more reverse engineering

by The Undertaker
(01 August 1997, slightly edited by Reverser)

Courtesy of Reverser's page of reverse engineering

Well, this author sent me a reverse engineering essay with his complete address and telephon number inside the text... I wont publish these data unless he confirms that he really wants it...
It is a great plesure for me to crack SoftIce, because NuMega's programmer are simply the Best in the world. Also this is my favorite debugging tool. Anyway thanks, Numega, for having created such a nice debugger. Your work is honored, you should protect it better, though (or d'you want it to be the world's standard trough "gratis spreading"? :-). This crack is an addition to Frog's Print (project2-PHASE 1) and +Rcg's(project2-PHASE 2). Before you start with this cracking session you must already have completed PHASE 1 and PHASE 2 of +HCU's project2. Unfortunately, once you have completed PHASE 1 and PHASE 2 you still have the "14 day" problem... Yet after completing this session SoftIce's "Godot" trial version will be forever yours. In addition to that I will include a special crack for LOADER32, in order to avoid the annoying "Evaluation 14 days" Message box! Lets light up a "Ganja" Cigarette (in our Sri Lankan way :-) Ok! Here we go! TOOLS YOU NEED: - W32DASM VERSION 8.5 - SOFTICE 3.01 "Godot" (14 days evaluation version) 1) Load W32DASM with NMTRANS.DLL 2) Once you have started W32dasm, choose Function / imports and then click onto "NmSymIsSoftICELoaded"... Then You'll land more or less here: Exported fn(): NmSymIsSoftICELoaded - Ord:0016h Process the code thoroughly, until you find following function * Reference To: KERNEL32.GetSystemTime, Ord:0134h .... .... :1000EE12 3BD1 CMP EDX, ECX Check Days_Left :1000EE14 7202 JB 1000EE18 Up to this point FROG'S PRINT crack [Project's 2, PHASE 1] worked well... * Referenced by a Jump at Address:1000EE14(C) :1000EE18 83FA0E CMP EDX, E ; Compare Days_Left with 14_Days_Allowed :1000EE1B 720F JB 1000EE2C ; evil jump below! This code must be changed to :1000EE1B EB0F JMP 1000EE2C Therefore: opcode Search for 83FA0E720FC7051C and change opcode to 83FA0EEB0FC7051C Again follow the code until the following location... :1000EE35 2BC2 SUB EAX,EDX and you'll change it, nopping it to :1000EE35 90 NOP :1000EE36 90 NOP Therefore: opcode Search for 8D747F012BC2 and change opcode to 8D747F019090 Finito!, Caput! Softice is yours! (Of course it's yours only in case you reallybadly need a working copy of this target in order to use it for more than two weeks... say because you have been ill, and you are in the impossibility to buy a regular copy of it in your favourite software shop... in this case, as an emergency solution, you could eventually use the short crack above :-) As I promised at the beginning, here is something more: the way to get rid of the annoying "14 Days Eval" Window inside LOADER32. - W32DASM loader32 - choose Refs & String data ref - click "*** Valid for" You'll land here .... :0043A27B B890A44300 MOV EAX, 0043A490 :0043A280 E86FBFFCFF CALL 004061F4 :0043A285 6A00 PUSH 00000000 :0043A287 8B45FC MOV EAX, [EBP-04] :0043A28A E82D93FCFF CALL 004035BC :0043A28F 8BD0 MOV EDX, EAX :0043A291 B970A54300 MOV ECX, 0043A570 ; Obj ->"Symbol Loader" :0043A296 A124C64300 MOV EAX, [0043C624] # :0043A29B E838A1FEFF CALL 004243D8 ;here it is! This call is evil! CHANGE TO :0043A29B 48 DEC EAX :0043A29C 40 INC EAX :0043A29D 48 DEC EAX :0043A29E 40 INC EAX :0043A29F 90 NOP -> Search opcode A124C64300E838A1FEFF -> Change to A124C643004840484090 Hereby you have got the complete crack for SoftICE 3.01. I feel that +HCU's project2 is therefore terminated (for Win95's Godot at least). I'm actually working on project0 (W32DASM version 8.5 crack). In a week or two I hope to release an essay about that protection scheme. I am also working on NTICE 3.01, using a different approach. The relevant essay will be released (I hope) very soon. Finally my Thanks go to Reverser's page of reverse engineering and all the +ORC's students and +HCU's guys for their hard work! Keep Up the good work guys!!!. REVERSE ENGINEERING LIVES FOREVER!!! REACH THE UNDERTACKER IN SRI LANKA! PHONE xxx (supprimed by reverser+ until confirmed) EMAIL xxx (supprimed by reverser+ until confirmed) (c) The Undertaker, 1997. All rights reserved.

You are deep inside reverser's page of reverse engineering, choose your way out:

homepage links red anonymity +ORC students' essays tools cocktails
antismut search_forms mailreverser
is reverse engineering legal?