Web
: http://mxb.cjb.net
Contact Me : [email protected] or [email protected]
Offline Explorer Pro 1.4.322 SR 1
Type : Offline
Explorer
Protection : Serial & ASPack
Tech : Unpacking and Patching
Crack : In this version finding S/N is little bit harder.But it can be
easily
cracked by setting a flag.
(1) Unpacking :
Change the flag of CODE section to = E0000020 so that it will break in symbol
loader at entry point[Use PE Editor].And now trace...
...............................
0x5614EB MOV [EBP+0x443EA1],EAX >> EAX = 0x507F90 --> OEP
0x5614F1 POPAD
0x5614F2 JNZ 0x5614FC
.....................
0x5614FC PUSH 0x507F90
0x561501 RET >> DUMP FULL MODULE HERE - USE 'JMP EIP'
Now change the EntryPoint of the program by using PE Editor.
EP = OEP - BASE ADD = 507F90 - 400000 = 107F90
Now our dumped file will run and it is unpacked too.Now we can patch
it.
(2) Patching :
We must find where the program is setting flag for registration.
For this we put a BPX on the deep inside the S/N validation algorithm
and then restart the application :) If it uses the same routine at
start up also we will break in to it.
S/N validation main CALL :
0x4CF622 CALL 0x4F67DC
0x4CF627 TEST AL,AL
0x4CF629 JZ 0x4CF6A9 >> BAD BOY
INSIDE CALL 0x4F67DC
0x4F67E0 CALL 0x4F62CC
||||
vvvv
0x4F67E0 CALL 0x4F62CC >> BPX HERE,ENOUGH DEEP :)
Now restart the program..we will break here now trace back...
Till we reach here ..
0x4F664D MOV AL,[EBP-01] | 8A 45 FF >> MAKE AL = 1 TO CRACK
0x4F6650 POP EDI
Patch :
0x4F664D INC EAX | 40 OFFSET = 0xF664D
0x4F664E NOP | 90
0x4F664F NOP | 90
Run Time Patching : PERFECT FIT
0x5614F1 POPAD
0x5614F2 MOV DWORD PTR [004F664D],5F909040 | C7 05 4D 66 4F 00 40 90 90 5F OFFSET
= 77EF2