Tutorial #4 : Cracking Kingpin Patch v1.2 CD Check Name : Cracking the Kingpin 1.2 Update Patch CD Check Version : 1.2 Editor : The Kingpin Target : Kingpin.exe Tools : HIEW Windasm Keyboard Braincell's (prefered color : Grey) Cracker : Sushi # / Hacker The Paradigm release of Kingpin, --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- Well since I slammed some memory into my PC Kingpin is a cool game, also online, but everyone online seemed to use the most rescent patch v1.2, wich doesn't ask for a CD when playing online, but the next day after installing the patch I wanted to play the standard version and then the damn thing asksed for the Kingpin CD, let's go correct that BuG ]=] First we should go see what BuG where talking about, so when I install the patch and try to play the standard version, a messagebox pops u with the text : "You must have the KINGPIN CD in the drive to play". Ok now lets boot Windasm load Kingpin.exe, Now open up the String Data Reference's (SDR from now) by clicking Refs, and then search for something like the Error message, well I found it its at the Y section almost at the end of the list, "You must have the KINGPIN CD". Now let's double klick on the SDR. We land here : * Possible StringData Ref from Data Obj ->"You must have the KINGPIN CD in " ->"the drive to play." | :0044907E 6860A04500 push 0045A060 <-- We land Here. :00449083 6A00 push 00000000 :00449085 E89076FDFF call 0042071A :0044908A 83C408 add esp, 00000008 Well nothing interesting here, so lets look up a bit, to see what sort of code jumped to the messagebox "You must have the KINGPIN CD in ". * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0044906C(C) <-- Hey this is the (C)onditional jmp | that jumped to the Error Messagebox. :00449070 E837FFFFFF call 00448FAC :00449075 8945FC mov dword ptr [ebp-04], eax :00449078 837DFC00 cmp dword ptr [ebp-04], 00000000 :0044907C 750F jne 0044908D * Possible StringData Ref from Data Obj ->"You must have the KINGPIN CD in " ->"the drive to play." | :0044907E 6860A04500 push 0045A060 <-- We landed Here. Now we know the adress of the code that jumped to the messagebox, now let's go to the piece of code, Klick on Goto, then on Goto code location, or simply press SHIFT+F12, a box pops up, and enter the code we wan't to check out : 0044906C, thats the code we wan't to check out, because it jumped to the Error message. Now we land here : * Referenced by a CALL at Addresses: |:004432B3 , :004432D7 | :00449061 55 push ebp :00449062 8BEC mov ebp, esp :00449064 51 push ecx :00449065 833D4C1D480000 cmp dword ptr [00481D4C], 00000000 :0044906C 7402 je 00449070 <-- We Land Here. :0044906E EB67 jmp 004490D7 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0044906C(C) Well thats interesting... The piece of code at 0044906C, je 00449070, the fist piece of code is JE = Jump Equal, 00449070 = the adress of the Error mesagebox, in total this means that if the CMP = Compare, from 00481D4C against 00000000 is Equal we get the Error, so this is the code where they look if the Kingpin CD in the Drive and when there isn't one, in the drive the program jumps to the Error messagebox, so lets patch this, so lets get the Offset of the Je code, its 4906C. So what where going to do is, where gonna reverse the JE <-> JNE, the oppposite of JE, Jump Equal = JNE, Jump not Equal, so if we change the JE to a JNE, the Error message box will pop up when the Kingpin CD is in the Drive ! K now lets boot hiew and load a backup of Kingpin.exe, press ENTeR twice togo in Decode mode and then press F5 now enter the Offset of the Je Code wich we got : 4906C, We land at the Je code, press F3 folowed by F2 now we can edit the code, in the pop'ed up message box change the JE to a JNE. let's test if the patch did it, start kingpin and try playing a standard game, not multplayer ! You Have now Succesfully, Hacked someones Win 9* / NT System / Account !! Cya'll Sushi # You can find me on IRC's EFFnet in the channels #DiGiTaL.FaCToRy and #cracking4newbies