Web
: http://mxb.cjb.net
Contact Me : [email protected] or [email protected]
HTML Guard 2.0
Type : Encrypt
HTML Files -- good progy
Protection : Packed --- Serial --- Nag box in encrypted html file
Tech : Patching
Crack : This is a Delphi program .... no more Win32 API .....more over
this file
is packed.So first unpack it....
Unpacking :
First we will change the flag of CODE section to E0000020 - so that SICE symbol
loader will break ..at entry point ...
Now place a BPMB on any instruction so that when it unpacks we will break in
to SICE
BPMB 4472DF RW
When we break in to SICE we will be in the middle of unpacking routine ...trace
back...
......................
0x5563B5 POPAD
0x5563B6 JNZ 5563C0
.............................
0x5563C0 PUSH 496A08 --- OEP --> EP = 96A08
0x5563C5 RET
Patching :
Man this Delphi programs are a real mess ...I tried to enter its protection
through its
loop holes ..... registration key entry ...... nag box .....all effort was in
vain .....
How ....how can we crack this [ hit you head ..... ]
Let see what it writes to encrypted HTML files ....So encrypt a simple HTML
file and
open it in browser ....we can see a nag box with message ....
"Protected by Unregistered version of HTML Guard"
This is the only loop hole left .... let us give it a try ...
Use W32Dasm on our unpacked file .....and seach for nag string ...
Man ! we can see a lot of strings like this ....so use BPX on each address and
try ....
Now open a HTML file and click "Encrypt" button .....
We will break in to SICE here ....
0x492557 CALL 491E70
INDICE THIS CALL ...
0x491E7C PUSH EBP ----> NAG STRING CRAP .....
..........................
0x491EBE CALL 403E90
..............................
0x491ECE CMP BYTE PTR [EAX+47],00
0x491ED2 JNZ 491EDB | 75 07 -----> BAD BOY
Thank God .... a loop hole ....now all you want to do is disable this jump :
)
Just fill with NOP = 90 ....
OFFSET = 91ED2
CHANGE ---- 75 07 --to---> 90 90