WHY PATCHING WHILE SERIAL NUMBER IS FISHY Stealth Encryptor v3.4 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM Stealth Encryptor(tm) brings powerful encryption with ease of use. You enter a secret key, Stealth then performs complicated mathematical calculations using the key and the contents of the file resulting in a file the has no apparent resemblance with the original and is completely unreadable until the reverse calculations are performed by using the exact same key. The name of the file is also changed to a random numeric name but within Stealth the original name shows in the lists. Special E-Mail encrypt/Decrypt Wizard lets use your favorite e-mail program with total privacy. With the File/folder Shredder, files can be completely erased making them unrecoverable even with the use of unerase utilities. WHERE TO DOWNLOAD Author : Tropical Software Homepage : http://tropsoft.com/stealth URL : http://tropsoft.com/stlth32.exe Size : 496,734 Bytez as of Oct 10,2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run STEALTH.EXE, type STEALTH as your password on the screen, in the main program click REGISTER menu. In the registration dialog box type these below informations : Registered User : Pirates Order Registration Key: 7388105099 Do not click OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], put a new breakpoint in this regard is GetWindowTextA : BPX GetWindowTextA [enter] and F5 to return to the main program 3. Click OK button now, you'll return back into SoftIce. Press F11, F5, and F11 once again to get into the main program codes as follows : ___________________________________________________________________ 00422E94: FF15EC244400 call GetWindowTextA <== you land 00422E9A: 8B4C2408 mov ecx,[esp][00008 <== here 00422E9E: 6AFF push 0FF 00422EA0: E8753D0000 call 000426C1A 00422EA5: EB0C jmps 000422EB3 00422EA7: 8B01 mov eax,[ecx] ___________________________________________________________________ 4. Iam not going into detail because I've been traced for you. The details can be read in my tute called TUTE-STEALTH33.TXT ( c_tkc10x.zip ) for which this program have similar protection. 5. Now do a search string to locate the address where your valid S/N copied ( echoed ? ) into memory address : s 0 l fffffffffffffffff e8 37 0f ff 00 00 59 59 85 c0 [enter] SoftIce will response : Pattern found at 0167:0040A4F8 G 0167:0040A4F8 [enter] If nothing goes wrong your Code Window will look as follow : 0040A4F7: 51 push ecx <== you land here 0040A4F8: E8370F0000 call 00040B434 0040A4FD: 59 pop ecx 0040A4FE: 59 pop ecx Press F10 once and after jump pass CALL instruction at 015F:0040A4F8 ( or stop at 015F:0040A4FD ) dump/display ECX or EDX register by typing : d ecx or d edx [enter] Now, look at the Data Window .... what the hell is 4D84378084 near your fake serial number ? It was in the memory address of 0167:6AECE0 !!! 6. Write down this suspected registration code and disable all break points : bd * [enter] F5 to return to registration window 7. Soon you're return back to the program, the 'beggar-off' msg appear on the screen, just click OK to confirm and quit the application ( nice try .... Kuczynski !!!! ). 6. Re-run the program, repeat registration procedure and keyed-in 4D84378084 as your serial number. Successful registration will appear on the screen, you're illegaly registered now. 7. Where the hell is my registration code is stored ?? - The correct registration code is encrypted and stored in the file called GERHTS23.DRU which located in your Windows directory ( usually C:\WINDOWS ). 8. How can I practise with my own user name ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-stealth34.zip [EOF] October 10,2000 12:45:24 PM 10/10/00 tion is so specialist