Disassemble is the process that will let us to view the "asm" source code of the
dissembled file.
Assembler - is the process that will allow us to make changes to the code.
The most classic disassemble is W32Dasm, download it here:
CODE
http://foff.astalavista.ms/downloads/W32Dasm_8.93.zip
The best assembler is HIEW32, download it here:
CODE
http://foff.astalavista.ms/downloads/Hiew726w.zip
Download the file that we will crack here:
CODE
http://foff.astalavista.ms/downloads/cim_crackme.zip
Unzip everything and we are ready to start!!!
Step1.
Run the file "cim_crackme.exe", we see there two empty boxes. Name and Serial like many
shareware software. Put there your name and any serial number then click on "Check"
button. We will receive this message: "This is not a valid serial......" Write this
message down, don't make errors. Just write the message without the quotes and the dots of course then close everything.
Step2.
Run W32Dasm disassemble, on the menu bar open the first menu "Disassemble" the "Open
file to disassemble". Browse to our target "cim_crackme.exe" then disassemble. You now
should see a lot of code on your screen
Go at the search menu of W32Dasm and click on "Find Text", put in the search box the text
string we did memorize somewhere: "this is not a valid serial" (without the quotes).
:
*Referenced by (U)nconditional or ©onditional Jump at Address:
|:004010D7
You should record the address you see: 004010D7 (is very important)
Now, go up once more until you find the address you just recorded,
The arrow number 1 show who is addresses group located. In the circle is the address we
were looking for. The address and all the row is selected by the green bar too! I hope
everything is clear enough! As you see, there is an other arrow, "arrow 2" that indicates
"JNE". What does "JNE" mean???
JNE - Jump if not equal
JE - Jump if equal
When we enter a fake serial number, it jumps. Hmmm, we should reverse it. The reverse of
"JNE" is "JE". If we do this, the program will accept any serial number as a real one!!!
But how do we edit it???
Using an assembler of course
Our mission now is to reverse "JNE" to "JE" at the address: "004010D7".
Step3.
Now send a desktop icon of HIEW32 then drag and drop "cim_crackme.exe" over it. You should
see some crap code, now press F4 from the keyboard then choose decode from the selection.
Now, return to HIEW and press F5 from keyboard then enter the address we recorded above
but don't forget to add a dot before the address and to remove the zeros before the
address number. Enter it like this: ".4010D7" (without the quotes of course) then hit
ENTER. After this you will land in the exact address where we will do the reversing.
Notice this line carefully:
.004010D7: 7516 jne .0004010EF
We should change the bytes here. Without moving the selection from "75" press F3 from
keyboard then hit the right arrow of the keyboard directional keys one time, be sure to
have the cursor under the number "5". Carefully press the number 4 from the keyboard. The
number will change from "7516" to "7416". Carefully press F9 from keyboard to save our
changes and F10 to exit at all! We are done!!!
Now check that everything is ok, run "cim_crackme.exe" that you just cracked and put you
name and any serial number..............CONGRATULATIONS!!! You Cracked It.
15 comments:
Sir , I tried the same procedure with a software which said "member id not found or invalid password".
But when I enter the text W32dASM Says text not found - i tried several time .Nothing comes.Please guide .
Thanks
bestnifty@gmail.com
Bro, Whhen I try to edit "7516" code then a window is shown below
http://i50.tinypic.com/2nki3w0.jpg
What should I do to solve this prob ?? plzzz help me...
Dear Sir,
I have one program, I tried to find serial number using W32dASM and HIEW32, but it has a lot of strings and it is difficult for me.
I wasn't able to find any serial, or to crack it, so I beg you (somebody) understanding well cracking to help me to resolve this problem.
So allow me to send you the link of that program and please tell me would you like trying to crack that.
Here is the link of the program:
http://www.megaupload.com/?d=62I1VK0B
I will be very thankful if you help me to find any solution about this program.
It is better to put there 2 nops,
When I putted je, my antivirus found a trojan ;)
i input the address .4010d7 it say's "jump out of file" and i noticed that there's no JNE at all. what seems to be the problem? anyone can help us?
Thanks Mate for programs and Tutorial now im going to try cracking other things i will post back with results thanks again.
http://foff.astalavista.ms/downloads
I scanned the tools presented in this website using virustotal website and I found that all those toolq are carrying viruses and trojans.So be carreful please!!!
Dude, its not Trojans or viruses is just because anti-virus programs find it harmful, its no big deal.
Dear Sir you told to reverse jne to je..., but in my case there was already je so i reversed it to jne.
And the result was it was just putting msg "Thanks for purchasing" and not cracked the software into full version... Would you like to say any solution on it...?!
How do you (we) knw to what to change the code to in deterrent softwares ?
Sir , I tried the same procedure with a software which said "member id not found or invalid password".
But when I enter the text W32dASM Says text not found - i tried several time .Nothing comes.Please guide .
Thanks
logon2sharath4b5@gmail.com
I was following the same procedure but when i reach edit (F3) it pops a msg in red as(Hiew Sharing violation) and gives commands (R)entry or (A)bort? what should i do to avoid that message. I wanted to crack a programme with expired license key.
shilisa07@gmail.com
The cim_crackme download link is dead?
New Download Link Here: http://drewap.wen.ru/files/cim_crackme.zip
download link is expire plz sir update http://drewap.wen.ru/files/cim_crackme.zip again..
Post a Comment