Web
: http://mxb.cjb.net
Contact Me : [email protected] or [email protected]
WinHex 9.54
Type : Multi editor
Protection : Serial
Tech : Serial fishing
Crack : Here the programmer made a worng move.In ver 9.26 the serial
is only
computed at start up,which made it little bit more hard to find.In this version
serial is computed and no restarting is required.Made our job easy.Very very
wrong move.
Enter fake values.And in SICE BPX HMEMCPY
0x425FB6 MOV EDX,[EBP-04] << First code
0x425FB9 MOV [0x455208],EDX
0x425FBF MOV EDX,[EBP-08] << Second code
0x425FC2 MOV [0x45520C],EDX Note : All S/N in hex format
In SICE use BPR xxx xxx where S/N is found i.e [0x455208] ....
We will reach
0x42BB3B LEA EAX,[ESP+E0]
0x42BB42 SUB EAX,08
0x42BB45 MOV EAX,[EAX]
0x42BB47 MOV [EBX],EAX
0x42BB49 CMP [EBX],0xD9038 >> S/N Max limit
0x42BB4F JG 0x42BC4D >> BAD
.................................
0x42BBC0 CMP EDX,54 >> EDX depends on 7777xx
0x42BBC3 JNZ 0x42BC4D >> BAD
0x42BBE7 MOV EAX,[ESP+D8] >> First S/N
0x42BBEE CALL 0x42F7F4
0x42BBF3 CMP EAX,[ESP+DC] >> Second S/N,EAX = 0xFFFFFFFF if wrong
And real S/N if first S/N is correct
Inside CALL 0x42F7F4
0x42F90D CMP EAX,0x336
0x42F913 JL 0x42F919 >> BAD
0x42F915 MOV EAX,ECX << REAL Second S/N
0x42F917 JMP 0x42F91C
0x42F919 OR EAX,-01 >> Reset EAX = 0xFFFFFFFF
To Crack let as make a key gen inside the program itself.
In SICE at 0x42BBE7 assemble the code by command 'a eip'
0x42BBE7 MOV EAX,[ESP+D8]
0x42BBEE CALL 0x42F7F4
0x42BBF3 CMP EAX,-01 = 0xFFFFFFFF
0x42BBF8 JNZ STOP
0x42BBFA MOV EAX,[ESP+D8] >> First S/N
0x42BC01 ADD EAX,64 >> ADD 100 to protect last two digit
and increment other.
0x42BC06 MOV DW PTR[ESP+D8],EAX
0x42BC0D JMP 0x42BBE7
Registration Info : Code I = 201884 And Code II = 284958