WHY PATCHING WHILE SERIAL NUMBER IS FISHY


Telos v2.0
A Cracking Tutorial 
by ASTAGA [D4C/C4A]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.


ABOUT THE PROGRAM 


Telos is a professional quality, highly configurable email filter; 
aggressively purging your POP3 mail boxes of unwanted  or unsolicited 
emails. Features include:


¨	Unlimited mailboxes. Purge all your company's mailboxes from 
      one machine.
¨	User manageable rules with both target and exception lists.
¨	Hit counting to show the effectiveness of each strategy.
¨	High speed asynchronous operation. 
¨	Fast scanning - scans mail headers without downloading complete 
	messages.
¨	Unlimited user-defined rule sets.
¨	Syntax-highlighted display of downloaded mail headers showing 
	target and exception hits.
¨	Can be run from system tray in unattended mode, with timed 
	scans from 10 mins to one week.
¨	Numerous tools to assist in the rapid building of effective, 
	fast rule sets based on your individual requirements.
¨	Time-stamped Activity log.
¨	'Learns' new patterns from unwanted messages.

Run  prior to downloading your email, and Telos will remove all unwanted 
items. Options are available to launch your Email Program automatically 
when Telos is finished, or whenever Telos is opened.



WHERE TO DOWNLOAD


Program:		Telos
Ver:			2.00
Date:			September 24, 2000
Copyright :		Business Software
Web :			http://www.bsoft.ic24.net/telos.htm
Download :		http://www.bsoft.ic24.net/telos200.zip
Author :		Eddie Bond
Status :		Shareware Evaluation (30 days)
Restrictions :	Delayed 'Nag' after extended unregistered period.
Platform :		Windows 98 or 95 (some options not available on 95).




HOW TO GET VALID SERIAL NUMBER by using SoftIce


In this tute I will not describe a step by step of tracing the
code, but directly to the address where the classic CMP instruct
ion were located.

I know these gonna useless because the address would be different
in your PC.  At the end of this tute I include how to reach the
a/m address' by doing a search string.  The above addresses are
very important because you'll see how the valid S/N is generated
based on your user name and always start with prefix 126x. 



1.	Run TELOS.EXE, click SETTINGS tab, click on REGISTRATION
	button. 
	In the registration dialog box type these below information :

	User Name : Pirates Order
	Company   : Caribbean Buccaneer 
	Reg Key   : 73881050

    	Do not click OK button yet


2.	Fire up SoftIce by pressing [ CTRL + D ], create a new breakpoint
	as follow : 

	BPX hmemcpy [enter] and
   	F5  to return to the main program

3.	Now click OK button... you'll return back into SoftIce.
    	In within SoftIce press F11, F5, F11 followed with pressing
	F12 several (12)times ( try to reach main program's code until 
	you break at 015F:00472EE0 ), then do a search string 
	as follows : 

	Disable / clear previous breakpoint since you don't need
	any longer :

	: BC *  [enter]
	: bpx 015F:00472EE0  [enter]
	: S 0 L  FFFFFFFFFFFFF  E8 15 1E FA FF 8B 45  [enter]
	SoftIce will response : 
	Pattern found at Pattern found at 0167:00472DD6 (00472DD6)  
	Set a new one as follow :

	: bpx 0167:00472DD6  [enter]

	Press X or F5 to activate this new breakpoint.
	Repeat registration procedure if necessary.


4.	If nothing goes wrong you'll break at these below snippet codes :

	_______________________________________________________________

	015F:00472DD6  E8151EFAFF      CALL   00414BF0        BREAK
	015F:00472DDB  8B45F4          MOV    EAX,[EBP-0C] <== HERE  
	015F:00472DDE  33D2            XOR    EDX,EDX  
	015F:00472DE0  E8E334F9FF      CALL   004062C8  
	015F:00472DE5  3BF8            CMP    EDI,EAX  ==> ? EDI 
	015F:00472DE7  0F94C3          SETZ   BL  
	015F:00472DEA  84DB            TEST   BL,BL  
	.....
	.....
	______________________TELOS!CODE+00071DE0____________________

	Break due to BPX #0167:00472DD6 
	Press F10 2 times - stop at 015F:00472DDE - display EAX register

	: d eax [enter] ==>	lookie the Data Window, your fake code  
				appear at virtual address  
				0167:0112E3A0. 

	Press F10 2 times again - stop at 015F:00472DE5 - yeah whatta
	classic CMP instruction ...
	Let's check it out what are their contents :

	: ? edi  [enter]                                                                        
	00C0CEA6 0012635814 " "  ==> posible valid reg.code, Write it
					 down !
	: ? eax  [enter]
	046755DA 0073881050 " gU "  ==> your fake code


5.	Disable all current existing breakpoint(s) :

	: bd *  [enter]
	: x or F5  to return to registration dialog box


6.	Repeat registration procedure, and keyed-in  12635814 
	as your registration key.
	Click OK button ....... you're registered ! see that
	your trial period is gone.


7.  	Where the hell is my registration code is stored ??

	The correct registration code is stored in the registry as 
	follow : 
	REGEDIT4

	[HKEY_LOCAL_MACHINE\Software\Business Software\Telos\2.0]
	"Name"="Pirates Order"
	"Company"="Caribbean Buccaneer"
	"left"="0"
	"top"="0"
	"MailClient"="f:\\eudora\\eudora.exe /m %1"
	"CurrentRule"="default"
	"MailClientClass"="Outlook Express Browser Class"
	"ScanPeriod"="0"
	"SplitHeight"="168"
	"DefaultConnection"="Chris RAW Jericho"
	"Log"="1"
	"Append Log"="1"
	"Split Log monthly"="1"
	"Background Bitmap"="1"
	"AutoDial"="0"
	"AutoDisconnect"="0"
	"Close Dialler on exit"="0"
	"Live Hints"="1"
	"Launch client on Startup"="0"
	"Launch client on Finish"="0"
	"Run in System Tray"="0"
	"Close on Finish"="0"
	"Auto Run on startup"="0"
	"Save on Exit"="0"
	"Add to Startup Group"="0"
	"Serial"="12635814"


8.  How can I practise with my own name and reg. key ?

	-  I strongly recommended you not to do this !



END NOTES

   This program is sold as shareware, so you can try before you buy.  
   This is convenient for you, saves expenses by dispensing with all 
   that packaging, and cuts out the middle person.  So it is cheap, 
   but it is not free.  
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing: 
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 _ Never attribute to malice that which is adequately explained by stupidity _


ASTAGA [D4C/C4A] tute-telos20.zip
[EOF] 11/9/00 11:44:09 PM