WHY PATCHING WHILE SERIAL NUMBER IS FISHY THE FILECHOPPER v3.2 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM This program is designed for moving files between computers, where the files are too large to fit on one floppy, SuperDisk, SyQuest, in an e-mail, or whatever medium is used to transport the file. The program splits the original file into smaller ones of desirable sizes, and, of course, restores it later. These sizes can be chosen arbitrarily by the user, or the program may find out by itself how much space is available on the used medium. Therefore, you may use non-empty and even partly corrupted disks. THE PROGRAM DOES THE FOLLOWING TWO THINGS o Splits a big file into smaller files of desired sizes. These sizes may be choosen either from a fully editable list of Base Sizes, or calculated from within the program. o Restores the big file from the smaller ones. WHERE TO DOWNLOAD Author : Ulf Oreborn, Copyright : Matex Data HB Homepage : http://home.swipnet.se/matexdata/ URL : http://home.swipnet.se/matexdata/programs/ FileChopper.exe Size : 1.1MB HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run TheFileChopper.exe, in the main program click on HELP/ LIC INFORMATION submenu. In the registration dialog box type these below informations : Name : Pirates Order Licence Code: 9073884665 Do not click CHECK THE CODE button yet ( hereinafter refered to as OK button ) 2. Fire up SoftIce by pressing [ CTRL + D ], put a new breakpoint in this regard is HMEMCPY : BPX HMEMCPY [enter] and F5 to return to the main program 3. Now click OK button... you'll return back into SoftIce! In within SoftIce press F11, F5, F11, then followed with pressing F12 several times until you see and break at : ________________________________________________________________ 015F:0041365A 8B83E8010000 MOV EAX,[EBX+000001E8] 015F:00413660 E89B4B0300 CALL 00448200 <=== break here 015F:00413665 8D45FC LEA EAX,[EBP-04] 015F:00413668 33D2 XOR EDX,EDX 015F:0041366A 8955F8 MOV [EBP-08],EDX 015F:0041366D 8D55F8 LEA EDX,[EBP-08] 015F:00413670 FF45D0 INC DWORD PTR [EBP-30] 015F:00413673 E890920600 CALL 0047C908 015F:00413678 8D45F8 LEA EAX,[EBP-08] 015F:0041367B 5A POP EDX 015F:0041367C E813910600 CALL 0047C794 015F:00413681 50 PUSH EAX ===> ? ECX 015F:00413682 FF4DD0 DEC DWORD PTR [EBP-30] 015F:00413685 8D45F0 LEA EAX,[EBP-10] 015F:00413688 BA02000000 MOV EDX,00000002 _____________________THEFILECHOPPER!.text+0001265A____________ 4. Clear the current existing breakpoint and Set a new breakpoint at the abovementioned address : bc * [enter] bpx 015F:00413660 [enter] 5. Let's start tracing the codes. Press F10 10 times - stop at 015F:00413681 - look at the Register Window that ECX register hold value 38383337 .... Let's check it out what is inside that ECX as follow : : ? ECX [enter] SoftIce will response : 38383337 0943207223 "8837" ===> oops ... that's a part of our fake code ( in reverse order ) Press F10 2 times - stop at 015F:00413685 - in here iam getting curious, the contents of SS register never copied into the stack. In the below is an excerpts from my Register Window : EAX=00000000 ...... EDX=00000008 ESI=006EFA2C EDI=00000007 ...... EIP=00413685 o d I s z a P c CS=015F DS=0167 ...... SS=0167 SS:006EF94C=00C1B5A0 <== !!! Let's check what is the content(s) in SS register : : ? 00C1B5A0 [enter] ==> look at the DAta Window, did you see 71-83-18-05-44 at the virtual address 0167:00C1B5A0 ??? Write it down ! 6. Disable all breakpoints : bd * [enter] F5 to return to registration dialog box 7. Keyed-in 71-83-18-05-44 as your registration code. Click CHECK THE CODE button ..... you'll get this classic message : CORRECT LICENSE CODE ENTERED. THANK YOU FOR BUYING THIS PROGRAM. YOU'RE REGISTERED now... da hast Du Dich aber anscheißen lassen !. 8. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 [HKEY_CURRENT_USER\Software\Matex Data HB\The File Chopper\License] "UserName"="PIRATES ORDER" "LicenseCode"="71-83-18-05-44" "ExpireDay"=dword:00008e71 7. How can I practise with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [D4C/C4A] tute-filechopper32.zip [EOF] Revised/Updated : 11/29/00 3:43:47 AM First Edited : 5/29/00 4:34:49 PM