Web : http://mxb.cjb.net
Contact Me : [email protected] or [email protected]

Main | Index

WinRAR 2.80 Beta 4

Type : Compression Util
Protection : Key File
Tech : Patching


Crack : Best compressor i have ever seen ...

If we use API spy we can see it is trying to open a
file named "rarreg.key" ... registration file .....
So create a fake file

Name : rarreg.key
-------------------------
xxxxxxxxxxxxx
DHEERAJ
-------------------------

So in SICE BPX CREATEFILEA .... trace back

It is interesting to see that program is checking registration
twice ....

0x42B718 XOR EAX,EAX
0x42B71A CALL 4157F8
0x42B71F MOV [00473B04],AL >> SAVE FLAG : IF AL = 01 >> PROGRAM IS REGISTERED
...........................
0x4346F9 MOV AL,01
0x4346FB CALL 4157F8 >> USE BPX 4157F8 TO REACH HERE :)
0x434700 MOV [00473B04],AL >> SAVE FLAG : IF AL = 01 >> PROGRAM IS REGISTERED

INSIDE CALL 4157F8

0x415AF2 CALL 419630
....................
0x415AFF JZ 415B25 | 74 24 OFFSET = 150FF >> GOOD BOY
...................
0x415BEE CALL 40615C
0x415BF3 TEST EAX,EAX
0x415BF5 JNZ 415C1B | 75 24 OFFSET = 151F5 >> GOOD BOY
...................
0x415C62 CALL 40615C
0x415C67 TEST EAX,EAX
0x415C69 JNZ 415C8C | 75 21 OFFSET = 15269 >> GOOD BOY
....................
0x415C8C MOV AL,01 >> REGISTERED MODE

Patch :

0x415AFF JMP 415B25 | EB 24 OFFSET = 150FF
...................
0x415BF5 JMP 415C1B | EB 24 OFFSET = 151F5
...................
0x415C69 JMP 415C8C | EB 21 OFFSET = 15269