Requirements :
Numega Softice 4.05
Some asm knowlege
Information :
Target: Backup Magic 1.3.1
Author: hEYWIRE
Download : http://www.moonsoftware.com
About:
The purpose of this Tutorial is to offer help to anyone wishing to study the art of Reverse Code Engineering. Breaking protection systems in programs is an intellectual challenge, it should NOT be used to steal software. REMEMBER, I do my cracks/keygens as a hobby and challenge, so please, if you like the utility you crack and keep using it, support the author and pay for it! . Peace hEYWIRE
Program Info:
Backup Magic is a simple and fast backup solution. It doesn't have loads of options, but it includes the most required options to get your backup done fast and easy. It copies new or updated files from selected folders into another folder/drive. Target can be folder, network drive, zip disk or whatever writeable device you can see and use in Windows Explorer. Even making backup to a CD or CD-R disk is not problem if you have packet-writing software like Adaptec DirectCD installed. You can make multiple groups, specify several file filtering options, use several date/time variables in destination folder names, use incremental or mirror backup mode and much more...
Registering :
TOk run the target program, find out if its packed/encrypted using your favorite PE identifier. We now know it’s not packed/encrypted and written in Delphi. Go to the Order! Menu and then click enter Licenses number. Type in your nick and some dummy serial number. Ok its written in Delphi so set ‘bpx hmemcpy’. And then exit SoftICE. Now hit OK button and Softice will break. Hit F5 again, as there is two textboxes and then F11 to return to the call. Ok do a search for your NICK you entered.
S 0 L FFFFFFFF "heywire"
Found your nick? Good. Now search for it again out of the range where you found your username the first time. Ok set "BPM XXXXXXXX RW" XXX is the code location of where you NICK were found. Press F5 and SoftICE should break. You will hopefully land here: (IF NOT HIT F5 again).
|
0167:0044C51E |
JLE |
0044C540 |
|
|
0167:0044C520 |
MOV |
EAX,00000001 |
;Move 1 into EAX (Start of counter for loop) |
|
0167:0044C525 |
XOR |
ECX,ECX |
;Clear ECX |
|
0167:0044C527 |
MOV |
CL,[EAX+ESI-01] |
;Move first character of NICK |
|
0167:0044C52B |
ADD |
ECX,EAX |
;ADD ASC value of NICK & Character POS |
|
0167:0044C52D |
MOVZX |
EDI,WORD PTR [EBP-02] |
|
|
0167:0044C531 |
IMUL |
ECX,EDI |
; Multiply ASC value of Character by 661 |
|
0167:0044C534 |
MULI |
ECX,ECX,000000B2 |
; Multiply value of ECX by 178 |
|
0167:0044C53A |
ADD |
EBX,ECX |
; ADD EBX & ECX |
|
0167:0044C53C |
INC |
EAX |
|
|
0167:0044C53D |
DEC |
EDX |
|
|
0167:0044C53E |
JNZ |
0044C525 |
; All Characters? |
|
0167:0044C540 |
MOV |
EAX,[EBP-08] |
|
|
0167:0044C543 |
PUSH |
EAX |
Ok so looking at the above LOOP and reading the side comments you should have no problem understand what this LOOP is doing. Well here it is anyway:
Get ASCII value of first character (In MY Case h = 104) and add character position = 1 (Which is found by EAX. EAX is increased after every loop)
Multiply this value which is 105 by 661
Then multiply this value by 178
EBX = is equal to the above value you get and it keep adding the value for each character
It keeps doing this till all characters are done
And believe it or not that’s you serial number. The next thing to do is make a keygen for this program with you favorite programming language.
Final Notes :
That’s it for this Tutorial, hope you learned something, if there is any spelling mistake or grammar errors then forgive me, IM only human. Just a short note, REMEMBER, I do my cracks/keygens as a hobby and challenge, so please, if you like the utility you crack and keep using it, support the author and pay for it! Peace hEYWIRE