Cubase -Dongle protection cracking
The main tricks
Well... dongle protection cracking, old
crackers' songs sing it, old crackers paintings idealize it... let's begin to do it, let's
show the world how useless even hardware protections are. This project has been allowed
thank to this first sound contribution from Xoanon
I may remark that at the end Xoanon wrote "First phase"...
Hey, Xoanon... dov'è la SECONDA fase?
Cubase 3.0 UNDONGLED! courtesy of +XoanoN/PiNNACLE 1997 Well, i have seen some of my previous works published by the +HCU. And for me this is already enough... Wow! To be on "the" site together with the "Gotha" of cracking!!! So i decided to start working on a more serious project, a cracking subsector that only REAL +crackers can face: DONGLES! Eh eh.... well, i have seen that the +HCU needs something about dongles, so why should I not try? Let's see.... Prologue: ---------------------------------------------------------------------------- First of all, i decided to try this donglecrack 'coz i don't know of ANY version of Cubase 3.0 working (i mean REAL 100% cracked). Maybe there are newer versions out (i think 3.05 or more), but i'm not sure if are cracked well, coz i haven't tried them. And, the reason of this is quite simple: many crackers tend to not even trying out the programs once they THINK they've cracked them, and since Cubase has a funny trick (to let you think you've cracked it after less than 2 minutes of debugging... you got it?) I think it is worth explaining a little its protection schemes. By the way, i tried cracking it 1 year ago and did the same error. In more understandable terms, simply NOPPING a JNZ lets you bypass the initial donglecheck, so cubase "runs" somehow. But try working more than 10 minutes (or even less)... try creating new tracks, by clicking 4 or 5 times on the right window... try choosing "Score" from the menu.... TRY ANYTHING!!! It will soon crash with a "General Protection Failure" error report... Some donglecracking infos you may need: -------------------------------------------------------------- Since dongles are a relatively "strong" way to protect a program (a dongle can contain locations where the program needs to jump, etc...) sometimes without them it's impossible to crack such protections... I mean, in some hard cases (i.e. when the locations of the jmps are stored *directly* inside the dongle) you'll need ABSOLUTELY the dongle, or you can't do anything... the program will not run. In this case (and in other ones as well) first try to "emulate" the dongle, if you understand how it works. If you can't, then try a BRUTE FORCE approach (read my tutorial) to fool the program (as i did with Cubase). This is the way to proceed in order to "bruteforcing" a dongle: 1) Write down the locations where the program crashes/does not run 2) Trace back and try to locate the switches (jumps) which jump to these locations 3) Be sure these locations aren't used in other part of the program as well Let's start!!! ----------------------------------------------------------------------------- Ok, are u ready with your Martini Vodka and/or cigarettes AND Softice??? Good...... let's begin eradicating the initial donglecheck! (you could also try to emulate the dongle by setting BPIO -h on printer ports such as 0378/0379/037a etc... you will land in the CUBASE.VXD... and believe me... it's better to try another approach!) Well, you run Cubase and it popsup with the classic "Plug the dongle,idiot" screen.... Ah ah ah!! Simply rerun it, Ctrl-D before the nag appears, hit F12 more than once to trace back calls (p ret is for sure one of the best SoftICE's functions i think, without it some of the hard cracks couldn't be done) and you'll land in the CUBASE30CM module. Step step and step until you reach this code (you might need to set some temporaneus BPX to get rid of cycles_loops, but you will figure out yourself where and how... otherwise i would spend a whole day writing this tutorial!): *Initial Check 0013.3C36 6A00 push 0000 0013.3C38 6A00 push 0000 0013.3C3A 56 push si 0013.3C3B 6A3F push 003F 0013.3C3D 6A00 push 0000 0013.3C3F 90 nop 0013.3C40 0E push cs 0013.3C41 E8A924 call 60EDCUBSCM30 (0F) at 3327:c5c6 (c) Xoanon, 1997. All rights reversed.