WHY PATCHING WHILE SERIAL NUMBER IS FISHY
Stealth File Encryptor v3.3
A Cracking Tutorial
by ASTAGA [D4C/C4A]
DISCLAIMER
This reading material is not intended to violate Copyrights
and/or it is law, but educational purposes only. I hold no
responsibility ( by all means and in any shape whatsoever )
of the mis-used of this material.
ABOUT THE PROGRAM
Stealth File Encryptor is a general-purpose security program that
encrypts, wipes, and backs up files. A familiar interface makes
file encryption/decryption a snap. You can encrypt multiple files
or an entire folder in a single operation with variable security
levels. You can also encrypt the Clipboard contents for pasting
as email content. An available Stealth mode can even hide the
original file names. File wipes are swift and secure, featuring
multiple data overwrites.
Stealth File Encryptor can also perform backups featuring user-
defined backup sets. The backed-up files can be optionally
encrypted, but neither compression nor automatic scheduling is
offered. Easy to use and well documented, Stealth File Encryptor
gets high marks.
WHERE TO DOWNLOAD
Author : Tropical Software
Homepage : http://tropsoft.com/stealth
URL : http://tropsoft.com/stlth32.exe
Size : 478.14 KB as of July 02,2000
HOW TO GET VALID SERIAL NUMBER by using SoftIce
1. Run STEALTH.EXE, type STEALTH as your password on the screen,
in the main program click REGISTER menu.
In the registration dialog box type these below informations :
Registered User : Pirates Order
Registration Key: 7388105099
Do not click OK button yet
2. Fire up SoftIce by pressing [ CTRL + D ], put a new breakpoint
in this regard is GetWindowTextA :
BPX GetWindowTextA [enter] and
F5 to return to the main program
3. Click OK button now, you'll return back into SoftIce.
Press F11, F5, and F11 once again to get into the main program
codes as follows :
___________________________________________________________________
0042204A: FF15E0144400 call GetWindowTextA <== you're
00422050: 8B4C2408 mov ecx,[esp][0000 here
00422054: 6AFF push 0FF
00422056: E8723D0000 call 000425DCD
0042205B: EB0C jmps 000422069
...
...
Press F10 3 times and follow jump instruction at 015F:0042205B
until you see :
00422069: 5E pop esi
0042206A: C20400 retn 00004 ;" �"
...
...
Press F10 2 times, just pass RETURN ( retn ) call until you
landed here :
0040A42F: 8D4DF0 lea ecx,[ebp][-0010] <== here
0040A432: E8E73E0100 call 00041E31E
0040A437: 8D4DF0 lea ecx,[ebp][-0010] <== d eax
0040A43A: E8933E0100 call 00041E2D2
0040A43F: 8D4DEC lea ecx,[ebp][-0014]
0040A442: E8D73E0100 call 00041E31E
0040A447: 8D4DEC lea ecx,[ebp][-0014]
0040A44A: E8833E0100 call 00041E2D2
0040A44F: 8B45EC mov eax,[ebp][-0014]
0040A452: 3958F8 cmp [eax][-0008],ebx
0040A455: 7510 jne 00040A467
...
...
Press F10 2 times and dump/display EAX register by typing :
d eax [enter] you'll see your fake s/n in the
Data Window.
Let's trace again, press F10 and follow jump instruction at
015F:0040A455 until you see :
0040A467: 8B4DF0 mov ecx,[ebp][-0010] <== HERE
0040A46A: 3959F8 cmp [ecx][-0008],ebx
0040A46D: 7509 jne 00040A478
0040A476: EBE6 jmps 00040A45E
0040A478: 50 push eax
0040A479: 51 push ecx
0040A47A: E8580F0000 call 00040B3D7
0040A47F: 59 pop ecx <===== D EDX HERE
Press F10 6 times and stop at 015F:0040A47F , let's dump/
display the contents in EDX register by typing :
d edx [enter]
Now, look at the Data Window .... what the hell is 4D84378084
near your fake serial number ? It was in the memory address
of 0167:6AECE1 !!!
4. Write down this suspected registration code and disable all break
points :
bd * [enter]
F5 to return to registration window
5. Soon you're return back to the program, the 'beggar-off' msg
appear on the screen, just click OK to confirm and quit the
application ( nice try .... Kuczynski !!!! ).
6. Re-run the program, repeat registration procedure and keyed-in
4D84378084 as your serial number.
Successful registration will appear on the screen, you're
illegaly registered now.
7. Where the hell is my registration code is stored ??
- The correct registration code is encrypted and stored
in the file called Gerhts23.dru and Dwphtlts.dru
which located in your Windows directory ( usually C:\WINDOWS ).
END NOTES
This program is sold as shareware, so you can try before you buy.
This is convenient for you, saves expenses by dispensing with all
that packaging, and cuts out the middle person. So it is cheap,
but it is not free.
If you like the program, and you will, be sure to register and pay.
To keep shareware prices low, users must do the right thing:
Register, pay up, and smile/grin at yourself in the mirror.
Do not distribute your crack release based on this tutorial, because
you become a LAMER(s)!!!!!!!!
( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
personal computer, using Hex Editor, ripping off other group(s)
crack release, repacking (distro) them under his name.
Adopted from newsgroup alt.cracks, alt.crackers - February 1997 )
More about LAMER(s):
lamer /n./ [prob. originated in skateboarder slang]
Synonym for luser, not used much by hackers but common among warez
d00dz, crackers, and phreakers. Oppose elite. Has the same connota
tions of self-conscious elitism that use of luser does among
hackers.
< SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >
_ Never attribute to malice that which is adequately explained by stupidity _
ASTAGA [D4C/C4A] tute-stealth33.zip
[EOF] July 31,2000 01:00:08AM