WHY PATCHING WHILE SERIAL NUMBER  IS FISHY




Target : Power Keno 1.0
A Cracking Tutorial 
by  The Midnight Hero [TMH]

	 ================= D I S C L A I M E R ================
	 THIS PAPER IS NOT INTENDED TO VIOLATE COPYRIGHTS 
	 LAW BUT EDUCATIONAL PURPOSES ONLY. I HOLD NO RES-
	 PONSIBILITY ( IN ANY SHAPE WHATSOEVER ) OF THE
	 MISUSE OF THIS MATERIAL. NO PARTS OF THIS PAPER
	 IS SOLD/RENT FOR COMMERCIAL NOR PERSONAL BENEFIT.
  	 =================================================

ABOUT THE PROGRAM


	Power Keno is a Win9x/ME/2000 game in which the player has to guess  
	which numbers will be randomly selected by the Keno machine.  The Keno 
	machine contains 80 balls which are numbered from 1 to 80.  Before the 
	game begins you must place a wager from $1 to $4 and select from 1 to 10
	 numbers.  Once you have selected your wager and numbers, then press the 
	Play button to begin.  The Keno machine will then randomly select 20 numbers.  
	The object is to have as many matches as possible between the numbers you 
	selected and the numbers that were randomly selected by the Keno machine.  
	The payoff is determined by the number of matches made.  The pay chart 
	above the Keno board shows the payoffs for each winning combination.


WHERE TO DOWNLOAD

	Author : Crescent Vision Interactive, LLC
	Home Page :  http://www.crescentvision.com/download.html
	    	    http://ftp.digital.com/pub/micro/pc/winsite/win95/misc/powerkeno.zip


HOW TO GET A VALID SERIAL NUMBER

	Just run the program and  in the registration dialog box type this : 

	User Name : Pirates Order 
	Reg Code  : 79326493

	Do not click the register button. Now Load SoftIce (Ctrl + D) and set a breakpoint as follows :

	: BPX GetDlgItemTextA  [enter]
   	F5  to return to the main program.


	Now, click OK button and SoftIce is loaded. Press F11, F5,and F11 once again.If you 
	do the right thing, you will see these snippet codes below :
	
	
	______________________________________________________________
 	
	017F:004075B1  FFD6                CALL   ESI <== break here
	017F:004075B3  BE08854100     MOV ESI, 00418508  
	017F:004075B8  B8C0AB4300   MOV EAX, 0043ABC0  <-- d esi
	017F:004075BD 8A10                 MOV DL, BYTE PTR[ESI] <-- 	d eax
	
	________________________ POWERKENO!.text+65B1 _______________

	Press F10 till you break at 017F:004075B8 and then dump ESI register,
	you will see a code : 4815-8009-6332 . Hmmmm, that's the 
	real code do write it down. Press F10 again and dump eax register , your fake code will
	appear.

	Now register again and use 4815-8009-6332 as the reg code ad you are registered
	This program has a very lame protection (hard coded serial), so you can even find te serial	
	with W32Dasm.	


WHERE IS MY REGISTRATION NUMBER STORED 

	It's encoded in cvipk10.pfs. Delete this file if you wanna practice again (but I think there is 
	no need he he)


THE LAST WORDS 
	==================================================================
	" WORDS WILL NEVER BE POWERFUL ENOUGH TO EXPRESS MY GRATITUDE
	TO UNCLE ' ASTAGA ', WHO HAS SHOWED ME THE LIGHT IN THE DARK TUNNEL "
                  ==================================================================
	
 The Midnight Hero [TMH]
 [EOF] 18/6/01 9h:09' PM.    |