WHY PATCHING WHILE SERIAL NUMBER IS FISHY


THE FILECHOPPER v3.2
A Cracking Tutorial 
by ASTAGA [D4C/C4A]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.


ABOUT THE PROGRAM 


 This program is designed for moving files between computers, where	
 the files are too large to fit on one floppy, SuperDisk, SyQuest,	
 in an e-mail, or whatever medium is used to transport the file.	
 The program splits the original file into smaller ones of desirable
 sizes, and, of course, restores it later. These sizes can be chosen
 arbitrarily by the user, or the program may find out by itself how	
 much space is available on the used medium. Therefore, you may use	
 non-empty and even partly corrupted disks.				

 THE PROGRAM DOES THE FOLLOWING TWO THINGS				
 o   Splits a big file into smaller files of desired sizes. 	
     These sizes may be choosen either from a fully editable 
     list of Base Sizes, or calculated from within the program.
 o   Restores the big file from the smaller ones.


WHERE TO DOWNLOAD

Author   	: Ulf Oreborn, 
Copyright	: Matex Data HB
Homepage	: http://home.swipnet.se/matexdata/
URL	     	: http://home.swipnet.se/matexdata/programs/
		  FileChopper.exe
Size 		: 1.1MB


HOW TO GET VALID SERIAL NUMBER by using SoftIce


1.  Run TheFileChopper.exe, in the main program click on HELP/
    LIC INFORMATION submenu.  In the registration dialog box 
    type these below informations :

	Name : Pirates Order 
	Licence Code: 9073884665

    Do not click CHECK THE CODE button yet
    ( hereinafter refered to as OK button )

2.  Fire up SoftIce by pressing [ CTRL + D ], put a new breakpoint
    in this regard is HMEMCPY : 

	BPX HMEMCPY [enter] and
   	F5  to return to the main program

3.  Now click OK button... you'll return back into SoftIce!
    In within SoftIce press F11, F5, F11, then followed with
    pressing F12 several times until you see and break at :

    ________________________________________________________________

	015F:0041365A  8B83E8010000   MOV    EAX,[EBX+000001E8] 
	015F:00413660  E89B4B0300     CALL   00448200 <=== break here 
	015F:00413665  8D45FC         LEA    EAX,[EBP-04] 
	015F:00413668  33D2           XOR    EDX,EDX 
	015F:0041366A  8955F8         MOV    [EBP-08],EDX 
	015F:0041366D  8D55F8         LEA    EDX,[EBP-08] 
	015F:00413670  FF45D0         INC    DWORD PTR [EBP-30] 
	015F:00413673  E890920600     CALL   0047C908
	015F:00413678  8D45F8         LEA    EAX,[EBP-08]
	015F:0041367B  5A             POP    EDX
	015F:0041367C  E813910600     CALL   0047C794 
	015F:00413681  50             PUSH   EAX ===> ? ECX
	015F:00413682  FF4DD0         DEC    DWORD PTR [EBP-30] 
	015F:00413685  8D45F0         LEA    EAX,[EBP-10] 
	015F:00413688  BA02000000     MOV    EDX,00000002
	_____________________THEFILECHOPPER!.text+0001265A____________


4.  Clear the current existing breakpoint and  Set a new breakpoint at 
    the abovementioned address :
 
	bc *  [enter]
	bpx 015F:00413660 [enter]


5.  Let's start tracing the codes.
    Press F10 10 times - stop at 015F:00413681 - look at the Register
    Window that ECX register hold value 38383337 .... 
    Let's check it out what is inside that ECX as follow : 

	: ? ECX  [enter]
	SoftIce will response :
	38383337 0943207223 "8837"  ===> oops ... that's a part of 
					our fake code ( in reverse order )

    Press F10 2 times - stop at 015F:00413685 - in here iam getting
    curious, the contents of SS register never copied into the stack.
    In the below is an excerpts from my Register Window : 

	EAX=00000000 ...... EDX=00000008   ESI=006EFA2C        
	EDI=00000007 ...... EIP=00413685   o d I s z a P c     
	CS=015F   DS=0167 ...... SS=0167   SS:006EF94C=00C1B5A0 <== !!!

    Let's check what is the content(s) in SS register : 

	: ? 00C1B5A0  [enter]  ==> look at the DAta Window, did you see
					71-83-18-05-44  at the virtual 
					address 0167:00C1B5A0  ???
					Write it down ! 


6.  Disable all breakpoints : 

	bd *   [enter]
	F5  to return to registration dialog box


7.  Keyed-in  71-83-18-05-44  as your registration code.
    Click CHECK THE CODE button ..... you'll get this classic 
    message :
	
	CORRECT LICENSE CODE ENTERED. THANK YOU FOR
	BUYING THIS PROGRAM.

    YOU'RE REGISTERED now... da hast Du Dich aber anscheißen 
    lassen !.
    


8.  Where the hell is my registration code is stored ??

	The correct registration code is stored in the registry as
	follows : 

	REGEDIT4
	[HKEY_CURRENT_USER\Software\Matex Data HB\The File Chopper\License]
	"UserName"="PIRATES ORDER"
	"LicenseCode"="71-83-18-05-44"
	"ExpireDay"=dword:00008e71



7.  How can I practise with my own user name ?

	-  I strongly recommended you not to do this !




					E N D   N O T E S


		Distributing your serial number is illegal and is no 
			different than distributing illegal 
				copies of the registered 
				 software. Violation of
					this rule may 
					  result in 
			temporary or permanent revocation of this
			     license and cancellation of the 
			              serial number; 
				   the original licensee
			   will also be held responsible for 
			    damages, physical and estimated.


   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
      < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 		Never attribute to malice that which is adequately 
				explained by stupidity


ASTAGA [D4C/C4A] tute-filechopper32.zip
[EOF] Revised/Updated : 11/29/00 3:43:47 AM 
First Edited : 5/29/00 4:34:49 PM