A patcher written for the Unicorn Crack-Me
A patcher wrote for the Unicorn Crack-Me
I was bored and I decided to write a patcher for the Unicorn Crack-Me from https://reverse.put.as/wp-content/uploads/2010/05/2-Unicorn.zip
Normally, I’d bother to reverse engineer the key generation (MD5-based in this case), but I found it less time-consuming to simply patch the instructions that deal with the verification.
Normally the instructions that decide whether you get the “Wrong serial” message are in the “validate” method:
...00002b41 test al, al00002b43 jnz 0x2b6e ; Here's the conditional jump based on the previous comparison00002b45 mov dword [ss:esp+0x10], 0x0 ; The afore "JNZ" isn't executed so we go here and here's the Fail case00002b4d mov dword [ss:esp+0xc], 0x000002b55 mov dword [ss:esp+0x8], 0x3054 ; @"Try again"00002b5d mov dword [ss:esp+0x4], 0x3064 ; @"The serial is not valid."00002b65 mov dword [ss:esp], 0x3074 ; @"Error!"00002b6c jmp 0x2b9500002b6e mov dword [ss:esp+0x10], 0x0 ; We're on the good scenario theritory...00002b76 mov dword [ss:esp+0xc], 0x0imp___symbol_stub__NSRunAlertPanel00002b7e mov dword [ss:esp+0x8], 0x3084 ; @"OK"imp___symbol_stub__NSRunAlertPanel00002b86 mov dword [ss:esp+0x4], 0x3094 ; @"The serial is valid."imp___symbol_stub__NSRunAlertPanel00002b8e mov dword [ss:esp], 0x30a4
All we have to do is to pretty much change the JNZ instruction, which is a conditional jump, to a JMP which will always jump regardless of the test al,al.
All the rest of the program is arhitecture detection, structures in the FAT Mach-O and verbose stuff.
Twitter: GeoSn0w (@FCE365)
WWW: https://idevicecentral.com