www.snood.com

I think this one will be fun, for newbies. (Very newbieish) but its not just a simple patch...It refines basic skills a lot though

If you get it please post your methods.

Done...very newbie-ish indeed. Simple matter of patching a return... (hint)

Oh yeah and try to get the correct serial as well.

Bust-a-Move was my all time favorite game... and now i can play it with elite looking peices, how cool.. the game's an easy crack, but try training it... heh heh heh... oh well, i have some other projects in mind that should get me to the top of that high score list in no time

This project could be a lot more interesting - and therefore I will attempt to add something to it. There are a few more things that could be done to make this game more "fun" - cheating maybe - and fixing a bug. First off, sometimes after a completed round, the program page faults. Task number one is to fix this. When you attempt to use the aimer or mulligan, it tells you that you won't be able to record your high score and you will have a piece of cheese next to your name. Make it so that you can use these features without that problem. Recap:

1. Fix bug
2. Allow aimer use without "cheese"
3. Allow mulligan use without "cheese"

Enjoy

Ooh, this looks like fun!

So far all I've tried is removing the "cheese" next to your score...I got rid of the warning, but it still puts the "cheese" in...any ideas on this?

Hi,
I have registered snood, but I had to patch it (I thought I found the serial but it just does not work - donīt know yet what is wrong).
Anyway, I have fully functional prog now, saying "Registered to: %$.98nmlkjihgfec".
Will try the "cheese task".

janek

I have completed all of the tasks I suggested as well as allowing use of the aimer and still allowing submission to the "world high score" charts. I did not bother to remove the messages as you did, though. If anyone is ready for me to post my essay, I will attach it to the next post.

post it, i have been playing snood for a while and it is a pretty good game, what is you high score, (without the aimer)

Well, I was not going to have an in depth look at this Snood bull but when I installed it, it installed an application called GATOR. This sh!t makes me mad. Who the hell do they think they are installing apps without my knowledge? And it is Ad ware!!!

Damn lamers do not deserve to make any money from there applications.

He even has the balls to ask us to stop cracking his app. Well, up yours buddy. I will break it open and keygen its ass.

Hoof

Lol am i ever a newbie.... i cant even get the f ' n patch!..... i need hints... what a baby

ive found about 3 operations that use the data entered for the registration... and have determined the purpose of 2 of them but my eyes glaze over and i keep tracing into infinate darkness on the third and final...

plz give me a couple of hints

thanx for the project

yes post the essay by all means, im totally stuck on your tasks ; )

hi all

i`m stuck too
can`t find working serial i think i know where it`s done more or less but can`t follow it so no working serial found yet and about patching tried some places got it to say its reged but not all function are working then program checks if you are regged but that`s not the case i found location where the check is preformed on an address but don`t know how to change it to my benifit patch all ? that`s about 23 jne/je changes

pls post solutions thx

Cracking + Training: Snood V2.4.3
URL: www.snood.com
---------------------------------
W32Dasm-Ripped-Part:
---------------------
:0040143D E8AE280000 call 00403CF0

* Possible StringData Ref from Data Obj ->"Checked Registration"
|
:00401442 68F0214200 push 004221F0
:00401447 A291D54200 mov byte ptr [0042D591], al <-- al = 1 if registered User,so
;---------------------------------------------------------------------------------------
We change that Call... It just checks the Registration there,so nothing important at all
:0040143D E8AE280000 call 00403CF0
Size of Call = 5 Bytes..
;---------------------------------------------------------------------------------------
Edit to:
:0040143d b001 mov al,01
90 nop
90 nop
90 nop
;---------------------------------------------------------------------------------------
Hexadezimal-Offset: 143d / insert: b0 01 90 90 90
;---------------------------------------------------------------------------------------

Training The Game .....

Adress 4098f8 + 4098f9 offer 2 Incīs.
Nop both of them out,and thats it...No Counter / Display Decrease anymore!

That means: 4098f8 = 90
4098f9 = 90

And your Game is trained..

Thats it....Have fun..
[NtSC]

If anyone hasn't seen it yet, there is an essay that I wrote at http://www.immortaldescendants.org

I was wondering about the KeyGen routine...

the return can also be patch at bad cracker located @ 004044ea either by nop'n it or by editing it to B001 -- mov al,1:

but I haven't been succesful in determining the keygen routine... was wondering if anyone had any insight
begginning should be located here.

:0040159C E84F270000 call 00403CF0
.
.
.
:004041F2 E899030000 call 00404590
.
.
.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00405311(C)
|
:004052B0 33C0 xor eax, eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004052C3(C)
|
:004052B2 8A1406 mov dl, byte ptr [esi+eax]
:004052B5 80C9FF or cl, FF
:004052B8 2AC8 sub cl, al
:004052BA 02D1 add dl, cl
:004052BC 881406 mov byte ptr [esi+eax], dl
:004052BF 40 inc eax
:004052C0 83F814 cmp eax, 00000014
:004052C3 7CED jl 004052B2
:004052C5 8BAC24F8010000 mov ebp, dword ptr [esp+000001F8]
:004052CC 8BC6 mov eax, esi

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004052ED(C)
|
:004052CE 8A5500 mov dl, byte ptr [ebp+00]
:004052D1 8ACA mov cl, dl
:004052D3 3A10 cmp dl, byte ptr [eax]
:004052D5 751C jne 004052F3
:004052D7 3ACB cmp cl, bl
:004052D9 7414 je 004052EF
:004052DB 8A5501 mov dl, byte ptr [ebp+01]
:004052DE 8ACA mov cl, dl
:004052E0 3A5001 cmp dl, byte ptr [eax+01]
:004052E3 750E jne 004052F3
:004052E5 83C502 add ebp, 00000002
:004052E8 83C002 add eax, 00000002
:004052EB 3ACB cmp cl, bl
:004052ED 75DF jne 004052CE

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004052D9(C)
|
:004052EF 33C0 xor eax, eax
:004052F1 EB05 jmp 004052F8

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004052D5(C), :004052E3(C)
|
:004052F3 1BC0 sbb eax, eax
:004052F5 83D8FF sbb eax, FFFFFFFF

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004052F1(U)
|
:004052F8 3BC3 cmp eax, ebx
:004052FA 7424 je 00405320
:004052FC 680CF54200 push 0042F50C
:00405301 56 push esi
:00405302 E8B0180100 call 00416BB7
:00405307 83C408 add esp, 00000008
:0040530A 47 inc edi
:0040530B 83C615 add esi, 00000015
:0040530E 83FF17 cmp edi, 00000017
:00405311 7C9D jl 004052B0
:00405313 5F pop edi
:00405314 5E pop esi
:00405315 5D pop ebp
:00405316 32C0 xor al, al
:00405318 5B pop ebx
:00405319 81C4E4010000 add esp, 000001E4
:0040531F C3 ret
.
.
.


and here are all the jumps to the bad cracker... which will also patch the registration which is one possible exit to first call listed

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004041FC(C), :004042ED(C), :00404350(C), :004043CB(C), :004043D9(C)
|:00404423(C), :00404459(C)
|
:004044E8 5F pop edi
:004044E9 5E pop esi
:004044EA B001 mov al, 01
:004044EC 5B pop ebx
:004044ED 81C408010000 add esp, 00000108
:004044F3 C3 ret