Software Reverse Engineering - PingSim v1.3 and NetSim v1.0 - Jump To Registered Status!

Copyright (c) 1998 Volatility Document Courtesy of The Immortal Descendants - http://pages.prodigy.net/volatil ity These are both "half-useful" programs, and SIMPLE to crack. You can pat ch these programs so that they jump directly to registered status with just ONE modification. I'm just going to go through the PingSim crack, because NetSim is done t he EXACT same way. -------------------------------------------------------------------------------------------Targets: PingSim v1.3 (pingsimz.exe) - 238,065 bytes. Download this at: http://www.xs4all.nl/~houtriet/PingSim/Download/PingSimZ.exe NetSim v1.0 (netsimz.exe) - 186,210 bytes. Download this at: http://www.xs4all.nl/~houtriet/NetSim/Download/NetSimZ.exe Tools Needed: WDASM - recommended (or disassembler of your choice) HIEW - recommended (or hex editor of your choice) PMTK - recommended (or patcher of your choice) -------------------------------------------------------------------------------------------Prepare To Crack: Run PingSimZ.exe after downloading to install PingSim. Run the program. No nag screen, that's a bonus. You'll see "UNregistered" in the titlebar though. I ha te programs that do this, so let's crack it! You'll find the registration screen at "Option s", "License Information". Enter some data for the registration key. I entered 272727. Hmm ....nothing. Could be a Delphi program. I then entered "d", and got an error that "d" wasn't a valid integer... now we know the program only accepts numbers. This could be useful ( but it won't be as you'll see). Starting The Crack: Let's disassemble this babe to see what we've got. Fire up Wdasm, and d isassemble PingSim.exe - "Disassembler", "Open file to disassemble" then choose PingSim.exe . I checked the SDR (String Data References) window, to see if I could find the string for t he error message we saw.. instead, I found some even more interesting strings.. "Register ed" and "Registration Key". I double clicked on "Registration Key, but there was nothin g useful here at first glance. I went back, and double clicked on "Registered". You'll land here:

-------------------------------------------------------------------------------------------* Possible StringData Ref from Code Obj ->"Registered" :004455CB BAF0554400 mov edx, 004455F0 -------------------------------------------------------------------------------------------Now look just a few lines above this. You'll see the following: -------------------------------------------------------------------------------------------:004455C5 84C0 test al, al <test our code with the real co de :004455C7 740F je 004455D8 <jump to "Unregistered" if no g ood :004455C9 8BC6 mov eax, esi <otherwise, proceed to "Registe red" -------------------------------------------------------------------------------------------Simple! You know what to do, right? If so, do it! If not, here's the crack: (hint: the offset of the line we need to patch is 000449C7h (449C7)). -------------------------------------------------------------------------------------------Making the Crack: -------------------------------------------------------------------------------------------Make a copy of pingsim.exe, and copy it to a different directory Open pingsim.exe with HIEW ( c:\whatever\hiew c:\wherever\pingsim.exe ) Press F4 to go to hex view Press F7 to search Enter your search string: 449C7 Press enter Press F3 to edit the code Change je to jne Press F9 to update Press F10 to quit Rename your patched program pingsim.bak Move your other copy of pingsim.exe into the same directory as pingsim.bak -------------------------------------------------------------------------------------------Making a Patcher -------------------------------------------------------------------------------------------Make sure your patched program, and your backup are in the same directory Make the patcher with PMTK ( c:\whatever\pmtk pingsim.exe pingsim.bak ) Save your patch as binary, asm or com file (com file for an executable) Name your patch file (pingsim.com for mine) Insert a logo if you want You're finished! You now have a patcher for pingsim.exe -Volatility-