WHY PATCHING WHILE SERIAL NUMBER IS FISHY Telos v2.0 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM Telos is a professional quality, highly configurable email filter; aggressively purging your POP3 mail boxes of unwanted or unsolicited emails. Features include: ¨ Unlimited mailboxes. Purge all your company's mailboxes from one machine. ¨ User manageable rules with both target and exception lists. ¨ Hit counting to show the effectiveness of each strategy. ¨ High speed asynchronous operation. ¨ Fast scanning - scans mail headers without downloading complete messages. ¨ Unlimited user-defined rule sets. ¨ Syntax-highlighted display of downloaded mail headers showing target and exception hits. ¨ Can be run from system tray in unattended mode, with timed scans from 10 mins to one week. ¨ Numerous tools to assist in the rapid building of effective, fast rule sets based on your individual requirements. ¨ Time-stamped Activity log. ¨ 'Learns' new patterns from unwanted messages. Run prior to downloading your email, and Telos will remove all unwanted items. Options are available to launch your Email Program automatically when Telos is finished, or whenever Telos is opened. WHERE TO DOWNLOAD Program: Telos Ver: 2.00 Date: September 24, 2000 Copyright : Business Software Web : http://www.bsoft.ic24.net/telos.htm Download : http://www.bsoft.ic24.net/telos200.zip Author : Eddie Bond Status : Shareware Evaluation (30 days) Restrictions : Delayed 'Nag' after extended unregistered period. Platform : Windows 98 or 95 (some options not available on 95). HOW TO GET VALID SERIAL NUMBER by using SoftIce In this tute I will not describe a step by step of tracing the code, but directly to the address where the classic CMP instruct ion were located. I know these gonna useless because the address would be different in your PC. At the end of this tute I include how to reach the a/m address' by doing a search string. The above addresses are very important because you'll see how the valid S/N is generated based on your user name and always start with prefix 126x. 1. Run TELOS.EXE, click SETTINGS tab, click on REGISTRATION button. In the registration dialog box type these below information : User Name : Pirates Order Company : Caribbean Buccaneer Reg Key : 73881050 Do not click OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], create a new breakpoint as follow : BPX hmemcpy [enter] and F5 to return to the main program 3. Now click OK button... you'll return back into SoftIce. In within SoftIce press F11, F5, F11 followed with pressing F12 several (12)times ( try to reach main program's code until you break at 015F:00472EE0 ), then do a search string as follows : Disable / clear previous breakpoint since you don't need any longer : : BC * [enter] : bpx 015F:00472EE0 [enter] : S 0 L FFFFFFFFFFFFF E8 15 1E FA FF 8B 45 [enter] SoftIce will response : Pattern found at Pattern found at 0167:00472DD6 (00472DD6) Set a new one as follow : : bpx 0167:00472DD6 [enter] Press X or F5 to activate this new breakpoint. Repeat registration procedure if necessary. 4. If nothing goes wrong you'll break at these below snippet codes : _______________________________________________________________ 015F:00472DD6 E8151EFAFF CALL 00414BF0 BREAK 015F:00472DDB 8B45F4 MOV EAX,[EBP-0C] <== HERE 015F:00472DDE 33D2 XOR EDX,EDX 015F:00472DE0 E8E334F9FF CALL 004062C8 015F:00472DE5 3BF8 CMP EDI,EAX ==> ? EDI 015F:00472DE7 0F94C3 SETZ BL 015F:00472DEA 84DB TEST BL,BL ..... ..... ______________________TELOS!CODE+00071DE0____________________ Break due to BPX #0167:00472DD6 Press F10 2 times - stop at 015F:00472DDE - display EAX register : d eax [enter] ==> lookie the Data Window, your fake code appear at virtual address 0167:0112E3A0. Press F10 2 times again - stop at 015F:00472DE5 - yeah whatta classic CMP instruction ... Let's check it out what are their contents : : ? edi [enter] 00C0CEA6 0012635814 " " ==> posible valid reg.code, Write it down ! : ? eax [enter] 046755DA 0073881050 " gU " ==> your fake code 5. Disable all current existing breakpoint(s) : : bd * [enter] : x or F5 to return to registration dialog box 6. Repeat registration procedure, and keyed-in 12635814 as your registration key. Click OK button ....... you're registered ! see that your trial period is gone. 7. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follow : REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Business Software\Telos\2.0] "Name"="Pirates Order" "Company"="Caribbean Buccaneer" "left"="0" "top"="0" "MailClient"="f:\\eudora\\eudora.exe /m %1" "CurrentRule"="default" "MailClientClass"="Outlook Express Browser Class" "ScanPeriod"="0" "SplitHeight"="168" "DefaultConnection"="Chris RAW Jericho" "Log"="1" "Append Log"="1" "Split Log monthly"="1" "Background Bitmap"="1" "AutoDial"="0" "AutoDisconnect"="0" "Close Dialler on exit"="0" "Live Hints"="1" "Launch client on Startup"="0" "Launch client on Finish"="0" "Run in System Tray"="0" "Close on Finish"="0" "Auto Run on startup"="0" "Save on Exit"="0" "Add to Startup Group"="0" "Serial"="12635814" 8. How can I practise with my own name and reg. key ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-telos20.zip [EOF] 11/9/00 11:44:09 PM