-------------------------------------------------
Universal keygen for series of Declan's products.
-------------------------------------------------
Only products packed by Armadillo 3.60 were tested.
So there is no guarantee for other versions.
0. Currently supported Declan's programs (which are already defined in the ini file):
--------------------------------------------------------------------------------------
0 Declan's ReadWrite Chinese (Simplified) (build 1218) [RWCS.EXE]
1 Declan's ReadWrite Chinese (Traditional) (build 1209) [RWCT.EXE]
2 Declan's Chinese FlashCards (v1.1 build 2109) [DCFC.EXE]
3 Declan's Korean FlashCards (build 2020) [DKFC.EXE]
4 Declan's Korean HakGyo (v2.1 build 2041) [KOREAN_HAKGYO.EXE]
5 Declan's ReadWrite Arabic (v1.0 build 909) [RW_ARABIC.EXE]
6 Declan's Japanese FlashCards (v1.1 build 1173) [JVFC.EXE]
7 Declan's ReadWrite Kanji (v1.2 build 360) [RWKANJI.EXE]
8 Declan's ReadWrite Hiragana (v1.1 build 1053) [RWHIRAGANA.EXE]
9 Declan's ReadWrite Katakana (v1.0 build 1018) [RWKATAKANA.EXE]
1. About structure of the ini file:
-----------------------------------
Each line defines a product. First number has meaning for your convinience ONLY.
So if you find a desired product in the ini list and want to call the keygen
you should specify the LINE NUMBER, not the "index" (number from first column).
Line number count starts from zero.
2. How to increase the ini list:
--------------------------------
Ok, may be you have got one more Declan's program, but didn't found a line for it
in the ini list. Then you can try to "crack" it by yourself. To make your life
moooooooooore easy I have prepared the following algorithm. But... there is no
guarantee it will work. I hope you will keep it in the mind when you start:
1) Run IceExt (not less than v0.95) and go to hidden mode ("!protect on" command
for the SoftIce).
2) Run the victim.
3) Run PETools, select the victim and dump region about address 0x00900000
(the address can be different each time you start the victim).
It will be marked as EXECUTE READ WRITE. PETools may be closed now, but
DO NOT CLOSE the victim while we do not finished!
4) Get the file with dump and run with it the "dcfckgbpxfinder" program
(it is included with keygen) like this:
dcfckgbpxfinder Dump_00910000_0002B000.dmp 0x00910000
The last hex number is the start of the dumped region (PETools put it in the
filename... So it is very convinient to "remember" it :))
Then see on the screen. If you see "Yeah!..." then WRITE ON A PAPER the address
where you should set the breakpoint. If no... then I can't help you :) by this
tool.
5) Go to SoftIce, go to the victim's context ("addr [victim name]") and
set the breakpoint as you have written early on a paper. Leave the SoftIce.
6) Ok, now we are about to get the "secret" :). Click on "Register" button
somewhere in the viticm's window. Type in an username field "qwerti"
and "1234-1234-1234-123" in a code field... Uf! Ok, last digit.
Press "4" and... If all was right and the victim is "appropriate"
then we should be in the SoftIce now ;).
Ok, we are in the SoftIce and we are seeing some code like this:
mov eax, [esi+000035B4h] ;<-- here the "secret" is :)
push dword ptr [ebp+0Ch]
mov [ebp-4], eax
mov eax, [esi+000035CCh]
push ebx
mov [ebp-8], eax
mov [esi+000035B4h], ebx
The offsets can be different. Ok, let's make command like "d esi+35b4"
and get the "secret"! Write on a paper first 8 bytes from the output of the
command. They will be like this:
26 14 3A 60 D2 D2 4C 8C
It is TWO longs. So in memory they are in back order. Ok, leave the SoftIce.
It is time to add a new line to the ini.. it should be like this:
N 0x603A1426 0x8C4CD2D2 the victim name
Here N is the line number in the ini.
7) Finally, test the result on the victim. I think you should restart the machine
before (it seems that the victim will never start twice under IceExt ;)).
Notes:
1. IceExt, SoftIce, PETools you can get on http://www.wasm.ru/
2. Last Declan's products you can get on http://www.declansoftware.com/
3. About the author:
---------------------
The keygen is powered by Comrade USSR