A pretty stupid scheme: Spam Exterminator
(it's all there... "autocracked")

by plushmm

(09 July 1997)

---

Courtesy of Fravia's page of reverse engineering
~
Well, this is short and easy to follow: basically:

1)	"dead list" the target
2)	seek for "regis"
3)	see the jump
4)	crack it (it could not be easier)
5)	play a little with the target
6) 	throw it away

Before running my targets... I often look at the Help file first... here it is:
--------------------------------------------------------------------------------------
Spam Exterminator is available for $27.95 (US) from Unisyn.
Site license discounts and reseller terms are available.
For more information, contact Unisyn.

Contact Information:

Sales:  (213)738-1700
FAX: (213)738-7665
eMail: spamex@unisyn.com
Web: http://www.unisyn.com

Mailing Address:
Unisyn
3450 Wilshire Blvd.
Suite 316
Los Angeles, CA 90010
--------------------------------------------------------------------------------------

Disassembling the main program file, Spamex.exe, we just cannot believe our eyes!

Take a look at this...

* Reference To: kernel32.GetWindowsDirectoryA, Ord:0000h ;windows_dir garbage collector
                                  |
:00453114 E8471AFBFF              Call 00404B60

* Possible StringData Ref from Code Obj ->"\unisx.lic"  ;if you're regged this file will be in your windows dir
                                  |
:00453119 BAC8324500              mov edx, 004532C8
:0045311E 8BC3                    mov eax, ebx
:00453120 E89B2FFBFF              call 004060C0
...doing stuff...
:004531D5 58                      pop eax
:004531D6 E80506FBFF              call 004037E0
:004531DB 7553                    jne 00453230   ;This is the evil jump to
:004531DD 8BD3                    mov edx, ebx   ;"invalid registration code"
:004531DF 8D8524FEFFFF            lea eax, dword ptr [ebp+FE24]
:004531E5 E89B0FFBFF              call 00404185
:004531EA 8D8524FEFFFF            lea eax, dword ptr [ebp+FE24]
:004531F0 E85D13FBFF              call 00404552
:004531F5 E80EF5FAFF              call 00402708

StringData Ref from Code Obj ->"dust23155543335u?n?i?s?y?n?w?i?l?l?b?e?a?t?m?s?#@@@46g"
                                                ;The contents of that file!
|
:004531FA BAF8324500              mov edx, 004532F8
:004531FF 8D8524FEFFFF            lea eax, dword ptr [ebp+FE24]
:00453205 E82208FBFF              call 00403A2C
:0045320A E81C14FBFF              call 0040462B
:0045320F E8F4F4FAFF              call 00402708
:00453214 8D8524FEFFFF            lea eax, dword ptr [ebp+FE24]
:0045321A E80910FBFF              call 00404228
:0045321F E8E4F4FAFF              call 00402708

* Possible StringData Ref from Code Obj ->"Thanks for registering Unisyn Spam Exterminator! "
                                  |
:00453224 B838334500              mov eax, 00453338
:00453229 E89ABAFDFF              call 0042ECC8
:0045322E EB11                    jmp 00453241

* Referenced by a Jump at Address:004531DB(C)
|

* Possible StringData Ref from Code Obj ->"You have entered an invalid registration "
                                        ->"number.  If you are a registered "
                                        ->"user of Unisyn Spam Exterminator, "
                                        ->"please contact Unisyn for a valid "
                                        ->"code. "
                                  |
:00453230 B874334500              mov eax, 00453374
:00453235 E88EBAFDFF              call 0042ECC8
:0045323A E8D900FBFF              call 00403318
:0045323F EB1D                    jmp 0045325E

homepage links anonymity +ORC students' essays tools cocktails
search_forms counter measures mailFraVia
Is reverse engineering legal?