How to code a valid *keyfile* for SolSuite v5.X by FaT[BiT] \ TNT! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ dedication : to Xasx ( the man with the biggest phone bill ) !! ]-={ HAPPY ANIVERSERY }=-[ { FOR } [\/]-={ TNT!CRACK!TEAM! }=-[\/] Welcome to my 6th tut , in this tut we will learn how to : 1st) crack solsuite <-- my first crack and tut 2nd) make a valid keyfile NOTE : This is a very long tut !!! so god be with u !!! ToolZ : ~~~~~~~ Win32Dasm ----- v8.93 Hiew ---------- v6.20 Turbo Pascal -- v7.00 Any Ascii Table o.k here we go : 1) Now what we need first is to crack Solsuite !!!! ( offcourse this is what the tut is all about ) i will do a quick refresh if u don't unerstand u can read my first tut on how to crack Solsuite !!!! 2) Run Solsuite and click on help \ Enter registration Code to enter a dummy Code .... click o.k and *boom* --> This is not a valid Registeration code , please try again <-- THE ERROR MESSAGE 3) o.k copy the file solsuite.exe to crack.exe and dasm the file and look for the error message and u will be here : Note : this is all the check routine !!!!! *Referenced by a call at address : :004D19EE , : 004D2DD8 , :004D2F1E <-- we check these !!!! :004CB694 cmp eax,00000001 :004CB697 jne 004CB6A4 *Possible StringData Ref from Code Obj -> " Please enter all of your information " -> " into the Registration code dialog " -> " box. " <--- if u didn't enter any code :004cb699 mov eax,004CB6D0 :004CB69E call 00472A48 :004CB6A3 ret :004CB6A4 cmp eax,00000002 :004CB6A7 jne 004CB6B5 *Possible StringData Ref from Code Obj -> " This is not a valid Registtration " -> " code , please try again." <-- error message :004CB6A9 mov eax,004CB724 :004cb6AE call 00472A48 :004CB6B3 jmp 004CB6C4 *Referenced by (U)conditional or (C)onditional jump at address : |:004CB6A7(c) :004CB6B5 cmp eax,00000003 :004CB6B8 jne 004CB6C4 *Possible StringData Ref from Code Obj -> " The previous registration code " -> " you have entered is not valid, " -> " please try again. " <-- previous version code :004CB6BA mov eax,004CB768 :004CB6Bf call 00472A48 -as u can see our err message is in the middel take a good look at line 004CB6A4 cmp eax,00000002 <-- it comapres the eax register with 2 , so.. and at line 004CB694 <-- comapres the eax register with 1 , s0.. and at line 004CB6B5 <-- comapres the eax register with 3 , hmmm ... look above we have there calls so one of them put 2 into eax register and we end up at this nasty message .... so to make the story short it is the call at address 004D2F1E that put 2 in eax ( u can check it urself cuz this tut is not about tracing the code !!! Sorry !!!) 4) so go to 004D2F1E and u will see something like this : :004D2F12 E8B110F3FF call 00403EB8 <-- check the serial :004D2F17 745A je 004D2F73 <-- if it's good then jump :004D2F19 B802000000 mov eax,00000002 <-- else put 2 in eax :004D2F1E E87187FFFF call 004CB694 <-- call the error message 5) o.k yes u r right !!! open hiew and go to 004D2F17 press F3 and change the 74 to EB so that 745A will be EB5A , this way no matter what serial u enter (good or bad ) Solsuite will be register 6) Now from here begins the tut !!! o.k so u changed the bytes at address 004D2F17 , let's try it run solsuite click on register and enter any serial u want and yes a dialog to put ur name , enter ur info , then it is fully registered , kool !!! but wait , when i was cracking this game and after i changed the byts and copy file solsuite bake to the installed folder and try it !!! and register it ... i close it and cuz i was on the same installed folder i saw that there was a file created under the name of Solsuite.cl5 !!!! 