Perfect cracking of Shared Software-penetration into V3.0

Comments: Hello everyone. i'm David. today's course is: Perfect cracking sharing software ---------------------------------------------- the software cracked today is the tool used by "penetration V3.0": filemon and Olldy. w32dasm ------------------------------------------------ 1. search for the key hop to crack everyone. i'm David. today's course is: Perfect cracking sharing software ---------------------------------------------- the software cracked today is the tool used by "penetration V3.0": filemon and Olldy. w32dasm ------------------------------------------------ 1. find the key jump before cracking. check the software for shelling and shelling. I have introduced it many times before. I will not talk about it this time. retrieve registration errors after shelling In the penetration 3.0 software interface, click "register" on the toolbar to open the registration dialog box. enter a registration code "111-111-111-111-". After confirmation, an error message is displayed. "The registration code is incorrect. Check your registration code." Remember this information and ignore it. close the registration dialog box and run the disassembly program W32Dasm. click the menu "disassembly-open file" and call the "Unpacked.exe" file program after shelling to automatically decompile the imported PMT program. after the disassembly is complete, click the "Reference" --> "Serial Data Reference" command to open the serial reference content List dialog box. search for the error message you just noted down in the serial data list and drag it to the bottom of the list to view the message "registration code error ", although the error message we see is incomplete, it is enough to determine the key hop location of the registration code. double-click the prompt to go to the corresponding code segment in the W32Dasm window. ----------------------------------------------- 2. brute force drag up to view program code. laidai Code segment "004BA2FA". here we can see that the Code statement is "004BA2FA" 7442 je 04BA33E ". the machine code is "74420" and the corresponding assembler "je 04BA33E". This is the registration code verification service, you only need to change the Assembly Statement "je" to "jne" to cancel the registration code verification. select the code. right-click and choose "Hexedit" from the shortcut menu. in the pop-up quick byte editor dialog window, change "7442A1DO **********" in "Modify Byte" to "7542A1DO *********". After the modification is completed, click "save, save the changes to the original file, and click "run" in the dialog box to re-run the modified pmt.exe program. enter any password in the registration code input box. after confirmation, the system prompts "registration successful. restart the software! "------------------------------------------------ 3. according to the general situation, the software has been successfully cracked. become a registered version. however, when we restart the software, open the software registration window. in the upper left corner of the registration dialog window, the system still prompts that the software is not registered. after the software is restarted. it becomes unregistered software again. it can be inferred that the software registration detection method is very strict. the software may have read a key value in the registry or a file in the hard disk when it is restarted to determine whether the software is correctly registered. if judgment fails. the Unregistered information will be re-displayed. ------------------------------------------------ 4. the monitored registration flag is used to monitor the registry using RegMon. no suspicious key values are found. The specific process is not detailed. however, when using filemon to monitor hard disk files, we found that the software was somewhat unusual during registration .. run the filemon software, select "volume C" from the menu, and set to monitor only Installation Directory of PMT penetration software. cancel other monitoring items. then register and restart the software. When you view the read information of the monitored hard disk data, you can see that when you click Register, the software reads "C: \ windows \ pmt. ini "file. from the file name, we can see that the file must be associated with the registration of the penetration PMT program. open "pmt. ini "file. This is the PMT configuration file. in the file, we can see the "[S/N]" section in the file, and save the additional registration code. obviously. after the software is successfully registered, it stores the entered registration code here, and then reads the registration code from the file when it is restarted. the registration code algorithm is used to check whether the registration code is correct. because we only cracked the registration code. the registration code is detected when the startup is not cracked. the software cannot be registered successfully. ------------------------------------------------- 5. how can I find the registration code to judge when the app starts? Use W32Dasm to call the "unpacked.exe" file after shelling, and click "View" --> "Search Text" to open the search text dialog box. enter "S/N" as the search string ". click "find next. the corresponding position in the code segment will be located soon. however, there are a total of eight code segments in the program that use the "S/N" character. Therefore, this string is used to determine whether it is a key hop during startup. open the series data reference dialog window and find the required information in the window list. The "registered" character is displayed. double-click the string to the corresponding assembly code. here there are two "registered" information, of course, find the top one. not far from the first "registered" Information Section. there is a jump statement "004B9BFB 742C je 004B9C29004BA2FA". Needless to say, this must be a key hop! If you find the key hop, you can simply use the above method, right-click to modify it, and change "74" in the code to "75! Save the changes to the program file, exit W32Dasm, and restart the penetration program. You can see that the program has been successfully registered!