Miscellaneous Papers

This section was formed by the merging of the miscellaneous and new reversers pages (I couldn't justify maintaining them individually). Here you will find those tutorials I wasn't able to place in one of the other specific sections, I've hyperlinked them via an anchor so you can quickly navigate to any areas that specifically interest you :-).

Anti-Debugging, breakpoint detecting, Anti-cracking / hacking and protection tips Make us work a little by using some of these tricks to protect your software. Includes feedback I've received from software authors.
CD Checks Basic Windows techniques and commercial schemes (C-Dilla, Safedisc, Securerom). Includes several tools to automate unpacking.
Commercial Schemes CrypKey, eLicence VTCyberpack, TimeLock & Preview Software's VBox.
CrackMe's Cruehead's XOR series, MEXELiTE, Parker's and Phrozen Crew No.3. If you have coded a CrackMe yourself consider sending it to me, on the proviso that it demonstrates something new :-).
Miscellaneous Asmonauts Stars! (function re-adding), Brute-forcing, code matrices, dll protections, Kathras's self-modifying targets tutorials, key generating, in-memory patching, .ini files, zip password cracking.
Newbie Tutorials 5 highly recommend programs for newbies to start their reversing exploits with (Hard Disk LED v1.1, Start Menu Cleaner v1.2, Teleport Pro v1.29, Vulcan Notes v2.13 & WorkStation Lock v2.6, all available for local download).
Papers / Quine's IDA Series Papers that need no introduction, read and enjoy some real reversing gems.
RSA Cryptosystem Papers and applications with respect to RSA protection schemes.

If you are just getting started perhaps you should also read Aesculapius's 7 tips.

Teacher Logo

7 tips (courtesy of Aesculapius)

Deciding that you want to become a reverse engineer is not a decision you should enter into lightly, nor should you believe that learning to "crack" will somehow solve your software problems overnight, a 'non-mercantile mind' as +ORC put it is a pre-requisite. Here are some very brief tips :-

1. The Master is the Master: Get a Tutor. There are lots of crackers on the web. Convince one to be your teacher.
2. Education comes first: Get & read all available Assembly tutorials.
3. Bad habits come next: Get & read all available Cracking tutorials.
4. To see or not to see, that is the question: Where is the protection scheme? You must see it before being able to crack it. Locating the protection scheme is the hardest part of cracking. Steps two and three will help you accomplish this task.
5. Destroy your enemy: Learn all techniques to defeat the most popular and generic protection schemes.
6. Master your power: Turn the protection scheme to your advantage. This one is up to you!.
7. Spread your knowledge: Publish your work around the web. Remember, you can't be a great cracker & dead, so don't take this knowledge to your tomb!.

Good advice, if you choose to take it :-).

Anti-Debugging tricks / Protecting

Document Title Description Date
Anti-Debugging & Software Protection Advice "How to detect SoftICE" & "How to protect better" (updated). Oct. 2000
Author Responses 6 software authors expressing their thoughts to me via e-mail. Oct. 2000
Defending Shareware against Cracks Courtesy of Sense of Security, useful protection advice. N/A
Interlok VxD Anti-SoftICE via VxD (finally an implementation, still easy to beat though). 13/02/00
Richey's Anti-Cracking FAQ for Programmers Assisted by Fravia+ of all people. 22/04/99
Vitas Ramanchauskas - Protecting Shareware Programs Reasonable guide for shareware authors. 11/09/98

CD related

Hey! games reversers, maybe you can use these CD check related tools too (166k, 170,144 bytes) :-

C-Dilla Encryption Brute Forcer - A useful tool courtesy of Black Check.
C.u.Dilla - Tool courtesy of _risc for unwrapping C-Dilla (requires the original CD).
McLallo's CD Cops Decryptor - CD Cops decryptor.
Safedisc v2.0 information posted by ArthaXerXes (12k, 12,790 bytes).
unSafedisc v1.2.2 / v1.3.4 / v1.5.1 / v1.5.3 / v1.5.5 / v2.05.30 - Safedisc decrypter.
UnSecurom v1.0 - Unpacker/Dumper for Securom (48k, 49,262 bytes).

LL32ICA v1.35B & SG4ICA v1.00B :- LaserLock & SoftGuard 4 utilities (520k, 532,818 bytes).

