BEGINNERS: Big tent, little circus Observations and Thoughts springing from an mIRC 5.3 crack	Most stupid
16 March 1998	by The Nameless
	Courtesy of Fravia's page of reverse engineering
fra_00xx 98xxxx handle 1100 NA PC	1998, and we are back to the most stupid protections award... who will win this year? This one is really interesting: an (apparently) TOUGH protection: a decent encryption; shifting cipher (a variation); bubble-swaps; two string reverses and 4 add/mod operations, alltogether loads of goodies...but all in vain: you use zero as code and you are registered... dear protectors... can you UNDERSTAND the code you yourself are writing and using?
	There is a crack, a crack in everything That's how the light gets in
Rating	(x)Beginner ( )Intermediate ( )Advanced ( )Expert

Today's protectionist has become so worried about crackers, that they focus more on making things complex; But their limited skills do only that, rather than making them hard to crack. The benifit to us is that they themselves don't understand how thier code works, let alone how it looks under softice. This leads to easy cracks, or even no need for a crack at all... :)

Here's the deal: I started this crack in the mindset that I wanted to write a code generator for it, because I hadn't done one before. To find an entry point, I tried the usual GetWindowTextA, GetDlgItemTextA, but neither worked. So...I drudged up some knowledge from my brief forray into Visual C++ and tried SendDlgItemMessageA...bingo! (all of this from the "register me" window)

Then, to my utter surprise, It turns out, the de-bug info was left in this executable! Right below my entry point was a call to a function: _CheckRegMatch, followed by one conditional jump and then _SaveRegInfo!!!!! A crack couldn't be easier. (notice there are two checks, bpx _CheckRegMatch and re-open the Help|About Dialog to find the other if you want to crack it.)

BUT...I wanted to write a reg-code generator. So I delved into the _CheckRegMatch call which actually does some interesting things with the info you enter. I took notes on how it manipulates the info...etc. Then I sat down, poured over my notes, mentally designing my reg-code generator, when I noticed a case hadn't been accounted for. If the elements of the reg-code were zero, it acted like there was a match, without actually checking the codes!

The reg-code 0-0 will work for any name. Needless to say, this killed my interest in actually writing the code-gen. since all it would have to do is spit out 0-0 for any name! I was disappointed.

None the less, it's a decent encryption,
1 shifting cipher (a variation)
2 bubble-swaps
2 string reverses
4 add/mod operations
loads of goodies...but all in vain.

Now what is the lesson we learn from this? Sit back and sip a nice Chocolate Milk and think. (Remember, only Nestle Quick and Skim milk will do)
Today we have learned that no matter how in-depth a protectionist thinks his scheme is, he will invariably do something stupid like using that conditional jump after an otherwise complicated protection.

	The lesson being: 
		 -- You, reading this are by far the better programmer, 
                    so don't bother with their overblown schemes, 
		    just find the flaw they missed. zen crack.  --

Back to project 7

homepage links search_forms +ORC students' essays academy database
reality cracking how to search javascript wars
tools anonymity academy cocktails antismut CGI-scripts mail_fravia+
Is reverse engineering legal?