WHY PATCHING WHILE SERIAL NUMBER IS FISHY Desktop Cycler 2000 v1.5 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM Desktop Cycler is a utility to help you managing and changing your desktop items easily. It can change and cycle wallpapers, screen savers, desktop themes, start menu icons, IE's toolbar wallpapers (hotbars), and also all of startup/shutdown logos. It also contains list of hundreds resource sites that will help you easily getting all great and free desktop goodies. WHERE TO DOWNLOAD Author : Magellass Corp Homepage : http://www.magellass.com URL : http://www.magellass.com/dc2000.zip Size : 923 KB - as of August 8, 2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce FIRSTLY, this program protected with AntiDebugging trick. NO RESPONSE when clicking .EXE file or " No Debug Allowed " message always appear even I had loaded the well known utilities to hide SoftIce from this kind of protection. WDASM83 got stunned when I tried to diassemble and debug this program.... sigh!! Until this morning I talk with Carpathia in the IRC, which tell me to download and try small and useful prog called... ... JUST ASK HER ! This small prog is great, I can even run another program i.e CXIE which has similar protection. Iam not stingy to not to tell you, I have 2B patience and wait until I can solve my stupidity and write this tute... see ... I downloaded this DESKTOPCYCLER2000 2 months ago. Again, thank you Carphatia... without your help I still deepsinked in the darkness. SECONDLY, I personally expressed my sincere salutation to the Author at Magellass Corp. You guys ... Indonesian and Sundanese people do the great job since you released Win Boost in the mid 1997. You never gave up fighting against the crackers all over the Net. And by the way, send my regards to Dani ( one of the Author (?) who made a sticky note in the virtual address like " Horee Mas Dani deui ..... " that means " Horay .. it's Mr Dani again " in Sundanese language. Further, whatta nice try hiding in the CLSID's registry .. ........ HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run MEMONSTER.EXE, in the opening nag screen click that REGISTER button; In the registration dialog box type these below informations : User Name : Pirates Order Key : 73881050 Do not click OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], create a new breakpoint as follow : BPX HMEMCPY [enter] and F5 to return to the main program 3. Now click OK button... you'll return back into SoftIce. In within SoftIce press F11, F5,and F11 once again. Press F12 several times until you reach the main program's code as follow : _________________________________________________________________ 015F:004632C1 E8BA83FCFF CALL 0042B680 015F:004632C6 8B55F4 MOV EDX,[EBP-0C] 015F:004632C9 B85C094700 MOV EAX,0047095C 015F:004632CE E87106FAFF CALL 00403944 015F:004632D3 33C0 XOR EAX,EAX 015F:004632D5 5A POP EDX ... ... __________________DCYCLER!CODE+000622BB______________________ Disable previous breakpoint and create a new breakpoint : bd * [enter] bpx 015F:004632C1 [enter] I just wanna straight to the groin and brings you to where the potential were copied (echoed (?) into virtual address. Remember, I have traced for you. In the SoftIce's Command Line type as follows : Do a search string like this : s 0 l fffffffffffff FF 56 0C 8B 55 F8 [enter] SoftIce will respons : Pattern found at 0030:0046320D (46320D) bpx 0030:0046320D [enter] u 0030:0046320D [enter] Press F5 or X, to let SoftIce break in this location 4. If you do the right thing, you'll these below snippet codes : ___________________________________________________________ 015F:0046320D FF560C CALL [ESI+0C] <=== here 015F:00463210 8B55F8 MOV EDX,[EBP-08] 015F:00463213 A15C094700 MOV EAX,[0047095C] 015F:00463218 E85F0AFAFF CALL 00403C7C <=== d edx ___________________DCYCLER!CODE+0006220D___________________ Press F10 2 times - stop at 015F:00463218 - and dump/display EDX register : d edx [enter] Look at the Data Window, at virtual address of 0167:00CD1F6C did you see AD5T2-T747-UL95-CW6R ? Don't you think that's too suspicious for a serial number ? .... Scroll up/down the Data Window, you'll find another potential valid serial number. For example, I'll show you the contents of the Data Window as follows ( this is only a part ) : 0167:00CD1F6C 41 44 35 54 32 2D.. -34 37 AD5T2-T747-UL95- 0167:00CD1F7C 43 57 36 52 00 00.. -26 00 CW6R....&....... 0167:00CD1F8C 14 00 00 00 32 5A.. -41 2D ....2ZACA-D78A-S 0167:00CD1F9C 4B 33 37 2D 35 44.. -00 00 K37-5D9V....&... 0167:00CD1FAC 01 00 00 00 14 00.. -34 56 ........4V6V7-EA 0167:00CD1FBC 35 32 2D 57 59 41.. -33 4A 52-WYA5-3J4L.... 0167:00CD1FCC 26 00 00 00 01 00.. -14 00 &...........6E4U 0167:00CD1FDC 35 2D 4E 41 34 33.. -47 32 5-NA43-FG25-5F5U 0167:00CD1FEC 00 00 00 00 26 00.. -01 00 ....&........... 0167:00CD1FFC 34 52 39 47 38 2D.. -37 41 4R9G8-L77A-XD85- 0167:00CD200C 37 4C 39 58 00 00.. -26 00 7L9X....&....... 0167:00CD201C 14 00 00 00 33 44.. -41 2D ....3DAGA-P838-U 0167:00CD202C 41 33 32 2D 37 43.. -00 00 A32-7C5C....&... 0167:00CD203C 01 00 00 00 14 00.. -39 58 ........9X6J2-R5 0167:00CD204C 32 34 2D 4C 44 32.. -33 50 24-LD29-3PCX.... 0167:00CD205C 26 00 00 00 01 00.. -14 00 &...........9D4U 0167:00CD206C 36 2D 50 41 36 34.. -58 33 6-PA64-CX3A-6J9J 0167:00CD207C 00 00 00 00 26 00.. -01 00 ....&........... 0167:00CD208C 35 45 41 56 32 2D.. -41 41 5EAV2-K9AA-EZ43- 0167:00CD209C 36 53 38 46 00 00.. -26 00 6S8F....&....... Disable current existing breakpoint, press F5 to return to the registration window. 5. Repeat registration procedure, and keyed-in AD5T2-T747-UL95-CW6R as your serial number (actually iam using 5EAV2-K9AA-EZ43-6S8F). Click OK button, soon you'll see the classic " Desktop Cycler 2000 has been registered successfully ". 5. Where the hell is my registration code is stored ?? Hahaha gotcha ! .... how hard you're using WXIR/WXIO and REGMON ... you'll never found anywhere in your harddisk. Read my preface in the above ... if you have enough time try search and delete this suspicious \CLSID\{FD853CDD-7 F86-11d0-8252-0134940705AB4}. Nice try Mang Dani anu kasep tea euy ... again and again. Beside, once you're registered they're registered forever, one strange occurances is that if you manually edited registry key and value in the "RegisteredOwner" with your own desired name ..... the prog still accepted ! Upon succesful registration, DesktopCycler creates two registry entries as follows : REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Magellass\Desktop Cycler 2000] "RegisteredOwner"="Pirates Order" <== you can change it. and This below registry entry ... IS JUST COSMETIC !!! REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Magellass Corp.\Desktop Cycler 2000] [HKEY_LOCAL_MACHINE\Software\Magellass Corp.\Desktop Cycler 2000\1.50] "Name"="" "Company"="" 9. How can I practise with my own user name ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-desktopcycler15.zip [EOF] 10/20/00 11:54:23 AMWIDTH="15%" HEIGHT="23">