SV trace assembly code

[Cucurucho]

Quote:

Originally posted by anantasia+Jan 5 2007, 20:50--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (anantasia @ Jan 5 2007, 20:50)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--)ª(SLAYER)ª(@Jan 5 2007, 20:25
i did it from the begining and it still shows me the "Returns to Game and press Key F11 or * to start the Partner!" and it doesnt do anything when i press F11 or * so can you pliz tell me wat to do to fix it?

can you tell me wat is "RET routine" thx.

Please tell me all when u go through that CALL 41C6B4 at address 40367C. What u go and where u jump and which u by pass.

Here is example trace address u must do,

00403685 CALL 00403CF6 <- this command to call routine at address 00403CF6 and when hit command RET. It's will return to next address 40368A
0040368A mov eax,[esi+1c]
.
.
00403CF6 JMP DWORD PTR[00429508] <- this command jump to long address. Almost use pointer to point long address to go. So PTR[00429508] = 10002860
.
.
10002860 SUB ESP, 000000C8 <- here is starting of countrymakeinus.dll
.
.
1000288B CALL 1001E804 <- this call check that it's right user/pass or not?
.
10002895 JNE 101zo1z21v01o12012z1vo101zo1z21v0+5d <- If wrong it's will jump to exit.. So this point we should by pass and go next command
10002897 CMP [esp+000000d4],fffd7fd0
100028A2 JNE 101zo1z21v01o12012z1vo101zo1z21v0+5d <- the another one , so just by pass to next command
100028A4 MOV eax,[esp+000000d8]
.
.
/* there amount 10-20 jump condition at here try by pass only JNE
.
.
10002AC0 CALL dword ptr[100303a0]
.
.
/* there amount 10-20 jump condition at here try by pass only JNE
.
.
10003110 RET <- finished sub routine and return to address 40368A


Hope u got it. [/b][/quote]
I Reach perfect to:

10002860 SUB ESP, 000000C8 <- here is starting of countrymakeinus.dll

1.mm just a question. I have to BYPASS those CALL like OR LET THEM RUN?:

.
-1000288B CALL 1001E804
.
-10002AC0 CALL dword ptr[100303a0]
.

2. And what about this one?(It happens be4 those ones and if i let it run it makes a big jump and seems to take me out of countrymakeinUS.dll)
.
-10002875 CALL DWORD PTR[100301fc]<--- JUMPS TO 00973928 -PUSH GETSYSTEMTIME

Like this CALL there are some others betwen 10002860 SUB ESP and 10003110 RET that take me out from countrymakeinUS.dll i mean If only change those JNE betwen 10002860 SUB ESP and 10003110 RET and let the CALL's run It makes jumps that don't let me reach to 10003110 RET

Hope u understand what i mean xDD

[DM2000]

# pinned
# move to guide section.

@anantasia, Thank you for your contribution.^^
Your patience and hard work is what everyone should learn from ^^

Proud of you!

DM

[spirit91]

Can any1 please release the cracked version? Co Partner don't spoil the game. it just makes ppl save time. Only Qo Proxy spoils the game. If any1 can cracked it please release the cracked version. If need any programming, hexing help you can post ur email here and i wiil try my best to help u

[parkieboy]

OMG, like anantasia say do it urself!!!

[2spesh4u]

hmmm im using the latest SV and when i follow the guide im almost complete except i get this:

Welcom to use this Platform!
Logining......
Login Error:
Server no responsed or off-line or Version update!

I see some other have this problem, any ideas?

[parkieboy]

I want to verify if i did the rite thingy ananatisia. I will follow ur instructions with how it looks in my memory view.

