Sequence number: 57242
Title: CRACK Properties Handwriting 2 - My First Registrar (2,000)
Sender: y97523 [
Short message]
Time: 2002-03-09 19:55:42
Reading: 209
details:
CRACK's intimate handwriting 2 - my first registrar
/ / -------------------------------------------------------------------------------------------- -
Target: icontoy2.exe: 392 KB (401,920 bytes)
Green software, separate EXE file
Delphi writing without Pakage support, no housing
Crack the goal: find the registration code, it is best to make a registration machine
/ / -------------------------------------------------------------------------------------------- -
Crack process:
1. Use IDA to disassemble.
2. With Softice, BPX getWindowText
BPX GetWindowTexta
BPX GetWindowTextw
BPX getdlgitemtext
BPX Getdlgitemtexta
BPX getdlgitemtextw results column to Tapplication :: getTitle, did not intercept the program to get the registration code
the process of.
? ? ? Perhaps Delphi's TControl :: getText Another function? (See 2002-2-15 Diary)
3. Use W32DASM to disassemble, find the Registration Key Error! String, click to go directly to the ONOK's handler, That's OK!
4. Find this handler in IDA,
Analysis found:
First open the registry, write the username, Key to the registry
Mov Edx, Offset _STR__Software_akato_0.Text
MOV EAX, EBX
Call @ registry @ Tregistry @ OpenKey $ qrx17system @ ansistring4bool
Lea Edx, [EBP VAR_4]
Mov Eax, [ESI 270H]
Call @ tcontrol @ gettext; tcontrol :: getText
MOV ECX, [EBP VAR_4]
Mov Edx, Offset _STR_REG_KEY_0.TEXT
MOV EAX, EBX
Call @ Tregistry @ WriteString; Tregistry :: WritestRing
Then read it from the registry
Lea ECX, [EBP VAR_8]
Mov Edx, Offset _STR_REG_KEY_0.TEXT
MOV EAX, EBX
Call @ Tregistry @ ReadString; Tregistry :: readstring
MOV EDX, [EBP VAR_8]
Mov Eax, EDI
Call @ system @@ Lstrasg $ qrv; system __linkproc__lstrasg (void)
Compare with ten possible registration code
MOV EAX, [EDI]
Mov Edx, Offset _STR_R3212959_0.Text
Call @ system @@ lstrcmp $ qqrv; system __linkproc__lstrcmp (void)
JZ Short Loc_439CEA
MOV EAX, [EDI]
Mov Edx, Offset _STR_8M6M8DTA_0.Text
Call @ system @@ lstrcmp $ qqrv; system __linkproc__lstrcmp (void) JNZ Short Loc_439d36
If one of ten registration code is displayed, the registration is successful, or the registration failed
MOV Eax, Offset _STR_REGISTRATION_KE.TEXT
Call @ Dialogs @ ShowMessage $ QQRX17System @ Ansistring; Dialogs :: ShowMessage (System :: ANSIString)
Now we can know his registration code, only one of the ten strings below.
8M6M8DTA
R3212959
12959TAT
322223XL
Reggy322
REGGY105
REG10515
REG15810
22322322
32222332
5. Make registration machines using VC 6.0
