Chinese software is still broken

Since I introduced some knowledge about software Cracking in "World of Netizens", many readers are very interested in it and often communicate with the author on QQ to solve some cracking problems. When talking about the brute-force cracking technology in software cracking, many friends think that this technology is simple and practical. It can be said that it has been tried and tested repeatedly during software cracking. However, some problems have also been found during the communication with you. For example, when some Chinese registration software is registered, a Chinese error message is displayed. During brute-force tracking, because the error message has been written in Chinese, it is garbled in the program and cannot be located. Many of my friends are helpless, so I will introduce the cracking of such software here.
I. Chinese software cracking principles
Many software are well written in Chinese, and even the registration error message is given to Chinese. After we decompile these Chinese software, the registration error message will become garbled. Generally, the Chinese method searches for strings in the English software using some resource modifiers and directly changes them to Chinese. At this time, we can do the opposite. We also use the resource modification tool to find the resource code with the error message when registering the software, and then locate the decompiled program, you can find the registration error message.
Ii. instance cracking WebEasyMail
The principle is clear. Now let's look at a cracking instance. WebEasyMail is a common mail server software, but the unregistered version has only 25 users, so we want to register it as an unrestricted version.
Step 1: Shell check and shelling
The first step is to check the shell and shell. Run the cracking tool peidand call the software main program unzip easymail.exe to check the shell (1). We can see that the program is shelled by UPX. Copy easymail.exe.exe to the “upx.exe folder, enter the folder under the command line, and execute the command:
 
"Upx-d easymail.exe ";
After the shell removal is successful, a file named easymail.exe is obtained, and then the shell is checked to find that the program is written through VC ++.
Step 2: Find the error message
Run the WebEasyMail program and right-click the "register" command in the menu to open the registration window. Enter a string with a length greater than 8 in the serial number. Click "OK" and the system prompts "Wrong serial number input" (2 ).

Step 3: locate the resource code
 
The tool we want to use is exescope. after running exescope, we need to access the just-out easymail.exe file.
TIPS: exclusive is a convenient and powerful Chinese tool that can analyze without source files, display different information, and rewrite executable file resources, including (EXE, DLL, OCX). You can directly modify the resources of programs compiled with VC ++ and Delphi, including menus, dialogs, and string tables.
Click the corresponding resource on the Left bar to access various string resources in easymail.exe compiled by vcpus. This includes the error message in the registration error prompt dialog box (3 ). Click "8" in the left sidebar. The "122 serial number input error" is displayed in the right window. This is the registration error message.
 
Step 4: Find the error message
Remember the resource code "122" you just found, return to the W32Dasm window, and search for the resource Code 122 you just found in the Series Data Reference dialog window. Is there a "String Resource ID = ***" String in the String list? This is the resource code ID. Find "String Resource ID = 00122" and you can see the garbled character "? E ?" (4 ). This is actually the "serial number input error" string in the registration error prompt dialog box, but it turns into garbled characters After encoding conversion.
 
Step 5: Search for key hops
Maybe some friends are not sure yet. Is this the registration error message? Let's continue with the subsequent cracking process. Double-click "String Resource ID = 00122". Generally, you can return the corresponding assembly code in the W32Dasm window immediately. However, this time the program was cracked, but it did not respond. This is also the difference between cracking such software and general software.
It doesn't matter. We can find the corresponding assembly code by searching for strings. Click "Search"> "Search Text" in the W32Dasm window, enter "ID = 00122" (5) in the Search dialog box, and click "OK". The corresponding area (6) in the code segment will be displayed soon ).
 

Drag up to view the program code. You can see "Referenced by a (U) nconditional or (C) onditional JumpatAddress: 004071B7 ", where "004071B7" is the real jump code segment (7 ).
 

Step 6: Modify the Assembly Code
Double-click the "Referenced by a (U) nconditional or (C) onditional JumpatAddress: 004071B7" code to go to "004071B7". here we can see that the machine code is "0F85C0010000 ", the corresponding Assembly statement is "jne 0040737D", which is the verification code segment where the registration code is correct or not. Friends who are familiar with brute-force attacks must be very clear. As long as the compilation statement "jne" is changed to "je", the software registration code verification can be skipped and any software registration can be completed.
Select the code, right-click, and select the "Hexedit" command in the pop-up menu. In the pop-up quick byte editor dialog box, change "0F85C0010000 *****" in "Modify Byte" to "0F84C0010000 *****" (8 ).
 
After modification, click "save" to save the modification to the original file. Overwrite the original WebEasyMail program with the modified program. Re-run the modified WebEasyMail program, enter any number in the serial number input box, and then register the software!
From the above process, we can see that exists is the key to successful cracking. With this tool, we can find the resource code ID corresponding to the registration error message, then, identify the corresponding jump code by using the ID number, and bypass Chinese garbled characters to find the successful cracking of the key jump. In addition, excompute is also very useful in modifying the software it has cracked and creating personalized cracking software. It is an indispensable weapon for hackers who love to crack software.