SmartCheck 6.03 Basics

1. Introduction

What is SmartCheck? Well, SmartCheck (SC) is a program for Automatic Run-Time Error Diagnosis for Visual Basic programs. With other words, SC is a tool for VB debugging and, if it is properly configured, for reversing of VB appz.

2. SmartCheck 6.03 Configuration

Start SC, load abexcrackme2.exe and go to "Program -> Settings..." and make sure everything is set up as on the following pics:
1. Error Detection tab

1a. Advanced Settings (click on the advanced button in the previous tab)

2. Reporting tab

3. Analysis of the target

Click on the litle "play" button, and our target starts
Now, you should see a window like this one:

input Palaryel as the name and 123456 as the serial in the target and click "Check", you will get a BadGuy msgbox like this one:

Or like this one, if you enter less than 4 chars as name:

Click on "OK" to close the msgbox, switch back to SC, and you will notice that there is a new entry called "_click", in the Program Results window in SC. Click on the new entry, and go to "View -> Show All Events", expand the "_click" entry you will get something like this:

Scroll to the end of the "_click" entry and you will notice a MsgBox entry, if you click on the entry, you will find a surprise in the box to the right:

the picture tells us that this msgbox is the same msgbox we get when we click check in the target program. Also, if the msgbox is here, that means that the serial is calculated somewhere up in the code, if you take a look a few lines up you will notice a "_vbaVarTstEq(VARIANT:String:"B4C5D0C5", VARIANT:String:"123456") returns DWORD:0". the "_vbaVarTstEq" compares the strings "B4C5D0C5" and "123456" and returns a value. The only thing that is logical from this is: the "123456" string is the serial we have entered, so the other string ("B4C5D0C5") must be the correct serial.
Enter the just obtained serial in the program and you will get this msg:

Conclusion

If you want to keygen this target, just analyze the code of the "_click" entry in SC, the complete serial generation is happening in front of your eyes, let this be your homework, it will help you to understand the code that SC creates.
Cracking VB appz is much easier if you use SmartCheck, cracking VB appz with SoftIce/Olly/TRW/ntsd (if you attend to use the last one, you are insane, btw. you can find this debugger if you type "ntsd" at the cmd prompt in winxp) will cost you a lifetime of tracing through junk code, atempts to crack VB appz using a hex editor and IDA will drive you completely crazy (I'm the living proof of this), but it is still possible, trying to do it with W32Dasm will make you insane.

Keygen hint:
+++Start of SC generated code fragments+++
Len(VARIANT:String:"Palaryel") returns LONG:1242024
Len(VARIANT:String:"Palaryel") returns LONG:1242024
Integer (1) --> Long (1)
Mid(VARIANT:String:"Palaryel",long:1,VARIANT:Integer:1)
Asc(String:"P") returns Integer: 80
Hex(VARIANT:Integer:180)
+++End of SC generated code fragments+++
Notice that the value "180" (when converted to hex) give the hex value "B4"
which is the first byte of the serial "B4C5D0C5", the serial has four bytes (remember that the target asks for a minimum of 4 chars as a name), this means that "B4C5D0C5" is the correct serial for every name which begins with "Pala" (you can try this, it will work).

Greetings

ByteBurn - your introduction to the world of cracking was the first tut I ever read, thank you very much for it
CrackZ - your , easy to read and easy to follow, tutz introduced me to SoftICE, my gratitude is endless
+Mammon_ - excellent IDA primer from an excellent reversing guru
+Fravia - I think that I do not need to comment your work
+MaLaTTiA - I like the riddles (http://3564020356.org)
+ORC - no comment
tKC - excellent tut compilations
ARTeam - very good Olly beginner series and unpacking tutz
In Memoriam: Terminator Z (aka Harry McBungus) - your Virus Writers Handbook is a masterpiece - Rest in Peace my friend
Dark Angel - your Phunky Virus Writing Guides rock
anybody else I forgot to mention here.....