Indonesia Homesite - Tutorial Paste Lister v1.0

Tulisan Dasar Cracking

Selamat Datang................. Cracker..........

Tutorial Cracking :

Paste Lister v1.0

Target : Paste Lister v1.0
Tool : SoftIce v4.05

Jalankan Paste Listener, klik di about * registrasi, masukkan Nama + Serial, like usual, pasang BPX di hmemcpy, kembali ke paste listener, klik Register, teken F5 2 kali, F12 beberapa kali sampe masuk ke badan program :

015F:00447CFE 8B45FC MOV EAX,[EBP-04]
015F:00447D01 50 PUSH EAX
015F:00447D02 8D55F4 LEA EDX,[EBP-0C]
015F:00447D05 8B83E8010000 MOV EAX,[EBX+000001E8]
015F:00447D0B E86C47FDFF CALL 0041C47C
015F:00447D10 8B45F4 MOV EAX,[EBP-0C] -->> Lihat
015F:00447D13 8D55F8 LEA EDX,[EBP-08] -->> di bawah !
015F:00447D16 E829080000 CALL 00448544 -->> generating the serial !
015F:00447D1B 8B55F8 MOV EDX,[EBP-08] -->> Serial Asli
015F:00447D1E 58 POP EAX -->> Serial Kita
015F:00447D1F E814BFFBFF CALL 00403C38 -->> Compare it !
015F:00447D24 740C JZ 00447D32 -->> Jump kalo sama !
015F:00447D26 C7835001000002000000MOV DWORD PTR [EBX+00000150],00000002
015F:00447D30 EB0F JMP 00447D41
015F:00447D32 E8310E0000 CALL 00448B68
015F:00447D37 C7835001000001000000MOV DWORD PTR [EBX+00000150],00000001
015F:00447D41 33C0 XOR EAX,EAX
015F:00447D43 5A POP EDX
015F:00447D44 59 POP ECX
015F:00447D45 59 POP ECX
015F:00447D46 648910 MOV FS:[EAX],EDX
015F:00447D49 686E7D4400 PUSH 00447D6E
:
:d eax l 10
0167:00BDE754 46 72 65 65 77 61 72 65-2D 5B 65 4B 48 5D 00 00 Freeware-[eKH]..
:
:d *edx l 10
0167:00BDE504 4F 41 6D 65 72 69 63 61-6E 61 4F 00 26 00 00 00 OAmericanaO.&...

Nah, apa itu data kedua ? Terus terang gua juga ngak tahu buat apa data tsb ... ??? :)

Sekarang lihat, kamu mustinya sudah bisa kan, mencari serial aslinya, kita lihat bentar formatnya : PLS-X-Y
:
015F:00448544 55 PUSH EBP
015F:00448545 8BEC MOV EBP,ESP
015F:00448547 83C4D4 ADD ESP,-2C
015F:0044854A 53 PUSH EBX
015F:0044854B 33C9 XOR ECX,ECX
015F:0044854D 894DD4 MOV [EBP-2C],ECX
015F:00448550 894DF0 MOV [EBP-10],ECX
015F:00448553 8955F8 MOV [EBP-08],EDX
015F:00448556 8945FC MOV [EBP-04],EAX
015F:00448559 8B45FC MOV EAX,[EBP-04]
015F:0044855C E87BB7FBFF CALL 00403CDC
015F:00448561 33C0 XOR EAX,EAX
015F:00448563 55 PUSH EBP
015F:00448564 6826864400 PUSH 00448626
015F:00448569 64FF30 PUSH DWORD PTR FS:[EAX]
015F:0044856C 648920 MOV FS:[EAX],ESP
015F:0044856F 8D55F0 LEA EDX,[EBP-10]
015F:00448572 8B45FC MOV EAX,[EBP-04]
015F:00448575 E8DA000000 CALL 00448654 -->> enrycpted user name function()
015F:0044857A 33DB XOR EBX,EBX
015F:0044857C C745F4F8FFFFFF MOV DWORD PTR [EBP-0C],FFFFFFF8 -->> Penting !!!
015F:00448583 8B45FC MOV EAX,[EBP-04] -->> user name
015F:00448586 E89DB5FBFF CALL 00403B28 -->> length()
015F:0044858B 85C0 TEST EAX,EAX -->> 0 ?
015F:0044858D 7E14 JLE 004485A3
Loop pengumpulan semua kode ascii dari user name ke [EBP-0C]
015F:0044858F BA01000000 MOV EDX,00000001
015F:00448594 8B4DFC MOV ECX,[EBP-04] -->> user name
015F:00448597 0FB64C11FF MOVZX ECX,BYTE PTR [EDX+ECX-01]
015F:0044859C 014DF4 ADD [EBP-0C],ECX
015F:0044859F 42 INC EDX
015F:004485A0 48 DEC EAX
015F:004485A1 75F1 JNZ 00448694
>End Loop

