Tuesday, November 20, 2007

Cracking Tutorial

We will have a very basic and simple approach. We will use a disassemble and an assembler.

Disassemble is the process that will let us to view the "asm" source code of the
dissembled file.
Assembler - is the process that will allow us to make changes to the code.

The most classic disassemble is W32Dasm, download it here:
CODE
http://foff.astalavista.ms/downloads/W32Dasm_8.93.zip


The best assembler is HIEW32, download it here:
CODE
http://foff.astalavista.ms/downloads/Hiew726w.zip


Download the file that we will crack here:
CODE
http://foff.astalavista.ms/downloads/cim_crackme.zip


Unzip everything and we are ready to start!!!


Step1.

Run the file "cim_crackme.exe", we see there two empty boxes. Name and Serial like many
shareware software. Put there your name and any serial number then click on "Check"
button. We will receive this message: "This is not a valid serial......" Write this
message down, don't make errors. Just write the message without the quotes and the dots of course then close everything.

Step2.

Run W32Dasm disassemble, on the menu bar open the first menu "Disassemble" the "Open
file to disassemble". Browse to our target "cim_crackme.exe" then disassemble. You now
should see a lot of code on your screen


Go at the search menu of W32Dasm and click on "Find Text", put in the search box the text
string we did memorize somewhere: "this is not a valid serial" (without the quotes).


:

*Referenced by (U)nconditional or ©onditional Jump at Address:
|:004010D7



You should record the address you see: 004010D7 (is very important)

Now, go up once more until you find the address you just recorded,


The arrow number 1 show who is addresses group located. In the circle is the address we
were looking for. The address and all the row is selected by the green bar too! I hope
everything is clear enough! As you see, there is an other arrow, "arrow 2" that indicates
"JNE". What does "JNE" mean???

JNE - Jump if not equal
JE - Jump if equal

When we enter a fake serial number, it jumps. Hmmm, we should reverse it. The reverse of
"JNE" is "JE". If we do this, the program will accept any serial number as a real one!!!

But how do we edit it???

Using an assembler of course

Our mission now is to reverse "JNE" to "JE" at the address: "004010D7".

Step3.

Now send a desktop icon of HIEW32 then drag and drop "cim_crackme.exe" over it. You should
see some crap code, now press F4 from the keyboard then choose decode from the selection.


Now, return to HIEW and press F5 from keyboard then enter the address we recorded above
but don't forget to add a dot before the address and to remove the zeros before the
address number. Enter it like this: ".4010D7" (without the quotes of course) then hit
ENTER. After this you will land in the exact address where we will do the reversing.
Notice this line carefully:

.004010D7: 7516 jne .0004010EF

We should change the bytes here. Without moving the selection from "75" press F3 from
keyboard then hit the right arrow of the keyboard directional keys one time, be sure to
have the cursor under the number "5". Carefully press the number 4 from the keyboard. The
number will change from "7516" to "7416". Carefully press F9 from keyboard to save our
changes and F10 to exit at all! We are done!!!

Now check that everything is ok, run "cim_crackme.exe" that you just cracked and put you
name and any serial number..............CONGRATULATIONS!!! You Cracked It.

15 comments:

Profit Trader said...

Sir , I tried the same procedure with a software which said "member id not found or invalid password".
But when I enter the text W32dASM Says text not found - i tried several time .Nothing comes.Please guide .
Thanks
bestnifty@gmail.com

buzzard said...

Bro, Whhen I try to edit "7516" code then a window is shown below

http://i50.tinypic.com/2nki3w0.jpg

What should I do to solve this prob ?? plzzz help me...

relax said...

Dear Sir,
I have one program, I tried to find serial number using W32dASM and HIEW32, but it has a lot of strings and it is difficult for me.
I wasn't able to find any serial, or to crack it, so I beg you (somebody) understanding well cracking to help me to resolve this problem.
So allow me to send you the link of that program and please tell me would you like trying to crack that.

Here is the link of the program:
http://www.megaupload.com/?d=62I1VK0B

I will be very thankful if you help me to find any solution about this program.

Unknown said...

It is better to put there 2 nops,
When I putted je, my antivirus found a trojan ;)

jean said...

i input the address .4010d7 it say's "jump out of file" and i noticed that there's no JNE at all. what seems to be the problem? anyone can help us?

soljah said...

Thanks Mate for programs and Tutorial now im going to try cracking other things i will post back with results thanks again.

musta said...

http://foff.astalavista.ms/downloads
I scanned the tools presented in this website using virustotal website and I found that all those toolq are carrying viruses and trojans.So be carreful please!!!

groundzer0 said...

Dude, its not Trojans or viruses is just because anti-virus programs find it harmful, its no big deal.

aksdeo5 said...

Dear Sir you told to reverse jne to je..., but in my case there was already je so i reversed it to jne.
And the result was it was just putting msg "Thanks for purchasing" and not cracked the software into full version... Would you like to say any solution on it...?!

groundzer0 said...

How do you (we) knw to what to change the code to in deterrent softwares ?

Unknown said...

Sir , I tried the same procedure with a software which said "member id not found or invalid password".
But when I enter the text W32dASM Says text not found - i tried several time .Nothing comes.Please guide .
Thanks
logon2sharath4b5@gmail.com

Unknown said...

I was following the same procedure but when i reach edit (F3) it pops a msg in red as(Hiew Sharing violation) and gives commands (R)entry or (A)bort? what should i do to avoid that message. I wanted to crack a programme with expired license key.
shilisa07@gmail.com

Anonymous said...
This comment has been removed by the author.
Anonymous said...

The cim_crackme download link is dead?

New Download Link Here: http://drewap.wen.ru/files/cim_crackme.zip

Unknown said...

download link is expire plz sir update http://drewap.wen.ru/files/cim_crackme.zip again..