📄 rhino.html
字号:
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="GENERATOR" CONTENT="Mozilla/4.04 [en] (Win95; I) [Netscape]">
<META NAME="Author" CONTENT="KLee8084">
<META NAME="Classification" CONTENT="Reverse Code Engineering">
<META NAME="Description" CONTENT="Step by step guide to cracking Rhino 3D V1 (Beta)">
<META NAME="KeyWords" CONTENT="How to crack Rhino 3D V1 (Beta)">
<TITLE>Rhino 3D V1 (Beta)</TITLE>
</HEAD>
<BODY TEXT="#001010" BGCOLOR="#C0C0C0" LINK="#FF0000" VLINK="#000099" ALINK="#FFFF00">
<TABLE BORDER CELLSPACING=2 WIDTH="100%" 22" >
<TR BGCOLOR="#FFFFFF">
<TD WIDTH="15%">
<CENTER><B><FONT FACE="Arial,Helvetica">Aug 98</FONT></B></CENTER>
</TD>
<TD WIDTH="65%">
<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+1>"</FONT><FONT SIZE=+2>Cracking
Rhino Beta 1.0</FONT><FONT SIZE=+1>"</FONT></FONT></CENTER>
</TD>
<TD WIDTH="50%">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT SIZE=-1>Win '95 Program</FONT></FONT></B></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#808080"><FONT SIZE=-1>Win
Code Reversing</FONT></FONT></FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#808080"> </FONT></FONT></CENTER>
</TD>
</TR>
<TR BGCOLOR="#FFFF99">
<TD WIDTH="15%">
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#890000"> </FONT></FONT></CENTER>
</TD>
<TD>
<CENTER><FONT FACE="Arial,Helvetica"><B><FONT SIZE=+2>by KLee8084</FONT></B><FONT SIZE=+3> </FONT></FONT></CENTER>
</TD>
<TD VALIGN=CENTER WIDTH="30%"><FONT FACE="Arial,Helvetica"> </FONT></TD>
</TR>
<TR BGCOLOR="#999900">
<TD WIDTH="15%">
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
</TD>
<TD>
<CENTER><FONT FACE="Arial,Helvetica">Code Reversing For Beginners </FONT></CENTER>
</TD>
<TD WIDTH="30%">
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
</TD>
</TR>
<TR BGCOLOR="#C0C0C0">
<TD WIDTH="15%"></TD>
<TD ALIGN=LEFT>
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
<CENTER><B><FONT FACE="Arial,Helvetica">Program Details</FONT></B></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><B>Program Name:</B> rhino32.exe</FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><B>Program Type:</B> 3D Graphic Program</FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><B>Program Location: </B><A HREF="ftp://ftp.mcneel.com/pub/rhino/rhino32.exe">Here</A> </FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><B>Program Size: </B>6.2 meg</FONT></CENTER>
<FONT FACE="Arial,Helvetica"> </FONT></TD>
<TD WIDTH="30%"></TD>
</TR>
<TR BGCOLOR="#C0C0C0">
<TD WIDTH="15%"></TD>
<TD><FONT FACE="Arial,Helvetica"><B> </B> </FONT>
<CENTER><B><FONT FACE="Arial,Helvetica">Tools Used:</FONT></B></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><A HREF="http://www.fortunecity.com/bally/waterford/18/w32dsm89.zip">W32Dasm
V8.9 - Disassembler</A></FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica">Softice V3.2 - Debugger</FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica">Hiew 5.66</FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
</TD>
<TD WIDTH="30%"></TD>
</TR>
<TR>
<TD VALIGN=CENTER BGCOLOR="#C6E7C6">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT COLOR="#0000FF">Rating</FONT></FONT></B></CENTER>
</TD>
<TD VALIGN=CENTER BGCOLOR="#C6E7C6">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT SIZE=-1><FONT COLOR="#0000FF">Easy
( X ) Medium ( ) Hard ( ) Pro
( )</FONT> </FONT></FONT></B></CENTER>
</TD>
<TD WIDTH="30%" BGCOLOR="#999900"><B><FONT FACE="Arial,Helvetica"><FONT SIZE=-1>There
is a crack, a crack in everything. That's how the light gets in.</FONT></FONT></B></TD>
</TR>
</TABLE>
<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=-1> </FONT></FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"> </FONT>
<HR></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+2>Rhino3D Beta 1.0</FONT></FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+1>'Patching A Demo'</FONT></FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#0B7FC1">Written by KLee8084</FONT></FONT></CENTER>
<FONT FACE="Arial Black"> </FONT>
<BR>
<BR>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#0000FF"><FONT SIZE=+2>Introduction</FONT></FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"> </FONT>
<BR><FONT FACE="Arial,Helvetica">Rhino3d is a NURBS program that allows
you to create 3D objects and export them in a variety of formats, such
as VRML, which makes it ideal for creating virtual worlds.</FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#3333FF"><FONT SIZE=+2>About this protection system</FONT></FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"> </FONT>
<BR>The only protection that this program has (relevant) is a time protection
that is hard-coded in Rh_Main.exe. After 30 days, the program ceases to
run.
