SERIAL NUMBER IS FISHY - DECLINE YOUR PATCHING


Shred-X   v1.0
A Cracking Tutorial 
by ASTAGA [D4C/C4A]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.


ABOUT THE PROGRAM 


Shred-X is a security file shredder. Its purpose is to prevent 
others from breaching your privacy or stealing your secrets by 
securely removing all traces of any sensitive files from your 
hard disk. Shred-X does this by using  sophisticated overwriting 
algorithms which obliterate latent data on your hard disk, 
making your deleted files irrecoverable, even by expensive 
equipment. The user interface was designed with safety and ease 
of use as prime criteria. Multi-pass file deletion, (including 
the Windows SwapFile) is combined with effective disk cleaning.



WHERE TO DOWNLOAD


Program:		Shred-X File and Data Shredder
Ver:			1.0
Date:			September 24, 2000
Copyright :		Business Software
Web :			http://www.bsoft.ic24.net/shredx.htm
Download :		http://www.bsoft.ic24.net/shredx10.zip
Author :		Eddie Bond
Status :		Shareware Evaluation (30 days)
Restrictions :	Delayed 'Nag' after extended unregistered period.
Platform :		Windows 98 or 95 




HOW TO GET VALID SERIAL NUMBER by using SoftIce



1.	Run SHREDX.EXE, in the registration dialog box type these 
	below information :

	User Name : Pirates Order
	Company   : Caribbean Buccaneer 
	Reg Key   : 73881050

    	Do not click OK button yet


2.	Fire up SoftIce by pressing [ CTRL + D ], create a new breakpoint
	as follow : 

	BPX hmemcpy [enter] and
   	F5  to return to the main program

3.	Now click OK button... you'll return back into SoftIce.
    	In within SoftIce press F11, F5, F11 followed with pressing
	F12 several (12)times until you these below snippet codes :
	_______________________________________________________________

	015F:0044FBE2  E80540FCFF  CALL   00413BEC 
	015F:0044FBE7  8B55F0      MOV    EDX,[EBP-10] <== break here
	015F:0044FBEA  58          POP    EAX 
	....
	_______________________SHREDX!CODE+0004EBE2____________________

	Clear previous breakpoint since you don't need anymore, set a 
	new breakpoint for further usage : 

	: bc *  [enter]
	: bpx 015F:0044FBE2  [enter]

	Now, do a search string as follows : 

	: s 0 l fffffffffffffffffff E8 79 46 FC FF 8B 45  [enter]
	SoftIce will response : 
	Pattern found at 0167:0044F56E (0044F56E)                                       

	Create a new breakpoint again at the new searched memory address :

	: bpx 0167:0167:0044F56E  [enter]
	: X or F5  to let SoftIce break in this new location

	( note : if SoftIce doesn't break at 0044F56E , disable previous
	breakpoint of 0044FBE2 .  Repeat registration procedure if
	necessary )


4.	If nothing goes wrong you'll break at these below snippet codes :

	_______________________________________________________________

	015F:0044F568  8B80D0010000    MOV    EAX,[EAX+000001D0] 
	015F:0044F56E  E87946FCFF      CALL   00413BEC <== break here
	015F:0044F573  8B45F4          MOV    EAX,[EBP-0C] 
	015F:0044F576  33D2            XOR    EDX,EDX  
	015F:0044F578  E8FB68FBFF      CALL   00405E78 
	015F:0044F57D  3BF8            CMP    EDI,EAX  ? edi ? eax
	.....
	.....
	______________________SHREDX!CODE+0004E568____________________

	Break due to BPX #0167:0044F56E 
	Press F10 2 times - stop at 015F:0044F576 - display EAX register

	: d eax [enter] ==>	lookie the Data Window, your fake code  
				appear at virtual address  
				0167:0112E3A0. 

	Press F10 2 times again - stop at 015F:0044F57D - yeah whatta
	classic CMP instruction ...
	Let's check it out what are their contents :

	: ? edi  [enter]                                                                        
	00C0CE98  0012635800  "   "  ==> posible valid reg.code, 
					 Write it down !
	: ? eax  [enter]
	046755DA  0073881050  " gU "  ==> your fake code


5.	Disable all current existing breakpoint(s) :

	: bd *  [enter]
	: x or F5  to return to registration dialog box


6.	Repeat registration procedure, and keyed-in  12635800 
	as your registration key.
	Click OK button ....... you're registered ! see that
	your trial period is gone.


7.  	Where the hell is my registration code is stored ??

	The correct registration code is stored in the registry as 
	follow : 




8.  How can I practise with my own name and reg. key ?

	-  I strongly recommended you not to do this !



END NOTES

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 		Never attribute to malice that which is adequately 
				explained by stupidity 


ASTAGA [D4C/C4A] tute-shredx10.zip
[EOF] 11/9/00 11:44:09 PM