SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING ClipMate v5.2.06 build 215 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. Read END NOTES section at the end of this file. ABOUT THE PROGRAM ClipMate - Popular Clipboard Extender Holds Hundreds of Clips, remembers clips for days, months, or even YEARS! Powerful new Internet Features allow you to save and revisit web pages, launch URLs embedded within text. Even view HTML tags as actual HTML. Powerful editing functions, such as re- formatting, editing, combining, change case, drag and drop, etc.. New in v5.2 - Powerful Email Text Cleanup! ..... and more WHERE TO DOWNLOAD Author : THORNSOFT Development, Inc. Homepage : http://www.thornsoft.com URL : ftp://ftp.thornsoft.com/clipmate5206.exe Size : 1.2 MB as of October 20,2000 Rel date : September 15, 2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run CLIPMT52.EXE, click HELP/ENTER REG CODE submenu, in the registration dialog box type these below informations : User Name : Pirates Order Reg Code : K738810506969 Do not click OK button yet ( Rule#1 : the fake code should be in 13 chars and the first digit should in UPPER CASE letter. Later on in tracing the codes you'll noticed it ). 2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX HMEMCPY [enter] and F5 to return to the main program 3. Click OK button... you'll return back into SoftIce. In within SoftIce press F11, F5, F11, then press F12 11 times until you break at and see these below snippet code : __________________________________________________________ 015F:00519F63 E848BAF1FF CALL 004359B0 <== break here 015F:00519F68 8B8540FEFFFF MOV EAX,[EBP-01C0] 015F:00519F6E 8D9544FEFFFF LEA EDX,[EBP-01BC] ... ... 015F:00519FB2 731A JAE 00519FCE 015F:00519FB4 8A85F5FEFFFF MOV AL,[EBP-010B] ______________________ CLIPMT52!CODE+00118F63_____________ Do a search string and create new breakpoint like this : bpx 015F:00519F63 [enter] <== just for further practise bd * s 0 l ffffffffff e8 ff b9 f7 ff 8d 85 [enter] SoftIce will report : Pattern found at 0167:0051A15C (0051A15C) bpx 015F:0051A15C [enter] u 015F:0051A15C [enter] press X or F5 to let SoftIce break on this new location. 4. If nothing goes wrong, you'll break in the memory location and see these below snippet codes : __________________________________________________________ 015F:0051A15C E8FFB9F7FF CALL 00495B60 <== break HERE 015F:0051A161 8D8528FDFFFF LEA EAX,[EBP-02D8] 015F:0051A167 8D95A1FEFFFF LEA EDX,[EBP-015F] 015F:0051A16D B951000000 MOV ECX,00000051 015F:0051A172 E8959FEEFF CALL 0040410C 015F:0051A177 8B9528FDFFFF MOV EDX,[EBP-02D8] 015F:0051A17D A190FF5200 MOV EAX,[0052FF90] 015F:0051A182 E8C1FCEEFF CALL 00409E48 015F:0051A187 8D9550FEFFFF LEA EDX,[EBP-01B0] 015F:0051A18D 8BC6 MOV EAX,ESI 015F:0051A18F E82CFCEEFF CALL 00409DC0 015F:0051A194 8BC6 MOV EAX,ESI 015F:0051A196 E8BDFBEEFF CALL 00409D58 015F:0051A19B 83F80D CMP EAX,0D ==> ? 0D 015F:0051A19E 0F850E020000 JNZ 0051A3B2 015F:0051A1A4 8D45F2 LEA EAX,[EBP-0E] !! 015F:0051A1A7 E8ACFBEEFF CALL 00409D58 ==> D EAX 015F:0051A1AC 83F80D CMP EAX,0D 015F:0051A1AF 0F85FD010000 JNZ 0051A3B2 015F:0051A1B5 8A4603 MOV AL,[ESI+03] ____________________CLIPMT52!CODE+0011915C________________ Here's what you will found and see in the Data Window : 0167:007BF349 00 00 00 00 .... 00 00 00 00 ................ 0167:007BF359 00 47 30 31 .... 34 36 00 CC .G010345658746.. 0167:007BF369 F4 7B 00 34 .... E9 42 00 80 .{.4mC.D.....B.. 7. Repeat registration procedure. Keyed-in G010345658746 as your serial number, then click OK button. The classic " thank you for registering " pops up on your screen. Check that HELP/ABOUT menu , you've got a Single User Licence ! Open up CLIPMT52.EXE in your HexEditor, then search string for 'Licence' .... you'll found interesting "Large Site Licence" at the hex offset ED865. So, how to get that licence ? Read and verify again the above snippet codes !! 8. Where the hell is my registration info is stored ?? - The correct registration code is stored in the registry as follow : REGEDIT4 [HKEY_CURRENT_USER\Software\Thornsoft\ClipMate5\Registration] "Name"="Pirates Order" "RegistrationNumber"="G010345658746" "FirstTime"="0" "P4"="10/27/00" ;"RegistrationNumber"="GFF0345658746" 8. How can I practiCe with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [D4C/C4A] tute-clipmate5206.zip [EOF] Revised/Updated : 12/1/00 9:45:55 AM First Edited : 10/20/00 1:13:15 PM