Sekarang ketikkan D EBP-0C, lalu ambil DWORD disana dan ubah ke decimal. Waoowww ternyata sama dengan Y, gua namakan ini serial part2 :)

015F:004485A3 8B45F0 MOV EAX,[EBP-10]
015F:004485A6 E87DB5FBFF CALL 00403B28
015F:004485AB 85C0 TEST EAX,EAX
015F:004485AD 7E13 JLE 004485C2
Loop pengumpulan kode ascii dari encrypted user name ke EBX
015F:004485AF BA01000000 MOV EDX,00000001
015F:004485B4 8B4DF0 MOV ECX,[EBP-10] -->> encrypted username
015F:004485B7 0FB64C11FF MOVZX ECX,BYTE PTR [EDX+ECX-01]
015F:004485BC 03D9 ADD EBX,ECX
015F:004485BE 42 INC EDX
015F:004485BF 48 DEC EAX
015F:004485C0 75F2 JNZ 004486B4
End Loop

Ubah ke integer EBX, ketikkan ? EBX, ehh, ternyata sama dengan X :) Gua namakan ini serial part 1

015F:004485C2 8B45F8 MOV EAX,[EBP-08]
015F:004485C5 50 PUSH EAX
015F:004485C6 8D55D4 LEA EDX,[EBP-2C]
015F:004485C9 B83C864400 MOV EAX,0044863C
015F:004485CE E831010000 CALL 00448704
015F:004485D3 8B45D4 MOV EAX,[EBP-2C]
015F:004485D6 8945D8 MOV [EBP-28],EAX
015F:004485D9 C645DC0B MOV BYTE PTR [EBP-24],0B
015F:004485DD 895DE0 MOV [EBP-20],EBX
015F:004485E0 C645E400 MOV BYTE PTR [EBP-1C],00
015F:004485E4 8B45F4 MOV EAX,[EBP-0C]
015F:004485E7 8945E8 MOV [EBP-18],EAX
015F:004485EA C645EC00 MOV BYTE PTR [EBP-14],00
015F:004485EE 8D55D8 LEA EDX,[EBP-28]
015F:004485F1 B902000000 MOV ECX,00000002
015F:004485F6 B84C864400 MOV EAX,0044864C
015F:004485FB E874F7FBFF CALL 00407D74
015F:00448600 33C0 XOR EAX,EAX
015F:00448602 5A POP EDX
015F:00448603 59 POP ECX
015F:00448604 59 POP ECX
015F:00448605 648910 MOV FS:[EAX],EDX
015F:00448608 682D864400 PUSH 0044862D -->> PLS-

Sampe sini mustinya kamu sudah bisa menebak, bahwa rutin serial yang benar adalah PLS-part1-part2 , dengan begitu kamu ngak usah lagi trace kode sisanya, karena pasti kode kode sisa berikut hanyalah "memasangkan" part1 dan part2 ke lokasinya yang benar, sebelumnya ubah dulu ke string(ingat kalo part 1 dan 2 adalah integer ?), dan kode kita siap sudah ...

