WHY PATCHING WHILE SERIAL NUMBER IS FISHY


Super Poker '1999
A Cracking Tutorial
by ASTAGA [WWF/WTF]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.


ABOUT THE PROGRAM


- This is card game, which comprises all functions  
  of automatic devices in  real Casino! 
- This is the  simple way to learn play Poker. 
- This is a good way to have a rest and test your luck. 



WHERE TO DOWNLOAD


Author   : Pete Kotenev ( Hyperactive Abstraction )
Homepage : http://www.sinor.ru/~fregal
URL      :
Size     : ????? MB , as of ......



HOW TO GET VALID SERIAL NUMBER by using SoftIce



1.  Run the program, click REGISTER NOW button, type these below 
    informations :

	First name : PIRATES
	Last name  : ORDER
	Reg code   : 73881050

    Do not click OK button yet.


2.  Load SoftIce then set a new berakpoint as follow :

	bpx hmemcpy  [enter]
	F5  to return to prog's registration window


3.  Hit OK button, you'll return back in SoftIce.
    Press F11, F5, F11, F5 and F11 until you break and found these below
    snippet codes : 

	__________________________________________________________________

	015F:0046C156  E89598FBFF          CALL      004259F0 <== HERE
	015F:0046C15B  8B45FC              MOV       EAX,[EBP-04]
	015F:0046C15E  E8C179F9FF          CALL      00403B24 
	015F:0046C163  8BF0                MOV       ESI,EAX 
	________________________SP1999!CODE+0006B156_____________________


    I've been traced the codes for you, so just do a search string in 
    the SoftIce's Command Line as follows :

	: bd *  [enter]
	: bpx 015F:0046C156  [enter]

	s 0 l ffffffffffff E8 2D 56 F9 FF 74 2a  [enter]
	SoftIce will response :
	Pattern found at 0167:0046D35A (0046D35A)

	: bd *  [enter]
	: bpx 0167:0046D35A  [enter]
	: g 0167:0046D35A    [enter]
	Break due to G 
	Break due to BPX #0167:0046D35A

	and here's what you see : 
	__________________________________________________________________
	
	015F:0046D35A  E82D56F9FF          CALL      0040298C <== HERE
	015F:0046D35F  742A                JZ        0046D38B <== D edx
	015F:0046D361  BA50D44600          MOV       EDX,0046D450
	015F:0046D366  8B83E0020000        MOV       EAX,[EBX+000002E0] 
	015F:0046D36C  E8AF86FBFF          CALL      00425A20 
	015F:0046D371  33D2                XOR       EDX,EDX  
	015F:0046D373  8B83DC020000        MOV       EAX,[EBX+000002DC] 
	015F:0046D379  E86285FBFF          CALL      004258E0 
	015F:0046D37E  B201                MOV       DL,01 
	________________________SP1999!CODE+0006C359______________________


4.  Press F10 once - at the memory address 015F:0046D35F - display EAX 
    register :

	: d eax  [enter]  ===> your name/code appear in the Data Window
				   virtual memory 0167:007DF8B8 .
	: ? ecx  [enter]
	38333708 0942880520 "837"   ==>  part of fake code in reverse 
				            order
	
	: d edx  [enter]  ===>  did you  SP99-9032913903  at virtual
                    	   address 0167:007DF8A8   ?
	
	Scroll up one line above you'll see your name in capital
	letter  ( default user name should be in capital letter ).

	Press F10 once - stop at 015F:0046D361 - display EDX register
	
	: d edx  [enter]  ===>  you'll found SP99-9032913903 again.
				    Write down this suspicious reg code.


4.  Disable all breakpoints and get back to the main program : 

	bd *  [enter]
	F5    to return to the main program

    ( note : repeat registration procedure if necessary )


5.  Repeat registration procedure, keyed-in  SP99-9032913903  as your 
    password.
    Click OK button ..... you're registered !


6.  Where the hell is my registration info is stored ??

	-  The correct registration code is stored in the USER.REG
	   file located in /SPOKER/DAT folder as follows :

	   name: PIRATES ORDER
	   sum:  1000
	   ser.num:  SP99-9032913903


7.  How can I practise with my own user name  ?

	-  I strongly recommended you not to do this !



END NOTES

   This program is sold as shareware, so you can try before you buy.  
   This is convenient for you, saves expenses by dispensing with all 
   that packaging, and cuts out the middle person.  So it is cheap, 
   but it is not free.  
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing: 
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 _ Never attribute to malice that which is adequately explained by stupidity _


ASTAGA [D4C/C4A] tute-superpoker99.zip
[EOF] 11/7/00 11:01:11 PM