Web
: http://mxb.cjb.net
Contact Me : [email protected] or [email protected]
WinAce
2.01
Type : Compression
Program
Protection : Serial
Tech : Run Time Patching
Crack
: This program is written in Delphi ....I used API Spy but to my surprise
there were no API calls .....more work ....
Then I worked around registration process ... I found that encrypted Reg Id
is written in to a
Registry Key.Some how I managed to write false key in to Registry by playing
inside its
reg-algorithm.Then restared program .... WinAce showed a message box telling
"Your key has expired".
This will be our attack point.
In SICE BPX MESSAGEBOXA
Trace Back ....we will reach here ...
0x5BAA3A CALL 403F6C
0x5BAA3F CMP DW PTR [5DCCF8],00
0x5BAA46 SETNZ AL | 0F 95 C0
0x5BAA49 AND EAX,7F
0x5BAA4C MOV [5DCDF4],EAX >> MAKE EAX = 01 [ SAVE FLAG ]
To crack : 0x5BAA46 SETZ AL | 0F 94 C0
As this file is packed we will have to use run time patching ....
Find the real entry point of the program.Use SICE Symbol loader.[Make sure
you have changed flag of .CODE section to E0000020 ]
0x6BA4F1 POPAD
0x6BA4F2 JNZ 6BA4FC
..............................
0x6BA4FC PUSH 5D6A44 >> OEP
0x6BA501 RET >> IMPLEMENT THE PATCH HERE .
ie ...
0x6BA501 MOV BYTE PTR [5BAA47],94 | C6 05 47 AA 5B 00 94
0x6BA508 RET | C3
AV part is not
cracked :(
*The AV signature feature can not be tested, since it requires a valid personal
registration
key to work correctly.
Patch :
File = winace.exe
Offset = C5F01
Write : C6 05 47 AA 5B 00 94 C3