----------------------------------------------------------------------------- + + + AAAAA AAAAA AAAAA AAAAA A AAAAA A A A AAAAA AAAAA AAAAA + + A A A A A A A A A A A A A A A A + + AAAAA AAAAA A AAAAA A AAAAA A A A AAAAA A AAAAA + + A A A A A A A A A A A A A A A A + + A A AAAAA A A A AAAAA A A A A AAAAA A A A + + + ----------------------------------------------------------------------------- + Date : 14th January 2001 + + Title : How to crack Rebel Strip poker 1.4 + + Source : http://www.AstaLaVista.com + + Writer : NewBie007 + ----------------------------------------------------------------------------- What: Rebel Strip Poker 1.4 is a good strip poker game which shows the girls stripping on video Currently there are about 10 girls and 1 male to choose from. Each girl cost $$$. In order to see them girls you need access key Where: http://www.rebel.com.au/spfw/poker.htm Download & Install: You need to register(free) to get download URL of main program in your e-mail Difficulty: Normal !!! About Me: I am still a newbie. Have you read my previous crack(jmpeg.txt @ AstaLaVista.com) Well, When I went through many sites to find a crack for version 1.4 of Rebel. But what I found was only version 1.3. So I cracked this myself. Tools: SoftIce (http://www.crackstore.com) W32Dasm (optional - http://www.crackstore.com) Understanding Program Coding: I first tried to crack the game using w32Dasm. Then I saw something that I have never seen before in a windows program. The assembly codes were in segments... The program is writen in Borland C++ (I think so). Any way I searched for the text that tells me about the incorrect access code. I tried changing the jumps. But what I got was an error. Thus I resorted to SoftIce. This is my first crack using SoftIce. I am not fully familiar with SoftIce yet. Hence this tutorial can be said to be incomplete. But you can have full access to the program by cracking it every time you use it. "No Pain No Gain !!!" Cracking the program: Start the program and press 'CTRL+D' to pop up SoftIce. You need to load SoftIce from 'Autoexec.bat' file in order for it to pop up. Get the HWND of the program by typing 'Hwnd Rebel'. On the second line you will see the required HWND (EDIT) We now assign a break a break when the text is retreived. Type... BMSG XXXX WM_GETTEXT (Where XXXX represents the HWND of Edit) Press 'F5' and then enter some dummy code in the text box click on 'OK'. SoftIce will pop up. Press 'F12' till you see the 'REBEL(0B)' twice in succession on the bottom window of SoftIce. Press 'F10' and go through all the codes while type 'D [Register Name]' to read the data in the register. You will notice that your dummy code is stored in 'SP' (ADD SP,08). It is from the following commands that I concluded the program was made in 'Borland C++'. You will reach your first 'JZ' command on the fourth line. But you will also notice that they were no 'CMP' ie... compare commands before it. So this is not what we are searching for. Two lines later we will come across a 'JMP' command. Press 'F10' till you reach - 'xxxx:1BC6 JZ 1C98' On the right you will see '(no jump)'. Above this line there is also a 'CMP' compare statement. I had a feeling this line is what that checks access code. We will simply make the program to jump. On the command prompt type... 'R FL Z' 'Voila'!!! - The cracks over. Type 'BC *' to clear the break points. Press 'F5' and enjoy the game. Final Statements: OK I agree that the crack may not be up to the mark. I still don't know how to get the offset of a line in SoftIce. I searched for the command line in W32Dasm and found it at Segment '11' offset '1BC6'. I tried to change JZ to JNZ. But the program gave me an error saying that it could not create the main body. I once again went through the commands using SoftIce. What I noticed was that when the program passes the line 'xxxx:1BC6 JZ 1C98' the next few codes consist of getting display information. Hence I concluded that, when first time the program does not jump, it configures the main body and second time it does not jump... it displays the Window for typing in access code. Last but not the least: You know my e-mail... Please send me an e-mail about this tutorial. Even if it criticises this tutorial it is OK.