KEYGEN IS DEMON, PATCHING IS EVIL, SERIAL FISHING IS LESS ATTITUDE AtSpider v1.7.8 A Cracking Tutorial by ASTAGA [TTM] DESCRIPTION @Spider is a powerful but easy to use email address extractor for Windows 95/98/NT/2000/Me. Using it, you can easily get lists of email addresses from web sites, usenet newsgroups, files on local or network drives and Windows clipboard. @Spider is an excellent tool for anyone who wants to effectively and successfully promote their web site or facilities. Copyright : @Spider Software http://www.atspider.com http://www.atspider.com/dl.html http://www.atspider.com/atspider.zip http://www.atspider.com/atspider.exe release date - February 1, 2001 PROTECTION SCHEME In the registration dialog box there are 3 field box to be keyed-in that are USER NAME, SERIAL NUMBER and ACTIVATION KEY. How do we handle the last 2 fields ? o does S/N related with Activation Key o what will happen if you just keyed-in one field only i.e Activation Key field box or likewise o One way or another , let's do it. HOW TO FISH SERIAL NUMBER by using SOFTICE 1. Run the program, in the registration dialog box type these following infos : Name : Pirates Order Serial Number : ( left blank ) Activation Key : 73881050 2. Load SoftIce and set new breakpoint : : bpx hmemcpy [enter] Press F5 In the main program click OK button. 3. Within SoftIce press F5 2 times, F11 and F12 11 times until you see these below snippet codes : ____________________________________________________________ 015F:004A0C64 E8CF09F9FF CALL 00431638 015F:004A0C69 8B55F0 MOV EDX,[EBP-10] <== break here 015F:004A0C6C 8B06 MOV EAX,[ESI] 015F:004A0C6E 05F4040000 ADD EAX,000004F4 015F:004A0C73 E8A431F6FF CALL 00403E1C ______________ ATSPIDER!CODE+0009FC64 ______________________ What now ? Scroll down ( Ctrl+PgDn ) around 5 times until you see this below snippet codes : ____________________________________________________________ .... .... 015F:004A0D76 E8BD08F9FF CALL 00431638 015F:004A0D7B 8B45F8 MOV EAX,[EBP-08] 015F:004A0D7E 8D55FC LEA EDX,[EBP-04] 015F:004A0D81 E826E6FFFF CALL 0049F3AC 015F:004A0D86 8B45FC MOV EAX,[EBP-04] 015F:004A0D89 50 PUSH EAX 015F:004A0D8A 8D55F4 LEA EDX,[EBP-0C] 015F:004A0D8D 8B8330030000 MOV EAX,[EBX+00000330] 015F:004A0D93 E8A008F9FF CALL 00431638 015F:004A0D98 8B55F4 MOV EDX,[EBP-0C] 015F:004A0D9B 58 POP EAX 015F:004A0D9C E8B733F6FF CALL 00404158 015F:004A0DA1 0F9406 SETZ BYTE PTR [ESI] <== NICE .... ________________ ATSPIDER!CODE+0009FD6B ___________________ Did you see SETZ ( SETE ) command at 015F:004A0DA1 ? To me that's interesting, if you don't know about SETE/SETNE ( SETZ/SETNZ ) ask someone who can explain what is all about. As you can observe there 4 CALL instruction above SETE command, that are at 004A0D9C, 004A0D93, 004A0D81 and 004A0D76 respectively. Let's create new breakpoint at these 4 posible CALL instructions , in this case I took 004A0D76. Do this following steps : : bd * [enter] : bpx 015F:004A0D76 [enter] Press F5 NOTE : Repeat registration procedure as it in Step #1. 4. If you do the right thing you'll break in the new location as follows : 015F:004A0D76 E8BD08F9FF CALL 00431638 <== break here 015F:004A0D7B 8B45F8 MOV EAX,[EBP-08] 015F:004A0D7E 8D55FC LEA EDX,[EBP-04] ==> D EAX 015F:004A0D81 E826E6FFFF CALL 0049F3AC 015F:004A0D86 8B45FC MOV EAX,[EBP-04] 015F:004A0D89 50 PUSH EAX ===========> D EAX 015F:004A0D8A 8D55F4 LEA EDX,[EBP-0C] 015F:004A0D8D 8B8330030000 MOV EAX,[EBX+00000330] 015F:004A0D93 E8A008F9FF CALL 00431638 015F:004A0D98 8B55F4 MOV EDX,[EBP-0C] 015F:004A0D9B 58 POP EAX 015F:004A0D9C E8B733F6FF CALL 00404158 015F:004A0DA1 0F9406 SETZ BYTE PTR [ESI] .... ________________ ATSPIDER!CODE+0009FD70 ___________________ Break due to BPX #015F:004A0D76 Press F10 and stop at 015F:004A0D7E : : d eax [enter] your name appear at virtual address 0167:00C94C2C Press F10 and stop at 015F:004A0D89 : : d eax [enter] did you see an alphanumeric sequence at virtual address 0167:00CABA68 ? It's @SP-354450-50867212012111566114 wasn't it looks like a reg code. Write it down. 5. Let's register this program by keyed-in @SP-354450-5086 7212012111566114 as your S/N and left that Activation Key field LEFT BLANK! Click OK ... there you're registered. 6. Don't you feel strange what the hell is Activation Key is intended to ? With the same method ( repeat registration procedure, this time keyed-in fakecode in the Serial Number field box ), same breakpoint, you'll find something appear in the Data Window like these : mlkjasdf7KGHa8sav7as6a6tyavnmbvfL and/or mlkjasdf7KGHa8sav7as6a6tyavnmbvf9 Try these unique sequence as your Activation Key. Does the program registered ? Note : In my case whatever I typed as Activation Key causing the program won't run in the next attemp. 7. Your registration info is stored in ATSPIDER.INI as follows : [GENERAL] UserName=Pirates Order UserCode=@SP-354450-50867212012111566114 ActivationCode= 8. Respect the Author and do not attemp to register this program by using your own user name, unless you pay US$20.00 for official licensing. END NOTES DON'T BE A LAMER BY DISTRIBUTING YOUR CRACK RELEASE BASED ON THIS TUTORIAL. ============== D I S C L A I M E R ============= THIS PAPER IS NOT INTENTED TO VIOLATE COPYRIGHTS LAW BUT EDUCATIONAL PURPOSES ONLY. I HOLD NO RES PONSIBILITY ( IN ANY SHAPE WHATSOEVER ) OF THE MIS-USE OF THIS MATERIAL. NO PARTS OF THIS PAPER IS SOLD/RENT FOR COMMERCIAL NOR PERSONAL BENEFIT. [EOF] ASTAGA [TTM] - tute-atspider178.zip Tutorial Free Version C 2/7/01 5:48:56 PM Breakpoint(s) history for ATSPIDER v1.7.8 - by ASTAGA [TTM] 00) * BPX KERNEL!HMEMCPY 01) * BPX #015F:004A0BE9 02) BPX #015F:004A0D76 ASTAGA [TTM] - tute-atspider178.zip