Rage9's Bigginer Cracking Tutorial

R a g e 9 ' s C r a c k i n g T u t o r i a l

TruView displays BMP, GIF (including animated GIF's), PCX, TGA and JPG (JFIF type and CMYK) files. Note that CMYK color space JPG's are converted to an RGB color space using a simple conversion. Because the conversion is approximate, most CMYK images will be displayed with the colors slightly skewed (some images more than others).

Images can be flipped, rotated, rescaled, cropped, smoothed, sharpened, inverted and equalized. Image brightness, contrast and color depth can also be changed. TruView can also convert (single or batch) images to any of the supported file types. TruView requires a 32-bit MS-Windows environment to run. This means either Win95, Win98, WinNT or Win 3.1 with Win32s (ver 1.30c or later) installed. A hi-color display is recommended.

And for $20 you can register it.

T a r g e t
T r u V i e w V 1 . 8 3

T o o l s :
W 3 2 D A S M
H a c k e r s V e i w

Welcome to the first of my newbie cracking tutorials.
First things first you will need the tools stated above, without them you can not do this.
I'll be taking you through step by step through the crack and what I'm thinking, and so you don't get lost I have included screen shots as I did this crack.
You can find this tool at http://download.cnet.com/ or http://members.home.net/beyeler/truview.html
although cnet may have a more updated copy, but try them first.
Enjoy!

D I S C L A I M E R :
I(or any of my colleagues) take no responsibility for anything you do or use this document for. We will not be prosicuted because of your illegal activities, this document is for educational purposes ONLY!

First things first, run truview.exe, lookie there, we are presented with a registration screen, : ), That's what we need.

Now lets just put in any 'Registration Key' we wish, I insert 666 put in what you see fit.

Click the 'OK' button and we get a 'Invalid Registration Key' box, write that down because we'll need it later.

Now open W32DASM and we have this for a screen:

Now we need to dissasemble the file. Click on the 'Disassembler' menu and then on 'Open File to Dissassemble..'.

Find where you have truview.exe and when you find it, click on it.

Then click the 'OK' button or double click on it. The next thing that happens is the program translates the binary code to assembly code(which we need) this may take a while depending how fast your cpu is. When it's done you'll have a screen like this:

Now click the 'Refs' menu and then click on 'String Data References'.

And a window titled 'W23Dasm List of String Data Items' pops up.

Remember befor I told you to write down 'Invalid Registration Key' well this is what it is for. Scroll down until you see and click on it.

Now double click on 'Invalid Registration Key'. Wala! We are taken right below the text.

This is a good time to talk about what we are looking for. Most likely we are looking for some kind of jump statement, most likely it will be a Jump if Not Equal (JNE) command that will lead down to the 'Invalid Registration Key' and usually, but not allways, is the first one we come across will be it.

Also to note that the jump usually follows a test of some sort. Let's get cracking.

Start scrolling up and at address 00434ADD we come accrost the jne instruction we are looking for.

How do we know that this is the right address?
:00434ADD 0F85CC000000          jne 00434BAF
00434ADD is the address, 0F85CC000000 is the machine code for the assembly instruction, and finally the Jump if Not Equal instruction, where does it jump to? To address 00434BAF.
You can see that address in the screen shot after double clicking on 'Invalid registration number' : :00434BAF    8B4304          move eax, dword ptr [ebx+04]
:00434BB2    6A30           push 00000030
In those 2 lines things are getting put into different places, there's no need to know what, but the next 2 lines are what's most important:
* Possible StringData Ref from Data Obj ->"TruView - registration" ;setting text
:00434BB4    6821D44900          push 0049D421 ;putting 'TruView - Registration' as the title of the 'Invalid registration key" message box.
* Possible StringData Ref from Data Obj ->"Invalid registration key" ;setting error text
:00434BB9    6808D44900           push 0049D408 ;put 'Invalid registraion key' in the message box

What else do we need? Well for Hackers View we need the offset address, look twords the bottom of the W32DASM box and you see @Offset and the offset, to help you out I drew a red arrow pointing at the offset address so you know where to find it. In this case the offset address is 000340DDh.

Find truveiw.exe, mine was in c:\cool\cc\tveiw183\.

And then press Enter and you end up with a screen that looks like this:

Press F4 and then go down and down to 'Decode'

Press Enter and we get this:

Press F5 and type 340DD(our original address was 000340DDh dont put in the h! Also you do not have to put those first three zeros in)

Press Enter and we end up at our address!(00434ADD)

Press F3 and now you can edit that line, change 0F85CC000000 to 909090909090, that nops everything(nop means no instruction so its compleatly bipassed), I like to start from the back so I don't get lost doing this because the code changes as you do it.

As you see I'm working backwards.

If you work backwards after you nop the last one (OF in this case) it will form a verticle line of 90's, press F9(saves changes) and F10(quit).

Now run truview.exe again, I put in 666 again, put in what you wish.

Press the 'OK' button, and cha-ching! Registered!

R e c a p :
Changing the 0F85CC000000 (Jump if Not Equal code) to 909090909090 (No Operation) thus eliminated the jump to the bad code saying the registration key was incorrect and allowed us to follow on the good 'You registered the program' track.