7) So.. (u found a file the windows is full with them so What !!! ) hmmm ... something is fishy about this file ( yeaa!!! i smell it 2 !!!1 ) , o.k edit this file with notepad , hmmm nothin' there just a bunch of ascii char. hmmm o.k then cut the file from the folder and keep it in a safe place ( i know where !!!! ) , run the game , and *boom* it is back to UNREGISTERED !!!! , o.k copy back the file to the folder and *boom* it is back to Registered !!!! 8) So.. this game has also a keyfile protection !!!! (yes yes !!! ) o.k ... let's play with solsuite.cl5 a littlebit and c how it's decrypted !!! u can open it with hiew or with notepad to take alook at it !!! and this is what u will get : `ec`cbdbe`cbhabbe dhefcbedgdaabfehg dab``ccv1„‹r9„ŤPŚ P„~„QPPPPPPPPPPPP PPPPPPPPPPPPPPPPP PPPPPP Note : when i was asked to enter my name i put FaT[BiT] \ TNT! 9) let's play with line no.1 and change the (c) for example to anything u like o.k save it !! run the game !!!*boom* UNREGISTERED VERSION !!! ,hmmm ..!! o.k let's play with the last (P) , again change it to anything u want !!! ... in may case i put it (1) , save the file and run the game *boom* u will see a little (a) far from ur name at the splash screen !!! hmmm !!!! , to make sure again let's change the char. (P) the one before the last to (1) also and save the file , run the game , and !!! another (a) appear !!! hmm !!! ...... 10) So... when we put 1 on the file the screen will put a , so what is the thing between a and 1 , hmm !!!! o.k let's take a rest now and read that ASCII table let's see !!! now : 1 = 31h and a = 61h , so when i put on the file the char (1) it will say (a) so .... !!! * * * * * * * * K A B O O O O O M * * * * * * * * * it simply adds 30h to the char (1) to make it (a) ... and in reverse it subtract 30h <-- hint for the coding but let's ask a question upon this thing !!! so if i want to put (1) on the scrren , i should write (a) on the file ???? , let's try it !!! yes yes yes !!! so... depending on this i can do the following: there is alot of (P)'s in the file and on the screen there is nothin (upon our theory !!) , will not nothin' it is spaces !!!! so .... back to the ASCII table !!! we see this : P = 50h and (space) = 20h s0... this time it subtract 30h , and in reverse it adds 30h <-- hint for the coding so if i want to print (P) on the screen i right on the file (space) !!! let's try !!! kool it worked !!! (what the hell are u talking about i'm lost here !!!! ) 11) o.k so let's put all these things in an if statement : if (i want to write a small letters on the screen for example the (a)) then i should write on the file ( ASCII (a) - 30h = 61h - 30h = 31h --> (1) then i write it on the file ) else if (i want to write captial letters on the screen for example the (A)) then i should write on the file ( ASCII (A) + 30h = 41h + 30h = 71h --> (q) then i write it on the file ) so... there u go !!!! (yeah right !!!put from where dose my name start) !!! hmmm good question !!! my screen shows FaT[BiT] \ TNT! and the file shows `ec`cbdbe`cbhabbe dhefcbedgdaabfehg dab``ccv1„‹r9„ŤPŚ P„~„QPPPPPPPPPPPP PPPPPPPPPPPPPPPPP PPPPPP and we know that the P is a space so if i changed the Q i must change the last letter in my name !!! let's try it change the (Q) to (2) ( upon your theroy it should display (b) y? cuz 2 = 32h and we said if i want to show a lower case letter i add 30h so 30h+32h = 62h --> (b) ) o.k kool do it !!! and that last letter in ur name is changed !!! now all u have to do is to count ur name and count the letters on the file and u will find where ur name starts in my case it starts at the char (v) ( v = 76h , F = 46h ) there u go (yeah right !!! but if i want to put my nick name on the screen and my nick name has numbers and special letters how can i do it !!!! ) yes it is another good question !!! 