informis/textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/piracy/CRACKING/nags.txt
root@procul 278a90f7ce Initial commit
2021-04-15 13:31:59 -05:00

213 lines
8.0 KiB
Plaintext
Raw Blame History

8/24/97
How to USE nag screens?
=======================
Introduction
------------
What I`m about to teach in this tutorial, is simply how to USE nag screens,
yeah yeah, it sounds redicules, and, I`m not sure that i`m not inventing
the Wheel here, but, I've never seen any tutorial about this issue...
I`ll assume you have the knowledge in:
1.SoftIce (Winice will be more percisive...).
2.cracking (ie, about 2-3 months of cracking..).
3.Nag Screens (How to kill'em - but, that's of course not what will be discussed
here).
Tools you`ll need for this tutorial:
1.SoftIce 3.00/01.
2.Hex Work Shop (ANY VERSION) / or any other good Hex Editor.
Programs that will be discussed in here:
1.DeskWipe v1.2 : URL - Http://Home.sol.no/Frankm
2.Idyle Phone Book Pro 97 V2.21 : URL - Http://www.idyle.com/
Some words for start
----------------------
What we're going to be doing here, is to use the nag screens in order to
get to the registration routines, in programs that newbies usually find
hard to handle - The programs that have NO visible registration info...
Which means, programs without register boxes... etc..
Our basic method here, will be to set a break point on a messagebox , or
some other forms of nag screens that will be discussed here later,
then , after breaking in the nag screen routine, look back in the code,
and see what condition brought us to the nag screen, then, break point in that
condition (ie, je,jz,jnz etc....), and disable it... ;-)
Sounds like we`re just about to start our cracking here...... :)
The first program I'd like to discuss is one of the simplest...
DeskWipe 1.2 Cracking (Using nag screen).
--=========================================--
OK, we're all set with SoftIce running?
great, lets start the program to see the actual protection scheme...
After launching DeskWipe 1.2 , quickly pops a nag screen, errrgh! sux!
Lets Exit the program , and set a bp on messageboxa, then, run it again...
oh, no ;`[ , we're lost, messageboxa wasn`t such a lucky guess,
Hmm..... Now, we can use our knowledge in nag screen (which is not too hard
to achieve btw...;)), while we're in the nag screen, press CTRL+D, And,
type hwnd deskwipe...
U`ll see only one button , BMSG on it, (For me , it gave 0688...).
Now, press CTRL+D, and follow my instructions FULLY! (I'd really wish to
talk to you guys about these stuff, but, thats not for this tutorial,
and, it won`t serve my targets...).
1.After pressing CTRL+D , you`ll pop again in SICE, press F12 9 times.
2.press F10 several times, until you get to this instruction:
.
.
.
MOV EAX,[EBP-04]
MOV EAX,[EAX+00000128]
TEST EAX,EAX
JZ 420940 / This one, u`ll have to NOP in order to pass the nag screen,
/ because, this is the condition, if the Button was pressed
or wasn`t... (That was just a side comment).
.
.
.
NOP the JZ...
3.now, we can Continue pressing F12 7 more times...
until we're popped in this instruction:
.
.
.
CALL 00425728
POP ECX
POP ECX
.
.
.
Let's now press CTRL+UP several times, (to see the above code, that brought
us to this nag screen)
Until you get to this:
MOV EAX,[429664] / The initial value for the registration routine
CALL 425FFC / The registration routine itself!!! ;)
INC EAX / The Boolean identifier, that's used to determine if
JZ 426EA6 / The registration was successful...
.
.
.
I`ll leave you guys the job to Register this program (NOTE that in order
to crack this one with Patching, you`ll HAVE to change EAX's value INSIDE
the registration routine, But, it won`t be the BEST crack, for making the
BEST crack, you`ll have to make a license file... - I`ll leave this job to
you, I`m not trying here to teach how to do key files, I already assume
that you can handle the registration routine by yourself... ;))
Well , that's it for this program , Now , Let's move to some harder
Job... ;)
Lets Crack Idyle Phone Book Pro 97 Now!!
