WHY PATCHING WHILE SERIAL NUMBER IS FISHY

Stealth Encryptor v3.4
A Cracking Tutorial 
by ASTAGA [D4C/C4A]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.


ABOUT THE PROGRAM 

Stealth Encryptor(tm) brings powerful encryption with ease of 
use.  You enter a secret key, Stealth then performs complicated 
mathematical calculations using the key and the contents of the 
file resulting in a file the has no apparent resemblance with 
the original and is completely unreadable until the reverse 
calculations are performed by using the exact same key.
The name of the file is also changed to a random numeric name 
but within Stealth the original name shows in the lists.

Special E-Mail encrypt/Decrypt Wizard lets use your favorite 
e-mail program with total privacy.

With the File/folder Shredder, files can be completely erased 
making them unrecoverable even with the use of unerase utilities.


WHERE TO DOWNLOAD

Author   	: Tropical Software
Homepage 	: http://tropsoft.com/stealth
URL		: http://tropsoft.com/stlth32.exe
Size 		: 496,734 Bytez  as of Oct 10,2000


HOW TO GET VALID SERIAL NUMBER by using SoftIce


1.  Run STEALTH.EXE, type STEALTH as your password on the screen,
     in the main program click REGISTER menu.
     In the registration dialog box type these below informations :

	Registered User : Pirates Order 
	Registration Key: 7388105099

    Do not click OK button yet
    

2.  Fire up SoftIce by pressing [ CTRL + D ], put a new breakpoint 
    in this regard is GetWindowTextA : 

	BPX GetWindowTextA     [enter]   and
   	F5  to return to the main program


3.  Click OK button now, you'll return back into SoftIce.
    Press F11, F5, and F11 once again to get into the main program
    codes as follows : 
    ___________________________________________________________________

	00422E94: FF15EC244400	call 	GetWindowTextA  <== you land
	00422E9A: 8B4C2408      	mov  	ecx,[esp][00008 <== here
	00422E9E: 6AFF       	push	0FF
	00422EA0: E8753D0000 	call 	000426C1A
	00422EA5: EB0C      		jmps 	000422EB3
	00422EA7: 8B01        	mov  	eax,[ecx]
    ___________________________________________________________________


4.  Iam not going into detail because I've been traced for you.
    The details can be read in my tute called TUTE-STEALTH33.TXT
    ( c_tkc10x.zip ) for which this program have similar protection.


5.  Now do a search string to locate the address where your valid S/N
    copied ( echoed ? ) into memory address : 

	s 0 l fffffffffffffffff e8 37 0f ff 00 00 59 59 85 c0  [enter]
	SoftIce will response :
	Pattern found at 0167:0040A4F8
	G 0167:0040A4F8  [enter]

    If nothing goes wrong your Code Window will look as follow : 

	0040A4F7: 51        	  push      ecx       <== you land here
	0040A4F8: E8370F0000	  call      00040B434
	0040A4FD: 59        	  pop       ecx
	0040A4FE: 59        	  pop       ecx


    Press F10 once and after jump pass CALL instruction at 
    015F:0040A4F8  ( or stop at 015F:0040A4FD ) dump/display ECX 
    or EDX register by typing : 

	d ecx or d edx  [enter]

	Now, look at the Data Window .... what the hell is 4D84378084 
	near your fake serial number ?  It was in the memory address
	of 0167:6AECE0 !!!  


6.  Write down this suspected registration code and disable all break
    points : 

	bd *   [enter]
	F5     to return to registration window


7.  Soon you're return back to the program, the 'beggar-off' msg
    appear on the screen, just click OK to confirm and quit the
    application ( nice try .... Kuczynski !!!! ).

6.  Re-run the program, repeat registration procedure and keyed-in
    4D84378084  as your serial number.
    Successful registration will appear on the screen, you're
    illegaly registered now.

7.  Where the hell is my registration code is stored ??

	-  The correct registration code is encrypted and stored
	   in the file called   GERHTS23.DRU       which located 
	   in your Windows directory ( usually C:\WINDOWS ).

8.  How can I practise with my own user name ?

	-  I strongly recommended you not to do this !



END NOTES

   This program is sold as shareware, so you can try before you buy.  
   This is convenient for you, saves expenses by dispensing with all 
   that packaging, and cuts out the middle person.  So it is cheap, 
   but it is not free.  
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing: 
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 _ Never attribute to malice that which is adequately explained by stupidity _


ASTAGA [D4C/C4A] tute-stealth34.zip
[EOF] October 10,2000  12:45:24 PM  
10/10/00 tion is so specialist