[(/$$¤-SaMSoUL CRAcKInG-¤$$\)][(/$$¤-SaMSoUL CRAcKInG-¤$$\)][(/$$¤-SaMSoUL CRAcKInG-¤$$\)]



Name        :  Infinity Textures  

Version     :  1.3.0  

Availability:  http://www.i-tex.de  

Protections :  - Compressed and crypted with a program house 
               - Nagscreen 
               - Trial period 

Target      :  Infinity.exe (617472 Bytes)  

Tools       :  Softice 3.25 
               Brain  

CRaCKer     :  TaMaMBoLo
Contact us  :  Samsoul99@Hotmail.com (Welcome frenchies!)
 
Infinity textures is a very practical program for all the draughtsmen. As 
its name indicates it, we can generate textures.Infinity Textures has the 
merit to be easy to use and equipped with a good power . Protections of the 
software have got several points:  a first approach (by desassembling the exe) enables
us to note that the programmers have crypted their software.  It is not possible to 
disassemble the exe coze the code is compressed and crypted by the same. We can also see 
the software is protected by a nagscreen and a trial period .  

We could have used ProcDUMP to dump the executable. This would have allowed 
us to obtain a discompressed exe and thus to disassemble the program with 
windasm .But it is a hard work  and not very obvious for the beginners .More, 
it is not necessary because the software has a recording box  which  
to register the software... We  will use our debugger  to find one 
serial corresponding with our name...  

Step 1  

You install Infinity Textures and you launch the  program .Go to the option 
which allows to type a serial and your name (Help/Register). Type 
your name and a serial and DON'T validate.You make emerge Softice 
while supporting on CTR+D . We will use breakpoint HMEMCPY.  
Under Softice you type BPX HMEMCPY and you start again Softice while pressing  F5 .You 
validate your serial while pressing on entry . Softice must have recover on the way.  

Step 2  

Therefore you are at the beginning of the routine HMEMCPY which is in fact API of Windows 
and not our  program .We will be in the heart of Windows .It is  necessary 
to return in the code of the program that we want to crack. For that we will use 
the key F12 to go up in the code which interress us .It is necessary to press  12 TIMES
on F12 in order to find itself just after the sub-routine which calls the API HMEMCPY.  

Step 3  

If you supported 12 TIMES well on F12,you should arrive at this:  

004C99F7 CALL 004206A8 ---------------- the adress which calls HMEMCPY 
004C99FC MOV EAX, [ EBP-01D0 ]--------- With F12 ,you are here 
004C9A02 CALL 0040É14 
004C9A07 CMP EAX,05 ------------------- Test if our name is > 5 caracters
004C9A0A JL 004C9898 ------------------ not!  we jump in 4c9898 (bad boy!) 
004C9A10 LEA EDX, [ EBP-01D0]----------| 
004C9A16 MOV EAX, [ EBX+000001E8 ]     | It's ok we continue the treatment of our name 
004C9AlC CALL 004206A8-----------------| 
004C9A21 MOV EAX, [ EBP-01D0 ]--------- now we treat the entered serial 
004C9A27 CALL 0040É14 
004C9A2C TEST EAX,EAX ----------------- is There something in the serial? 
004C9A2E JLE 004C9898 ----------------- not!  we jump in 4c9898 (bad boy!) 
004C9A34 LEA EDX, [ EBP-01D0]----------| 
004C9A3A MOV EAX, [ EBX+000001E0 ]     | It's ok we continue the treatment of our serial 
004C9A40 CALL 004206A8                 | 
004C9A45 MOV EAX, [ EBP-01D0]          | 
004C9A48 LEA EDX, [ EBP-01D8 ] --------| 
004C9A51 CALL 004FlD80 ----------------| here ,we generate the serial corresponding to 
004C9A56 MOV EAX, [ EBP-01D8 ]         | the name 
004C9A5C LEA EDX, [ EBP-01D4 ]         | 
004C9A62 CALL 004F34FC-----------------| 
004C9A67 MOV EAX, [ EBP-01D4 ] 
004C9A6d Push EAX --------------------- *)( Serial! )(* 
004C9A6E LEA EDX, [ EBP-01D0]----------| 
004C9A74 MOV EAX, [ EBX+000001E8 ]     | 
004C9A7A CALL 004206A8                 | here ,we compare the serial obtained and  
004C9A7F MOV EDX, [ EBP-01D0 ]         | 
004C9A85 POP EAX                       | that entered with the name 
004C9A86 CALL 00403F24-----------------| 
004C9A88 JNZ 004C9898 -----------------  It's not good!  we jump (BAd BOy!)  
004C9A91 MOV EDX, [ 004FElB8 ]---------  If not we continue... 
004C9A97 MOV EDX, [ EDX ]  

OK!  You have got all before the very eyes... By pressing F12 ,12 times,  you must land just 
behind the call 00420A8 . Continuing to trace the program with the key F10 ,
we see that the software checks if the name that we entered is higher than 5 (address 
4C9A07) .If it's oK, we continue by treating the serial that we entered .The program 
already will test if we entered a serial (address 4C9A2C).If all is well we continue. 
At address 4C9A45 the program generates finally the serial corresponding to the name .
And with the address 4C9A6D we have the result of the serial corresponding to our name... 
To see it,in softice you make E EAX. Softice must indicate a beautiful serial to you... 
For me,i obtain:  

Name  :  Tamambolo#99 
Serial:  FR7KP0E8PH  
                                                                A crACk By 
                                                              TaMaMBoLo From
                                                      [(/$$¤-SaMSoUL CRAcKInG-¤$$\)]
                                                           Samsoul99@Hotmail.com