KEYGEN IS DEMON, PATCHING IS EVIL, SERIAL FISHING IS LESS ATTITUDE


AtCaster v1.3.0
A Cracking Tutorial
by ASTAGA [TTM]


DESCRIPTION

@Caster is a powerful but easy to use mail list
management application for Windows 95/98/NT/2000.
Using it, you can efficiently send a large number
of e-mail messages directly to recipients, without
using your ISP's SMTP server.


Copyright : @Spider Software
http://www.atspider.com	
http://www.atspider.com/dl.html
http://www.atspider.com/atcaster.zip
http://www.atspider.com/atcaster.exe
release date - November 20, 2000



HOW TO FISH SERIAL NUMBER by using SOFTICE


1.	Run the program, in the registration dialog box
	type these following infos :

	Registration  : Pirates Order
	Serial Number : 73881050


2.	Load SoftIce and set new breakpoint :

	: bpx hmemcpy  [enter]
	Press F5 

	In the main program click OK button.


3.	Within SoftIce press F11,F5, F11, and F12 11 times
	until you see these below snippet codes :
	____________________________________________________________

	015F:004A98F6  E8C169F8FF  CALL  004302BC
	015F:004A98FB  8B45F8      MOV   EAX,[EBP-08] <== break here
	015F:004A98FE  50          PUSH  EAX
	015F:004A98FF  A164154B00  MOV   EAX,[004B1564]
	015F:004A9904  8B00        MOV   EAX,[EAX]

	______________ ATCASTER!CODE+000A88F6 ______________________

	What now ?
	Scroll down ( Ctrl+PgDn ) around 5 times until you
	see this below snippet codes :

	__________________________________________________________
	....
	015F:004A9A01  8D55F8        LEA   EDX,[EBP-08]
	015F:004A9A04  8B8330030000  MOV   EAX,[EBX+00000330]^
	015F:004A9A0A  E8AD68F8FF    CALL  004302BC
	015F:004A9A0F  8B45F8        MOV   EAX,[EBP-08]
	015F:004A9A12  8D55FC        LEA   EDX,[EBP-04]
	015F:004A9A15  E8A6F4FFFF    CALL  004A8EC0
	015F:004A9A1A  8B45FC        MOV   EAX,[EBP-04]
	015F:004A9A1D  50            PUSH  EAX
	015F:004A9A1E  8D55F4        LEA   EDX,[EBP-0C]
	015F:004A9A21  8B8334030000  MOV   EAX,[EBX+00000334]
	015F:004A9A27  E89068F8FF    CALL  004302BC
	015F:004A9A2C  8B55F4        MOV   EDX,[EBP-0C]
	015F:004A9A2F  58            POP   EAX
	015F:004A9A30  E8ABA6F5FF    CALL  004040E0            TOO
	015F:004A9A35  0F9406        SETZ  BYTE PTR [ESI] <== LEGIT
	....
	....
	________________ ATSPIDER!CODE+0009FD6B ___________________

	Did you see SETZ ( SETE ) command at 015F:004A9A35 ?
	To me that's interesting, if you don't know about
	SETE/SETNE ( SETZ/SETNZ ) ask someone who can
	explain what is all about.

	As you can observe there 3 CALL instruction above
	SETE command, that are at 004A9A30, 004A9A15,
	and 004A9A0A respectively.
	Let's create new breakpoint at these 3 posible
	CALL instructions , in this case I took 004A9A0A.

	Do this following steps :
	: bd *  [enter]
	: bpx 015F:004A9A0A  [enter]
	Press F5

	NOTE : Repeat registration procedure as it in
	Step #1.


4.	If you do the right thing you'll break in the new
	location as follows :

	015F:004A9A0A  E8AD68F8FF    CALL  004302BC <== break here
	015F:004A9A0F  8B45F8        MOV   EAX,[EBP-08]
	015F:004A9A12  8D55FC        LEA   EDX,[EBP-04] ==> d eax
	015F:004A9A15  E8A6F4FFFF    CALL  004A8EC0
	015F:004A9A1A  8B45FC        MOV   EAX,[EBP-04]
	015F:004A9A1D  50            PUSH  EAX ===========> d eax
	015F:004A9A1E  8D55F4        LEA   EDX,[EBP-0C]
	015F:004A9A21  8B8334030000  MOV   EAX,[EBX+00000334]
	015F:004A9A27  E89068F8FF    CALL  004302BC
	015F:004A9A2C  8B55F4        MOV   EDX,[EBP-0C]
	015F:004A9A2F  58            POP   EAX
	015F:004A9A30  E8ABA6F5FF    CALL  004040E0
	015F:004A9A35  0F9406        SETZ  BYTE PTR [ESI]
	________________ ATCASTER!CODE+000A8A04 ___________________

	Break due to BPX #015F:004A9A0A

	Press F10 2 times and stop at 015F:04A9A12 :
	: d eax  [enter]   your name appear at virtual address 
	                   0167:00E98ABC

	Press F10 3 times - stop at 015F:004A9A1D - dump EAX register
	: d eax  [enter]   did you see an alphanumeric sequence
	                   at virtual address 0167:00E936DC ?
	                   It's @CS-354450-69110676911983110100
	                   wasn't it looks like a reg code. 
	                   Write it down.

	Press F10 5 times and stop at 015F:004A9A2F
	: d edx  [enter]   your fakecode appear at virtual 0167:
	                   00E93CA8

	Press F10 once - stop at 015F:004A9A30 - dump EAX register
	and your potential regcode @CS-354450-69110676911983110100
	appear at virtual address 0167:00E936DC


5.	Let's register this program by keyed-in @CS-354450-6911
	0676911983110100 as your S/N.
	Click OK ... there you're registered.


6.


7.	Your registration info is stored in ATCASTER.INI as
	follows : 
	[GENERAl]
	UserName=Pirates Order
	UserCode=@CS-354450-69110676911983110100


8.	Respect the Author and do not attemp to register this
	program by using your own user name, unless you pay
	US$20.00 for official licensing.




				END NOTES


	DON'T BE A LAMER BY DISTRIBUTING YOUR CRACK RELEASE
	               BASED ON THIS TUTORIAL.

	 ============== D I S C L A I M E R =============
	 THIS PAPER IS NOT INTENTED TO VIOLATE COPYRIGHTS 
	 LAW BUT EDUCATIONAL PURPOSES ONLY. I HOLD NO RES
	 PONSIBILITY ( IN ANY SHAPE WHATSOEVER ) OF THE
	 MIS-USE OF THIS MATERIAL. NO PARTS OF THIS PAPER
	 IS SOLD/RENT FOR COMMERCIAL NOR PERSONAL BENEFIT.



[EOF] ASTAGA [TTM] - tute-atcaster130.zip
Tutorial Free Version C
2/7/01 8:01 PM

Breakpoint(s) history for @CASTER v1.3.0 - by ASTAGA [TTM]
00) * BPX KERNEL!HMEMCPY
01) * BPX #015F:004A98F6
02)   015F:004A9A0A
ASTAGA [TTM] - tute-atcaster130.zip