.....and maybe you should try some of these breakpoints :- GetDriveType, GetFileAttributesA, GetFileSize, GetLogicalDrives, GetLogicalDriveStrings, GetLastError, ReadFile.

Visit this tutorial repository too for CD check related tutorials.

Target Name Description Date
C-Dilla Collection Black Check's competent 2 part guide to removing C-Dilla (15k). N/A
Commandos, Behind Enemy Lines CD-Lock reversing by zoltan. 28/09/99
Dune 2000 from WestWood More basic CD-check patching / reversing by zoltan.  28/09/99
Mech Warrior 3 Basic CD-check cracking by BlueFox. 27/08/99

Commercial Schemes

Trying your hand at VBox v4.2?, then maybe the following piece of advice courtesy of HalVar will help :-

"Hide your SoftICE against the FGJM-Trick by patching it, then run the program until the dialog box pops up. Now do the following :-

bpx getprocaddress do "dd *(esp+8) l1;p ret;? eip; x;"

Hit the try button and let SoftICE run for a while. Then save the history. Most of VBox is now highly oligomorphic, so just watch what the last imported API is. Assuming the last imported API was GetWindowTextA :-

bpx getprocaddress if *(esp->8)=='GetW'

After it snaps on the last imported API, p ret and trace for a while until you reach a JMP EBX which lands you at the entrypoint. Reconstruction is pretty straight forward, use the IAT to generate a new import section."

Check out the tools page if you want to get the VBox v4.3 builder kit.

eLicence VTCyberpack v1.0 :- Unwrapper courtesy of UCF (Windows 2000 only) (147k, 151,160 bytes).

Target Name Description Date
CrypKey Part 1 Investigation into the weaknesses of CrypKey, details eXtremeDNC Server v4,0,3,0 & VIA v5.1b. Approaches to generically crack all CrypKey protections as well as documenting of the most important API functions. 07/06/00
TimeLock tl32v20.dll (QModem Pro v2.1 & SmoothMove v2.0 (3DSMax Plug-in)). 1998/1999
VBox v4.1 (Preview Software) Extending the VBox dll by BigMoM. 14/12/98
VBox v4.2 (Preview Software) A great tutorial which describes a generic technique you can use to crack all VBox protected programs, bye-bye virginity restoration sadly, by +Tseph. 14/11/99
VBox v4.3 (Preview Software) How to quickly unpack VBox v4.3 (bypassing the import table trashing). 26/03/00
XingMPEG Encoder v2.2 & SalesAgent "Hall of Shame" Release Software Corporation (rsagnt32.dll) and download URL's of other software using SalesAgent. 30/05/98

CrackMe's

Target Name Description Date
Cruehead CrackMe's No. 1, No.2 & No. 3 XOR based protections in various guises. June 1998
Immortal Descendants CrackMe 8 8 part CrackMe challenge tackled by Mankind. 12/02/00a
Muad'Dib's ReverseMe1 Calling functions dynamically by CaptRE. April 2000
MEXELiTE CrackMe No. 1 & No. 4 2 CrackMe's from nIabI of MEXELiTE. 14/06/98
PaRKeR's CrackMe v1.0 Fairly simple key generator practise. 28/11/98
PhrozenCrew CrackMe 3 A missing file protection. 23/07/98

Miscellaneous

Target Name Description Date
ACDSee v3.1 Removing an Internet check (courtesy of Flu[X]). 12/11/00
Bentley MicroStation /J v07.00.01.11 Brute-forcing the weakness in a serial # scheme. 25/05/99
Blue Marble Geographics Calculator v4.0 Using the symbol loader to verify a dll protection. 10/06/98
Centra Conference v3.01 Decompiled InstallShield script interpreting. 28/02/01
Championship Chinese Checkers v2.5 (32-bit) A curious protection using an ini files date stamp. 08/10/98
Cyber Patrol v4.00.012 A simple 16-bit protection. 13/07/98
Golden Axe Reversing An interesting paper by Orr (submitted to me in September 2006), how reverse engineering can be used to fix very old bugs (88k PDF). Sep. 2006
Interactive Disassembler Pro v4.01 Unpacking and watermark removal from the best disassembler by Tsehp. 08/02/00
Nico's Commander v4.02 A little about CRC/parity checking as well as coding a serial # locator. 27/09/98
Remote Administrator v1.1 A very good tutorial by cLUSTER discussing intermediate reversing concepts *recommended*. 29/12/99 
Search/Replace v6.1.0 A good .ini file protection using tables. 08/07/98 
SmartWhoIs v2.0 An .ini file protection described by Friendship. 23/05/99
SQL Navigator v3.1 Adding self-modifying code to targets which dislike patching by Kathras. 05/11/99
Stars! The re-enabling of missing functions / features, simply superb by asmonaut. 17/12/00
Swimming Upstream..... Courtesy of j!m, breaking an zip cracking tool. 19/9/01
ThoughtSpeed v1.0 More adding your own code to targets courtesy of Kathras. 29/12/99
TZ-Strip Poker Work through the maths and crack this (16-bit) missing file protection. 28/10/98
WinHex 8.03 Simple reversing of valid registration codes by Pc-NinJa. 02/04/99
ZetaFax v6.00 Reconstruction of a missing keyfile by friendship. 14/06/99
Zip File Password Cracking A summary of the main techniques specifically the plaintext approach. 22/05/99

