Thursday, March 22, 2007

[Tutorial] Find Serial Matrix On Air by LucuBRB

lucubrb [$]
Kaskus Donator

Join Date: May 2006
Location: #root - 127.0.0.1 Team: ------------------------ School: SROeR [Sekolah Rakjat Oentoek Reverser] http://www.SROeR.org/ Reputation Now: 778 points Junks: 7,777,777
Posts: 13,591
UserID: 174009
lucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to behold
[Tutorial] Find Serial Matrix On Air by LucuBRB
Find Serial Matrix On Air by LucuBRB
Dari posting : _http://www.kaskus.us/showthread.php?t=481961

Alamat Download :
- irchfan
- rUsh_mAn

More Info :
_http://www.bncbroadcast.page.tl/Software-Otomasi.htm

Tools :
- OllyDbg v1.10

Proteksi : Trial/DEMO

1. Setting Olly
- Buka ollynya, Klik Options - Add to Explorer. Klik Add Ollydbg to menu in Windows Explorer - Done


- Tutup Ollynya

2. Open file with olly
- Buka folder Matrix On Air anda.
- Klik kanan Onair.exe - Open with OllyDbg


3. Step to find the serial
- Setelah selesai loadingnya, klik kanan di Address - Search for - All references text strings


- Klik kanan lg, search for text. Ketik Nomor Registrasi tidak cocok. Uncheck case sensitive, check Entire scope. OK


- Nah ktemu satu address. Enter aja langsung


- Scroll keatas dikit. Di address 004F6A90, jika serial yg anda masukkan salah maka proses jump tidak akan dilewati Sebaliknya jika benar, maka proses jump akan dilewati

4. Let's the show begun
- Scroll keatas dikit, sebab qta akan cari tau process pengecekan serialnya Opppp... jgn banyak".... liat address 004F6A6F, pencet F2/klik 2x address itu untuk pasang breakpoint


- Sip. Klo udah pasang breakpoint, qta lsg jalanin aja ollynya. Caranya Kekekeke... pencet F9 brur.

- Wah... jalan... eitss... jgn cepet seneng, FormRegister yg muncul.

- Isi sembarang serial, gw sih masukinnya ccpb. Klik OK


- Nah kan dia berenti di ntu address Apa sih yg dia baca?

- Pencet F7 dikeyboard. Wah... ada layar baru. Apaan tuwh....


- Pencet F8. Step by step. Perhatikan saat dia mengcompare serial yg qta input td

- Wah... ternyata pengecekan berada di address 00409005 sampe 0040901C. Lanjut aja. Sampe ke RETN

- Balik lg deh ke halaman sebelumnya


- Perhatikan baik" address tsb
Code:
004F6A7B  |.  A1 00155200         MOV EAX,DWORD PTR DS:[521500]
Code:
004F6A80  |.  8B00                MOV EAX,DWORD PTR DS:[EAX]
- Diaddress itulah proses pengecekan serial. Jika hasil input tidak sama, maka........................................... F8 aja terus... qta liad dulu hasilnya


Code:
Jump is NOT taken
004F6AAE=Onair.004F6AAE
Apa artinya? Artinya serial yg qta masukin tuh salah, makanya dia lsg menampilkan pesan "Nomor Registrasi tidak cocok, Check Ulang !!! "


Salah deh , lanjut, pencet F9.

Lowh koq... balik ke layar pengisian serial lg?

Test lagi.. isi sembarang serial

Nah... berenti lg di address 004F6A6F
Code:
004F6A6F  |.  E8 7425F1FF         CALL Onair.00408FE8
Diatas kan td qta ada cek proses compare, pada address 004F6A80. Tul ga?
Pencet F8 5x sampe berenti pada address 004F6A80

Eh ada tulisan apa tuwh


Code:
DS:[00522D18]=00FA48F8, (ASCII "9018816669638163")
EAX=00522D18 (Onair.00522D18)
- Ah... ini dia serialnya (ini serial PC gw lowh. lain tempat, lain pula serialnya )

- Buruan copy dah tu serial (9018816669638163)

Lah trus diapain lg? Pencet F9 lg. Biarin ada pesan salah masukin serial.

Nah... sekarang saatnya masukin serial yg tadi qta dapet... ke FormRegistrasi ^^


Loh... koq breakpoint lg?

Gpp.. lanjut aja lagi Pencet F8 10x. Liatin satu" apa yg terjadi ^^.


Code:
Jump is taken
004F6AAE=Onair.004F6AAE
Jump is taken. Artinya? Wah.... serialnya diterima euy ^^ Trus.. trus....

Pencet F8... pelan" aja... sampe address 004F6AEE.



Karena serial qta diterima, maka dia lsg simpen serialnya di "C:\Windows\System32\Matrix.sys", perhatikan address 004F6B3B.

Dah.. pencet F9 aja


Wekekekeke... selamat... anda sudah berhasil

Tutup aja lsg Ollynya. Tes buka lagi tu program. Lsg tokcer jalan dah

Evaluasi :
1. Serial qta disimpan di "C:\Windows\System32\Matrix.sys" (buka aja)
2. Sebenernya sih ada cara gampang, pas load olly lsg aja CTRL + G. Isi address 004F6A80. Itu cara tercepat mengetahui serial. (Untuk program ini saja loh. Beda program, beda cara )

This is my first tutz, klo ada salah CMIIW yah . Soalnya gw baru nech buat tutz. Masi cupu [Benernya sih dipaksa movzx, orakanggo, & apakekdah ]

NB :
I'm krack What I Want. Don't sell kracked program
Please buy it if you like!!! Support the author!!! ^^

-DON'T ABUSE YOUR POWER!!!-

 -Knowledge is POWER

Greetz : movzx, rUsh_mAn, apakekdah, orakanggo, all ccpb'ers ^^

[c]2007, LucuBRB@KocokJaya
lucubrb is offline Add to lucubrb's Reputation Report Post Reply With Quote Multi-Quote This Message Quick reply to this message

Your Ad Here
Pengen Ngaskus lebih Kenceng + tanpa banner dan bisa search?
Old 26-02-2007, 04:31 AM #2
lucubrb [$]
Kaskus Donator

Join Date: May 2006
Location: #root - 127.0.0.1 Team: ------------------------ School: SROeR [Sekolah Rakjat Oentoek Reverser] http://www.SROeR.org/ Reputation Now: 778 points Junks: 7,777,777
Posts: 13,591
UserID: 174009
lucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to behold
Step 2 : Patching...