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">The Essay</FONT> </FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"><FONT COLOR="#000000"> </FONT></FONT>
<BR>First, you need to see if anything is written in an .ini file, or the
system registry. To do this, advance the system's date 2 months and attempt
to run the program. It won't run. Next, set your system's date back
to normal. Now attempt to run the program again.
<BR>
<BR>This time it runs perfectly. This should tell you that nothing was
written to the registry or to an ini file about the date (else the program
would not have run). Knowing that the program checks the system's date/time,
it seems logical to set a breakpoint in Softice at GetSystemTime. Press
<B>CTRL-D</B> to go into Softice, then type <B>bpx GetSystemTime</B>.
<BR>
<BR>Next, get out of Softice by typing <B>x</B> , and run Rhino.exe.
<BR>
<BR>After the rhino loader displays it's credit window, it'll start to
load Rh_Main.exe and you'll be thrown into Softice at the beginning of
Kernel32.dll's <B><FONT COLOR="#000099">GetSystemTime</FONT></B> function.
<BR>
<BR>Press '<B>F11</B>' to step out of this call. What do you see? A simple
compare instruction following the call.
<P><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F669 FF15701C8C00
CALL [KERNEL32!GetSystemTime]</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F66F 66817C2404CE07
CMP WORD PTR [ESP+04], 07CE ;<B><FONT COLOR="#993366">Check for 1998</FONT></B></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F676 7519
JNZ 0041F691 ;<B><FONT COLOR="#993366">Beggar off cracker</FONT></B></FONT></FONT>
<P><FONT FACE="Arial,Helvetica">If you check the 07CE (by typing "? 07CE"
in Softice), you'll see that it is 1998. The current year. If the value
at WORD PTR [ESP+04] wasn't 07CE, then the program would jump to a nasty
MessageBox routine. Next, there is another compare:</FONT>
<P><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F678 66837C240608
CMP WORD PTR [ESP+06], 08 ;<B><FONT COLOR="#993366">Check for August</FONT></B></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F67E 720A
JB 0041F68A</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F680 750F
JNZ 0041F691 ;<B><FONT COLOR="#993366">Beggar off cracker</FONT></B></FONT></FONT>
<BR>
<BR><FONT FACE="Arial,Helvetica">This compare (WORD PTR [ESP+06] ) checks
the month. If the month is earlier than August, jump to 0041F68A, else
jump to nasty MessageBox routine.</FONT>
<BR><FONT FACE="Arial,Helvetica">Finally, there is one last compare:</FONT>
<BR>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F682 66837C240A1F
CMP WORD PTR [ESP+0A], 1F ;<B><FONT COLOR="#993366">Check for Day = 31st</FONT></B></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F688 7307
JAE 0041F691 ;<B><FONT COLOR="#993366">Beggar off cracker</FONT></B></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F68A 33C0
XOR EAX,EAX</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F68C 5B
POP EBX</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F68D 83C410
ADD ESP,10</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0041F690 C3
RET</FONT></FONT>
<BR>
<BR><FONT FACE="Arial,Helvetica">If you type "? 1F" you'll see that 1F
is 31 in decimal. What this compare does is check for the 31st day. If
it is, the program will jump to the nasty <B><FONT COLOR="#993366">Beggar
off cracker</FONT></B> routine.</FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<BR><FONT FACE="Arial,Helvetica">Since this is a Beta program, there are
no registration routines. To crack this program, we have to patch it. From
the above code, we know that the "Program Expired" code is at 0137:0041F691,
and that the good code is at 0137:0041F68A. You could add NOPs (25 of them)
between the GetSystemTime call and the good code routine, but that would
be very messy. Far simpler would be to change the conditional jump (to
