"Mental" cracking: techfacts95 v1.3
Am I dreaming?

by SiuL+Hacky
stupid

(04 September 1997, slightly edited by fravia+)

Courtesy of fravia's page of reverse engineering
Well... there is not much to add... an "immaterial" crack... I have never seen something like this

AM I DREAMING ?
I was really surprised with this program. It is useful, one of +our tools: 
techfacts95 v1.3 (get it at fravia's). This nice program may be used one 
zillion years without registering, and now I know why. 
The only annoying feature is a nasty nag window at start, so I decided to 
award it with some workshopping.

If you do it, you'll realize there are no "typical-dialog" resources. 
The nag is cleary identified as TMYSPLASH, but the dialogs are not 
available in the usual way. I don't know if it is on purpose. 
For one moment I hoped it could be a tough protection scheme...

When filling the registration (wrongly of course) you receive a short 
"Registration Key Failed!". Ok, wdasm it and you'll see firstly that 
there are no imported dialog-resources and secondly this incredibly 
stupid code snippet:

:0047B934 E89B73F8FF              call 00402CD4; "Registration Key accepted!"
                                  |
:0047BA54 B898BB4700              mov eax, 0047BB98	  >-pushed address!
:0047BA59 E83EBEFBFF              call 0043789C
:0047BA5E C6051AF34C0000          mov byte ptr [004CF31A], 00
:0047BA65 EB11                    jmp 0047BA78

* Referenced by a Jump at Address:0047B939(C)
|
:0047BA67 6A30                    push 00000030

* Reference To: user32.MessageBeep, Ord:0000h
                                  |
:0047BA69 E822A7F8FF              Call 00406190

* Possible StringData Ref from Code Obj ->"Registration Key Failed!"
                                  |
:0047BA6E B8BCBB4700              mov eax, 0047BBBC
:0047BA73 E824BEFBFF              call 0043789C

I can't believe, an old one. I thought I could only find this kind of 
protections at our +HCA (Historical Cracking Archive :-) 
At times I feel lazy about restarting a session with softice, so I 
recommend you to use sometimes Wdasm as a debugger, yeah. 
It carries some advantages:

* You have always in front of you your wdasmed dead-list (references...)
* There's a nice API analyzer (for checking parameters)
* The GUI is a little bit friendlier :-)
* You may switch among tasks while your babe is stopped.

Of course it is less powerful (a lot less), and more buggy. 
Also single stepping presents some problems when modifying things 
on-the-fly... but try it out in some cases, just to learn how to use 
an alternative debugger. 

Well, I placed on the conditional jump, and changed on-the-fly zero-flag, 
and so I became a good guy. 
I was awaiting the famous "thank you for your support" and so on, you know,
kind of boring; it did (and crashed a little bit :-) but BELIEVE IT OR NOT 
changing this flag on the fly, registered me for ever and ever, from ages 
to ages, until the futurer golden aera when nobody will be aware of what 
was Micro$oft. I repeat: I did not have to PATCH THE REAL CODE with an 
hexeditor!
It is close to mental cracking (the top of zen cracking), you crack this 
without "touching" a single bit of the code. You may be able to fight against the 
toughest forces of evil, yet you'll not be able to unregister it, unless 
you reinstall it from scratch.   

May be I was right introducing a random code :-D

Come on "Dean Software Design" guys, give it out for free.

SiuL+Hacky
(c) SiuL+Hacky, 1997. All rights reversed.
You are deep inside fravia's page of reverse engineering, choose your way out:

Back to project 7 homepage links red anonymity +ORC students' essays tools cocktails
academy database antismut search_forms mail_fravia
is reverse engineering legal?