I made a Serial Number program, and I wanna see if anyone can crack it. Feel free to use any hex editors, decompliers, what ever you want. here's the url:

http://members.fortunecity.com/dimava/Serial.exe

Note: if an error comes up, please copy and paste the url into a new browser window

if you get it right a message box will come up with a secret password, so if you get the secret password, post it here.


I made this for a company, so unless someone cracks it, I'm not going to give out a serial number


BTW there is over 1550 diffrent serial numbers that are avalible

Actually that's a point - know where I can get a simple hex editor? Don't think I've got one any more.

What do you mean when you say 1550 serials available? That how many combos or something?

yea, thats how many combos there are you can get one at download.com (thats where I got mine)

corrcet, now please post the combination that you entered

ABCDE ABCDE ABCDE ABCDE ABCDE

Oh, by the way, before entering the combination, I cracked your program and made it so that any combination works. :D

People:
Will you please stop asking me on ICQ how I cracked it? It's driving me crazy! :rolleyes:

That is not a valid Combination (which I programmed)

and what program did you use to change it and how?

I cracked it!
What program did I use?
My own! :rolleyes:

Option Explicit

' By changing just the constants and the two functions,
' this crack can be applied to many programs!

Const PathOfEXEToCrack = "C:\Windows\Desktop\"
Const NameOfEXEToCrack = "Serial.exe"
Const NameOfBackupEXE = "Backup.exe" ' Set to vbNullString to not back up
Const CrackDescription = "accepts any combination"

Function WhatToLookFor() As String
' For dimava's program:
' Looking for: jne 00406369
' EXE alias: 0F8501170000
WhatToLookFor = Chr(&HF) & Chr(&H85) & Chr(&H1) & Chr(&H17) & Chr(&H0) & Chr(&H0)
End Function

Function WhatToReplaceItWith() As String
' For dimava's program:
' Replacing with: 6 nops
' EXE alias: 909090909090
WhatToReplaceItWith = String(6, &H90)
End Function

Sub Main()
Dim btFileNum As Byte, sFile As String, lPos As Long

' Check crack sizes
If Not Len(WhatToLookFor) = Len(WhatToReplaceItWith) Then
Call MsgBox("Error: Invalid crack sizes.", vbCritical)
Exit Sub
End If

' Back up, if needed
If Not NameOfBackupEXE = vbNullString Then
Call FileCopy(PathOfEXEToCrack & NameOfEXEToCrack, PathOfEXEToCrack & NameOfBackupEXE)
Call MsgBox(NameOfEXEToCrack & " has been backed up." & vbCrLf & _
"The original file was backed up, and is now called " & NameOfBackupEXE & ".", _
vbExclamation)
End If

' Read file
btFileNum = FreeFile
Open PathOfEXEToCrack & NameOfEXEToCrack For Binary As btFileNum
sFile = Input(LOF(btFileNum), btFileNum)
Close btFileNum

' Find item to crack in file
lPos = InStr(sFile, WhatToLookFor)
If lPos = 0 Then
Call MsgBox("Error: Invalid data.", vbCritical)
Exit Sub
End If

' Crack it!
Mid(sFile, lPos) = WhatToReplaceItWith

' Save the data to the file
btFileNum = FreeFile
Open PathOfEXEToCrack & NameOfEXEToCrack For Binary As btFileNum
Put #btFileNum, , sFile
Close btFileNum

' Finished
Call MsgBox("Successfully cracked " & NameOfEXEToCrack & "!" & vbCrLf & _
"Now, " & NameOfEXEToCrack & " " & CrackDescription & ".", vbInformation)
End Sub

Enjoy! :rolleyes:

when I tried it, it didn't work

Aww :(
You'll get over it. :rolleyes:
But the fact is I cracked it.

It worked for me,
maybe your just stupid...

is that all that you have to put on a forms code to get it to work? or do you need to call the produdures and stuff?

No forms at all.
Make sure your project has nothing but a module in it, and then paste the code in the module.
Never seen Sub Main() before? :rolleyes:

Take my philosophy, in time nothing is uncrackable

Sorry i just had to laught at 1337 dimava. :)
j/j man.

First of all, I disassembled the program.
Feel free to use any hex editors, decompliers, what ever you want.

I noticed something like this in the assembly code:

mov ax,[the first textbox of the five]
add ax,[the second textbox]
jo <somewhere> ; this means, if overflow, jump to the error line <somewhere>
add ax,[the third]
jo <somewhere>
add ax,[the fourth]
jo <somewhere>
add ax,[the fifth]
jo <somewhere>
cmp ax,0019 ; compare ax to 19h
jne 00406369 ; if ax <> 19h, jump to 00406369
; (otherwise stay where you are!)

; code for "success" msgbox goes here
00406369:
; code for "wrong serial" msgbox goes here

Also, the code told me that the only jump to 00406369 was that jne line.
So that is the only place which could cause an "error" MsgBox.
According to the disassembler, the line jne 00406369 looked in the EXE like this: 0F 85 01 17 00 00
Now, I do not want to jump. If I disabled this jump, the error MsgBox could never be reached, but instead, it would show the success MsgBox either way.
So the solution is to replace it with nop (no-operation).
Now as you saw, jne 00406369 takes up 6 bytes of the EXE.
And the EXE alias for nop is 90. (1 byte)
So we have to put exactly 6 nop codes to skip the jump.

This is what the program does. :rolleyes:

Here's how the serial-checking routine in the cracked serial.exe looks like.

mov ax,[the first textbox of the five]
add ax,[the second textbox]
jo <somewhere> ; this means, if overflow, jump to the error line <somewhere>
add ax,[the third]
jo <somewhere>
add ax,[the fourth]
jo <somewhere>
add ax,[the fifth]
jo <somewhere>
cmp ax,0019 ; compare ax to 19h
nop ;do nothing
nop ;do nothing
nop ;do nothing
nop ;do nothing
nop ;do nothing
nop ;do nothing
; Success MsgBox code goes here

00406369:
; Wrong Serial MsgBox code goes here
; But in the cracked EXE, it cannot be reached

Another solution would be to change it from jne to je. Then, wrong serials will give you the "correct" MsgBox, and correct serials will give you the "wrong" MsgBox.
But there's no reason, so let's not do it and say we did. :rolleyes:

For those that didn't know.
jne = Jump (if) Not Equal
je = Jump (if) Equal


Yonatan,
What does ax refer to?
Also what does 19h refer to?

What Dissassmbler do you use, I have used wdasm and softice but I prefer wdasm as it doesn't fettle your system like softice.

Cheers

AX is the accumulating register.
In this code, it is the sum of five numbers.
The five numbers are generated from the TextBoxes in dimava's serial program. (I'm not sure about the connection between the text in the TextBox and the number generated)
With dimava's algorithm, if ax = 19h, then the serial number is valid.
I don't know why, I didn't dig into this. :rolleyes:
The point is, skip this jump and the program is cracked!

I use wdasm - it is more fun! :rolleyes:

you guyz got way too much time on your hands (points to Yonatan)
:)

Aha :) Thanks for the explanation.

It's a software cracker's dream tools, hehe.