERNEL!HMEMCPY
177F:0B45  FF35                 PUSH    WORD PTR [DI]
177F:0B47  9AB0011F01           CALL    KERNEL!LOCALUNLOCK
177F:0B4C  8BC6                 MOV     AX,SI
177F:0B4E  5E                   POP     SI
177F:0B4F  5F                   POP     DI
177F:0B50  C9                   LEAVE
177F:0B51  C20A00               RET     000A
                        
                
            If you look on the line above the command window, you'll see 
            "USER(0A)".  This isn't where we need to be, so step through the 
            code using F10, until you see "RGB!.text" on the line... now we're 
            in the program code.  
            Step through the code several more times to look for the place where 
            our serial number is calculated.  You'll find it here:  
              
0137:0040687B  8BE8             MOV     EBP,EAX 
0137:0040687D  53               PUSH    EBX             :organization
0137:0040687E  56               PUSH    ESI             :user name
0137:0040687F  E89C2C0000       CALL    00409520        :calculate our serial number
0137:00406884  83C408           ADD     ESP,08 
0137:00406887  3BC5             CMP     EAX,EBP 
0137:00406889  741E             JZ      004068A9 
0137:0040688B  68CFEA0000       PUSH    0000EAC
                        
                
            We can display our organization by stepping through the line "PUSH   
             EBX", and typing d ebx.  We can display our user name by stepping 
            through the line "PUSH    ESI", and typing d esi.  But now how do we 
            display our serial number?  We don't really... if we step through 
            the line "CALL    00409520", we can get the value of EAX by typing ? 
            eax.  There's your serial number!  Mine was 3727125845 . 

            
            *** Disclaimer *** 
                        This Essay Is For Knowledge Purposes Only. Neither We, 
                        Our ISP, Nor Any Persons Mentioned Shall Be Held Liable 
                        For Any Damages Improper Usage May Cause To Your 
                        Machine. 
                        If You Successfully Crack A Program, You Must Delete It 
                        Immediately. If You Want To Keep The Program, Please BUY 
                        It! Support Shareware, This Is Our Learning Tool! 
                        It Is Illegal To Continue To Use Cracked/Patched 
                        Software. 
                

            
            Copyright  1999 Volatility And The Immortal Descendants. All Rights 
            Reserved. 

