Underground InformatioN Center [&articles] | |
[network & security news] [RSS & Twitter] [articles, programing info] [books] [links, soft & more...] [soft archive] | [home] |
Tools 00401048: CALL KERNEL32!CreateProcessA 0041104D: PUSH FF 0040104F: CALL KERNEL32!ExitProcessStop at 0040104F. F8,F10,F11. Trace again. You found some operations with the registry. Forget about it. Its YaDo's joke. Trace down. 0040185B: MOV AH,43 ; mov ah,43 ;) 0040185D: INT 68 ; interesting. SI detection 0040185F: CMP AX,F386 ; AX return F386 if SI is loaded and ; 4300 if not loaded. JZ @Cracker used SI. I change my own code and confuse him/her@What to do with this? Unload SI and then crack krypton.;-) Joke. Load FrogsIce or change JZ with JNZ. After some steps: 004010f4: ; peace of code where calculating name of keyfile ........ripped ; if SI is loaded name is wrong ;) 00401149: ; if SI isnt loaded name is 'ya.do'Start tracing until you get: 00401162: CALL KERNEL32!CreateFileA CMP EAX, -01 ;file exist? JZ 004011B3 ....ripped some instructions 00401179: CALL KERNEL32!GetFileSize CMP EAX,15 ;is file 15h bytes long ? JNZ 004011B3Ok. Keyfile should be 21 bytes long and its name is ya.do . Create ya.do and write something like this: '!!Corbio is a lamer!!' or '!Corbio is a cracker!' What you best like? Me second ;) Trace until you get: 00401423: MOV CL,[ECX-01] ;? SUB CL,10 MOV CH,[EBX] ;?? XOR CH,CL MOV DH,[EAX] ;??? ADD CL,0D XOR DH,CL CMP CH,DH JNZ 00401797 ;Go Out, Bad Cracker! MOV DL,[004022B1] ;???? XOR DL,DH MOV [004022E8],DL ;????? ADD EAX,01 ADD EBX,01.......and 20 times like this........ ? : type 'd ecx-1' and you see 63495D1840. Its used for name of the keyfile and here too. ?? : type 'd ebx' and you see 04213A27360A32373C133B3C273E323A3F 7D303C3E ??? : type 'd eax'. Wow! You see '!Corbio is a cracker!' ;) ???? : type 'd 4044B1'and you see 102026353100744C443D052F262739243B 296A4342 ????? : Its string where 'GREAT' and '--REGISTERED--' stored if you keyfile is correct. If no you got a lot of garbage.Can you create correct keyfile now? I can. 37120914053901040F20080F140D01090C4E030F0D Best created with Hiew. ;) Thats all. Uh.I'm tired. Thanx for reading and....... .......sorry my terrible english :) Greets to... Genocide Crew members All my friends (you know who you are) All crackers in the world :-) 15 Aug 2000 Corbio corbio@mail.ru uinC Member [c]uinC
Все документы и программы на этом сайте собраны ТОЛЬКО для образовательных целей, мы
не отвечаем ни за какие последствия, которые имели место как следствие использования
этих материалов\программ. Вы используете все вышеперечисленное на свой страх и риск. |
[network & security news] [RSS & Twitter] [articles, programing info] [books] [links, soft & more...] [soft archive] | [home] |
Underground InformatioN Center [&articles] |
2000-2015 © uinC Team |