SolSuite v5.3
Fishing a Registration Code
Best view 1024 X 768
by FaT[BiT] \ TNT!
Cracking For Beginners
 
Program Info
Program Name : solSuite.exe
Program Type : Card Game
Program Location : http://www.SolSuite.com
Program Size : 3.62MB
 
ToolZ :
SoftIce v4.05
W32Dasm v8.93
Easy ( X ) Medium (  ) Hard (  ) Pro (  )

SolSuite v5.3
Cracked and Written by : FaT[BiT] \ TNT!
Tutorial No. : 3

Intoduction

HI THERE !!
PLEASE EXCUSE MY POOR ENGLISH !!!
THIS IS _ONLY_ FOR NEWBIES
As my friend Sir dReAm said " if you are an advanced cracker and you want to read this then you are really wasting your time "

Protection

This game need a simple Registration Code to register it !!, and today we are gona find this serial !!! if you want to have more info about this game and how it's protected read my first Tutorial !!!

The Essay

install the game and run it , click on help\Registration Code , and try to enter any code you like 24676 and yes there you go , our nasty little message that says :

This is not a valid Registeration code , please try again

So... you know the lesson , yes right again (you are good !! ) , copy the file solsuite.exe to your win32dasm dir. yes again to dasm it , o.k !!! finished kool!!! , now look for our error message and when you find it double click on it , and you will see this code , after you scroll up a little bit :

* Referenced by a CALL at Addresses:
|:004D6772 , :004D7B78 , :004D7CBE  <-- *hmm..*
|
:005B9E28 83F801             cmp eax, 00000001
:005B9E2B 750B               jne 005B9E38

* Possible StringData Ref from Code Obj ->"Please enter all of your information "
                                        ->"into the Registration Code dialog "
                                        ->"box."  <-- if no Code entered

:005B9E2D B8649E5B00         mov eax, 005B9E64
:005B9E32 E8FD6AECFF         call 00480934
:005B9E37 C3                 ret

:005B9E38 83F802             cmp eax, 00000002
:005B9E3B 750C               jne 005B9E49

*Possible StringData Ref from Code Obj -> " This is not a valid Registtration "
                                       -> " code , please try again."     <-- error message

:005B9E3D B8B89E5B00         mov eax, 005B9EB8
:005B9E42 E8ED6AECFF         call 00480934
:005B9E47 EB0F               jmp 005B9E58

Now let me explain something here, cuz i know some of you are lazy to read my first tutorial, so here is a flash back . our error message is poped up , cuz the value of eax is qual to 2 , and if you take a good look , you will see that the other message will popup cuz the vale of eax is either equal to 1 or 3 , look for your self , now we have three values for eax , and three messages and also three calls , and to save you time it is the call at address 004D7CBE that set eax to 2 , so click on find and enter the address and you will be here :

:004D7CB2 E821C3F2FF       call 00403FD8  <-- call to check our Registrtion Code
:004D7CB7 745A             je 004D7D13  <-- if it's correct then continue
:004D7CB9 B802000000       mov eax, 00000002  <-- else set eax to 2
:004D7CBE E865210E00       call 005B9E28  <-- call the error message

So.. in my first tutorial we patched the jump at address 004D7CB7 , but now we are gona find the serial , o.k do u see the call !!! the one before the jump , now all we have to do is to set a bpx (breakpoint) on it , in other words before the CPU execute this call , but how do we do that , easy ?? , run the game and click on help\Registration Code , enter any code you like , and before you click o.k , get to SoftIce , and you can do that by pressing [Ctrl]+[d] and set a breakpoint like this , bpx hmemcpy , now press F5 to get back to the game , now clik o.k , Softice will break , now press F11 to get the caller , then press F12 about SiX times , until u see the address on this form XXXXXXXX not like this XXXX , cuz XXXXXXXX means that you are in 32bit mode , o.k now clear or bpx by typing bc * , and set a new breakpoint on the call address , that can be done like this bpx 004D7CB2 , and press F5 to exit, now Softice will break again , all you have to do is to view the content of edx by the command d edx , but before that make sure that your data window is big or have a large view , now did you write the command , o.k , now Softice will display what is in edx register , now scroll a little bit till you see a code , or at least it looks like one , in other words it looks like this :

324250328 <-- this looks like a Registration Code to me !!!

o.k write it down , and clear all breakpoints , press F5 , to get back to the game , and try our code , and look it gave us a dialog to enter our name , so let's write it , and guess what? yes yes yes yes yes yes yes !!!

SolSuite is Fully Registered

The Patch

NO NEED!!!

Final Words

There you have it , i hope you have learned somthing out of this Tutorial and i also hope that you habe enjoyed it as much as i did writing it .....Cya !!!

FaT[BiT]_FaTsO GreetZ the following PPL :

tKC --- ( ur tuts ROX!! , i have them all!!!!!)
LW2000 --- ( Thank u for showing me how to use my brain!!!! )
R!SC --- ( if only ur tut is more compleX !! man !! u rox !!)
XasX --- ( Thanx for the award!!! , u are a great founder !! )
karlitoxZ --- ( u r a true friend !!!)
The WishmaKer --- ( u r good !!! keep it up )
Sir dReAm --- ( U make TNT! crack , keep it up !! )
BoneZ ---( thanx for ur support !! it ment alot !!)

and to all TNT!CRACK!TEAM! members

                                                                                                                                                                                                                  cya FaT[BiT] \ TNT!