Ini lebih mudah lagi...
- Buka olly, CTRL + G, Masukkin address 004F6A90
Code:
004F6A90     /74 1C               JE SHORT Onair.004F6AAE
Ganti perintah JE menjadi JMP, mengapa? Jika qta masukin serial seenaknya, maka dia akan execute perintah "Nomor Registrasi tidak cocok, Check Ulang !!! ". Oleh karena itu lsg aja qta bypass menggunakan perintah JMP.

Code:
004F6A90     /EB 1C               JMP SHORT Onair.004F6AAE
Eittttt.............. itu baru step 1. Nextttttttttttttt............................

- CTRL + G, masukin address 004F6AEE
Code:
004F6AEE     /75 74               JNZ SHORT Onair.004F6B64
Ganti perintah JNZ menjadi JE. Mengapa? Kan td masukin serialnya asal"an. Klo gak qta ganti, maka dia akan lompat. Qta rubah jadi JE agar gak lompat, dan baca perintah dibawahnya. Hasilnya? "Registrasi Sukses telah berhasil, RESTART KOMPUTER ANDA....."

Code:
004F6AEE     /74 74               JE SHORT Onair.004F6B64
Klo udah 2 bytes diganti, klik kanan address 004F6AEE pilih Copy to executable - All modifications. Klik Copy All. Wah.. ada window baru muncul, klik kanan aja, Save file. Kasih nama aja. Misalnya lucu_onair.exe. Save.

Rebez deh

NB : Sebenernya trik ini hanya membalik perintah program. Yg tadinya Cek Serial[Salah], No Jump & Pesan registrasi benar [Restart program], Jump menjadi Cek Serial [Salah/Benar], Jump & Pesan Registrasi benar [Restart Program], Gak pake Jump. Trik aja sih.
Last edited by lucubrb : 26-02-2007 at 04:44 AM.
lucubrb is offline Add to lucubrb's Reputation Report Post Reply With Quote Multi-Quote This Message Quick reply to this message
Old 26-02-2007, 04:42 AM #3
lucubrb [$]
Kaskus Donator

Join Date: May 2006
Location: #root - 127.0.0.1 Team: ------------------------ School: SROeR [Sekolah Rakjat Oentoek Reverser] http://www.SROeR.org/ Reputation Now: 778 points Junks: 7,777,777
Posts: 13,591
UserID: 174009
lucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to behold
Step 3 : Use Hex Workshop

Ini lbh simple lg klo dah tau address yg mo dirubah
- Lsg aja buka Onair.exe di Hex Workshop
- CTRL + F. Type : Hex Values. Value : 741C6A00668B0D8C6B4F00B201B8986B
Ganti nilai depan 74 dengan EB

Jadi nilai valuenya : EB1C6A00668B0D8C6B4F00B201B8986B

Kedua...
- CTRL + F. Type : Hex Values. Value : 75748B83E00200008B80EC010000BAD0
Ganti nilai depan 75 dengan 74

Jadi nilai valuenya : 74748B83E00200008B80EC010000BAD0

Save aja lsg
Last edited by lucubrb : 26-02-2007 at 04:52 AM.
lucubrb is offline Add to lucubrb's Reputation Report Post Reply With Quote Multi-Quote This Message Quick reply to this message
Old 26-02-2007, 04:52 AM #4
lucubrb [$]
Kaskus Donator

Join Date: May 2006
Location: #root - 127.0.0.1 Team: ------------------------ School: SROeR [Sekolah Rakjat Oentoek Reverser] http://www.SROeR.org/ Reputation Now: 778 points Junks: 7,777,777
Posts: 13,591
UserID: 174009
lucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to beholdlucubrb is a splendid one to behold
Step 4 : Use Code Fusion v3 - Buat Patchnya

- Isi Patch Window Caption : ex. KocokJaya Presents
- Isi Patch Title/Program Name : ex. Matrix On Air Patch
- Isi Information/Comments : ex. [x] Trial/Demo


Sip... Klik Next >
- File/s to patch, Klik Quick Menu - Add Data


Akan keluar windows baru, cari nama program aslinya. (onair.exe)


- Klik Set as Patch Main Icon - OK

- Data to Patch, Klik Quick Menu - Add Data


- Pilih File Compare


- Kluar pilihan File Compare. Patched File dibrowse ke lucu_onair.exe (baca step no 2), Klik Compare, OK


- Klik Next


- Klik Make Win32 Executable! - Save dengan nama patch/terserah anda.


- Jika sudah disave, tekan RUN... (yg saya lingkari)

- Done~!. AIO [All In One] Tutz jadi satu. Lunas dah utang gw
Jejak pukul
kategori ,

1 comment:

Unknown said...

mas cara ngerubah bite nya menjadu=i 2 gimana ya di oolybgd

October 26, 2016 at 4:27 PM

Post a Comment

Subscribe to: Post Comments (Atom)