015F:0044860D 8D45D4 LEA EAX,[EBP-2C]
015F:00448610 E897B2FBFF CALL 004038AC
015F:00448615 8D45F0 LEA EAX,[EBP-10]
015F:00448618 E88FB2FBFF CALL 004038AC
015F:0044861D 8D45FC LEA EAX,[EBP-04]
015F:00448620 E887B2FBFF CALL 004038AC
015F:00448625 C3 RET
:d eax l 10
0167:00BDE754 46 72 65 65 77 61 72 65-2D 5B 65 4B 48 5D 00 00 Freeware-[eKH]..
:
015F:00448654 55 PUSH EBP
015F:00448655 8BEC MOV EBP,ESP
015F:00448657 83C4EC ADD ESP,-14
015F:0044865A 53 PUSH EBX
015F:0044865B 56 PUSH ESI
015F:0044865C 57 PUSH EDI
015F:0044865D 33C9 XOR ECX,ECX
015F:0044865F 894DEC MOV [EBP-14],ECX
015F:00448662 8BFA MOV EDI,EDX
015F:00448664 8945FC MOV [EBP-04],EAX
015F:00448667 33C0 XOR EAX,EAX
015F:00448669 55 PUSH EBP
015F:0044866A 68F4864400 PUSH 004486F4
015F:0044866F 64FF30 PUSH DWORD PTR FS:[EAX]
015F:00448672 648920 MOV FS:[EAX],ESP
Set Base Magic Number
015F:00448675 BEC6030000 MOV ESI,000003C6 -->> interesting !
015F:0044867A C745F8D7830000 MOV DWORD PTR [EBP-08],000083D7 -->> interesting !
015F:00448681 C745F491B60000 MOV DWORD PTR [EBP-0C],0000B691 -->> interesting !
End Set
015F:00448688 8BC7 MOV EAX,EDI
015F:0044868A E81DB2FBFF CALL 004038AC
015F:0044868F 8B45FC MOV EAX,[EBP-04]
015F:00448692 E891B4FBFF CALL 00403B28
015F:00448697 84C0 TEST AL,AL
015F:00448699 7643 JBE 004486DE
015F:0044869B 8845F3 MOV [EBP-0D],AL
015F:0044869E B301 MOV BL,01 -->> set counter !
Function() encrypsi Username !
015F:004486A0 8D45EC LEA EAX,[EBP-14]
015F:004486A3 33D2 XOR EDX,EDX
015F:004486A5 8AD3 MOV DL,BL
015F:004486A7 8B4DFC MOV ECX,[EBP-04]
015F:004486AA 8A5411FF MOV DL,[EDX+ECX-01]
015F:004486AE 8BCE MOV ECX,ESI
015F:004486B0 C1E908 SHR ECX,08
015F:004486B3 32D1 XOR DL,CL
015F:004486B5 E896B3FBFF CALL 00403A50
015F:004486BA 8B55EC MOV EDX,[EBP-14]
015F:004486BD 8BC7 MOV EAX,EDI
015F:004486BF E86CB4FBFF CALL 00403B30
015F:004486C4 33C0 XOR EAX,EAX
015F:004486C6 8AC3 MOV AL,BL
015F:004486C8 8B17 MOV EDX,[EDI]
015F:004486CA 0FB64402FF MOVZX EAX,BYTE PTR [EAX+EDX-01]
015F:004486CF 03F0 ADD ESI,EAX
015F:004486D1 0FAF75F8 IMUL ESI,[EBP-08]
015F:004486D5 0375F4 ADD ESI,[EBP-0C]
015F:004486D8 43 INC EBX
015F:004486D9 FE4DF3 DEC BYTE PTR [EBP-0D]
015F:004486DC 75C2 JNZ 004487A0
End Routine
015F:004486DE 33C0 XOR EAX,EAX
015F:004486E0 5A POP EDX
015F:004486E1 59 POP ECX
015F:004486E2 59 POP ECX
015F:004486E3 648910 MOV FS:[EAX],EDX
015F:004486E6 68FB864400 PUSH 004486FB
015F:004486EB 8D45EC LEA EAX,[EBP-14]
015F:004486EE E8B9B1FBFF CALL 004038AC
015F:004486F3 C3 RET

Gimana ? Enak kan ngetracenya ?

WebMaster

Terus

Kembali

Komentar dan Mailing List

Crack One Software Every Day Make You The Real Cracker