HTML Document : "Odins cracking/coding and PPE resources" =========================================================================== {Cracking Tutorial} dl text ver. Click Here! Welcome to my, Odins, windows cracking school, it consists of three diffrent parts. This cracking school was first written for the scene magazine 08. The text is exactly the same as in the magazine version except for the hyperlinks. Version 1.0w. 1 The basics in Windows cracking 2 An example of how to register a program 3 How patching works OK, let us start with the first lesson... --------------------------------------------------------------------------- LESSON 1 - THE BASICS IN WINDOWS CRACKING TABLE OF CONTENTS 1 INTRODUCTION 2 THE START 3 WHAT DO I NEED? 4 WHAT THE HECK IS "PATCHING"? 5 WHAT DO I NEED MORE? 6 OK I GOT SOFTICE, NOW WHAT? 7 PLEASE SHOW ME THE BASICS IN ASM 8 AND THEN? 9 THE END 10 THE URL:S INTRODUCTION Welcome to the first part of cracking in Windows 95. In these articles I'll show you the main details in how to register your favourite shareware program Windows 95 and how the debugging is done (in this case we'll use SoftICE for Windows 95). You should know the basics in BASIC/PASCAL or C++ to use the text to the maxium. But that's not necessary only a big plus. THE START The last year several cracking groups have popped up and are releasing cracked programs, mainly registered shareware for Windows 95. I'm thinking of groups such as UCF, RBS and MCC. Why are so much shareware cracked/registred? Well probably 'cause most of the programs is easy to register and the cracker probably just sit there in some minutes until he detects where the correct code is. Their are exceptions, of course. We for example have programs that encrypts the code and makes it almost impossible to crack. But if you don't succed in register it you can always patch it or something else. You have probably wanted to know how to crack those programs? Yep, 'course you have. Well this articles are going to learn you the basics of registring programs so you know what it's all about. WHAT DO I NEED? To start with you'll need a program to try to crack. This program have to meet up to some standards to be able to register it to yourself. Among things you have to be able to write a S/N (serial number) and/or the name on the registree. Some programs also uses key files, but we won't discuss them in these article anyway. If these things doesn't exist you can't probably register it to yourself but in some cases you will be able to remove certain things the programer made like for example time consuming reminders. This is done by altering the code, so called "patching". This ain't of course a good way of cracking the program but it might be necessary if you can't register it in some other way. WHAT THE HECK IS "PATCHING"? To patch something is simply to change the code in any way so something in the program is changed, for example to change so the reminders in some programs disapear. WHAT DO I NEED MORE? You'll also need a so called debugger that monitors the program code while you run the program. The best one of its kind for Windows 95 is SoftICE from Nu-Mega. The release I use in this article is the RUSH one (RSH-SI95.ZIP). You also get that one on my homepage (the URL is at the bottom of this articel) The latest one available though is version 3.0, get that one on some warez board near you. When you've installed SoftICE go to the SoftICE directory and edit the file WINICE.DAT and remove the ; (semicolon) char at the begining of the row that contains KERNEL32.DLL and the two bellow. These are the most used ones, but you could delete ; from everyone if you want. OK I GOT SOFTICE, NOW WHAT? OK, it can also be good to have a hex-editor, get this one on the internet. A calculator is also very handy to have. But you can always use the calculator in Windows 95. Another thing that's very good to have is some experience of Windows 95 programing, why I will tell you later. A good Windows 95 compilator is the Borlands C++ one. The latest version is 5.01 that were released a couple of months ago. This one is very good. It's actualy good with any kind of programing experience. You should also know some basics in assembler. That's why I'm going to write some important commands below. PLEASE SHOW ME THE BASICS IN ASM ! I will only tell you the most basic things, because assembler ain't a easy language to work with. There are something called registers in asm. These can do diffrent things. What they all do exactly you have to check in a asm book. You use the diffrent registers for diffrent things. One of the most common is AX that we use for heaps of operations. AX representates the first 16 bits and if you want to use 32 bits you have to add a E so it will be EAX. You use EAX for 32-bit code instead of AX. When I talk about AH that means the higher eight bits and AL is the lower eight bits. 1CAA479E32 bit number 0000303916 bit number It can also be good to know something about the diffrent numbersystems (binary, hex and dec). The dec one is the one we use every day. Hex is a big plus to know when you crack. Please refer to a asm book to learn everything about these things. Or you could always test them in the calculator in Windows 95. You could say that a register is kind of a variabel in PASCAL and C++ but not quite. As you've already figured we store diffrent