-->Tutorial number 11--< Name : Password Kernel Version : 1.2 Size : 484 kb Tools : WDASM : Hiew : Brain Cracker : KlimaX Get it at, http://www.ozemail.com.au/~ksolway/sware.html Comment : This prog is excellent for NewBies ...---===This tut is best viewed in full screen===---... ==>DISCLAIMER<== For educational purposes ONLY! I hold absolutely NO responsibility for the misuse of this material! _____=====_____=====_____=====_____=====_____=====_____=====_____=====_____=====_____=====_____=====_____=====_____=====_____ ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== Securely save and manage your password information. Seven levels of encryption makes sure that your password information is safe. Fast access to your passwords when you need them. Automatically launch login web sites. Store notes with your passwords. ----====The cracking part====---- 1. Make a copy of pwordk.exe, in case of any errors in cracking this prog. 2. Run the prog, press help and select "About Password Kernel" and choose "Enter Password" Now enter anything you please: Registration code : 12345 Now press "OK", and what the heck, no messagebox! Well doesn't matter anyway, just fire up WDASM and disassemble pword.exe 3. After having disassembled the prog, press the "String Data Reference" button and search for "Registered" 4. Found it? 5. Good, now double-click on it a couple of times to see how many places it's called (only 1 place in this prog;), and you'll be here: * Possible StringData Ref from Data Obj ->"bnmfdq" | :0046B67C MOV EAX, 0046B760 :0046B681 CALL 00403DD8 :0046B686 JNE 0046B6BB <=-Change this to JE :0046B688 MOV EAX, DWORD PTR [OO475EB4] :0046B68D MOV BYTE PTR [EAX], 01 :0046B690 MOV EAX, DWORD PTR [0047622C] :0046B695 MOV EAX, DWORD PTR [EAX] :0046B697 MOV ESI, DWORD PTR [EAX+000002F4] * Possible StringData Ref from Data Obj ->"Registered" | :0046B69D MOV EDX, 0046B74C <=-You'll land here :0046B6A2 MOV EAX, ESI :0046B6A4 CALL 0042C020 Right, when we landed at :0046B69D, we want to scroll up till we get to the nearest conditional jump (:0046B686) 6. Now place the blue bar on the JNE at :0046B686 and it'll turn green. Note the @offset placed in the bottom-right of the WDASM screen (mine is 6AAC8 , never mind the small h in the end of the number as this only tell you that it's a hex number) 7. Now it's time to open pwordk.exe in Hiew so we can change the JE. So press F4 select "Decode", then F5 and type in the @offset we found in WDASM (6AAC8) Press enter and you'll be at the JNE. Press F3 and change the 75 to 74 (JNE to JE). Press F9 to save the changes and F10 to exit Hiew 8. Now open your pwordk.exe and type in anything in the "Registration code" box, press "OK" and you're registered ;) --==>This is a very easy protection scheme, and is very suitable to Super Newbies<==-- _____=====_____=====_____=====_____=====_____=====_____=====_____=====_____=====_____=====_____=====_____=====_____=====_____ ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ===== ________________ ----====Before you leave====---- --==>Please bear in mind that shareware programs are a commercial benefit, because it gives YOU the opportunity to "Try before you Buy". Therefore, if you like a shareware program, please be sure to pay the authors/makers, so they won't stop manking them. -=>LAST WORDS: If you have any comments on this tut, feel free to mail at KlimaX_v2000@mail.com _ _ _ _ _ _ _ _ Special thanks to: 1- The TNT Crack Team, as they have the ultimate cracking site, you simply have to try it!!!! 2- tKC for releasing those great tut's, keep on making 'em!. They are the BEST!!! 3- All the NewBies in the world;)!