WHY PATCHING WHILE SERIAL NUMBER IS FISHY


Mass Renamer v3.0 (build 060100)
A Cracking Tutorial 
by ASTAGA [D4C/C4A]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.


ABOUT THE PROGRAM 


Mass Renamer is a utility that allows the user to rename multiple 
files throughout multiple drives and multiple directories, quickly 
and easily. MR includes a very simple easy to use Graphical User 
Interface meaning even the most novice of users can use it. 
The following can be achieved by using Mass Renamer:
Rename files across multiple drives / directories and subdirecto
ries Rename filenames to original plus a prefix ( eg: prefixORIG
INAL.EXE ) Rename filenames to original plus a suffix ( eg: ORIG
INALsuffix.EXE ) Rename filenames replacing a character with ano
ther Rename the extension of filenames ( eg: FILE1.EXE ---> 
FILE1.COM ) Rename filenames to random strings but keep the file
name extension ( eg: XLKDOR.EXE ) Rename filenames adding prefix 
incrementing value ( eg: 01ORIGINAL.EXE ) Rename filenames add
ing suffix incrementing value ( eg: ORIGINAL01.EXE ) Rename file
names to random integer but keep the filename extension ( eg: 02
49855.EXE ) Rename filenames to a base filename plus an incremen
ting value ( eg: BASE01.JPG, BASE02.JPG ) 



WHERE TO DOWNLOAD

Author   	: autoMATion_software
Homepage 	: http://www.automation-software.co.uk
URL		: http://www.automation-software.co.uk/files/mrexe.zip
		  http://www.automation-software.co.uk/files/mr.zip
Size 		: 300  KB  as of 06/01/2000



HOW TO GET VALID SERIAL NUMBER by using SoftIce


1.  Run Mass Renamer.exe, In the registration dialog box type these below 
    informations :

	User Name  : Pirates Order
	Reg Code   : 7388070103050705050704060100040406021050

    Do not click OK button yet
    

2.  Load SoftIce by pressing [ CTRL + D ], set a new breakpoint 
    as follow : 
                                                        

	BPX WideCharToMultiByte  [enter]   and
   	F5  to return to the main program

3.  Click OK button... you'll return back into SoftIce.  
    In within SoftIce press F11, F5, F11 once again.
    Only because I've traced the codes for you, now, follow this
    step : 

	: bd *  [enter]
	: bpx 015F:004148BC
	: G 015F:004148BC  [enter]
	: U 015F:004148BC  [enter]
	
	( if you failed break at that location, do a search string as 
	follows : 
	        s 0 l fffffffffff FF 15 08 10 40 00 8B D0  [enter]
	Pattern found at 0167:xxxxxxxxx.  Set a new breakpoint in 
	this location, and press X or F5 to let SoftIce break into )
 
	 
4.  If nothing goes wrong you'll see these below snippet codes :

	_____________________________________________________________

	015F:004148BC  FF1508104000    CALL   [00401008]
	015F:004148C2  8BD0            MOV    EDX,EAX
	015F:004148C4  8D4DC0          LEA    ECX,[EBP-40] 
	015F:004148C7  FFD6            CALL   ESI
	015F:004148C9  50              PUSH   EAX 
	015F:004148CA  FF1544104000    CALL   [00401044]
	015F:004148D0  8BD0            MOV    EDX,EAX
	015F:004148D2  8D4DE0          LEA    ECX,[EBP-20] ==> d edx
	015F:004148D5  FFD6            CALL   ESI 
                          
      ________________ MASS RENAMER!.text+000138B9  _______________

	Press F10 and stop at 015F:004148D2 - display EDX regioster :

	: d edx  [enter] ==> oops .... look at the Data Window, your
				fake code is at virtual address 0167:
				0042A100 upto 0167:0042A150 .

	0167:0042A0A0 31 00 31 ... 00 30 00  1.1.4.1.0.1.1.0.
	0167:0042A0B0 30 00 31 ... 00 32 00  0.1.1.4.7.9.3.2.
	0167:0042A0C0 31 00 31 ... 00 31 00  1.1.5.1.0.1.1.1. 
	0167:0042A0D0 36 00 39 ... 00 30 00  6.9.7.1.1.4...0. 
	0167:0042A0E0 30 00 39 ... 00 36 00  0.9.0.5.0.0.0.6. 
	0167:0042A0F0 30 00 32 ... 00 00 A0  0.2.0.7.....d... 
	0167:0042A100 50 00 00 ... 00 37 00  P...7.3.8.8.0.7. ***
	0167:0042A110 30 00 31 ... 00 37 00  0.1.0.3.0.5.0.7. 
	0167:0042A120 30 00 35 ... 00 34 00  0.5.0.5.0.7.0.4. 
	0167:0042A130 30 00 36 ... 00 34 00  0.6.0.1.0.0.0.4. 
	0167:0042A140 30 00 34 ... 00 30 00  0.4.0.6.0.2.1.0. 
	0167:0042A150 35 00 30 ... 00 00 00  5.0...2...7..... 
	0167:0042A160 74 00 00 ... 00 31 00  t...h...0.3.0.1. <==
	0167:0042A170 30 00 36 ... 00 37 00  0.6.0.5.7.2.0.7. <==
	0167:0042A180 30 00 34 ... 00 34 00  0.4.0.2.0.7.0.4. <== 
	0167:0042A190 30 00 32 ... 00 32 00  0.2.0.5.0.2.0.2. <== 
	0167:0042A1A0 30 00 33 ... 00 35 00  0.3.0.0.0.9.0.5. <== 
	0167:0042A1B0 30 00 30 ... 00 37 00  0.0.0.6.0.2.0.7. <==
	0167:0042A1C0 30 00 30 ... 00 35 00  0.0.0.C.0.4.0.5. <==
	0167:0042A1D0 00 00 00 ... 00 33 00  ....t...h...0.3. <==

	So, where is the correct serial number then ? 
	Just write down 2 potentials S/N between 	0167:0042A0A0
	~~ 0167:0042A0F0  and  0167:0042A160 ~~ 0167:0042A1C0.

	Note : sometime you should press F11 several times
            ( at the breakpoint you'd set ) until all
		serial number copied into virtual address.
		It's very common in cracking VB based program.


6.  Disable all breakpoint, and return to registration dialog box.
    Keyed-in  03010605720704020704020502020300090500060207000C0405
    as your registration code.
    The classic message " Thank you for registering..... " pops up
    on your screen.
    How about if i keyed-in 11410110.....  ?  Try it you may get
    another licenses.

    

7.  Where the hell is my registration info is stored ??

	-  The correct registration code is stored in the C:\
	   WINDOWS\SYSTEM.INI file as follow :

	   [MASS RENAMER]
	   RegName=Pirates Order
	   RegCode=03010605720704020704020502020300090500060207000C0405
	   ;RegName=ASTAGA D4C
	   ;RegCode=0609070103050705050704060100040406020102
	   
     	( whatta nice hiding place ... dudes ! )


8.  How can I practice with my own user name and reg key ?

	-  I strongly recommended you not to do this !




					E N D   N O T E S


		Distributing your serial number is illegal and is no 
			different than distributing illegal 
				copies of the registered 
				 software. Violation of
					this rule may 
					  result in 
			temporary or permanent revocation of this
			     license and cancellation of the 
			              serial number; 
				   the original licensee
			   will also be held responsible for 
			    damages, physical and estimated.


   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
      < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 		Never attribute to malice that which is adequately 
				explained by stupidity


ASTAGA [D4C/C4A] tute-massrenamer30.zip
[EOF] 10/17/00 1:13:15 PM