things in the register (for example codes ;). OK, let us continue, here are the most common commands you'll be in conntact with: MOV CX, 7moves the value 7 into CX MOV CX, AXmoves the value in AX into CX CMP AX, ADDRESScompares the value in AX with a value in a adress in reality it doesn't compare as you might think it but never mind :P XOR AX, AXzeroes AX (read in a asm book why) JMP ADDRESSjumps to a specified address CALL ADDRESScalls on a procedure/function/subprogram PUSH AXsaves the value into AX (onto stack) POP AXgets the value in AX (off stack) Some things should be said about PUSH and POP. When you PUSH something in AX the value will be put on a "pile". So if you PUSH again after that the new value will be put OVER the other one. When you POP you remove the value at the top to use it. ADD AX, 7adds the value 7 to AX MUL CX, AXmultiplices the value in CX with AX and puts the result in CX (IMUL is almost the same) DEC 7decreases AX with 7 RET 001returns from a procedure/function LEA AX, ADDRESSstores offset adress into the AX register JNZ ADDRESSJNZ jumps if the result is NOT 0. There are several other commands that work somewhat the same like JZ (JUMP IF ZERO), JNE, JNA, JG, JE and so on. REPNZCounting function (much like a FOR loop). Uses DI and SI. DIV 10Divides AX with 10. If the parameter is a double word the remainder will be in DX, else if a byte it will be in AH OK, this was some basics, there are alot of others but you have to read about them yourself in some book. I hope you know what a word and a byte is, if not I'll tell you =): a byte is a number between 0-255 and a word is between 0-65543. AND THEN? To find the correct registring values you have to find where the program compares the real one with the one you've entered (that probably won't work). This can be somewhat tricky in some cases. It's now you're experience in Windows 95 programing comes handy. As you might already know you can call a function/procedure in for example BASIC/PASCAL/C++ like: LINE(1, 1, 10, 10); { probably draws a line ;) } Of course you do this when you do programing in Windows 95 also. If you want a message box you'll just write: MessageBoxA(hDlg, "This is a box", "TESTING", MB_OK); What all parameters does I won't go through. If you want SoftICE to jump to the line where the program calls this procedure/instruction you have to do the following: 1 Load the program into memory 2 Jump into SoftICE by pressing CTRL-D 3 Write "BPX MessageBoxA" in the command line prompt If you have a MS-DOS box this will probably fuck up SoftICE and you'll get "No LDT", close all MS-DOS prompts first! 4 Leave the debugger again with CTRL-D Next time the program uses such a messagebox that are created by the command MessageBoxA(); SoftICE will break and jump to the debugger and it will now probably show the code when the program calls this function: 0028:C0002585 CALL [USER32!MessageBoxA] The numbers are probably diffrent from this. But as you can see the program calls this function. That's what SoftICE reacts on. You use this trick to search for the code. When a programmer wants to get the chars you've written in a dialog box he'll usually use these functions: GetDlgItemText();, GetDlgItemTextA(); GetWindowText();, GetWindowTextA(); GetDlgItemInt(); Dlg means Dialog Functions with an A afterwars are used in 32-bit code and without A in 16-bit code. GetDlgItemInt(); is unusual but used in for example the program CDWIZZARD (you'll find the URL to the program further down). OK to break on these commands just jump into SoftICE and write: BPXThen jump back into the program you started (you have to be able to write S/N and/or name). Now just write something in the S/N and/or name boxes. The data you write wont work of course (if you ain't a lucky bastard). You usually should press the OK button now. SoftICE will now break where he discovered that the program called on GetDlgItemTextA. If it doesn't work you have to test the other functions that the program may have used instead. If this doesn't work try to break on hmemcpy. And if this doesn't work (but it probably will) there are other things you can try to break on. To know which these are you should atleast get some WIN95 Programing Reference. Anyway when SoftICE breaks on the function he'll show it marked. Now press F11 and to execute a new instruction just press F10. To enter a sub procedure just press F8. (CALL C000317F is for example a sub procedure). THE END To understand everything I've written about you should read this again. Sooner or later you'll get it. OK, this was the first part, next time I'll go through how to crack a shareware program and some more about diffrent Windows 95 procedures and SoftICE functions. THE URL:S http://krantz.pp.se/pm/odin/index.html - SoftICE for Windows 95 http://www.windows95.com/apps/ - CD Wizzard cracking@usa.net - My E-Mail LESSON 2 -AN EXAMPLE OF HOW TO REGISTER A PROGRAM STILL WRITING ON IT (c) 1996-1997,odin & his dog =) {Uses Java Scripts} {Navigation Bar} [the main menu] [cracking tutorial] [cool links] [download files] [req-a-crack] [comment page] [serial codes] This page is (c) Copyright 1996-1997, Odin. It may not be copied in whole or in any parts. If you have suggestions/ideas/bugs or anything else to tell me please e-mail cracking@usa.net. 100% compatible with both the Netscape Navigator 3.0 and the Internet Explorer 3.0.