Newbies

Target Name Description Date
Dr. ME!'s Tutorials on Key Generation & Key Files A very good documents indeed describing the ASM vagaries of protections. July 2000
Dr. ME!'s Assembly Language Reference Related to the above. July 2000
FlOrEsTaN's Cracking Tutorial for Newbies A very well-written Getting Started Guide and Introduction to RCE. 22/04/00
Hard Disk LED v1.1 A very simple hard-coded in serial #, SoftICE practice (16k). N/A
Hex Workshop v2.5 How to approach a protection, courtesy of the asmonaut (recommended). 22/12/00
LaunchPad v2.8x Advice and coding tips for reversers new to keygens, with ASM Key Generator. 14/01/99
L!M!T's Tutorial's Covers 4 programs, (Apx_Reveal, Ixla Explorer, MultiSMS Express v6.0.9 & Recette 99 v3.1.1). 14/09/00
L0phtCrack 2.52 A simple memory echo tutorial by Goatass. 14/04/99
mIRC v5.71 A well written tutorial by Rith, strictly for newbies. 15/07/00
Muad'Dib's 4 Tutorial's Very basic collection of simple reversing (real newbies only). 29/12/99
Open Sesame v3.1 Introduction to a simple key generation routine with C++ Key Generator. 28/02/00 
Start Menu Cleaner v1.2 & Teleport Pro v1.29 A new reversers first projects. 29/06/98
TechFacts 95 v1.3 Reverse a tool of the trade (by +fravia). 25/08/98
Various Snippets 6 very early tutorials amalgamated (from 1998). N/A
Vulcan Notes v2.13 & WorkStation Lock v2.6 2 very simple "find the serial #" exercises. Feb/Mar 99
WinRAR v2.06 How to crack a very good scheme by R@yden. 05/03/99

Papers / Quine Series

Target Name Description Date
Cracking THE tool of the trade (IDA Pro v3.7) Part 1 by Quine (an absolute classic). N/A
DOTNET Microsoft's .NET Framework (courtesy of ZenLoren). Mar. 2001
How to load the previous databases (IDA Pro v3.7) Part 2 by Quine (re-enabling saving of the database files). 30/10/97
Extending the IDA Script Language 3rd tutorial by Quine (adding an external program launcher to IDA). 20/01/98
Pushing the Envelope with HASP Quine's investigative probe inside HASP before HaspCode was known, one
of the best essays ever written.
N/A
SoftICE Internals by +spath Superb document detailing just about everything you might have ever have wanted to know about SoftICE internally, the information here should be used for your own tools, beginners definitely need not apply. Download here also commented IDB's of SoftICE v3.22 & NTIce (5.07Mbs). Mar. 2001

Maybe you should check out Quine's IDA page too.

RSA

See also the pertinent section of the Key Generators page.

Target Name Description Date
FTP Voyager v6.1.1.1 Hands-on RSA factoring courtesy of PaRKeR. 05/01/00
RSA Cryptosystem & Mathematical Theory Theoretical and mathematical explanation of said system with example from Lucifer48. 30/09/99
SFXFactory v2.1 by Egis Discussion of RSA schemes, including a live example. February 2003
TMG's Keygen-Me #2 RSA key generating, courtesy of goatass. 06/02/01


Quickly choose your next destination here.

Dongles FAQ Green Ball Key Generators +ORC
Return to Main Index Time Trials Tutorial Archive Visual Basic


© 1998-2007 CrackZ. 13th May 2007.