rezi-aes


> Hi there,

>

> You're not going to believe this! I wrote an essay on

> cracking UltraEdit 4.40a and sent it to Fravia just a few *minutes*

> ago - then I went to look at his page and saw you'd done the same -

> hehehehe....we seem to mirror each other - just the other day I made

> a patch/serial code for the same program - then I went to your page

> and saw you had done the same - hehe, it seems you just beat me to it

> each time ;-)

>

> Cya,

> ReZiDeNt



   I read your essay about UltraEdit 4.40a, can you believe I never

noted the presence of a second valid code! Maybe because after I found

the first valid one there were no more interest for me to further

analyze it. On the other hand, i did note the presence of several

hardwired names and codes (there are many, btw) in the disassembled

text. I didn't mention it because it has become a very frequent practice

between programmers (read

my essay about Hex Workshop). I was very amused when you mentioned that

if someone attempts to register it with one of the hardwired names, the

free trial period will be reduced!!!, shame on you programmer!!!, little

devil, he, he, he ...



    What do you think of this consideration about the *.reg file: If you

decide to crack by changing the "je" instruction to "jmp", then your

*.reg file will contain the wrong code (the false one you typed,

encrypted off course), instead, if you point your false code memory

location to the right one by changing ebp-80 to ebp-40, then your *.reg

file will contain the valid calculated code also encrypted, thereby your

*.reg file will be able to unlock the uncracked shareware version of the

program. Moreover, there's another great possibility, taking advantage

from the presence of two valid codes (thanks to your intuition!), it's

possible to exchange the encrypted code memory location (the one that

will be written to the reg file) with the second valid code memory

location (I already found the memory location where the encrypted code

dwells, a simple SICE breakpoint and the instruction that points to it

will be revealed). This double crack will not only defuse the protection

scheme, but also reveal to the user his decrypted second valid code

which will be copied to the uedit32.reg and .ini files in plain ASCII

... Unfortunately, this will disable the reg file from being able to

unlock uncracked versions of the program... Best regards ...



P.D. Take a look at the new SoftICE teaching Section in my Home Page.





				Aesculapius

				aesculpius@cryogen.com

				aesculapius.home.ml.org
Back to project 1