Introduction:

Terrapin FTP is simple FTP connection program, Freeserve recommend it for use in uploading/managing you website and it has a 30 day trial limitation on it so after you use it beyond 30 days it limits most of the features so you 'have to buy it'. Oh no you don't, this is the simplest cracks ever and you don't even need softice. Run the program and you will get a register/unlock screen. If you put your clock forward you are told that most of the features have been disabled until you register. Get it from: http://www.terra-net.com

Tools needed: WDASM

The Protection:

This involved entering a valid registration code when starting and selecting unlock. If you enter an invalid code it tells you so. Try it for yourself.

The 'Crack'

First of all of run the ftp95.exe through WDASM and look for 'Invalid Registration Code'. This is what you'll find:

:0044A3B2 lea eax, dword ptr [ebp-4C]
:0044A3B5 push eax
:0044A3B6 call 00441C38 ------------> Calculate valid code ?
:0044A3BB add esp, 00000004
:0044A3BE test eax, eax --------------> Did you put the correct code in?
:0044A3C0 jne 0044A3FE -----------> If so then jump to 44A3FE (look further down the list..)
:0044A3C2 push 00000000
:0044A3C4 push 00000000

* Possible StringData Ref from Data Obj ->"Invalid Registration Code."
|
:0044A3C6 push 004A74C5 ----------> We put the wrong code in didn't we?
:0044A3CB call 0046BB14
:0044A3D0 mov [ebp-04], 00000000
:0044A3D7 lea ecx, dword ptr [ebp-4C]
:0044A3DA call 0047B5AC
:0044A3DF mov [ebp-04], FFFFFFFF
:0044A3E6 lea ecx, dword ptr [ebp-58]
:0044A3E9 call 0047B5AC
:0044A3EE xor eax, eax
:0044A3F0 mov ecx, dword ptr [ebp-0C]
:0044A3F3 mov dword ptr fs:[00000000], ecx
:0044A3FA mov esp, ebp
:0044A3FC pop ebp
:0044A3FD ret

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044A3C0(C)

:0044A3FE mov eax, 00000001 ------------> We would end up here if we entered a valid code.
:0044A403 mov dword ptr [004B39A4], eax
:0044A408 mov dword ptr [004B39A8], 00000000
:0044A412 lea ecx, dword ptr [ebp-1C]
:0044A415 push ecx

* Possible StringData Ref from Data Obj ->"Software\Persist\23403-97942-07512"

The above line is a reference to a registry entry in HKEY_LOCAL_MACHINE\Software\Persist\23403-97942-07512\.........If you have a look at the entry here you will see a 2 more keys, a 1 and 2. Look at the values in these keys............then look at the following values below..

:0044A416 push 004A7562
:0044A41B push 80000002

* Reference To: ADVAPI32.RegCreateKeyA, Ord:0000h -----> Ready to write a new value into the registry

:0044A420 Call dword ptr [00403D48]
:0044A426 push 00000005

* Possible StringData Ref from Data Obj ->"54873" -----------> Write this value under key 1

:0044A428 push 004A755C
:0044A42D push 00000001

* Possible StringData Ref from Data Obj ->"1" ----------------> Write this value under key 2
The above hilighted values 54873 and 1 are written into the registry if a valid code is entered. This is whay you don't need softice for this crack....there's no tracing to be done here as the values are here for you already.

:0044A42F push 004A755A
:0044A434 push [ebp-1C]

Now you can edit the values yourself in the registry..........run REGEDIT and goto the key mentioned under: HKEY_LOCAL_MACHINE\Software\Persist\23403-97942-07512\1 and double clickon where it has 'default' and enter 54873 in place of whatever numbers are already there. Then goto: HKEY_LOCAL_MACHINE\Software\Persist\23403-97942-07512\2 and enter the value 1 in place of whatever is already there. Close REGEDIT then run the ftp95.exe. You will notice that you don't get the register/unlock screen and if you put your clock forward 1 month or more the program doesn't disable itself.

That's it then, THE simplest 'crack' you'll ever come across. Next..............