/** set trap on first jump here and by pass
00403596 je 40378c <- by pass this point to 40359C
0040359C move ecx,[ebp-2c]

###My MV loos like

00403596 - jmp 0040359C with toggle breakpoint
.
/** set trap and here and by pass
004035CB jne 40378c <- by pass this point to 4035DD
004035D1 cmp [004356e0],edi
004035D7 jne 40378c
004035DD push 00

###My MV loos like

004035CB - jmp 4035dd with toggle breakpoint

/** call dll
00403685 CALL 00403CF6 <- this command to call routine at address 00403CF6 and when hit command RET. It's will return to next address 40368A
0040368A mov eax,[esi+1c]

###I dunno what to do so i left it and did nothing

00403CF6 JMP DWORD PTR[00429508] <- this command jump to long address. Almost use pointer to point long address to go. So PTR[00429508] = 10002860

###My MV looks

00403CF6 - jmp l0lzo1z2lv0lo120l2zlvol0lzo1z2lv0

10002860 SUB ESP, 000000C8 <- here is starting of countrymakeinus.dll

###I did nothing

1000288B CALL 1001E804 <- this call check that it's right user/pass or not?

###i did nothing

10002895 JNE 101zo1z21v01o12012z1vo101zo1z21v0+5d <- If wrong it's will jump to exit.. So this point we should by pass and go next command
10002897 CMP [esp+000000d4],fffd7fd0
100028A2 JNE 101zo1z21v01o12012z1vo101zo1z21v0+5d <- the another one , so just by pass to next command
100028A4 MOV eax,[esp+000000d8]

###I did nothing

/* there amount 10-20 jump condition at here try by pass only JNE

###did nothing

10002AC0 CALL dword ptr[100303a0]

###did nothing

/* there amount 10-20 jump condition at here try by pass only JNE


### did nothing

10003110 RET <- finished sub routine and return to address 40368A

### did nothing

When i try to log into Agentking, the program was not responding. So i wonder wat i did wrong.

[ztthik]

I followed the traces and made it work finally.
The attachement is the list of memoreis I modifed (use cheatengine 5.3 to open it).
The first 3 values can be found from post #43.
The last value is 235 and the second last is 59792.
Try to use the methods introduced in post #115 and value 235(JMP) to guess/get the other values.

I have no problems to release all the data. However, anantasia suggested to do it yourself. I'm not going to release them at the moment.

Good luck.

[steve00]

Im going to tell you right now that doing what i describe below alone is not enough to crack the program sucessfully

OK anantasia, I am going to try to piece together EVERYTHING everyone has been saying on this forum to see if we can get a working and visible guide together. I am also going to PM you anantasia with a few questions because i have been trying to work this out for the last 3-4 hours and i have maybe gotten 1/2 way through. Please, anantasia or ANYONE, if anything in what i say is wrong please correct me. I am trying to rephrase this in english for 2 reasons... 1) because some of the broken english on this forum is difficult to understand and 2) everythign at this point is VERY scattered all over the forum with answers from anantasia about very specific problems.

/** Starting King Agent insert user/password and start first trap below and then click start
. OK So right here it is simple, just open a fresh version of King Agent, then type in a user/pass and press start
.
/** set trap
00403596 je 40378c <- by pass this point to 40359C
0040359C move ecx,[ebp-2c]
. OK on these lines, search for 00403596, edit "je 40378c" to read "jmp 40378c" and then right click the line and select toggle breakpoint, or as anantasia said, just press f5
.
/** set trap
004035CB jne 40378c <- by pass this point to 4035DD
004035D1 cmp [004356e0],edi
004035D7 jne 40378c <- by pass this point
004035DD push 00
.Here, it gets tricky.... ummm i THINK you have to replace the line with "jmp 4035DD" becasuse that would make the code jump to that spot when it reaches this point... i hope. and for 004035D7 jne 40378c, just replace jne with jmp and press F5 to toggle breakpoint

.
/** set trace
00403685 call 403cf6 <- call SV routine (PF11 to activate and disable button as picture below)
. I think this is saying to press the F11 key but then later in the forum ananstia said this:
.
00403CF6 JMP DWORD PTR[00429508] <- this command jump to long address. Almost use pointer to point long address to go. So PTR[00429508] = 10002860
. ok, the trick here was explained by anantasia on a later page in the forum, what you have to do is replace the 00429508 in the brackets with 10002860, WHEN YOU DO THIS you will end up with a very weird string that looks something like this jmp dword ptr [l0lzo1z2lv0lo120l2zlvol0lzo1z2lv0]..(again if i am correct)
.
/** module countrymakeinus.dll
10002860 mov eax,[esp+08]
10002864 mov ecx,[esp+04]
ok this is wherei know i messed up because when i scan for 10002860 i cannot find anything.... so i am either missing steps or bypassed things incorrectly

