Hello all Crackers, ..::Calculici::.. FROM ONE NEWBIE TO ANOTHER Tutor Nr. 6 Program: Media Ripper 32 V1.4 by Alex Kozhenok ( where: http://flash.onegu.ru/mr32/ ) Protection: Name/Serial or Reg/Unreg Level: Beginner Tools: Registry Editor Win32Dasm 8.93 Brain A cool drink. E-mail: calculici83@yahoo.com Ok. Let's start. Launch Media Ripper. Click the about tab then Register. A box appers to enter you name/org/serial to register. Enter anything you want. It will say that is not the correct serial and it is unregistered. Now. Launch the Win32Dasm and disassemble the file mediaripper32.exe. After this click the SDR (string data reference) Button and double-click on "Registered". First we don't see something that is interesting. Double-click again on "Registered" and you will find yourself here (if all is well): :0045C0C3 83FE0A cmp esi, 0000000A :0045C0C6 7526 jne 0045C0EE :0045C0C8 C605C50A460001 mov byte ptr [00460AC5], 01 * Possible StringData Ref from Code Obj ->"Registered" | :0045C0CF BAD4C64500 mov edx, 0045C6D4 :0045C0D4 8B8340030000 mov eax, dword ptr [ebx+00000340] From this we understand that when esi=A then the proggie is registered. But from where did it get esi. Scroll up till here: :0045C068 33F6 xor esi, esi :0045C06A 66C705880A46000E00 mov word ptr [00460A88], 000E * Possible StringData Ref from Code Obj ->"software\MediaRipper32" | :0045C073 B978C64500 mov ecx, 0045C678 :0045C078 B201 mov dl, 01 Oh, good it's something in the registry. But still don't know what in the registry. Let's take a look at another piece of code: * Possible StringData Ref from Code Obj ->"status1" | :0045C0A2 B9B4C64500 mov ecx, 0045C6B4 * Possible StringData Ref from Code Obj ->"Format" | :0045C0A7 BAC4C64500 mov edx, 0045C6C4 :0045C0AC A18C0A4600 mov eax, dword ptr [00460A8C] :0045C0B1 E8CE8FFFFF call 00455084 :0045C0B6 8BF0 mov esi, eax :0045C0B8 0FB705880A4600 movzx eax, word ptr [00460A88] The "status1" registry key is under Format. Ok know we that that by placing A(hex)=10(dec) in "status1" then the program is registered. Ok. Launch Registry Editor from Windoze and goto HKCU. Ok. Open it then open SOFTWARE and then open MediaRipper32.There click on Format and you will see the "status1" registry key. If you do not see it. Create it. While in Format, right-click and goto New and then to String Value. Enter in the field "status1" and you have created the key. Now, right-click on "status1" and choose "Modify". Enter "10" and save the changes. Now run MediaRipper32 again go to the About tab and what do you see: "Registered" Very stupid protection. I don't know why they even put it. Now try to find the correct serial with SoftIce. For me it was: Name: Calculici Org: Acasa s/n: MR32-6699-11101101-1096 Hope you like this tutorial. Mail me. I don't know if it's beginner or easy. So you figure it out. Grets to: All the guys I know. To my girl. To my mother and father. To the guys in the cracking scene. There is a place for you here. ..::Calculici::..::calculici83@yahoo.com::..00 00 00 ................