Name : 1Click DVD Ripper
Version : 2.03
Writen by : hEYWIRE
Protection: Self checking serial
Target : 1ClickDr.exe
URL : http://www.1clickdvdripper.com/download.htm
Tools : Softice vX.X / Brain / Unpacker
ok, you know what to do.
1. Run the program a few times
2. Check to see if program is Packed
3. If packed unpack it
4. Find out what the program is coded in
Ok after getting the progam unpacked, and you know what the program is writen in.( Microsoft Visual C++ 6.0.) start the program and Enter in any Name Serial Number.DONT hit OK yet! Set the usuall BreakPoints in Softice or what ever debugger you are useing. Ok Softice Breaks! Keep traceing till you land here :
004120A4 . 83FA 1D CMP EDX,1D ;Compare Serial Number Lenght
004120A7 . 74 50 JE SHORT 1ClickDr.004120F9 ;Jump if not equal to 1Dh (29 dec)
004120A9 . 33C0 XOR EAX,EAX
004120AB . 50 PUSH EAX
004120AC . 50 PUSH EAX
004120AD . 8BCB MOV ECX,EBX
004120AF . 68 98419200 PUSH 1ClickDr.00924198 ;ASCII "wrong serialnumber,program terminate!"
004120B4 . E8 EC820900 CALL 1ClickDr.004AA3A5
004120B9 . FF15 10724B00 CALL DWORD PTR DS:[<&KERNEL32.GetCurrent> ;GetCurrentProcess
004120BF . 6A 01 PUSH 1 ;ExitCode = 1
004120C1 . 50 PUSH EAX ;hProcess
004120C2 . FF15 20724B00 CALL DWORD PTR DS:[<&KERNEL32.TerminateP> ;Terminate Process
Ok so we now know that the serial Number lenght has to be 29DEC. Exit out of Softice and restart the program. Enter in any name and make the serial number lenght 29DEC. Ok now when you come to the compare lenght you will get new code to trace and the program will not exit.Keep traceing till you land here :
004120F9 > 8A50 05 MOV DL,BYTE PTR DS:[EAX+5] ;Move character eax+5 (6th charater)
004120FC . 80FA 2B CMP DL,2B ;Compare it to 2B (43 DEC = + ASCII)
004120FF . 74 24 JE SHORT 1ClickDr.00412125 ;Bad Jump
00412101 > 33C0 XOR EAX,EAX
00412103 . 50 PUSH EAX
00412104 . 50 PUSH EAX
00412105 . 8BCB MOV ECX,EBX
00412107 . 68 98419200 PUSH 1ClickDr.00924198 ; ASCII "wrong serialnumber,program terminate!"
0041210C . E8 94820900 CALL 1ClickDr.004AA3A5
00412111 . FF15 10724B00 CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; [GetCurrentProcess
00412117 . 6A 01 PUSH 1 ; /ExitCode = 1
00412119 . 50 PUSH EAX ; |hProcess
0041211A . FF15 20724B00 CALL DWORD PTR DS:[<&KERNEL32.TerminateP>; \TerminateProcess
Ok so from the above code we see that the sixth charater in the serial Number has to be a "+" with out the quotes.You can just reverse the jump here. In Softice you can Type "R FL Z" ok now keep traceing till you land here:
00412125 > 8A50 0B MOV DL,BYTE PTR DS:[EAX+B] ;Move Eax+B = 12th character
00412128 . 80FA 2B CMP DL,2B ;Compare 12th character to "+"
0041212B .^75 D4 JNZ SHORT 1ClickDr.00412101 ;Bad jump
0041212D . 8A50 11 MOV DL,BYTE PTR DS:[EAX+11] ;Move Eax+11 = 18th character
00412130 . 80FA 2B CMP DL,2B ;Compare 18th character to "+"
00412133 .^75 CC JNZ SHORT 1ClickDr.00412101 ;Bad jump
00412135 . 8A50 17 MOV DL,BYTE PTR DS:[EAX+17] ;Move Eax+17 = 24th character
00412138 . 80FA 2B CMP DL,2B ;Compare 24th character to "+"
0041213B .^75 C4 JNZ SHORT 1ClickDr.00412101 ;Bad jump
Ok so now we know that the style of the serial number for 1ClickDVDRipper. The lenght has to be 29 and every 6th character has to be a "+". so we end up with this: ?????+?????+?????+?????+?????