/** set trap and change
10002874 jne <-- by pass next command
1000287E jne <-- by pass next command
10002894 je <-- jump address
100028AE jne <-- by pass next command
100028C8 jne <-- by pass next command
100028E7 jne <-- by pass next command
10002901 jne <-- by pass next command
1000291B jne <-- by pass next command
10002931 je <-- jump address
10002949 jne <-- by pass next command
10002963 jne <-- by pass next command
1000299C jne <-- by pass next command
100029B2 je <-- jump address
100029BF jnl <-- jump address
100029CC jnl <-- jump address
100029E2 je <-- jump address
10002A06 jne <-- by pass next command
10002A1C je <-- jump address
10002A29 jnl <-- jump address
10002A36 jnl <-- jump address
10002A4C je <-- jump address
[B] ok, unless im mistaken, for each of the 1's that say bypass next command, just change the jne to jmp, and then set a breakpoint, for jump address, it would be GREATLY appreciated if some1 could explain to every1 what this means and how to do this action.



This is all i have for now.... i really apologize if this confuses more of you then it helps.... this is what i THINK we are supposed to do step by step.. i have never ever dealt with this type of programming so i have 0 expertise, I am just trying to contribute as much as i can to this project. If any1 can add to/correct this then that would be great, good luck to all


P.S. i know my idea on what a breakpoint does is incorrect because i think u can only have 2... so if any1 coudl correct me on that quickly that would be helpful

[MiNi_ViRuS]

i'll give it atry

[spirit91]

can someone explain it easier? or simplify? . or please release the cracked version. i wanted to learn how to crack also. i tried the method u say but it just cant work. very confusing. well i only know how t odo basics. any1 can help me . or pls release the cracked version?

[Flyers]

File: CO.CT
Status:
OK
MD5 33586b8d307a3ddc9bb084a702a8d8f2
Packers detected:
-

Scan taken on 06 Jan 2007 06:21:02 (GMT)
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

[Flyers]

Hopefully, i can get it work but its getting impossible for me, anyone care to share some pointers will be greatly appreciated.

[steve00]

how do u use the co.ct file?

[Enki]

Any idea? when i hit start my client close.



@steve00, when he says by pass, means replace whit nop, just right clik in cheat engine and select "replace with code that does nothing"

[anantasia]

Sorry, I can't logon website after CO2 SM, Anyway here is answer some question,

@Flyers,¡ý¨kDB¨k¡ý,Vangjo : ask about bypass

By pass from my point is something you ignore current command and do next command instead of. Not ruin command by change it to other. It's may make AgentKing Freez.

For example,

403596 JNE 040378C <== By pass this code
40359C MOV <== Next Instruction

For above code, You just set trap at 403596 when CE(Cheat Engine) stop at 403596, Your EIP (Execute Instruction Pointer) will be 403596. Change your EIP to 40359C (next instruction).

@commanda :

Quote:

Assuming someone can follow all these assembly instructions and successfully crack it, how likely will this new skill apply to cracking other software? And what is the likelyhood if it being applicable to future versions? Was the previous versions cracked in this manor?

I can't figure what skill u get or apply. But I think you may proud your self can do the hard thing finished.
Easy thing so bored. Someone said give crack to noob they will leech you all life but teach noob to crack they will contribute website.
Hope that after u can crack it your self u may further study tutorial from that program Cheat Engine provided. May help u stronger and may be lv2. :P


@2spesh4u :

Quote:

hmmm im using the latest SV and when i follow the guide im almost complete except i get this:

Welcom to use this Platform!
Logining......
Login Error:
Server no responsed or off-line or Version update!

I see some other have this problem, any ideas?

Sorry man , You must try practice on this post that provide AgentKing.exe and CountrymakeinUS.dll. All other may can't apply with this post.