                ______   ______ _______
               |    _  \| _____|   _   \
               |   |_) /| ____||  |_)   |
               |___|\___\__|   |    ___/
               REVERSING FOR   |___|
               P L E A S U R E


               presents ...

            ---------------------------
           |   How To Crack            |
           |   Immortal Descendants    |
           |   Crackme 2.0             |
            ---------------------------

               by tHe fUnKy cRaCkEr

           of Reversing For Pleasure (RFP)



The Guts of the Protection
--------------------------

The program takes the 3 input strings that you feed it (i.e. name, group and
code) and performs a simple multiplication algorithm on the first 2 and then
compares it with the last one (the code). When I cracked this I used Softice and
traced through each stage of the protection. What I was looking for was the
place where the comparison was made between my code and the REAL CODE.

I found it and was able to simply read off the real code from a cpu register.
Now I could have written a tutorial on exactly how I traced through and found it
; I could even have written a key gen (I code in C, pascal and ASM). I'm afraid
so say that I've done neither because I simply don't have the time at the
moment.

What I have done here is provide you with a simple method of tracking down the
compare routine. You won't learn as much but it might help a bit. I hope so.
Anyway, here we go.


How to Locate the Real Code !
-----------------------------

(1)  Fire up the program and enter something in        the 3 input fields but
don't press 'CHECK'        yet.

(2)  Ctr-D into Softice and type :
     'bpx getdlgitemtexta'

(3)  Ctr-D back into the program again and press       'CHECK'

(4)  You will break in Softice in the call to          'getdlgitemtexta'. Press
F5 TWICE then            F12 ONCE.

(5)  Type : 's 024F:00000000 l ffffffff           39,0D,84,97,40,00'
     This searches for the compare routine in          memory.

(6)  Then set a bpx on the address that Softice        returns e.g. :    'bpx
024F:00401503'

(7)  Next just press F5 and BINGO you should land      at the line in the code
which compares the        contents of a memory location to the             
contents of the ECX register. It should look      something like :
     'CMP [00409784],ECX'

(8)  Now all you have to do is type : '? ECX' and      read off the REAL code
(ignore any leading        zeros) and write it down.

(9)  Now let's get rid of the breakpoints because      they've done their job.
Type : 'bc *' to          clear them all. Then Ctrl-D back into the        
program.

(10) Finally, change the 'CODE' input field to the      real code that you wrote
down, press 'CHECK'      and BOOM -  the CONGRATULATIONS screen           
appears and the 'UNREGISTERED' changes to         'REGISTERED' on the main
screen.


WELL DONE : YOU'VE CRACKED IT !

I hope that this has been of interest to someone !


All The Best,

tHe fUnKy cRaCkEr
    <<RFP>>
June 1999

funkycracker@reversing.virtualspace.net

p.s. My registration details are :

NAME : tHe fUnKy cRaCkEr
GROUP: RFP
CODE : 95763562