> Hi there,
>
> You're not going to believe this! I wrote an essay on
> cracking UltraEdit 4.40a and sent it to Reverser just a few *minutes*
> ago - then I went to look at his page and saw you'd done the same -
> hehehehe....we seem to mirror each other - just the other day I made
> a patch/serial code for the same program - then I went to your page
> and saw you had done the same - hehe, it seems you just beat me to it
> each time ;-)
>
> Cya,
> ReZiDeNt

   I read your essay about UltraEdit 4.40a, can you believe I never
noted the presence of a second valid code! Maybe because after I found
the first valid one there were no more interest for me to further
analyze it. On the other hand, i did note the presence of several
hardwired names and codes (there are many, btw) in the disassembled
text. I didn't mention it because it has become a very frequent practice
between programmers (read
my essay about Hex Workshop). I was very amused when you mentioned that
if someone attempts to register it with one of the hardwired names, the
free trial period will be reduced!!!, shame on you programmer!!!, little
devil, he, he, he ...

    What do you think of this consideration about the *.reg file: If you
decide to crack by changing the "je" instruction to "jmp", then your
*.reg file will contain the wrong code (the false one you typed,
encrypted off course), instead, if you point your false code memory
location to the right one by changing ebp-80 to ebp-40, then your *.reg
file will contain the valid calculated code also encrypted, thereby your
*.reg file will be able to unlock the uncracked shareware version of the
program. Moreover, there's another great possibility, taking advantage
from the presence of two valid codes (thanks to your intuition!), it's
possible to exchange the encrypted code memory location (the one that
will be written to the reg file) with the second valid code memory
location (I already found the memory location where the encrypted code
dwells, a simple SICE breakpoint and the instruction that points to it
will be revealed). This double crack will not only defuse the protection
scheme, but also reveal to the user his decrypted second valid code
which will be copied to the uedit32.reg and .ini files in plain ASCII
... Unfortunately, this will disable the reg file from being able to
unlock uncracked versions of the program... Best regards ...

P.D. Take a look at the new SoftICE teaching Section in my Home Page.


				Aesculapius
				aesculpius@cryogen.com
				aesculapius.home.ml.org

Back to project 1