Paid To Popup Hacking Articles: Keygen Usefull Breakpoints

Keygen Usefull Breakpoints

Aescu



1) Keygen

2) Usefull breackpoints





KeyGens ...



Useful tips:



1. The best tool to analyze a key file is an Hex Editor. Text editor are not suitable for this task.

2. A key file is nothing more than a continuous array of bytes inside a small file. These bytes reflect the personal user

information (encrypted), checksums of the key file integrity, encrypted dates,

names, addresses, encrypted flags (for instance: a flag for multi-user license), etc.

3. To defeat a Key File Based protection scheme, you should create a little program to code a small bogus key file. This

generic program should be able to create files under different names a sizes. The content of this bogus file (against most

believes) must be readable information. In my

case, the bogus key file generator, cuts a large chapter from my favorite literature novel and paste it in the bogus file, adjusting

the file size and name according to my necessities. Why readable information inside the bogus file? because the target program

will read strategic offset locations of the key file. A readable text inside it will warn about the precise location being read at any

time. It will also mark the locations where certain checksums must be added to the final key file.

4. The key file name is in most cases, the target program main executable file name with the extension '*.key'. A very old

stupidity flag still available these days. Other strategies to figure out the key file name, are the use of a string searching utility,

reading the user's manual (sometimes the author will include instructions on the key file installation, revealing its name), at

debugging level, bpint 21 if ah==3d (DOS), when the break occurs, execute: d (e)dx at SoftICE command screen, in windows

environment, bpx CreatFile, ReadFile, GetFileAttributesA, etc., will perform the same task.

Once you have figured out the key file name, create the bogus file and copy it to the same path as the main target executable.

Start the program and see what happens. If you receive an 'Invalid Key File' or 'Corrupted Key File' message (another

stupidity flag), your cracking work have been greatly reduced; the next logical step is to search the location of the code where

this message is triggered.

5. The key file has to be read. There is no other alternative, the program must read the key file to test its validity. According to

this, appropriate breakpoints on file reading interrupts (DOS) or API's (windows) should be set.



SoftICE Advice: Useful Breakpoints ...



One of the most important abilities a cracker most develop is where, when and what kind of breakpoint to set. If a perfectly

timed and intelligent breakpoint is not set, then you'll grow old and die before being able to take a glimpse of the protection

scheme. Remember, even the most insignificant program can contain thousands of code lines. The most important breakpoints

you should know are:



General Purposes ...



bpx messagebox

bpx getdlgitemtext

bpx getwindowtext

bpx hmemcpy

bpx showwindow

bpx updatewindow

bmsg xxxx wm_gettext

bmsg xxxx wm_command

bmsg xxxx wm_move



Time Related ...



bpint 21 if ah==2A (DOS)

bpx getlocaltime

bpx getfiletime

bpx getsystemtime



Register Flag Related (e.g. Flag on EAX) ...



bpx cs:eip if EAX==0 (SICE 3.x)



Memory Flag Related (e.g. Flag on 0030:000045AA) ...



bpmb cs:eip rw if 0x30:0x45AA==0 (SICE 3.x)



"Hear The Echo" Technique Related ...



bpx 0x30:0x45AA do "d 0x30:0x44BB" (SICE 3.x)

bpx CS:0x66CC do "? EAX" (SICE 3.x)



CD-ROM and Disk Based Schemes ...



bpint 13 if ah==2 (DOS)

bpint 13 if ah==3 (DOS)

bpint 13 if ah==4 (DOS)

bpx GetFileAttributesA

bpx GetFileSize

bpx GetDriveType

bpx GetLastError

bpx ReadFile

bpio -h (Your CD-ROM Port Address) R



Dongle Cracking ...



bpio -h 278 R

bpio -h 378 R



Key File Related ...



bpint 21 if ah==3dh (DOS)

bpint 31 if ah==3fh (DOS)

bpint 21 if ah==3dh (DOS)

bpx ReadFileA

bpx CreateFileA



Keyboard Input Related ...



bpint 16 if ah==0 (DOS)

bpint 21 if ah==0xA (DOS)



Possibilities are endless. I copied only those breakpoints which are considered most useful and frequently used for crackers,

nevertheless, if you have a preferred breakpoint to crack certain schemes that is not listed, please let me know, I'll publish it (if

worthy).