ÜÜÜÜÜÜÜÜÜÜÜÜ Û ÜÜÜÜÜÜÜÜ ß Û Û ÜÜÜÜ Û ß ÜÜÜÜÜÜ Ü ÞÝÞÝÞ²ÛÛÝÞÝ ß ßßßßß ÜÜÜÜÜÜÜ ß ßßßßßßßÛÜ Û Û ²ÛÛ Û ÜÛßßßßßßßÛÜÛßßßßßßßÛ ÜÜÜ Û ÜÜÛßßßßßÛÜÜÛßßßßßßßÛÜ Û ÞÝÞÝÞ²ÛÝ ßßßßÛÛ ÜÜÛÛÛÜÜ ß ÜÛÛÛÛ²Ü Þ²ÛÝÞÝ Ûß ÜÜÛÛÛÜÜ ß ÜÛÛÛÛ²Ü Û Û ß Û ²²ÛÜÛÛÛÛÜ ÞÛ² ÜÜÛ²Ý ÞÛ² ÜÜÛ²Ý ²Û ÛÜÜÜÛ ²ÛÛ ÜÜÛ²ß ÞÛ² ß Û²ÝÞÝÞÝ ÞÝÞÝÞ²ÛÛß Ä Û²ÝÄÛ²ÝÄÄÞ²²Ä Û²ÝÄÄÞ²²Ä ²ÛÝÄÄ ÜÜ ²ÛÝÄ ÜÜ Ä Û²Ý Ä ÞÛ² Û Ü ß Û ²²ÛÝ ° Þ²² Þ²² ° Û²Ý Þ²² °° Û²Ý Þ²Û Û²Ý Þ²Û Þ²Û Þ²² °°° Û²ÝÞÝÞÝ Û ÛÜ ßßß ßß ßß ßßß ßß ßß ßßßßßß ßßßßßß ßß ßß Û Û ÛÜ ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß Û ßßßßß ß ß ßßßßßßßßßßßßßßß ßß ß ß ßßßßßß ¯¯¯¯¯ ¯ ¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ¯¯ ¯ ¯ ¯¯¯¯¯¯ Tutor : Ordoc Editor : An NFO Viewer (wordwrap) *Notepad is fine if u don't wanna see the neat ASCII Art :)* Who : Beginners an' Newbies :) Greets : Harlem, WLW, #cracking4newbies Target : CopyTo v2.14 (c) Kish Designs (http://www.ne.jp/asahi/cool/kish/cpto214.exe) Size : 347kb Rev Date : 10/12/98 Welcome to my first tutorial, it will be very brief :). This is another program ruined by a single jne to je. First off lets run CopyTo which you can accomplish by double clicking it on your desktop(or in C:\windows\ if its not on your desktop!). Goto help and click "About...". Then another box will pop up, click the "Register" button. Hmm.. Odd. It has a dialog box for just your name. Enter your name and click OK(Harlem for me). Next a dialog box asking for your registration number pops up. Enter a dummy code ( I use 272727 ). Now before you click Ok, Ctrl-D into softice and set a breakpoint on hmemcpy (bpx hmemcpy). Click OK. Like magic your back in softice. You need to be in COPYTO!Code, are you? NO!(hehe). Hit F11 to get into the code then hit F12 to skip over the code till you get into COPYTO!Code. Now hit F10 through a few "rets"(returns) until you see: :00466238 E867FEFFFF call 004660A4 :0046623D 837DF000 cmp dword ptr [ebp-10], 00000000 :00466241 0F84E8000000 je 0046632F :00466247 8B55F0 mov edx, dword ptr [ebp-10] :0046624A A1D0A84600 mov eax, dword ptr [0046A8D0] :0046624F E8C8FDFFFF call 0046601C ; Calls the serial checking routine :00466254 84C0 test al, al ; tests AL for 0 :00466256 7516 jne 0046626E ; jump_if_not_equal to 0 (jump if good serial) This is a VERY common protection in shareware programs. So If you don't know what to do already continue reading.. Hit F10 until you highlight: :00466256 7516 jne 0046626E If you look to the right of that line SoftIce will have the words "No Jump". So we want to fix this so it will jump to the good_guy registration. Type A and hit enter. It should have something like: xxxx:00466256 Well we want to change this so it jumps so we need to "reverse" the jne. Type in: je 0046626E Hit enter twice. No the code should look like: :00466256 7516 je 0046626E And it should say JUMP with a down arrow. Hit F10 to execute the jump. Now type "bc *" to clear your breakpoints in SoftIce. Hit Ctrl-D and like magic... SUPRISE it will say "Thank you for your registered." Maybe you aren't that suprised but maybe you were!!! Congratulations on reverse engineering CopyTo v2.14. *Note: You could have changed the jne to jmp which would make it always jump. Good serial or bad serial. Changing it to je makes it jump if it's the bad serial only :) *Note: Not all programs that have the CALL, TEST, JNE(JE) routine will stay registered if u just change the jne to je because they check the serial in other places. But 30%-40% programs in my opinion work like this. Look for more tutorials from Harlem soon.