November 01, 2007

Cracking Tutorial : Quake 3 Arena

Note :
All my tutorials are for educational purposes only.

Some info about the target :
Title : Quake 3 Arena
Protection : CD Check

Click on the images to view the larger version.

Step 1 : Load OllyDbg and open "quake3.exe", which is our target.

Step 2 : Right click the CPU window and Choose "Search for > All referenced Text Strings". (Refer pic below)



Step 3 : Right Click and Choose "Search for Text".



Step 4 : Enter "CD" in the dialog box that popped up and dont forget to check "Case sensitive" and click "OK". (Refer pic below)



Step 6 : Hit "Ctrl+L" until you land in line "Game CD not in drive". Now double click on this line. It will take you to this line which is at the address 0042DFC6.

Code:

0042DFC6  |.  68 80E34B00   PUSH    quake3.004BE380                  ;  ASCII "Game CD not in drive"

Step 6: Observe the following lines, these lines are found above the previous line which we saw.

Code:

0042DFC2  |.  85C0          TEST    EAX, EAX
0042DFC4  |.  75 0F         JNZ     SHORT quake3.0042DFD5

TEST EAX,EAX -> Checks whether EAX is 0 or not.
JNZ -> Jump if Non-Zero ie. Jumps if EAX is 1.


Step 7 : Just modify the JNZ to JMP by double clicking on the line, so that the code looks like the one below.

Code:

0042DFC4  |.  75 0F         JMP     SHORT quake3.0042DFD5

Step 8 : Right click in the CPU window and select "Copy to Executable > All modifications" and choose "Copy All" in the dialog that pops up.



Step 9 : A dump window appears, right click on it and select "Save file", type a name, eg. quake3cracked.exe.


You can also change the

Code:

0042DFBD      E8 AE210100   CALL    quake3.00440170

to

Code:

0042DFBD      B8 01000000   MOV     EAX, 1

this CALL is above the line TEST EAX, EAX. There are a lot of ways to crack ! This is also a good method to crack, cuz it makes the program think that CD has been inserted.

That concludes the tutorial. I hope that you enjoyed it.

No comments: