---===The Outsiders===---

 Crack LinkSweeper 1.2
    
      by 2Sweeet


Method : Serial Sniffing
Utility: SoftIce 4.0

easy[X] hard[] very hard[]

Hey Yo...
Today we wanna crack LinkSweeper 1.2. Don't have it ?
http://www.2Sweeet.tsx.org click on the Software Button and download it.

Ok, start LinkSweeper 1.2 and click on the About Button.
Then On "Enter Registration Key".
You see 2 boxes, fill in:
 USERNAME: 2Sweeet
 CODE:     4444

Before you press on OK, press Ctrl+D to show SoftIce.
When you are in SoftIce, set a breakpoint.
 bpx GETDLGITEMTEXTA

Press Ctrl-D again, an then click the OK Button to register LinkSweeper.
SoftICE pops up. Now press, F12, F5, F12.

!! F12 is to return to the call. (we come to the where getdlgitemtexta is executed)
!! F5 means, let the program run as normal. (because we have two boxes, Username and Code)


Now you should see:

:00401140 8A442424  mov al, [esp+24]
:00401144 84C0      test al, al
:00401146 7510      jne 00401158

Press F10 to go through the code (about 7 times)

:00401160 51          push ecx       <- save our fake serial
:00401161 52          push edx       <- save our username
:00401162 E839010000  call 004012A0  <- call procedure to generate real serial

!! You can check our fake serial and username, write:  "d edx"
!!                                                 or  "? edx"

Now lets go into the call by pressing F8.
You come to this:

:004012F2 8BD8     mov ebx, eax     
:004012F4 83E301   and ebx, 00000001   
     
:004012F7 0FBEC9   movsx ecx, cl                 <- loop start, 004012F7
:004012FA 43       inc ebx                       <- 
:004012FB 0FAFD9   imul ebx, ecx                 <- 
:004012FE 8A4C3001 mov cl, byte ptr [eax+esi+01] <- go to next char
:00401302 03D8     add ebx, eax                  <- 
:00401304 03FB     add edi, ebx                  <- 
:00401306 40       inc eax                       <- 
:00401307 84C9     test cl, cl                   <- test if there is one more letter
:00401309 75E7     jne 004012F2                  <- If so, jump up to 004012F7

That's a loop to generate the real serial.
Just go through this loop by pressing F10, until you can leave this loop and can see
this lines:

:0040130B 81F707441192  xor edi, 92114407        <- 92114407h - EDI
:00401311 7D02          jge 00401315
:00401313 F7DF          neg edi                  <- -EDI := +EDI

This lines are just for putting the negative serial to positive.
 example: -8000 = +8000

Ok, then go through the code by pressing F10 until the line:

:0040133A 3BF8    cmp edi, eax

This compares EDI with EAX. EAX is our fake serial. EDI is the generated, real serial.
So let us look inside EDI by typing "? EDI". You see a serial, in my case 1844361258.
Write your cracked-serial down on a paper. Now press Ctrl+D to close SoftIce again.
We are in LinkSweeper again, username is the same (in my case, 2Sweeet), but write
your cracked-serial in the CODE box instead of 4444...

Next time, the proggy is started you will see, "Thank You for registering Link Sweeper!"... ;)
hehe, hell yeah, you've sniffed the serial :)

...
Tutorial written by 2Sweeet
http://www.2Sweeet.tsx.org