Cracking Tutorial #1 By SiONiDE Hi fellow Crackers. I write these tutorials in short amounts of time. Therefore I apologise for any grammatical errors in this essay. Enjoy the Tut! "Basic" ASM Cracking: Difficulty Level: Easy [X] Medium [ ] Hard [ ] Expert [ ] Toolz Required: W32Dasm...............A good Cracking Web Site. HIEW..................A good Cracking Web Site. BYTE HUNTER V2.0......A good Cracking Web Site. Brain.................Ummm....Head maybe?? Computer..............You're on one now! Step 1. Today we will learn how to patch a file so that you can enter any NAME/SERIAL. To do this we need a piece of unregistered shareware which is not too complicated. Once you have found the target run it and click register. Enter SiONiDE as the name and 123456 as the serial. What happens??? It comes up with an error message. You shoulf write this message down as we will need it later. Step 2. Fire up W32Dasm and click "Open File to Disassemble" and select your target. After a few hundred hours it should be disassembled. You should have a screen filled with code. Click on "String Data References" or "SDR" and search for the earlier message. Once it is found, double click on it and close "SDR". You should see something like this: * Possible StringData Ref from Code Obj - > "Your Error Message Here" Scroll up until you see this: * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:********(C) The stars will be replaced with numbers and letters eg. 00485D9B(C) Select the "Goto" menu and select "Goto Code Location", type in the numbers and letters that replace the stars a few lines up. When you get to that address you should see something like this: :00485D95 41 inc ecx :00485D96 E8B1CFF7FF call 00402D4C :******** 0F8532010000 jne 00485ED3 The stars will be replaced with numbers and the above numbers will be different. The third line is the one we are interested in, but first lets learn a bit more about it. the "jne" means that if the Name and Serial are not equal, it will jump to the earlier Error Message. Asm: What it Means: Hex: jne jump if not equal 0F85 je jump if equal 0F84 jmp jump directly to EB nop no operation 90 ja jump if above 0F87 jna jump if not above 0F86 jae jump if above or equal 0F83 jnae jump if not above or equal 0F82 jb jump if below 0F82 jnb jump if not below 0F83 jbe jump if below or equal 0F86 jnbe jump if not below or equal 0F87 jg jump if greater 0F8F jng jump if not greater 0F8E jge jump if greater or equal 0F8D jnge jump if not greater or equal 0F8C jl jump if less 0F8C jnl jump if not less 0F8D jle jump if less or equal 0F8E jnle jump if not less or equal 0F8F Lets see what will happen if we replace "jne" with "je". Get it??? It will only jump to the error message if you enter the right NAME and SERIAL. Make sure the line with "jne" has the green bar over it and write down the @Offset located at the bar to the right. E.G. 0008519Bh, don't write down the "h", it means HEX. Step 3. Drag TARGET.EXE onto HIEW.EXE. Make sure that you switch off READ-ONLY in TARGET.EXE's properties. Press [ENTER] twice to enter decode mode. Press F5 and enter the Offset, without the "h" remember. Press F3 to EDIT and enter 0F85 (je) and press F9 to update. Press Esc to exit HIEW. Run TARGET.EXE and click register, enter any NAME/SERIAL and click Okay or Register. What happens??? It says it that it's valid. Walla, we've patched it. Step 4. Now that we've patched it, we can write a patch which can just be ran instead of all the above. Run BYTE HUNTER v2.0 Enter the name of the patch and your name. Enter the hex code the entire line with "jne" in. E.G. 0F8532010000. Then enter what you want it changed to, so just replace the "85" with "84" so 0F8432010000. Press "N" twice and then rename PATCH.EXE to your choice and there we are. Before you distribute a patch on the internet, make sure it works!! se evaluation" Hmm...let me think:) If we register the