BEGINNERS: Big tent, little circus
Observations and Thoughts springing from an mIRC 5.3 crack
stupid
Most stupid
16 March 1998
by The Nameless
Courtesy of Fravia's page of reverse engineering
 
fra_00xx
98xxxx
handle
1100
NA
PC
1998, and we are back to the most stupid protections award... who will win this year? This one is really interesting: an (apparently) TOUGH protection: a decent encryption; shifting cipher (a variation); bubble-swaps; two string reverses and 4 add/mod operations, alltogether loads of goodies...but all in vain: you use zero as code and you are registered... dear protectors... can you UNDERSTAND the code you yourself are writing and using?
There is a crack, a crack in everything That's how the light gets in
Rating
(x)Beginner ( )Intermediate ( )Advanced ( )Expert

A lesson in stupidity. Even Achilles had his ankle. This is for those who need a good laugh once in a while.
That tricky zero...
The zero case: Mardam-Bey's oversight.
Written by The Nameless


Introduction

Today's protectionist has become so worried about crackers, that they focus more on making things complex; But their limited skills do only that, rather than making them hard to crack. The benifit to us is that they themselves don't understand how thier code works, let alone how it looks under softice. This leads to easy cracks, or even no need for a crack at all... :)



Tools required
The only tool required for this is winice. (and a good API ref.)

Target's URL/FTP
Download (W'95 version) or get others from http://www.pacific.net.sg/irc/software.html

Program History
The history isn't required for this, just take my word that the reg-code validation routines have become more complex.

Essay

Here's the deal: I started this crack in the mindset that I wanted to write a code generator for it, because I hadn't done one before. To find an entry point, I tried the usual GetWindowTextA, GetDlgItemTextA, but neither worked. So...I drudged up some knowledge from my brief forray into Visual C++ and tried SendDlgItemMessageA...bingo! (all of this from the "register me" window)

Then, to my utter surprise, It turns out, the de-bug info was left in this executable! Right below my entry point was a call to a function: _CheckRegMatch, followed by one conditional jump and then _SaveRegInfo!!!!! A crack couldn't be easier. (notice there are two checks, bpx _CheckRegMatch and re-open the Help|About Dialog to find the other if you want to crack it.)

BUT...I wanted to write a reg-code generator. So I delved into the _CheckRegMatch call which actually does some interesting things with the info you enter. I took notes on how it manipulates the info...etc. Then I sat down, poured over my notes, mentally designing my reg-code generator, when I noticed a case hadn't been accounted for. If the elements of the reg-code were zero, it acted like there was a match, without actually checking the codes!

The reg-code 0-0 will work for any name. Needless to say, this killed my interest in actually writing the code-gen. since all it would have to do is spit out 0-0 for any name! I was disappointed.

None the less, it's a decent encryption,
1 shifting cipher (a variation)
2 bubble-swaps
2 string reverses
4 add/mod operations
loads of goodies...but all in vain.

Now what is the lesson we learn from this? Sit back and sip a nice Chocolate Milk and think. (Remember, only Nestle Quick and Skim milk will do)
Today we have learned that no matter how in-depth a protectionist thinks his scheme is, he will invariably do something stupid like using that conditional jump after an otherwise complicated protection.



Final Notes
	The lesson being: 
		 -- You, reading this are by far the better programmer, 
                    so don't bother with their overblown schemes, 
		    just find the flaw they missed. zen crack.  --


Ob Duh
I wont even bother explaining you that you should BUY this target program if you intend to use it for a longer period than the allowed one. Should you want to STEAL this software instead, you don't need to crack its protection scheme at all: you'll find it on most Warez sites, complete and already regged, farewell.

You are deep inside Fravia's page of reverse engineering, choose your way out:

project7
Back to project 7

redhomepage redlinks redsearch_forms red+ORC redstudents' essays redacademy database
redreality cracking redhow to search redjavascript wars
redtools redanonymity academy redcocktails redantismut CGI-scripts redmail_Fravia
redIs reverse engineering legal?