WHY PATCHING WHILE SERIAL NUMBER IS FISHY

InternetTweak 2000 v2.0
A Cracking Tutorial 
by ASTAGA [D4C/C4A]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.


ABOUT THE PROGRAM 

InternetTweak 2000 (previously known as NetMaster) is a special 
utility designed to configure and personalize Internet secret 
settings in Windows 2000/98/95. Several of its features: optimize 
Internet connection performance, access Internet Explorer, Outlook 
Express, and Netscape Communicator hidden settings. In addition, 
you will get hundreds of selected Internet Tips & Tricks that will 
boost your browser and e-mail applications performance and product
ivity.


WHERE TO DOWNLOAD

Author   	: Magellass Corp
Homepage 	: http://www.magellass.com
URL		: http://www.magellass.com/it2000.zip
Size 		: 1.2 MB - as of  August 8, 2000



HOW TO GET VALID SERIAL NUMBER by using SoftIce


FIRSTLY, this program protected with AntiDebugging trick.
NO RESPONSE when clicking .EXE file or " No Debug Allowed 
" message always appear even I had loaded the well known 
utilities to hide SoftIce from this kind of protection.  
WDASM83 got stunned when I tried to diassemble and debug 
this program.... sigh!!
Until this morning I talk with Carpathia in the IRC, which
tell me to download and try small and useful prog called...
... JUST ASK HER !  This small prog is great, I can even
run another program i.e CXIE which has similar protection.
Iam not stingy to not to tell you, I have to patience and
wait until I can solve my stupidity and write this tute...
see ... I downloaded this ITWEAK2000 2 months ago.
Again, thank you Carphatia... without your help I still 
deepsinked in the darkness.

SECONDLY, I personally expressed my sincere salutation to
the Author at Magellass Corp. You guys ... Indonesian and
Sundanese people do the great job since you released Win
Boost in the mid 1997.
You never gave up fighting against the crackers all over
the Net.  And by the way, send my regards to " Kang Dani nu
Ganteng tea ..... " that means " Mr Dani the Handsome Guy "
Whatta nice try hiding in the CLSID's registry ............


HOW TO GET VALID SERIAL NUMBER by using SoftIce


1.	Run ITWEAK.EXE, in the opening nag screen click that REGISTER
	button;
	In the registration dialog box type these below informations :

	User Name 	: Pirates Order 
	Key		: 73881050

    	Do not click OK button yet


2.	Fire up SoftIce by pressing [ CTRL + D ], create a new breakpoint
	as follow : 

	BPX HMEMCPY [enter] and
   	F5  to return to the main program

3.	Now click OK button... you'll return back into SoftIce.
    	In within SoftIce press F11, F5,and F11 once again.
	Press F12 several times until you reach the main program's code
	as follow :	

	_________________________________________________________________

	015F:00486CBA  8B80CC020000        MOV       EAX,[EAX+000002CC]
						            <==== you're HERE !
	015F:00486CC0  E86387FAFF          CALL      0042F428  
	015F:00486CC5  8D45F4              LEA       EAX,[EBP-0C]                       
	015F:00486CC8  8B55F0              MOV       EDX,[EBP-10]                       
	015F:00486CCB  E810CEF7FF          CALL      00403AE0                           
	015F:00486CD0  8B55F8              MOV       EDX,[EBP-08]                       
	015F:00486CD3  8B45FC              MOV       EAX,[EBP-04]                       
	015F:00486CD6  E8C1FEFFFF          CALL      00486B9C                           
	__________________________________________________________________

	Disable previous breakpoint and set a new breakpoint :

		bd *  [enter]
		bpx 015F:00486CBA  [enter] 

	Now, start tracing the codes.
	Press F10 4 times and stop at 015F:00486CCB, dump/display EDX
	register by typing : 

		d edx  [enter]
		Look at the Data Window - at the virtual address
		0167:012299C - did you see your fake S/N ? and 
		one line below is 	3M9Q3-E858-UW28-2TCT ,
		AF2V2-N263-HJ79-CX4U , 2EAT2-F534-GN88-8JAG ...etc.
		There are a lot of suspicious reg codes .... just
		check by yourself .
		
		Write down those suspicious reg codes.

	Disable current existing breakpoint, press F5 to return to
	the registration dialog box.


4.	Repeat registration procedures, keyed-in  3M9Q3-E858-UW28-2TCT
	as your serial number.  
	Click OK ..... the classic message " Thank you for registering
	.... " message appear on your screen.


5.	Where the hell is my registration code is stored ??

	Hahaha gotcha ! .... how hard you're using WXIR/WXIO and
	REGMON ... you'll never found anywhere in your harddisk.
	Read my preface in the above ... if you have enough time
	try search suspected CLSID {e436ebb7-524f-11ce-9f53-1b49
	a070a77d8 }.
	Nice try Kang Dani anu kasep tea euy ...... again and again.

	Beside, once you're registered they're registered forever,
	one strange occurances is that if you manually edited
	registry key and value in the "RegisteredOwner" with your
	own desired name ..... the prog still accepted !

	REGEDIT4
	[HKEY_LOCAL_MACHINE\Software\Magellass\InternetTweak 2000]
	"RegisteredOwner"="Pirates Order"

	This below registry entry ... IS JUST COSMETIC !!!
	[HKEY_LOCAL_MACHINE\Software\Magellass\InternetTweak 2000\2.00]
	"Name"=""
	"Company"=""


9.  How can I practise with my own user name ?

	-  I strongly recommended you not to do this !


END NOTES

   This program is sold as shareware, so you can try before you buy.  
   This is convenient for you, saves expenses by dispensing with all 
   that packaging, and cuts out the middle person.  So it is cheap, 
   but it is not free.  
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing: 
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 _ Never attribute to malice that which is adequately explained by stupidity _


ASTAGA [D4C/C4A] tute-it2000v20.zip
[EOF] 10/20/00 11:54:23 AMey would