     
                                      
                             
     ޲                                
                   
     ޲    ۲ ޲     ۲  
         ۲ ۲ ۲ ۲    ۲ ۲  ۲
    ޲  ۲۲޲ ۲޲      ۲  ۲  
        ޲ ޲  ۲ ޲  ۲ ޲  ۲ ޲  ޲ ޲  ۲
                                      
      
                                         
                                         

Tutor      : Ordoc
Data Wrote : January 3, 1999 (Started working on it late december but never finished hehe)
Editor     : An NFO Viewer (wordwrap) *Notepad is fine if u don't wanna see the neat ASCII Art :)*
Who        : Beginner to Intermediate
Greets     : Harlem, WLW, #cracking4newbies (ytc_ specially for helping me with this.)
Target     : GodeZip v2.0 (c) DegSoft (ftp://ftp.simtel.net/pub/simtelnet/win95/compress/godzipv2.zip)
Size       : 320kb
Rev Date   : 12/10/98

        Welcome to my second tutorial, it will be a bit more in depth than my first.  This programmer must have been on crack
as you will see in a sec.  Also this is a weird protection because the reg code compare loop isn't inside a call.

        First run GodeZip.  Now your saying "wtf? theres no Help/About".  Like I said the programmer is on crack.  Click the
upper left icon of GodeZip.  Goto "About"  Then another box will pop up, click the ".click." button to register. Enter your
licsense number and your corresponding code(they both have to be 7 digits[I used 1234567 and 7654321]).  Now before you click
Ok, Ctrl-D into softice and set a breakpoint on GetDlgItemTextA (bpx GetDlgItemTextA).  Ctrl-D back to the program.  Click
OK.  Like magic your back in softice.  Hit CTRL-D again since there are two dialog boxes for input and the second one is the
one we are interested in.  You need to be in GodeZip!Code, are you? YES!.  Hit F11 to get into the code.  Now you should see
something like:

:004022B1 803D1113430044          cmp byte ptr [00431311], 44; Check to see if Reg Code starts with D
:004022B8 0F94C0                  sete al
:004022BB 0FB6D0                  movzx edx, al
:004022BE 803D0813430047          cmp byte ptr [00431308], 47; Check to see if Liscense # starts with G
:004022C5 0F94C0                  sete al
:004022C8 25FF000000              and eax, 000000FF
:004022CD 21C2                    and edx, eax
:004022CF 0FBE0D17134300          movsx ecx, byte ptr [00431317]
:004022D6 0FBE0509134300          movsx eax, byte ptr [00431309]

        Ok first off, those two cmp's look suspicous.  Lets Display the pointers (ptr).

D 431311

Well well look at that its our Reg Code(Corresponding Code).  At the end of that cmp there is a 44 which is hex for D.
So that means our reg code needs to start with a 'D'.  Next display the second ptr.

D 431308

It is our licsense number.  At the end of that cmp there is a 47 which is hex for G.  So that means or Licsense # needs to
start with a 'G'.

So far we have found two very important things in the code at the begining.  The Liscense # must start with 'G' and Reg Code
must start with a 'D'.  So Clear your breakpoints and re-enter your code. (G1234567 and D7654321).  The next part I will only
explain the important parts of the code since there is quite a lot ;)

Hit F10 to step through the code(about 7 times) till you get to:

:004022CF 0FBE0D17134300          movsx ecx, byte ptr [00431317]; move a number from your reg code into ecx
:004022D6 0FBE0509134300          movsx eax, byte ptr [00431309]; move a number from your licsense # into eax
:004022DD 83C01E                  add eax, 0000001E ; add 1E to the current number in eax

If you display 431317 (D 431317) you will see your bogus registration number.  Look at the first number on the line where
u displayed 431317.  In my case it was '2'.  So remember that and step pas add eax, 1E.  Now do    ? EAX   .  You will get
a letter.  In my case the letter was 'O'.  So Substitute 'O' for '2' in your reg code.  Mine is now 76543O1.  Continue
stepping to:

:004022EC 0FBE0D16134300          movsx ecx, byte ptr [00431316]
:004022F3 0FBE050A134300          movsx eax, byte ptr [0043130A]
:004022FA 83C017                  add eax, 00000017

Now repeat the above steps.  Using the new ptr[00431316].  Get the number of the reg code it is using.  Step passed the
add eax, 17   and do ? eax to get the corresponding letter to the corresponding number in your code.  Keep doing
this process until you reach:

:00402398 85D0                    test eax, edx
:0040239A 7434                    je 004023D0

Then clear your breakpoints and enter your code.  Mine was DKRHTIOE.  Congradulations on cracking this WinZip clone.
 Now delete it and never use it again because it is so lame!!

This program is very easy to write a keygen for so go ahead and try it :).

Below I have listed the whole code thats important for generating your correct reg code to help u with a keygen.

:004022CF 0FBE0D17134300          movsx ecx, byte ptr [00431317]
:004022D6 0FBE0509134300          movsx eax, byte ptr [00431309]
:004022DD 83C01E                  add eax, 0000001E

:004022EC 0FBE0D16134300          movsx ecx, byte ptr [00431316]
:004022F3 0FBE050A134300          movsx eax, byte ptr [0043130A]
:004022FA 83C017                  add eax, 00000017

:00402309 0FBE0D13134300          movsx ecx, byte ptr [00431313]
:00402310 0FBE050B134300          movsx eax, byte ptr [0043130B]
:00402317 83C01F                  add eax, 0000001F

:00402326 0FBE0D18134300          movsx ecx, byte ptr [00431318]
:0040232D 0FBE050C134300          movsx eax, byte ptr [0043130C]
:00402334 83C011                  add eax, 00000011

:00402343 0FBE0D14134300          movsx ecx, byte ptr [00431314]
:0040234A 0FBE050D134300          movsx eax, byte ptr [0043130D]
:00402351 83C013                  add eax, 00000013

:00402360 0FBE0D12134300          movsx ecx, byte ptr [00431312]
:00402367 0FBE050E134300          movsx eax, byte ptr [0043130E]
:0040236E 83C015                  add eax, 00000015

:0040237D 0FBE0D15134300          movsx ecx, byte ptr [00431315]
:00402384 0FBE050F134300          movsx eax, byte ptr [0043130F]
:0040238B 83C01D                  add eax, 0000001D

If you have any questions etc look for me in #cracking4newbies.

Look for more tutorials from Harlem soon.

