---===The Outsiders===--- Crack LinkSweeper 1.2 by 2Sweeet Method : Serial Sniffing Utility: SoftIce 4.0 easy[X] hard[] very hard[] Hey Yo... Today we wanna crack LinkSweeper 1.2. Don't have it ? http://www.2Sweeet.tsx.org click on the Software Button and download it. Ok, start LinkSweeper 1.2 and click on the About Button. Then On "Enter Registration Key". You see 2 boxes, fill in: USERNAME: 2Sweeet CODE: 4444 Before you press on OK, press Ctrl+D to show SoftIce. When you are in SoftIce, set a breakpoint. bpx GETDLGITEMTEXTA Press Ctrl-D again, an then click the OK Button to register LinkSweeper. SoftICE pops up. Now press, F12, F5, F12. !! F12 is to return to the call. (we come to the where getdlgitemtexta is executed) !! F5 means, let the program run as normal. (because we have two boxes, Username and Code) Now you should see: :00401140 8A442424 mov al, [esp+24] :00401144 84C0 test al, al :00401146 7510 jne 00401158 Press F10 to go through the code (about 7 times) :00401160 51 push ecx <- save our fake serial :00401161 52 push edx <- save our username :00401162 E839010000 call 004012A0 <- call procedure to generate real serial !! You can check our fake serial and username, write: "d edx" !! or "? edx" Now lets go into the call by pressing F8. You come to this: :004012F2 8BD8 mov ebx, eax :004012F4 83E301 and ebx, 00000001 :004012F7 0FBEC9 movsx ecx, cl <- loop start, 004012F7 :004012FA 43 inc ebx <- :004012FB 0FAFD9 imul ebx, ecx <- :004012FE 8A4C3001 mov cl, byte ptr [eax+esi+01] <- go to next char :00401302 03D8 add ebx, eax <- :00401304 03FB add edi, ebx <- :00401306 40 inc eax <- :00401307 84C9 test cl, cl <- test if there is one more letter :00401309 75E7 jne 004012F2 <- If so, jump up to 004012F7 That's a loop to generate the real serial. Just go through this loop by pressing F10, until you can leave this loop and can see this lines: :0040130B 81F707441192 xor edi, 92114407 <- 92114407h - EDI :00401311 7D02 jge 00401315 :00401313 F7DF neg edi <- -EDI := +EDI This lines are just for putting the negative serial to positive. example: -8000 = +8000 Ok, then go through the code by pressing F10 until the line: :0040133A 3BF8 cmp edi, eax This compares EDI with EAX. EAX is our fake serial. EDI is the generated, real serial. So let us look inside EDI by typing "? EDI". You see a serial, in my case 1844361258. Write your cracked-serial down on a paper. Now press Ctrl+D to close SoftIce again. We are in LinkSweeper again, username is the same (in my case, 2Sweeet), but write your cracked-serial in the CODE box instead of 4444... Next time, the proggy is started you will see, "Thank You for registering Link Sweeper!"... ;) hehe, hell yeah, you've sniffed the serial :) ... Tutorial written by 2Sweeet http://www.2Sweeet.tsx.org