A Simple NO-CD Cracking Tutorial

[diablery]

Use this tute only for cracking the EXEs of the CDs that you own...

This tutorial is for Educational purpose only.

 

Author: Creativity

Target Program: Ballance 2.0.0.1 (But the splash page displays v1.13)

Application type: Microsoft Visual C++ application (Use PEiD to find it out)

 

Tools required:

W32Dasm 8.93 or above.

Olly Debugger 1.10 (Debugging + Patching the game)

PEiD / ClonyXXL / ProtectionID

 

How to crack:

This is my first cracking tutorial... so please report me or forgive me for my mistakes that I made, I'm a newbie in cracking...

 

CLONY XXL STEPS:

Step 01: Insert the disc into the drive then click Scan in clony XXL.

Oh great the game doesnot contain any CD protection.

 

PEiD STEPS:

Step 01: Click on "..." and open the target "Player.exe" in the bin folder in the game's installation directory.

Step 02: Oh cool the game doesn't contain any protection like Securom, safeDisc etc and it is not protected with any Exe protectors. We are lucky... and our cracking burden is reduced.

 

W32DASM STEPS:

Step 01: Start the game without the CD... oh no... a window with title "Attention" and It says "Place the CD-ROM into the Drive and Start the Game again"

Step 02: Load up W32Dasm and disassemble the file "Player.exe" in the Bin folder...

Step 03: Since the error message "Place the CD-ROM into the drive and start the game again" loads up in the runtime, so it is not possible to search with the string.

Step 04: In W32Dasm click on "String Data references" button in the toolbar. Search for "Attention" thats the title of error message window.An alternate method is by using the menu "Search->Find Text" then type your text,"Attention" in the text box. Click on "Find next".

Step 05: It will take us to the line that displays the following

 

* Possible StringData Ref from Data Obj ->"Attention"

 

Step 06: Scroll a little below and you can find these lines.

 

* Referenced by a (U)nconditional or ©onditional Jump at Address:

|:0040121B©

 

It says that the jump to this error message is from the address 0040121B and it also indicates what type of jump it is.

©-Conditional Jump (JNE's and JE's) and

(U)-Unconditional Jump (JMP)

 

So our jump is a conditional jump... (ie) it is checked for specific condition and then jumped.okay now that we've got the address where the game checks,Note it down in a piece of paper... Next is to Patch it out... close W32Dasm.

 

Note: There are two dialog with title "Attention", If you are not sure of which one is the dialog that points to CD-Check then run the target in a debugger to find out the correct Error string.

 

OLLY DEBUGGER STEPS:

i've added a screen shot of Olly and with the three important windows marked...

 

 

My interface and yours might differ because I've added new plugins and changed the color of the interface.

 

Step 01: Open the target file "Player.exe" in OllyDebugger

Step 02: Ollydebugger has many windows, we have to open the CPU window to debug the process. Click on the "C" icon in the toolbar... It will display the decompiled code. Maximize the window.

Step 03: Now Right click in the window and Select "Goto->Expression" and enter the address that you noted in W32Dasm... In this case it is 0040121B and then Click "OK"

Step 04: Ok now we have successfully landed in our checking area 0040121B. We need to bypass the check so that we can run the game without the CD and with the CD. This is really important, because the game must be able to run with a CD and without a CD, in that way we must crack it.

 

Original code:

00401219 . 84C0 TEST AL,AL

0040121B 75 46 JNZ SHORT Player.00401263

 

What does this code do ?

To know what it does follow the steps, Select the line 00401219 and then right click Select "Breakpoint->Run to selection" Now look at the information window, the sliced one that is just below the code window slice. We'll find that registerAL=00 if the CD is not inserted and AL=01 when the CD is inserted. so the next line is JNZ(Jump if Not Zero) if the AL value is 0 it will not jump, So it'll jump only when the CD is inserted (ie.)when AL becomes 01, so this is a conditional Jump. We have to change it to unconditional jump, It must jump always. So we have to modify it. So follow the steps below.

 

Step 05: Double Click on the line 0040121B or Click on the line and press Spacebar a window with title "Assemble at 0040121B" will pop up, now change "JNZ SHORT 00401263-->JMP SHORT 00401263", I've only changed the first three characters in the line.

Step 06: So we have patched the game in the memory, to patch the executable, Right click in the code window and select "Copy to executable-> All modifications" and click "Copy All", Now a dump window(D in the title) will popup displaying all the modifications that we made. Now Right click in the Dump window and select "Save file" then save the file with some other name, example Player_cracked.exe...

 

Patched code:

00401219 . 84C0 TEST AL,AL

0040121B EB 46 JMP SHORT Player.00401263

 

Final Notes:

So we've successfully cracked the game Ballance 2.0.0.1 (V1.13 according to the splash page), Now the game will run when the CD is inserted and also when the CD is not in the drive. There are manys ways to crack this... one method is this one. Every program has its own weakness. Finding the weakness is the solution.

 

Greets:

To all NO-CD crackers in the world. And all the members of Lethal Injection team

 

credits to megagames team!

 

[PinGu]

:o , wauw!

 

 

That's 1 big tutorial , great job!

 

 

+1 for me , i just couldn't find a good no-cd crack for Age of Mythology  :-[ maybe this will help!

 

 

Thnx!

[FoSho]

always wondered how to make a no cd crack.

[Blane]

We are not a hacking forum here.Cracking is against the law indeed.

 

But you wrote for educational reasons only...don't know if I have to punish you...

 

(I'll go to the bank now...in the road I'm gonna think about you and your guide...)

[diablery]

  On 7/11/2008 at 12:56 AM, XxRxX said:

Man this is Warez isn't it? Read rules about that...Reported...

 

u dont like it? so dont read it , i dont care about you,

i know some ppl that who like that tutorial, and its a game no-cd crack tutorial.

i dont upload any hacking tool and etc,

so IF U DONT LIKE, DONT READ AND STOP SPAMM ABOUT RULES AND ETC.

[Frank]

  On 7/11/2008 at 11:31 AM, diablery said:

u dont like it? so dont read it , i dont care about you,

i know some ppl that who like that tutorial, and its a game no-cd crack tutorial.

i dont upload any hacking tool and etc,

so IF U DONT LIKE, DONT READ AND STOP SPAMM ABOUT RULES AND ETC.

 

I don't spam I just tell you about what Rules say...Read this one: http://www.maxcheaters.com/forum/index.php?topic=11.0

 

I like your post but in this forum it is forbidden to post warez! You teach us how to crack? What is this? It allowed? What do you think? I have nothing with you man but this is not allowed...

[diablery]

huh?

warez? i dont see something warz there, did you?

http://en.wikipedia.org/wiki/Warez learn what is warez  :-*

[Frank]

OK I won't continue it! I just reported your topic and let moderators think about it! Have a nice day!

[Noble®]

he doesnt share a program or something uploaded so it is not warez

[Frank]

OK I really apologize about this mistake...Sorry man, I just mass your topic...

 

PS: I have different opinion...Anyway! Thanks for share!