"Mental" cracking: techfacts95 v1.3
Am I dreaming?

by SiuL+Hacky
stupid

(04 September 1997, slightly edited by fravia+)


Courtesy of fravia's page of reverse engineering

Well... there is not much to add... an "immaterial" crack... I have never seen something like this




AM I DREAMING ?

I was really surprised with this program. It is useful, one of +our tools: 

techfacts95 v1.3 (get it at fravia's). This nice program may be used one 

zillion years without registering, and now I know why. 

The only annoying feature is a nasty nag window at start, so I decided to 

award it with some workshopping.



If you do it, you'll realize there are no "typical-dialog" resources. 

The nag is cleary identified as TMYSPLASH, but the dialogs are not 

available in the usual way. I don't know if it is on purpose. 

For one moment I hoped it could be a tough protection scheme...



When filling the registration (wrongly of course) you receive a short 

"Registration Key Failed!". Ok, wdasm it and you'll see firstly that 

there are no imported dialog-resources and secondly this incredibly 

stupid code snippet:



:0047B934 E89B73F8FF              call 00402CD4; "Registration Key accepted!"

                                  |

:0047BA54 B898BB4700              mov eax, 0047BB98	  >-pushed address!

:0047BA59 E83EBEFBFF              call 0043789C

:0047BA5E C6051AF34C0000          mov byte ptr [004CF31A], 00

:0047BA65 EB11                    jmp 0047BA78



* Referenced by a Jump at Address:0047B939(C)

|

:0047BA67 6A30                    push 00000030



* Reference To: user32.MessageBeep, Ord:0000h

                                  |

:0047BA69 E822A7F8FF              Call 00406190



* Possible StringData Ref from Code Obj ->"Registration Key Failed!"

                                  |

:0047BA6E B8BCBB4700              mov eax, 0047BBBC

:0047BA73 E824BEFBFF              call 0043789C



I can't believe, an old one. I thought I could only find this kind of 

protections at our +HCA (Historical Cracking Archive :-) 

At times I feel lazy about restarting a session with softice, so I 

recommend you to use sometimes Wdasm as a debugger, yeah. 

It carries some advantages:



* You have always in front of you your wdasmed dead-list (references...)

* There's a nice API analyzer (for checking parameters)

* The GUI is a little bit friendlier :-)

* You may switch among tasks while your babe is stopped.



Of course it is less powerful (a lot less), and more buggy. 

Also single stepping presents some problems when modifying things 

on-the-fly... but try it out in some cases, just to learn how to use 

an alternative debugger. 



Well, I placed on the conditional jump, and changed on-the-fly zero-flag, 

and so I became a good guy. 

I was awaiting the famous "thank you for your support" and so on, you know,

kind of boring; it did (and crashed a little bit :-) but BELIEVE IT OR NOT 

changing this flag on the fly, registered me for ever and ever, from ages 

to ages, until the futurer golden aera when nobody will be aware of what 

was Micro$oft. I repeat: I did not have to PATCH THE REAL CODE with an 

hexeditor!

It is close to mental cracking (the top of zen cracking), you crack this 

without "touching" a single bit of the code. You may be able to fight against the 

toughest forces of evil, yet you'll not be able to unregister it, unless 

you reinstall it from scratch.   



May be I was right introducing a random code :-D



Come on "Dean Software Design" guys, give it out for free.



SiuL+Hacky



(c) SiuL+Hacky, 1997. All rights reversed.
You are deep inside fravia's page of reverse engineering, choose your way out:

Back to project 7 homepage links red anonymity +ORC students' essays tools cocktails
academy database antismut search_forms mail_fravia
is reverse engineering legal?