WHY PATCHING WHILE SERIAL NUMBER IS FISHY

Private Pix v1.30
A Cracking Tutorial 
by ASTAGA [D4C/C4A]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.


ABOUT THE PROGRAM 

Private Pix (tm) is the ultimate tool to insure your privacy of 
your pictures. 
Private Pix (tm) uses advanced encryption to protect your pictures 
and keep your data safe. Private Pix also encrypts the name of your 
pictures and allows the user to view them while they are encrytped! 
Private Pix also offers a hot key for quick escape using your 
keyboard. 



WHERE TO DOWNLOAD

Author   	: Silvio Kuczynski / Tropical Software
Homepage 	: http://www.tropsoft.com/privpix/main.htm
URL		: http://www.tropsoft.com/privpixd.exe
Size 		:  KB  


HOW TO GET VALID SERIAL NUMBER by using SoftIce

Unlike the other product ( i.e Private Desktop, ErgTimer, Stealth )
from the same Author, Private Pix is visual basic (VB5) based
program.  To my surprise Razzia's tute doesn't work here ( do you
remember his magic search string to locate where the EDI and ESI
register being compared ? ) and I decide to not patching my own
MSVBVM50.DLL as described in the CrackZ's BPINT 3 approach.
However, I suggest you to read those two usefull tutorials, which
possibly can be downloaded from :
	http://www.shield.or.jp/crackz/Index2.htm    or 
	http://www.idca.com/~thesandman



1.  Run PRIVP.EXE, type PRIVATE as your default password to enter 
    the main program, then click on the REGISTER menu.
    In the registration dialog box type these below informations :

	Name	: Pirates Order
	Code   : 7388105099

    Do not click OK button yet

2.  Fire up SoftIce by pressing Ctrl + D , create a new breakpoint
    by typing : 

	bpx __vbaStrToAnsi  [enter]
	Press F5 to return to the main program.

	Note : 
	1.   at the first time I create two breakpoints that are
	     bpx __vbastrcomp and bpx __vbahresultcheckobj simul
	     taneously and took around 30 times of pressing F10 
	     to get correct serial number.
	2.   You will not find suspected S/N in wide format as 
	     their should be ( which common in VB prog ) except 
	     your User Name.
	     That was strange to me ..... it's your turn to
	     check it out Bud .....  

3.  Click OK button now, you'll return back into SoftIce.
    Press F11, F5, and F11 once again to get into the main program
    codes as follows : 
    ___________________________________________________________________

	00450C88: FFD6     		call	esi
	00450C8A: 50       		push	eax  <==== you land HERE
	00450C8B: E8A8AAFBFF		call	00040B738
	00450C90: 8BF0      		mov 	esi,eax

    _______________________PRIVP! . text + 0004FC88____________________


    Just press F10 2 times, and after you jump pass the CALL instruction
    at 015F:00450C8B ( or stop at 015F:00450C90 ) dump/display EDX
    register by typing : 

	D EDX  [enter]

    Did you see 0A7597C904 ( located at the memory address        
    0167:0069F96C ) in the Data Window ??
    Scroll up one line above you'll see your fake S/N together with the 
    real one.

4.  Write down this posible valid serial number.

5.  Now, disable current existing breakpoint ( BD * [enter ), 
    press F5 to return to the main program.

6.  Soon you're return back to the program, the 'beggar-off' msg
    appear on the screen, just click OK to confirm and quit the
    application ( nice try .... Kuczynski !!!! ).

7.  Re-run the program, repeat registration procedure and keyed-in
    0A7597C904  as your serial number.
    Successful registration will appear on the screen, you're
    illegaly registered now.

8.  Let's recap your job with the following question : 

	-  where the hell is my registration code is stored ??


9.  Take this following answer : 

	-  The correct registration code is encrypted and stored
	   in the file called GERPVIRP.DRU which located in your
	   Windows directory ( usually C:\WINDOWS ).


END NOTES

   This program is sold as shareware, so you can try before you buy.  
   This is convenient for you, saves expenses by dispensing with all 
   that packaging, and cuts out the middle person.  So it is cheap, 
   but it is not free.  
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing: 
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 _ Never attribute to malice that which is adequately explained by stupidity _


ASTAGA [D4C/C4A] tute-privatepix130.zip
[EOF] Sep 30,2000  01:00:08AM dow ...