12) o.k.... now we know where our name starts and where it ends and u said u want to write ur nick that has alot of special char. and numbers and anything else !!! o.k simple......... open the file solsuite.cl5..... NOTE : now u know where ur name starts don't u !!!! o.k go to the first letter of ur name and count how many char. to know where it ends , then delete them , then write ur nick name as u write it (aaaa !!! so ur gona make solsuite do the calcualtions for us ) yes that is right !!! so in my case my file will look like this : `ec`cbdbe`cbhabbe dhefcbedgdaabfehg dab``ccFaT[BiT] \ TNT!PPPPPPPPPPPP PPPPPPPPPPPPPPPPP PPPPPP then run the game , click on Help \ About , to see what u should write on the file !!! and write it down , exit the game , open solsuite.cl5 and change the letters of ur nick name back to write ones , save the file , run the game !!! and it is registered !!! under u nick or fav. name !!! 13) wof !!!! that was a long one right (yeah so is my d*** !!! ) o.k now we have the idea for the decreption ( no we don't !! ) i know i left something to calcualte for urself !!! (ohh shit !! ) don't worry look at the source code of to know alot about the calcualtions of ur name !!! so.... !!! let's make a program to take our name as an input and give us the keyfile (solsuite.cl5) as an output and when we put it in the same folder solsuite to make it run registered !!! here is the code : --------------------------rip it from here------------------------------------ program keygen; uses crt ; var i, ascii : integer ; { i --> counter , ascii ---> char to write on the file } head : string[41] ; { header of the file (serial number)} name : string[50] ; { your entered name } key : file of char ; { the output file solsuite.cl5 } ch : char ; { the char that we enter } begin clrscr; textcolor(green); head := '`ec`cbdbe`cbhabbedhefcbedgdaabfehgdab``cc'; {we put the header of the file } for i:=1 to 91 do name[i]:= ' '; {make the file full of spaces } writeln('TNT!CRACK!TEAM! --> http://kickme.to/tnt or /tntgfx '); writeln('======================================================'); writeln('SolSuite 2000 v5.X *KEYFILE* maker by FaT[BiT] \ TNT! '); writeln('======================================================'); write('Enter Your Name : '); readln(name); assign(key,'solsuite.cl5'); rewrite(key); for i:=1 to 41 do begin ch := head[i]; write(key,ch); {write the head to the file } end; for i:=1 to 50 do begin ch := name[i] ; {read a char of the name } if ((ch>='a') and (ch<='z')) then begin ascii := ord(ch); ascii := ascii-48 ; ch := chr(ascii); write(key,ch); {if it's a small letter we only subtract 30h = 48d } end else begin ascii := ord(ch); ascii := ascii+48 ; ch := chr(ascii) ; write(key,ch); { else we just add 30h = 48d } end; { that is the little thing that i have left } end; { u can test it for any char to know how it worx ! } writeln('your keyfile has been generated'); end. ---------------------------end of ripping------------------------------- 14) there u have it !!! how to crack with the source code i hope u have learned something out of this !!!! cya all in another tut !!!! NOTE : i hope u know how to compile this code !!!! and let me tell u one thing .... if it is a lowercase subtract 30h else add 30h , that is all to it !!! i wrote this cuz i know some ppl will come to me after reading this shit saying we didn't understand !!!! (ohhhh !!! u !!!! ) FaT[BiT]_FaTsO greetz gose to : tKC -------> ( ur tuts ROX!! , i have them all!!!!!) LW2000 ----> ( Thank u for showing me how to use my brain!!!! ) R!SC ------> ( if only ur tut is more compleX !! man !! u rox !!) XasX ------> ( ur toolz is great , best founder i have ever known !! ) karlitoxZ -> ( u r a true friend !!!) wishmaker--> ( u r good !!! keep it up ) BoneZ -----> ( thanx for ur support !! it ment alot !!) and happy aniversey to all TNT!CRACK!TEAM! members !!! written on 7:33 PM 5/20/00 *eof -----------