00412174 > 0FBE70 02 MOVSX ESI,BYTE PTR DS:[EAX+2] ;Move first Character in serial Number
00412178 . 83FE 41 CMP ESI,41 ;Compare it to 41h (65Dec) ASCII = A
0041217B . 7C 09 JL SHORT 1ClickDr.00412186 ;Jump Less
0041217D . 83FE 46 CMP ESI,46 ;Comapre it to 46h (70DEC) ASCII = F
00412180 . 7F 04 JG SHORT 1ClickDr.00412186 ;Jump on Greater
00412182 . B1 01 MOV CL,1 ;Move 01 into CL
00412184 . EB 02 JMP SHORT 1ClickDr.00412188
00412186 > B1 00 MOV CL,0
00412188 > 03D6 ADD EDX,ESI
0041218A . 84C9 TEST CL,CL
0041218C . 74 05 JE SHORT 1ClickDr.00412193
0041218E . 83C2 C9 ADD EDX,-37 ;Take -37h away from character value
00412191 . EB 03 JMP SHORT 1ClickDr.00412196
00412193 > 83C2 D0 ADD EDX,-30 ;Take -30h away from character value
Ok so all the above code is doing is this.
1. Get first character from serial number
2. Check to see if the character is either an "A" or "F"
2. IF its an "A" or "F" or between then take -37h (55 DEC) away
3. IF its not an "A" or "F" or between then take -30h (48 DEC) away
4. Get next character and do the same. Keep going till first 5 characters
It keeps doing this with all the first FIVE characters then adds all the values of the characters after takeing away either 55DEC or 48DEC and stores the value in EDX. Remeber you can also enter in NUMBERS as well.keep traceing till you land here:
0041227C . EB 03 JMP SHORT 1ClickDr.00412281
0041227E > 83C2 D0 ADD EDX,-30 ;Compare EDX (EDX = value of characters) with
00412281 > 83FA 1E CMP EDX,19 ;19h = 25 DEC
Ok now you know how the serial is checked. It does all subtracion and then checks the current value in EDX to 1Eh, if its equal the first 5 characters are good, Else bad serial number.This is only for the first FIVE characters. Theres another FOUR to check. Keep traceing till you land here below its just another check for the next five characters which has to be equal to 30 if not then bad serial number.
00412323 . EB 03 JMP SHORT 1ClickDr.00412328
00412325 > 83C2 D0 ADD EDX,-30 ;Compare EDX (EDX = value of characters) with
00412328 > 83FA 29 CMP EDX,1E ;1Eh = 30 DEC
It then keeps going and checks the rest of the serial number in groups of FIVE. When you have passed all the checks and now know how the serial number is checked keep traceing till you land here:
00412477 . 50 PUSH EAX ; pHandle
00412478 . 68 B43F9200 PUSH 1ClickDr.00923FB4 ; Subkey = ""
0041247D . 68 01000080 PUSH 80000001 ; hKey = HKEY_CURRENT_USER
00412482 . FF15 0C704B00 CALL DWORD PTR DS:[<&ADVAPI32.RegCreateK>; RegCreateKeyA
00412488 . 85C0 TEST EAX,EAX
Looking at the code you should know what its doing. If you have passed all the checks it buts the serial number you have entered into the REGISTRY. As this is a self checking serial number, we still dont have a vaild serial number. But we know how the program checks it. You can now do one of two things.
1. Patch all the checks at the program start up
2. Make a program to genartate a serial number for you
OK will Im hopeing that you will choose number two and write a program to genarate a serial number for you. Its a lot easier that you might think.
1. genarate FIVE characters "0-9" and "A-F" depening on which character take 55 DEC or 48 DEC away
2. Add up all Values and compare it with 25 DEC (FIRST PART)
3. If not equal go back to 1 if equal go to 4
4. genarate FIVE NEW characters "0-9" and "A-F" depening on which character take 55 DEC or 48 DEC away
5. Add up all Values and compare it with 30 DEC (Second PART) And so on.......... you get the idea.
There is FIVE parts to check, I just showed you the first 3.
That’s it for this Tutorial, hope you learned something, if there is any spelling mistakes or grammar errors then forgive me, Im only human. Peace hEYWIRE!