Disclaimer: All the information provided herein is thought for educational purposes only! YOU are responsible for your actions not me! 2nd Tutorial by ThaMinder Tutorial About Cracking Serialz ---------------------------------- Where to get the shit software: http://www.crackstore.com <-- Get WDasm and Hiew there http://members.tripod.com/ThaMinder/picshow.zip <-- our example prog. Explanations to the progs u need: ---------------------------------------- Wdasm --> is a Disassembler. Be sure you'll download version 8.9 or higher! Hiew --> Hackers View is a HexEditor. You can also use another one but I'll explain everything with Hiew. picshow --> Our example prog. The ASM-Knowledge you need ---------------------------------------- ASM-Code is the code you'll see if you have disassembled a file with WDasm. Here are the expressions and their Hex-Code you'll need: jne - jump if not equal --> 75 or 85 je - jump if equal --> 74 or 84 jmp - jump --> Not Important nop - no operation --> 90 call - a Conditional or Unconditional fucntion Call --> No special H-Code Let's start ---------------- First of all you have to make a copy of the PICShow.exe called Picshow.w32. Why?? This is the file we will load with Wdasm, the .exe file will be cracked and if we do something wrong w have a copy of the .exe and can try again. OK, now start the Picshow.exe and load some images and click onto "play picshow". Shit, after every picture such a shit infromation tells u that u are using an unregistered copy of the prog, annoying. OK, go back to the start mask and click onto help and then onto Registration. A window comes up and u have to enter Name and Registration. Enter whatever you want and click on "Register Now". Oops. A window comes up and tells us "Invalid Registration Information" Damn! OK write it down and we can start. Start Wdasm and open the Picshow.w32 we created before. Wait 'till the prog has finished the disassembling process. If u now see a screen full of any symbols don't worry. Just click on Disassembler-font and then on select font. I would change it to Arial. Then click on Disassembler--font and save default font. Now it's saved. OK now it's much better. Do u remember, you wrote down the message given to us as we entered the Invalid Reg-Number. OK, we'll look out for the message now. Click onto Strn-Ref, the symbol next to the printer-symbol. Scroll through the messages and look out for "Ivalid Registration Information". Got it?? OK doubleclick on it and you will be warped directly to the place. Scroll a little up and you'll see the text. Just scroll a little bit more till u see a call, here it is: 004726C6 E8EB44F9FF Call 00406BB8 This is the call that calls the function which shows u the message. OK remember that we don't wanna have this window. The one we wan't is that we've successfully registered our copy. We'll No-Operate this call with the nop-command. Scroll as long till the bar is over the call, it will turn into green. Now look down and you'll see something like: Line:252961 Pg 3012 of 3656 Code Data @:004726C8h @Offset 00071AC8h... OK, write down the number after Offset, 00071AC8 without the h. Well, now we will look out for the place which called the call. Scroll a little more up 'till you see something like: * Referenced by a (U)Conditional... |:004724FC(C) Got it?? OK, the number is what we need. Click onto Goto and then Goto Code Location. Enter the number, 004724FC and click on OK. You'll be warped to the location we need. Do u see the j n e command?? The bar must be directly over this line, it have to be green. jne-->Jump if not equal!! The prog checks, if the number u have entered is right and if not it jumps to the call, we saw before. Ok, write down the offset number, here: 000718FC w/o the h. Well, now we have written down 2 shit numbers and we have not done anything 'till now. Nevermind, we have to find one more Number too. OK, think! What is our goal?? We wan't to get a message from the prog that we have registered successful. Mmmh, we don't know the message we will get..but...it have to something like: registered successful regiatration successful Thanks for registration Registration complete, Thanks. Or anything like that. Ok, we'll search such a message! Click onto Strn-Ref and search for something like that. Here it is: "Picshow Registration Successful" doubleclick on it. Do the same as in the first step. Search the call, set the bar ober it and write down the offset number. Here 00071AAA Shit, this was a lot of work. Now we can make the canges to the prog! Close Picshow and open Hiew. Open the Picshow.exe. !!Picshow has to be closed!! OK, but what's that?? Shit!! Nevermind!! Press F4 and then Decode!! Ahh, much better. Well, we wrote down three numbers before. Two of them we will nop and the other one we will change from jne to je, sounds easy. Ok let's start with the calls we wrote down. The first calls the Reg-Failed Window the other one calls the Reg-Succesful window. We will no-operate 'em. Just press F5 and enter the Number we wrote down first, without the h and press enter. Here it is 0071AC8. Ok we get warped to the place now you see something like this: E8EB44F9FF I have to explain what it means. It's the call and every two numbers are standing for one byte. There are 10 Numbers that means there are 5 bytes. One is E8 the next is EB then 44 and so on. Will have to make a nop with 5bytes too! OK we know that the H-Code for nop is 90. We have to nop with 5 bytes: 9090909090 Understood??? The Call is 5bytes long the nop has to be as long as the call!! OK press F3 to edit the line. Now enter 9090909090. Don't worry if it jumps down a lign after every 90 just carry on till you have 5bytes. Now press F9 to save the changes! OK, we'll do the same with the other call. Press F5 and Enter the Offset number of the other call, it was: 0071AAA Press Enter. Here we have a 5bytes call to so just do the same as before. Shit, it is so easy to understand and I'm sitting here writing all this shit. Nevermind... Did it? (Press F3 enter 9090909090 and Press F9 to save the changes) That was nearly all!! Just one more thing! We wrote down another number, u remember?? It was the O-Number of the jne advice. We will change it to je so that if u enter the right Number u will be showed the error message and if u use the wrong it will jump to the other message that shows us the we entered the right one!! Jeaahhh. Press F5 and Enter the Number. Here: 00718FC OK here we are. Do u remember what I said at the beginning?? The H-Code for jne is 75 or 85. Here it is 85, saw it. Bring the bar over the 85 and press F3. Change it to 84 and press F9 to save it. You remember? 84 stands for je. If u have an 85 u change it into 84, if u have a 75 u change it into 74. Ok, got it?? If u have done all this changes press F10 to close Hiew. we now have cracked the prog!! If u have done it right! Damn, let's see if it has worked. Start Picshow.exe Enter a name and a Reg-Number into the box and press Register Now! Yeaahh, we got it, we get the message we wanted and if u now start another Picshow the Reg-Information between the Pics is away! Great. What a feeling!! If it has not worked you have done anything wrong and u have to delete the Picshow.exe and rename the Picshow.w32 to PICShow.exe and try it again. If u do everything like I told u it has to work, I'm the best! OK, most of the pros have protections like that, they're easy to crack. Do the same with as many progs u can, u have to know the steps by heart. Sometimes it won't work but don't worry try it with another prog 'cause somes have better protections and you will have to use the MasterTool SoftIce which I'll explain in a later Tutorial, but it ain't something for NewBies like u! I hope I didn't forget anything but this tutorial took me about 3 hours and my head is a mess now. Watch out for more tutorials by ThaMinder (that's me). U can get them all from my homepage: http://jump.to/ThaMinder Feel free to give this tutorial to everyone ya want. Questions?? Write E-Mail to ThaMinder@yahoo.de Sorry for my bad english I hope it has not been too hard to understand. Greetings to "ByteBurn" -------------------------------- Next tutorials will be about: Time-limited Software SoftIce and whatever comes to my mind! Always remeber: !The Knowledge Never Stops! C ya next time ThaXplTMinder Germany, 1999