We will have a very basic and simple approach. We will use a disassemble and an assembler.
Disassemble is the process that will let us to view the "asm" source code of the
dissembled file.
Assembler - is the process that will allow us to make changes to the code.
The most classic disassemble is W32Dasm, download it here:
CODE
Disassemble is the process that will let us to view the "asm" source code of the
dissembled file.
Assembler - is the process that will allow us to make changes to the code.
The most classic disassemble is W32Dasm, download it here:
CODE
http://foff.astalavista.ms/downloads/W32Dasm_8.93.zip
The best assembler is HIEW32, download it here:
CODE
http://foff.astalavista.ms/downloads/Hiew726w.zip
Download the file that we will crack here:
CODE
http://foff.astalavista.ms/downloads/cim_crackme.zip
Unzip everything and we are ready to start!!!
Step1.
Run the file "cim_crackme.exe", we see there two empty boxes. Name and Serial like many
shareware software. Put there your name and any serial number then click on "Check"
button. We will receive this message: "This is not a valid serial......" Write this
message down, don't make errors. Just write the message without the quotes and the dots of course then close everything.
Step2.
Run W32Dasm disassemble, on the menu bar open the first menu "Disassemble" the "Open
file to disassemble". Browse to our target "cim_crackme.exe" then disassemble. You now
should see a lot of code on your screen
Go at the search menu of W32Dasm and click on "Find Text", put in the search box the text
string we did memorize somewhere: "this is not a valid serial" (without the quotes).
:
*Referenced by (U)nconditional or ©onditional Jump at Address:
|:004010D7
You should record the address you see: 004010D7 (is very important)
Now, go up once more until you find the address you just recorded,
The arrow number 1 show who is addresses group located. In the circle is the address we
were looking for. The address and all the row is selected by the green bar too! I hope
everything is clear enough! As you see, there is an other arrow, "arrow 2" that indicates
"JNE". What does "JNE" mean???
JNE - Jump if not equal
JE - Jump if equal
When we enter a fake serial number, it jumps. Hmmm, we should reverse it. The reverse of
"JNE" is "JE". If we do this, the program will accept any serial number as a real one!!!
But how do we edit it???
Using an assembler of course
Our mission now is to reverse "JNE" to "JE" at the address: "004010D7".
Step3.
Now send a desktop icon of HIEW32 then drag and drop "cim_crackme.exe" over it. You should
see some crap code, now press F4 from the keyboard then choose decode from the selection.
Now, return to HIEW and press F5 from keyboard then enter the address we recorded above
but don't forget to add a dot before the address and to remove the zeros before the
address number. Enter it like this: ".4010D7" (without the quotes of course) then hit
ENTER. After this you will land in the exact address where we will do the reversing.
Notice this line carefully:
.004010D7: 7516 jne .0004010EF
We should change the bytes here. Without moving the selection from "75" press F3 from
keyboard then hit the right arrow of the keyboard directional keys one time, be sure to
have the cursor under the number "5". Carefully press the number 4 from the keyboard. The
number will change from "7516" to "7416". Carefully press F9 from keyboard to save our
changes and F10 to exit at all! We are done!!!
Now check that everything is ok, run "cim_crackme.exe" that you just cracked and put you
name and any serial number...
0 comments:
Post a Comment