the <B><FONT COLOR="#993366">Beggar off cracker</FONT></B> routine) after
the first compare to an unconditional jump to the good code.</FONT>
<P><FONT FACE="Courier New,Courier"><FONT SIZE=-1>0137:0041F676
7519 JNZ 0041F691</FONT></FONT>
<P><FONT FACE="Courier New,Courier"><FONT SIZE=-1>changed to:</FONT></FONT>
<P><FONT FACE="Courier New,Courier"><FONT SIZE=-1>0137:0041F676
EB12 JMP 0041F68A</FONT></FONT>
<P><FONT FACE="Arial,Helvetica">NOTE: EB12 means jump 12 bytes forward.</FONT>
<P><FONT FACE="Arial,Helvetica">To get the number of bytes to jump, type
"? 0041F68A - 0041F678". Remember, 0041F68A is the start of the good code
routine, and 0041F678 is the instruction right after the JNZ instruction
that we are changing.</FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<BR><FONT FACE="Arial,Helvetica">To do the actual patching, load Rh_Main.exe
in your favorite hex-editor (I use HIEW) and go to offset 0041F676.</FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<BR><FONT FACE="Arial,Helvetica">Place the cursor over 7519 (JNZ 0041F691)
and change it to EB12.</FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<BR><FONT FACE="Arial,Helvetica">Finally hit F9 to update the file and
exit (F10). Back at the desktop, advance your system's date 2 months and
run Rhino.exe. It runs beautifully. Program cracked.</FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">The 'Crack'</FONT> </FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"> </FONT>
<BR><FONT FACE="Arial,Helvetica">Load up <B>Rh_Main.exe</B> into your favorite
Hex-Editor ( I prefer hiew v5.66) but just about any Hex-Editor will do..</FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<BR><B><FONT FACE="Courier New,Courier">SEARCH</FONT></B><FONT FACE="Courier New,Courier">
FOR THE FOLLOWING BYTES : 66817C2404CE077519</FONT>
<BR><FONT FACE="Courier New,Courier"><B>REPLACE</B> WITH <B><U><FONT COLOR="#990000">HIGHLIGHTED</FONT></U></B>
BYTES : 66817C2404CE07<B><FONT COLOR="#993300">EB12</FONT></B></FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<BR>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">Final Notes</FONT> </FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"><FONT COLOR="#333333"> </FONT></FONT>
<BR>Rhino Beta 1.0 has practically no protection. As you saw, it has only
simple compare routines to determine whether to expire or not.
<P><FONT FACE="Arial,Helvetica"> </FONT>
<BR><FONT FACE="Arial,Helvetica">My thanks and gratitude goes to:-</FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<BR><FONT FACE="Arial,Helvetica">Fravia+ for providing possibly the greatest
source of Reverse Engineering</FONT>
<BR><FONT FACE="Arial,Helvetica">knowledge on the Web.</FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<BR><FONT FACE="Arial,Helvetica">+ORC for showing me the light at the end
of the tunnel.</FONT>
<BR>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#0000FF"><FONT SIZE=+2>Ob Duh</FONT></FONT> </CENTER>
</TD>
</TR>
</TABLE>
<I><FONT FACE="Arial,Helvetica"> </FONT></I>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<BR><I><FONT FACE="Arial,Helvetica">Do I really have to remind you all
that by buying and NOT stealing the software you use will ensure that these
software houses will continue to produce even *better* software for
us to use and more importantly, to continue offering even more challenges
to breaking their often weak protection systems.</FONT></I>
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<BR><I><FONT FACE="Arial,Helvetica">If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.</FONT></I>
<BR><FONT FACE="Arial,Helvetica"><FONT SIZE=-2> </FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT SIZE=-2>Essay by: <A HREF="mailto:KLee8084@snet.net">KLee8084</A></FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT SIZE=-2>Page Created: 24th July
1998</FONT></FONT>
</BODY>
</HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -