You are on page 1of 3

Step1. Run the file "cim_crackme.exe", we see there two empty boxes.

Name and Serial like many shareware software. Put there your name and any serial number then click on "Check" button. We will receive this message: "This is not a valid serial......" Write this message down, don't make errors. Just write the message without the quotes and the dots of course then close everything. Step2. Run W32Dasm disassemble, on the menu bar open the first menu "Disassemble" the "Open file to disassemble". Browse to our target "cim_crackme.exe" then disassemble. You now should see a lot of code on your screen

Go at the search menu of W32Dasm and click on "Find Text", put in the search box the text string we did memorize somewhere: "this is not a valid serial" (without the quotes).

: *Referenced by (U)nconditional or onditional Jump at Address: |:004010D7

You should record the address you see: 004010D7 (is very important) Now, go up once more until you find the address you just recorded,

The arrow number 1 show who is addresses group located. In the circle is the address we were looking for. The address and all the row is selected by the green bar too! I hope everything is clear enough! As you see, there is an other arrow, "arrow 2" that indicates "JNE". What does "JNE" mean??? JNE - Jump if not equal JE - Jump if equal When we enter a fake serial number, it jumps. Hmmm, we should reverse it. The reverse of "JNE" is "JE". If we do this, the program will accept any serial number as a real one!!! But how do we edit it???

Using an assembler of course Our mission now is to reverse "JNE" to "JE" at the address: "004010D7". Step3. Now send over it. see some from the a desktop icon of HIEW32 then drag and drop "cim_crackme.exe" You should crap code, now press F4 from the keyboard then choose decode selection.

Now, return to HIEW and press F5 from keyboard then enter the address we recorded above but don't forget to add a dot before the address and to remove the zeros before the address number. Enter it like this: ".4010D7" (without the quotes of course) then hit ENTER. After this you will land in the exact address where we will do the reversing. Notice this line carefully: .004010D7: 7516 jne .0004010EF We should change the bytes here. Without moving the selection from "75" press F3 from keyboard then hit the right arrow of the keyboard directional keys one time, be sure to have the cursor under the number "5". Carefully press the number 4 from the keyboard. The number will change from "7516" to "7416". Carefully press F9 from keyboard to save our changes and F10 to exit at all! We are done!!! Now check that everything is ok, run "cim_crackme.exe" that you just cracked and put you name and any serial number..............CONGRATULATIONS!!! You Cracked It.

HOW TO CRACK ANY TYPE OF SOFTWARE PROTECTION


In this tutorial you will learn how to crack any type of software protection using W32Dasm and HIEW.

Run the program, game, etc., (SoftwareX) that you want to crack without the CD in the CD reader. SoftwareX will not run of course, however, when the error window pops up it will give you all of the vital information that you need to crack the program, so be sure to write down what it says.

IDENTIFYING THE PROTECTION:

Now, run Win32Dasm. On the file menu open DISASSEMBLER > OPEN FILE TO DISASSEMBLE. Select SoftwareXs executable file in the popup window that will appear (e.g. SoftwareX.exe). W32Dasm may take several minutes to disassemble the file. When W32Dasm finishes disassembling the file it will display unrecognizable text; this is what we want. Click on the String Data References button. Scroll through the String Data Items until you find SoftwareXs error message. When you locate it, double click the error message and then close the window to return to the Win32Dasm text. You will notice that you have been moved somewhere within the SoftwareXs check routine; this is where the error message in generated. Now comes the difficult part, so be careful. To crack SoftwareXs protection you must know the @offset of every call and jump command. Write down every call and jump @offset number that you see (You have to be sure, that the OPBAR change its used color to green). You need the number behind the @offset without the h. Now open HIEW, locate SoftwareXs executable, and press the F4 key. At this point a popup window will appear with 3 options: Text, Hex, and Decode. Click on Decode to see a list of numbers. Now press the F5 key and enter the number that was extracted using Win32Dasm. After you have entered the number you will be taken to SoftwareXs check routine within HIEW. To continue you must understand this paragraph. If the command that you are taken to is E92BF9BF74, for example, it means that the command equals 5 bytes. Every 2 digits equal one byte: E9-2B-F9-BF-74 => 10 digits => 5 bytes. If you understood this then you can continue. Press F3 (Edit), this will allow you to edit the 10 digits. Replace the 5 bytes with the digits 90. In other words, E92BF9BF74 will become 9090909090 (90-90-90-90-90). After you complete this step press the F10 key to exit. Congratulations! You just cracked SoftwareX!

CRACKING THE PROTECTION: