Requirements :
Numega Softice 4.05
Some asm knowlege
Information :
Target: ALL2BMP v1.0.1
Author: hEYWIRE
Download : http://www.herculesoft.com
About:
The purpose of this Tutorial is to offer help to anyone wishing to study the art of Reverse Code Engineering. Breaking protection systems in programs is an intellectual challenge, it should NOT be used to steal software. REMEMBER, I do my cracks/keygens as a hobby and challenge, so please, if you like the utility you crack and keep using it, support the author and pay for it! . Peace hEYWIRE
Program Info:
ALL2BMP is a software tool that help you to convert your JPEG, JPG, GIF, PNG, TGA, PSD, PCD and other image files to BMP image file format. Now, you can manage easily your image files with BMP file format, the windows system default image file format.
Registering :
Ok so scan the program with your favorite PE-identifier. We now know it’s packed with ASProtect. If you have never manual unpacked a program packed with this packer. Then go find all the tutorials you can find about manual unpacking this packer. If you have, then just get a program to unpack this program.
Now that the program is unpacked enter in your registering details, and hit OK. We don’t get any Message box. Break into SoftICE and set a ‘bpx hmemcpy’ ok hit the OK button SoftICE should break. Hit F5 two times and then F11 and F12 till you get in to the program’s code. Search for you NICK and set a break point on it in memory. Hit F5 and SoftICE will break. Keep traceing and you will notice that the first character of you NICK gets move around. Keep traceing till you land here:
|
0167:00403F6C |
PUSH |
EBX |
|
0167:00403F6D |
PUSH |
ESI |
|
0167:00403F6E |
PUSH |
EDI |
|
0167:00403F6F |
MOV |
ESI,EAX |
|
0167:00403F71 |
MOV |
EDI,EDX |
|
0167:00403F73 |
CMP |
EAX,EDX ; Compare serial/dummy serial No |
|
0167:00403F75 |
JZ |
0040400A ; Good Cracker/Bad cracker |
|
0167:00403F7B |
TEST |
ESI,ESI |
|
0167:00403F7D |
JZ |
00403FE7 |
|
0167:00403F7F |
TEST |
EDI,EDI |
|
0167:00403F81 |
JZ |
00403FEE |
|
0167:00403F83 |
MOV |
EAX,[ESI-04] |
Ok so at code location 00403F73 we find the compare with our dummy serial number to the real one. Exit out of SoftICE and try this serial number. Restart the program and its still the same unregistered. Back in to SoftICE we go. Do the same above and keep traceing till you land here:
|
0167:004022A7 |
CALL |
00402068 |
|
0167:004022AC |
MOV |
[EBP-04],EAX |
|
0167:004022AF |
XOR |
EAX,EAX |
|
0167:004022B1 |
POP |
EDX |
|
0167:004022B2 |
POP |
ECX |
|
0167:004022B3 |
POP |
ECX |
|
0167:004022B4 |
MOV |
FS:[EAX],EDX ;Move D into EAX |
|
0167:004022B7 |
PUSH |
004022D7 |
If you do a ‘? EAX’ and ‘? EDX’ you will see the character D. This got me thinking why is this character been pushed onto the stack. So it hit me, the first character of my NICK was being moved about. So let’s but D in front of my NICK and try the serial number we got. So enter in you NICK with "D" in front of it and the serial number you got. Hit OK, we still didn’t get any Message box. Restart the program and it’s registered. You will also notice that there is a reg.key in the ALL2BMP DIR.
Final Notes :
That’s it for this Tutorial, hope you learned something, if there is any spelling mistake or grammar errors then forgive me, IM only human. Just a short note, REMEMBER, I do my cracks/keygens as a hobby and challenge, so please, if you like the utility you crack and keep using it, support the author and pay for it! Peace hEYWIRE