New 2 Cracking
~~~~~~~~~~~~~~

Tutorial Type  : Tutorial
Tutorial Topic : THE TERRORiST-X ORGANiZATiON, zebbedi CrackMe #2 (www.zebbedi.com)
Utilites       : W32Dasm/PEiD/GUW32
Written by     : ParaBytes
Date           : Dec. 24th, 2001.
Music          : Iron Lion Zion
Remarks        : You can get the utilities from www.programmerstools.com or www.exetools.com


Strat!
~~~~~~
ok, lets review our tools, and
W32Dasm - Disassembler
PEiD    - Tell ya in what this program is packed
GUW32   - Generic Unpacker Win32, its unpack many packers ;)

lets review the target,

Crackme, 1 hard-coded serial, compressed, zebbedi said that we need softice,
but, the W32Dasm can be useful this time as well, lets see...

lets start the real thing,

well, we need to know what thing we are dealing with, 
lets scan the file in PEiD, i recommend on PEiD for windows programs,
it will give you perfect result, as long you dont use the file ATM,
well, we got result, UPX Scrambler,
ok, lets see, UPX is an exe packer, its packing files and decreasing the size,
so we have smaller app, but that UPX Scrambler, 
well, the Scrambler is an application that change the UPX settings on the file, 
so unpackers (UPX unpacker ;p) wont be able to unpack it, but GUW32 is generic,
so it can unpack MOST of packers.

lets open the file in the GUW32, well, we see that :

File name: tx_crackme_2.exe (49152 bytes)
Entrypoint rva: 1FD9Fh    Image size: 21000h
Imagebase: 400000h        Cryptor section: [text    ]
Number sections: 3        Detected cryptor: Unknown

wel, its telling us things on the pe header, what section is packed (or crypted),
what packer/cryptor used, how many sections, and more,
if you want to read more on pe file format, goto win32asm.cjb.net > tutorials, Iczelion's
tutorials on PE format)

ok, start unpacking, wait couple of minutes (maybe less, depends on the speed of your computer)


now, unpacked.exe is unpacked file, we can read its content with W32Dasm, like the 1st crackme,
so, open up, goto the String Data Reference, well, we have only couple of strings,

" "
"3"
"Correct!"
"Incorrect!"
"Name must be greater than five "
"ZBBE3-ZX734-666"

we can follow logic, like we always do ;)

copy the string, enter ANY name you'd like, i entered, ParaBytes 0wnz TX people,
enter ZBBE3-ZX734-666 as serial, correct ;)

Ending(?)
~~~~~~~~~

You dont need SoftICE to crack protected applications,
you can unpack them and create loader, or patch through the packing (yes, you can do it ;))


 Greetings :
|-==-=+=-==-|

tKC, krobar, zebbedi, Invoker, Anvile,DarkMoon` ,yATEs, SantMat, ThE-SAiNT, 
PhANt0m, sinny, Dawai, comrade, GodsJiva, Bob (Marley ;p), Borland (for giving Delphi6 for free... ;p),
RedHat, ESS Tech, Lewsers Inc, WinXP users - thanks for taking XP (SiCE wont work there ;D),
Numega, Fant0m, iNSiGHT, DR, EMBRACE, sinny (again ?),
and really great one to YV Flame ;p

Contact Me :
~~~~~~~~~~~~
E-Mail : Lewsers@Hotmail.com
IRC    : EFNet / #New2Cracking
Here ;p

ParaBytes, Lewser4Ever!

[-------- DiGiTAL ENCRYPTED MESSAGE --------]
            B0B M4RL3Y RUL3Z
               R4S7A M4N
[----- YOU DONT UNDERSTAND, TRY TO ;) ------]