📄 mirc.html
字号:
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="GENERATOR" CONTENT="Mozilla/4.04 [en] (Win95; I) [Netscape]">
<META NAME="Author" CONTENT="KLee8084">
<META NAME="Classification" CONTENT="Reverse Code Engineering">
<META NAME="Description" CONTENT="Step by step guide to cracking mIRC V5.41">
<META NAME="KeyWords" CONTENT="How to crack mIRC V5.41">
<TITLE>mIRC V5.41</TITLE>
</HEAD>
<BODY TEXT="#001010" BGCOLOR="#C0C0C0" LINK="#FF0000" VLINK="#000099" ALINK="#FFFF00">
<TABLE BORDER CELLSPACING=2 WIDTH="100%" 22" >
<TR BGCOLOR="#FFFFFF">
<TD WIDTH="15%">
<CENTER><B><FONT FACE="Arial,Helvetica">August 1998</FONT></B></CENTER>
</TD>
<TD WIDTH="100%">
<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+2>"Cracking mIRC v5.41"</FONT></FONT></CENTER>
</TD>
<TD WIDTH="30%">
<CENTER><B><FONT FACE="Arial,Helvetica">Win '95 PROGRAM</FONT></B></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#808080">Win Code Reversing</FONT></FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#808080"> </FONT></FONT></CENTER>
</TD>
</TR>
<TR BGCOLOR="#FFFF99">
<TD WIDTH="15%">
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#890000"> </FONT></FONT></CENTER>
</TD>
<TD>
<CENTER><FONT FACE="Arial,Helvetica">by KLee8084<FONT SIZE=+3> </FONT></FONT></CENTER>
</TD>
<TD VALIGN=CENTER WIDTH="30%"><FONT FACE="Arial,Helvetica"> </FONT></TD>
</TR>
<TR BGCOLOR="#999900">
<TD WIDTH="15%">
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
</TD>
<TD>
<CENTER><FONT FACE="Arial,Helvetica">Code Reversing For Beginners </FONT></CENTER>
</TD>
<TD WIDTH="30%">
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
</TD>
</TR>
<TR BGCOLOR="#C0C0C0">
<TD WIDTH="15%"></TD>
<TD ALIGN=LEFT>
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
<CENTER><B><FONT FACE="Arial,Helvetica">Program Details</FONT></B></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><B>Program Name:</B>mirc32.exe</FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><B>Program Type:</B> Chat program
for IRC</FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><B>Program Location: </B><A HREF="http://tucows.pdnt.com/files2/mirc541t.exe">HERE</A><B> </B> </FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><B>Program Size: </B>900 K</FONT></CENTER>
<FONT FACE="Arial,Helvetica"> </FONT></TD>
<TD WIDTH="30%"></TD>
</TR>
<TR BGCOLOR="#C0C0C0">
<TD WIDTH="15%"></TD>
<TD><FONT FACE="Arial,Helvetica"><B> </B> </FONT>
<CENTER><B><FONT FACE="Arial,Helvetica">Tools Used:</FONT></B></CENTER>
<CENTER><FONT FACE="Arial,Helvetica">Softice V3.2 - Debugger</FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
</TD>
<TD WIDTH="30%"></TD>
</TR>
<TR>
<TD VALIGN=CENTER BGCOLOR="#C6E7C6">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT COLOR="#0000FF">Rating</FONT></FONT></B></CENTER>
</TD>
<TD VALIGN=CENTER BGCOLOR="#C6E7C6">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT SIZE=-1><FONT COLOR="#0000FF">Easy
( X ) Medium ( ) Hard ( ) Pro
( )</FONT> </FONT></FONT></B></CENTER>
</TD>
<TD WIDTH="30%" BGCOLOR="#999900"><B><FONT FACE="Arial,Helvetica"><FONT SIZE=-1>There
is a crack, a crack in everything. That's how the light gets in.</FONT></FONT></B></TD>
</TR>
</TABLE>
<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=-1> </FONT></FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"> </FONT>
<HR></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"> </FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+2>mIRC v5.41 Cracking</FONT></FONT></CENTER>
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#0B7FC1">Written by KLee8084</FONT></FONT></CENTER>
<FONT FACE="Arial Black"> </FONT>
<BR>
<BR>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#0000FF"><FONT SIZE=+2>Introduction</FONT></FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"> </FONT>
<BR>mIRC is one of the best programs available that allows you to chat
with other people over IRC (Internet Relay Chat). If you use this program,
I think that you should pay the author...he deserves it.
<BR>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#3333FF"><FONT SIZE=+2>About this protection system</FONT></FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"> </FONT>
<BR>The program calculates a registration number based on the name entered.