This page was created Wed Aug 11 23:19:44 EDT 1999
Using Linux
version 2.0.32
on an i586
Main Page @ Matarese.com
The Myth of the 2600Hz Detector @ Matarese.com
Acquiring Account Information @ Matarese.com
Act2! by Symantec @ Matarese.com
All hacks / Annoyance @ Matarese.com
Alt 2600 Group FAQ @ Matarese.com
Hacking Angelfire @ Matarese.com
Anonymous E-Mail @ Matarese.com
Anonymous FTP: Frequently Asked Questions (FAQ) @ Matarese.com
Maintaining Access - Implementing Backdoors @ Matarese.com
How to Receive Banned Newsgroups FAQ @ Matarese.com
Hacking BBS's @ Matarese.com
phreaking tutorial @ Matarese.com
The Bluebox @ Matarese.com
List of Common Bugs @ Matarese.com
Things that go Bump on the Internet @ Matarese.com
Hacking Calling Cards @ Matarese.com
Expanding the capacity of Caller ID Boxes @ Matarese.com
What is Caller-ID? @ Matarese.com
Hacking Call Back Verify @ Matarese.com
CULT OF THE DEAD COW @ Matarese.com
Cellular Roaming: The New Deals @ Matarese.com
CELLULAR TELEPHONE PHREAKING PHILE SERIES @ Matarese.com
Cracking Unix passwords @ Matarese.com
Hacking Webpages @ Matarese.com
The Matarese Circle @ Matarese.com
Cisco Password Cracking Script @ Matarese.com
Customer Name and Address @ Matarese.com
Cops and Robbers | UNIX Security @ Matarese.com
Cracking NT Passwords @ Matarese.com
Credit Carding Part I @ Matarese.com
Exploits FAQ @ Matarese.com
Making Free Calls @ Matarese.com
FTP Bouncing @ Matarese.com
Hackers Encyclopedia @ Matarese.com
Hacking from Windows9x FTP @ Matarese.com
Hacking Tripod @ Matarese.com
Hacking Web Pages @ Matarese.com
How to crack a UNIX password file. @ Matarese.com
Hacking Servers : A Begginners Guide @ Matarese.com
Hacking Tutorial @ Matarese.com
Hacking UNIX @ Matarese.com
How to Hack the WWWboard Message Board 2.0 @ Matarese.com
Hackers Handbook @ Matarese.com
Guide to Harmless-Hacking @ Matarese.com
All about security holes @ Matarese.com
Hacking Hotmail @ Matarese.com
]How to Hack from from Harlequin and Archangel @ Matarese.com
Improve security by breaking into your site @ Matarese.com
Ch1can0 BEOWULF @ Matarese.com
Internet Security @ Matarese.com
IRC Hacking FAQ by Lord Somer @ Matarese.com
Lan Technology Scorecard @ Matarese.com
Harmless Hacking - Linux @ Matarese.com
INDEX @ Matarese.com
Mail Spoofing Explained @ Matarese.com
Microsoft IIS Vulnerability @ Matarese.com
Microsoft(Yuk) Index Server exposes IDs and Passwords @ Matarese.com
Intresting Microsoft Access 7.0 Trick @ Matarese.com
MS Money 2.0 Back Door @ Matarese.com
Mind Your Own Business (MYOB) @ Matarese.com
This Hack is for the OptiChat Original Chat Room @ Matarese.com
Internet Outdials @ Matarese.com
Introduction to the Internet Protocols @ Matarese.com
Analysis of QueSO Performance @ Matarese.com
Finger - ATTACKING FROM THE OUTSIDE @ Matarese.com
L0pht Security Advisory - Sendmail 8.7.5 @ Matarese.com
Sniffer FAQ V 1.7 @ Matarese.com
SSPING/JOLT patches @ Matarese.com
WORKING OUT-TELNETS @ Matarese.com
How do I post to a moderated newsgroup? @ Matarese.com
What You Should Know About Computer Viruses @ Matarese.com
How can I protect myself from viruses and such? @ Matarese.com
What is a trojan/worm/virus/logic bomb? @ Matarese.com
VMS Info (Password Cracking) @ Matarese.com
HACKING THE WAL-MART ARMORGUARD COMPUTER PROTECTION SYSTEM @ Matarese.com
Using web proxies to disguise your IP address @ Matarese.com
Dig up hidden CD Keys @ Matarese.com
X-Windows Security @ Matarese.com
Copyright (C) 1999 - Matarese.com