Hi,

I can't understand why my previous post was closed. Obviously the reason is, that most parts where in german. seems that someone hasn't seen the translation of EVERY german post! The reason i or someone else (silberfuchs) posted in german was, that silberfuchs doesn't speak english very well, and that's why I always added a translation!

anyways, i just wanted to tell you, that i've found the correct adresses for a crack and even for a TRAINER!!
The crack makes the program a full version, and with the trainer you'll have the possibility to set the girl's money, and you can activate an option that allows you to win ALWAYS! I'm sure that you all know what that means......hehe

Now to Silberfuchs (and the other, too, of course): I also would like to get a valid serial. can you point me to some important addresses?

btw: the trainer and crack will be out tomorrow (saturday), or sunday. it will be downloadable from my website (h**p://noperator.de.vu). I'll also update this post if it will be finally released.

thank you again.

nop

Well, I guess I should respond to this...

Hi nop,

I can't say anything about the other thread, but as for your 'announcement' in this one, the trainer is a good idea. Why don't you really contribute and write a tut on how you did it? As far as posting that you're going to be providing a crack and giving a link for it, what you do is your own business, but you should know by now this is against board policy. You wanna spread cracks? Keep it on a crack site, OK?

Kayaker

hi Noperator

you should just know, where the Serialcheck has to be; it's easy to find, but i don't know, if it's possible to calculate back (=zurückrechnen??)...if not, you can make a little bruteforce

go and search

...und vielleicht solltest du dein voriges Posting ein wenig editieren?

jo, ciao
SilberFuchs

hi,

first to Kayaker: after your post I tried the second time to find somewhat that looks like board policy/rules. I can't find anything. Writing a tut about all the stuff I've done is a good idea. But where to publish it? on my website? i don't think that i've enough visitors that it would be worth to write such a big thing. btw: i already wrote an interesting tutorial on cracking a game and making a keygen. perhaps i should publish it on my website nevertheless.

nop

In one of your earlier posts in the other thread you said:
> The only interesting location i found was 017F:4114ED.
> There was a loop where something was done with
> the characters, but I didn't understand what exactly.

I thought that you would have gone back there to look again by now, but I guess not. That loop is near the end of the sub that verifies your regcode (after the hyphens '-' have been stripped). The string that you input isn't compared to another string (so you can't fish for a 'correct' regcode) - but it is passed through an algorithm to check it.

The subroutine is at 00411420. It returns 1 (good) or 0 (bad).

I found it easier to understand what is happening by converting the disassembled code to pseudo-C (not fit to re-compile but good enough to follow along with). I've attached it to this post.

thank you very much for your effort samneric! This helped me a lot. It really seems, that it is not possible to "invert" the algorithm to get a valid serial, right? the only possibility would be brute force, wouldn't it?

thanks again. I'm already writing my trainer, but have some problems......

nop

Not at all! That's how keygens are created - by reversing the algorithm. (Not to mention the sanctioned program for generating valid registration regcodes...)

Unless I missed something, the regcode consists of 2 parts:
1) a 3-digit string at the start of the regcode
2) the rest of the regcode from the 4th char on

Part 1 is handled in the first loop by copying the first 3 digit chars (minus leading zeros) to str2[] and then converting str2[] to a numeric value via _atoi().

[I notice that leading zeros (0x30) are twice omitted from strings submitted to _atoi() - so maybe the programmer is unsure how they affect the returned value??]

Part 2 must begin with "02" and is run through the algorithm in the last loop to create a 'total' number. That total is added to the numeric value determined by Part 1. The resulting value must be evenly divisible by 999.

So you should be able to start with any old recode you want that begins with "02dddddddxxxxx..." and then run it through the steps in the last loop that create a total. Then divide that total by 999. Subtract the remainder from 999 and convert the result to a 3 digit string to tack onto the beginning of your regcode.

But I don't know if the alphabetic string on the end ('xxxxx...') is used elsewhere to contain the registered user's name. I haven't looked into that and I probably won't either. Your choice of targets caused major domestic disharmony here...

> Your choice of targets caused major domestic disharmony here...



hmm, at last, it seems to be too difficult for me. i looked at the code in sice again, and compared it to your c-pseudo-code. your exaplanations are pretty clear, but i still don't know how i would keygen this program now. and actually i don't want to know it now. i'm gonna wait some month, improve my cracking skills, and then try it again. I'm sure that will have a bigger effect finally. but anyways, thanks for your help again. I'm gonna choose other targets in the future.....

nop