WHY PATCHING WHILE SERIAL NUMBER IS FISHY InternetTweak 2000 v2.0 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM InternetTweak 2000 (previously known as NetMaster) is a special utility designed to configure and personalize Internet secret settings in Windows 2000/98/95. Several of its features: optimize Internet connection performance, access Internet Explorer, Outlook Express, and Netscape Communicator hidden settings. In addition, you will get hundreds of selected Internet Tips & Tricks that will boost your browser and e-mail applications performance and product ivity. WHERE TO DOWNLOAD Author : Magellass Corp Homepage : http://www.magellass.com URL : http://www.magellass.com/it2000.zip Size : 1.2 MB - as of August 8, 2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce FIRSTLY, this program protected with AntiDebugging trick. NO RESPONSE when clicking .EXE file or " No Debug Allowed " message always appear even I had loaded the well known utilities to hide SoftIce from this kind of protection. WDASM83 got stunned when I tried to diassemble and debug this program.... sigh!! Until this morning I talk with Carpathia in the IRC, which tell me to download and try small and useful prog called... ... JUST ASK HER ! This small prog is great, I can even run another program i.e CXIE which has similar protection. Iam not stingy to not to tell you, I have to patience and wait until I can solve my stupidity and write this tute... see ... I downloaded this ITWEAK2000 2 months ago. Again, thank you Carphatia... without your help I still deepsinked in the darkness. SECONDLY, I personally expressed my sincere salutation to the Author at Magellass Corp. You guys ... Indonesian and Sundanese people do the great job since you released Win Boost in the mid 1997. You never gave up fighting against the crackers all over the Net. And by the way, send my regards to " Kang Dani nu Ganteng tea ..... " that means " Mr Dani the Handsome Guy " Whatta nice try hiding in the CLSID's registry ............ HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run ITWEAK.EXE, in the opening nag screen click that REGISTER button; In the registration dialog box type these below informations : User Name : Pirates Order Key : 73881050 Do not click OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], create a new breakpoint as follow : BPX HMEMCPY [enter] and F5 to return to the main program 3. Now click OK button... you'll return back into SoftIce. In within SoftIce press F11, F5,and F11 once again. Press F12 several times until you reach the main program's code as follow : _________________________________________________________________ 015F:00486CBA 8B80CC020000 MOV EAX,[EAX+000002CC] <==== you're HERE ! 015F:00486CC0 E86387FAFF CALL 0042F428 015F:00486CC5 8D45F4 LEA EAX,[EBP-0C] 015F:00486CC8 8B55F0 MOV EDX,[EBP-10] 015F:00486CCB E810CEF7FF CALL 00403AE0 015F:00486CD0 8B55F8 MOV EDX,[EBP-08] 015F:00486CD3 8B45FC MOV EAX,[EBP-04] 015F:00486CD6 E8C1FEFFFF CALL 00486B9C __________________________________________________________________ Disable previous breakpoint and set a new breakpoint : bd * [enter] bpx 015F:00486CBA [enter] Now, start tracing the codes. Press F10 4 times and stop at 015F:00486CCB, dump/display EDX register by typing : d edx [enter] Look at the Data Window - at the virtual address 0167:012299C - did you see your fake S/N ? and one line below is 3M9Q3-E858-UW28-2TCT , AF2V2-N263-HJ79-CX4U , 2EAT2-F534-GN88-8JAG ...etc. There are a lot of suspicious reg codes .... just check by yourself . Write down those suspicious reg codes. Disable current existing breakpoint, press F5 to return to the registration dialog box. 4. Repeat registration procedures, keyed-in 3M9Q3-E858-UW28-2TCT as your serial number. Click OK ..... the classic message " Thank you for registering .... " message appear on your screen. 5. Where the hell is my registration code is stored ?? Hahaha gotcha ! .... how hard you're using WXIR/WXIO and REGMON ... you'll never found anywhere in your harddisk. Read my preface in the above ... if you have enough time try search suspected CLSID {e436ebb7-524f-11ce-9f53-1b49 a070a77d8 }. Nice try Kang Dani anu kasep tea euy ...... again and again. Beside, once you're registered they're registered forever, one strange occurances is that if you manually edited registry key and value in the "RegisteredOwner" with your own desired name ..... the prog still accepted ! REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Magellass\InternetTweak 2000] "RegisteredOwner"="Pirates Order" This below registry entry ... IS JUST COSMETIC !!! [HKEY_LOCAL_MACHINE\Software\Magellass\InternetTweak 2000\2.00] "Name"="" "Company"="" 9. How can I practise with my own user name ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-it2000v20.zip [EOF] 10/20/00 11:54:23 AMey would