Phone Book Pro 97 V2.21 Cracking!!!
--===================================--
I'd like to take these lines to GREET the author Damien Rame for a GREAT
interface, I've never seen a better phone book!!! If you use this program,
please send him money! he deserves that!
This one, is about to be harder to do than the other one we've seen.
I`m about to do patching here , just to give you an example of a CRC checking
that's kicking ya from the program if it detects patching (this one, is usually
done by doing CheckSum to the EXE, and , comparing it with a Value that's
kept somewhere.......).
We're all set with our little SoftIce? :)
great!
Lets launch the program...
press the About/Register button...
Hmm, interesting... the author seems to be pretty smart, look what he did,
he DIDN`T give ya ANY buttom to press in order to tell the program to check
the registration info that was entered!!!
How do we solve this problem?
Well, it's obvious that the program checks the registration info in REAL TIME
(ie, when you enter it in the dialog box).
OK, Let's try something here:
I entered Name :^pain^ '97
Reg Code: 9999999
Wait, Let's Press CTRL+D, and, set a bp in HMEMCPY,then , press CTRL+D again,
and, add another char to the reg code...
YES! we popped right next to the registration routine...
Let's press F12 now until we get to the program code, and, trace the code
until we get to this instruction (The registration routine):
.
.
.
MOV EDX,EBX
MOV EAX,EBX
CALL 49616C
TEST AL,AL
JZ 004968B4
.
.
.
Now, it's obvious what u should do, trace in the registration routine,
Set a bp on some code in the registration routine, and, restart the program.
(Don`t worry, I know what I`m doing...)
After we pop back in Sice...
Exit the routine, and ,do the patch OUTSIDE the routine!!! (VERY IMPORTANT!)
(ie, TEST AL,AL ===> OR AL,01)
Now, we're all set for the point I want to discuss... :)
Launch the program!
Oh shit,Now Look what happens!!! This program does CRC checking!!! (Did I ever
say the author is smart??? ;-)) Although, he did a stupid thing...
Left us a MSG TYPE ERROR BOX!!! (That says there was a CRC error, and that the program
will now be terminated!!!) Let's use this shit! :))
Launch the program AGAIN!
when you get to the Error Button.
1.Type in Sice HWND.
2.BMSG on the ONLY button that PHONEBOOK uses.
3.Press CTRL+D
4.Press F12 5 times.
5.Press F10 until you get to this instruction:
.
.
.
Mov EAX,[EAX+00000150]
TEST EAX,EAX
JZ 00430CE2 / Nop the JZ...
(Only a temporary change for passing the msg box).
.
.
.
6.Press F12 8 more times.
7.Press CTRL+UP some times, until you see this:
CALL 445570 / CRC Checking routine... :)
CMP EBX,-2 / Boolean Identifier.
JNZ 459409
Now, All you have to do, is to change the CMP EBX,-2 ==> MOV EBX,01
JNZ 459409 ==> JMP 459409
And , we're all set! ;))
simple eh? :)
After nopping it, patch the EXE, and, you have a FULL crack! :)
NOTE that that's not how I did the crack, I did a better patch, but, I really
don`t remember now wtf did I patch, and, it's not really important for our
discussion ;) So, you`ll have to forgive me...
Well, I think that's it, I've cleared my point, and , I think it's time to
Sign off...
Hope you found this info interesting.....(I wouldn`t like to spend my time for
nothing... ;-)).
Ohhh...... almost forgotten, I'd like to greet the following dudes:
Acp,Niabi,JosephCo,_rANDOM,|KAIRN|,Razzi,Yoshi,GrimL0ck,kOUGER,Odin,
[J0B],Qapla,Leddy,TeRaPhY!,All the great guys in
#cracking & #Cracking4newbies And all the rest of you M$ fighters I've forgotten!
Signing off - ^pain^ [mEXELiTE] in the year of 1997 -
Reference in New Issue View Git Blame Copy Permalink