There are two seperate calculations: the first for the parts of the reg
number before the '-' (yes, the program DOES look for a '-'); the second
for the parts of the reg number after the '-'. It is a very simple protection
scheme.
<BR><FONT FACE="Arial,Helvetica"> </FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">The Essay</FONT> </FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"><FONT COLOR="#000000"> </FONT></FONT>
<BR>After you install this program, run it. Got it running? Good. Now,
try to register it using your name and a fake registration number (don't
forget the '-' in between both sets of numbers. Example: 1234-5678).
<BR>
<BR>Click on "<B>Register!</B>". Did you hear the beep just before
the message box popped up?
<BR>
<BR>Press <B>CTRL-D</B> to go into Softice.
<BR>
<BR>Remember that beep that you heard? Well, there is a function in user32.dll
that is called MessageBeep.
<BR>
<BR>Type <B>bpx messagebeep</B> to break when that function is called.
<BR>
<BR>Now, type <B>X</B> to go back to the program.
<BR>
<BR>Enter the name and registration number again and click on "<B>Register!</B>".
<BR>
<BR>We are thrown back into Softice at the start of <FONT COLOR="#993300">USER32!MessageBeep</FONT>.
Press '<B>F11</B>' to step out of the function and back to the calling
routine.
<P>:0043D257 PUSH 00
<BR>:0043D259 CALL USER32!MessageBeep
<P>Scroll upwards to see what caused the program to jump to :0043D257.
<BR>Ahhh...
<P><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0043D1BF
CALL 0048E608
<- <B><FONT COLOR="#993366">Check Name and Registration Number</FONT></B></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0043D1C4
TEST EAX, EAX
<- <B><FONT COLOR="#993366">Is the Registration Number legit?</FONT></B></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0043D1C6
JZ 0043D257
<- <B><FONT COLOR="#993366">If zero, then bad cracker!</FONT></B></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0043D1CC
PUSH 004C8358
<- <B><FONT COLOR="#993366">Start of Good Code</FONT></B></FONT></FONT>
<P>Now ask yourself: "If I were a programmer, and I wanted to make sure
that the calculation routine worked, what would I do?" Answer: Why, set
a breakpoint on the call at :0043D1BF, of course!
<BR>
<BR>Clear your breakpoints by typing <B>bc *</B>
<BR>
<BR>Now, set a breakpoint on the call at :0043D1BF by typing <B>bpx 015F:0043D1BF</B>
(note: the 015F is the code segment, and it might be different on your
computer).
<BR>
<BR>Type <B>X</B> to return to the program. Ready? Enter your name
and fake registration number again (and...DON'T FORGET THE '-').
<BR>
<BR>Click on "<B>Register!</B>" Bang! We are now at:
<P>:0043D1BF CALL 0048E608
<P>Do you see that there are two interesting PUSH instructions just above
this call?
<BR>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0043D1B5
PUSH 004D1E70</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0043D1BA
PUSH 004D1BB4</FONT></FONT>
<P>Type <B>d 004D1E70</B>. Hey, the fake number!
<BR>
<BR>Type <B>d 004D1BB4</B>. Hey, your name!
<P>Ok. Press '<B>F8'</B> into the call.
<P><B>F10</B> until you reach:
<P><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0048E615
CALL 004B39C8 <-<B><FONT COLOR="#993366">routine to
calculate length of Name</FONT></B></FONT></FONT>
<P>If you look at the three instructions above this call, you will see
(by <B>d</B>umping them) that ESI now contains the fake number, and EBX
contains the Name. Notice how only EBX (containing the Name) gets pushed
before the call.
<BR><B> </B>
<BR><B>F10</B> over the call.
<BR>
<BR>This routine was redundant, really, as EAX already held the length
of the name that you had entered. Did the programmer really think that
the name was going to change AFTER you clicked on "Register!"?
<P>:0048E61B CMP EAX, 05
<BR>:0048E61E JAE 0048E624
<- <B><FONT COLOR="#993366"><FONT SIZE=-1>Jump if name is at least 5
characters in length</FONT></FONT></B>
<P><B>F10</B> until you reach the next call:
<P>:0048E626 CALL 0048E528
<P><B>F8</B> into this call.
<BR><B>F8</B> until:
<P>:0048E534 PUSH 2D
<P>If you type <B>? 2D</B> you'll see that it is a '-'. So, the program
is going to be looking for a '-' in the registration number.
<BR><B> </B>
<BR><B>F8</B> into the next call at:
<P>:0048E537 CALL 004B3974
<P>Here we have a routine that is going to count the number of characters/numbers
in the registration number that you had entered.
<P><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:004B3978
MOV EDI, [EBP+08] <- <B><FONT COLOR="#993366">Fake
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -