Observations and Thoughts springing from an mIRC 5.3 crack
Today's protectionist has become so worried about crackers, that they focus more on making things complex; But their limited skills do only that, rather than making them hard to crack. The benifit to us is that they themselves don't understand how thier code works, let alone how it looks under softice. This leads to easy cracks, or even no need for a crack at all... :)
Here's the deal: I started this crack in the mindset that I wanted to write a code generator for it, because I hadn't done one before. To find an entry point, I tried the usual GetWindowTextA, GetDlgItemTextA, but neither worked. So...I drudged up some knowledge from my brief forray into Visual C++ and tried SendDlgItemMessageA...bingo! (all of this from the "register me" window)
Then, to my utter surprise, It turns out, the de-bug info was left in this executable! Right below my entry point was a call to a function: _CheckRegMatch, followed by one conditional jump and then _SaveRegInfo!!!!! A crack couldn't be easier. (notice there are two checks, bpx _CheckRegMatch and re-open the Help|About Dialog to find the other if you want to crack it.)
BUT...I wanted to write a reg-code generator. So I delved into the _CheckRegMatch call which actually does some interesting things with the info you enter. I took notes on how it manipulates the info...etc. Then I sat down, poured over my notes, mentally designing my reg-code generator, when I noticed a case hadn't been accounted for. If the elements of the reg-code were zero, it acted like there was a match, without actually checking the codes!
The reg-code 0-0 will work for any name. Needless to say, this killed my interest in actually writing the code-gen. since all it would have to do is spit out 0-0 for any name! I was disappointed.
None the less, it's a decent encryption,
1 shifting cipher (a variation)
2 string reverses
4 add/mod operations
loads of goodies...but all in vain.
Now what is the lesson we learn from this? Sit back and sip a nice
Milk and think. (Remember, only Nestle Quick and Skim milk will do)
Today we have learned that no matter how in-depth a protectionist thinks his scheme is, he will invariably do something stupid like using that conditional jump after an otherwise complicated protection.
The lesson being: -- You, reading this are by far the better programmer, so don't bother with their overblown schemes, just find the flaw they missed. zen crack. --