þ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿þ 00000 00000000 0000 0000 377O 00000 J77t 30000000 O7J t7W 000Q 0000 H0000 d00000000 00000 00000000 0000; 0000000000 000 J000 0000 0003 0000 00000 W0000 0000 0000 W0000 00000 000W000 0000 ,0 0000O 0000 c0000 0000000d 0000 0000 c000000 0ZZ 0000 000000 00000 0000000000 0000000 0000 0000U 200000 0000000000 W00000 0000Q 0000 00000 0000 0000 U0000 00000 0000 W 0000 00000 0000d 0000 :0000 00000 0000Q 0000; 00000 0000t 000; 0000St0 0000 3000 00000 0d 0000 0000 t0000 0000Q 0000 000000000 00000000 00000000, 00000000 S000000000 00000 c0000 00000 HZZH 00ZZZZ0 HZWZ 00ZZZZZH 0000 QQ, :0QW0 U0000000000 t077H H0000U Cracking Tutorial #10: CrAcKiNG Netrace 1.0a [cracked bY:] sLeEpY¿[FWA/NWA/FTPR8Z] iN 02/2002 [difficulty:] beginner [where:] http://www.davecentral.com/browse/209/?offset=1320 http://www.clearskyinc.com/nettrace.html þ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿þ Nettrace utility provides ping, trace, netstat, whois query info, dns query info, and local adapter and system info. Added: 22-Jan-2002 Updated: 28-Jan-2002 Language :: C/C++ License :: Time Limit Demo Platform :: Windows 2000 Platform :: Windows 95/98 Platform :: Windows ME Platform :: Windows NT 4.0 Platform :: Windows NT 5.0 Platform :: Windows XP Price :: Between $10 and $40 þ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿þ tOOLz: w32dasm, Hiew or hex editor of your choice... filemon resource hacker -optional þ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿þ [WHAT A CAKE PROGRAM TO CRACK] This program is what makes cracking kinda fun, an easy crack... Ok well to start with you know the normal routine, 3 copies, ect, if not get the older tutorials. I start the program and get this overbloated nag asking me for a regcode and well, it is annoying. At least the program was coded in C...Looks like VB though, sad... Well after keying sLeEpY¿ i get this error msg: nettrace Incorrect key value. Hit ok to try again. Ya, how about instead of hitting ok i tell you we have what we need to know =0) Lets go into W32dasm with this prog decompiled. Under string references i find 2 things I like: "Key Validated. Thank you for your" and "Incorrect key value. Hit ok to" So I go to where that text is loaded, disassembled is this: :00404EAB 84C0 test al, al :00404EAD 6A00 push 00000000 :00404EAF 751D jne 00404ECE <---reg code good, blah thanks! :00404EB1 6A01 push 00000001 * Possible StringData Ref from Data Obj ->"Incorrect key value. Hit ok to " ->"try again." : a couple trees in the codewoods : :00404ECE 6A00 push 00000000 * Possible StringData Ref from Data Obj ->"Key Validated. Thank you for your " ->"Purchase." So this simple protection can be defeated at the offset: 4EAF change this: :00404EAF 751D jne 00404ECE to this: :00404EAF EB1D jmp 00404ECE well we are validated, but when the program restarts we are back at crap uncracked. on we go... first i fired up registry monitor but i'll skip some time because that will get ya nowhere, reg code isn't in the registry... So next we will fire up filemon! Start the program and you will see a bunch of dlls called ect but wait , what is this?? yksraelc in C:\Windows\System32??? What is yksraelc? not even an extension. -----------------i cut some above and below that wernt important-------------- 48 5:45:40 nettrace.exe:1696 IRP_MJ_CLEANUP C:\WINNT\System32\CLBCATQ.DLL SUCCESS 49 5:45:40 nettrace.exe:1696 FASTIO_QUERY_OPEN C:\WINNT\System32\MFC 42LOC.DLL FAILURE 50 5:45:40 nettrace.exe:1696 FASTIO_QUERY_OPEN C:\WINNT\System32\MFC 42LOC.DLL FAILURE 51 5:45:40 nettrace.exe:1696 IRP_MJ_CLEANUP C:\WINNT\System32\ SUCCE SS 52 5:45:40 nettrace.exe:1696 FASTIO_QUERY_OPEN C:\WINNT\System32\MFC 42LOC.DLL FAILURE 53 5:45:40 nettrace.exe:1696 IRP_MJ_CLEANUP C:\WINNT\System32\yksraelc SUCCESS 54 5:45:40 nettrace.exe:1696 IRP_MJ_CLEANUP C:\WINNT\System32\yksraelc SUCCESS 55 5:45:40 nettrace.exe:1696 FASTIO_QUERY_OPEN C:\WINNT\System32\yks raelc FAILURE 56 5:45:40 nettrace.exe:1696 IRP_MJ_CLEANUP C:\WINNT\System32\yksraelc SUCCESS 57 5:45:40 nettrace.exe:1696 IRP_MJ_CLEANUP C:\WINNT\System32\yksraelc SUCCESS -------------------------------------------------------------------------------- First before we go on, delete are semi-cracked copy of this program and rename the backup file to the original so we have a clean copy again. ok this looks like fun, start the program again and you will be prompted for the key, put in anything you like and click ok and cancel to start the program, quit the program and open the file C:\WINNT\System32\yksraelc in notepad, you should see something like this: 3373522201 9999999 I entered sLeEpY¿ and thats the code that appeared in my file. Next take the first code, 3373522201 and start the program again, it will ask for that keycode, put in the 3373522201 and it will be accepted and your program is now registered. Restart ...No more nag! I checked the file again and after i regged it with the correct key this is what appears in it: 5504522201 0568144101 So i deleted the "yksraelc" file and made it unregged again, and pasted in both of these codes in the keycode box: 5504522201, 0568144101 one at a time and they worked too! So basically this program is its own keygen, here are some more: 1693522201 3373522201 1133522201 0568144101 What a joke protection this was, i could list the codes all day. Just enter any name or number in the keycode box and then open that file and you will have generated a valid key for the program. ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ Extra Stuff: yup, boring extra crap, I personalized this prog and added a cracked by sLeEpY¿ to mine, since we arnt making a crack it doesnt matter but i'll show ya how to do it anyway. Open this prog up in resource hacker. Now I went to DIALOG 1033 (the about box) and modified: CONTROL "Copyright © 2001 All rights reserved.", -1, STATIC, SS_LEFT | blah blah to this CONTROL "CracKed bY: sLeEpY¿ iN 02/2002.", -1, STATIC, SS_LEFT | blah blah and saved it, now im in the about box. There is also a url in there you can change too but you gotta use ultraedit or some other hex editor for it. Later all... ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ email me if you are bored: sleepy@linuxwaves.com ._Tutorialz_. [--------------------------------------------------------------------] [ 1. Cracking Cosmi's Generic Installshield Protection ] [ 2. CRACKING(?) MATH WORKSHOP 2.0 ] [ 3. CrAcKiNG DLSuperCBT Resynchronizing Byte Compare Program ] [ 4. CrAcKiNG the nag on DLSuperCBF - Dir Binary File Compare Program] [ 5. CrAcKiNG n)0(va crackme v3 (crazy approach) ] [ 6. CrAcKiNG mIRC(R) v5.91 Internet Relay Chat Client ] [ 7. CrAcKiNG Actionizer 1.4 ] [ 8. CrAcKiNG Tag Wizard 4.3.0 ] [ 9. CrAcKiNG Freecell for Win2k and WinXP ] [10. CrAcKiNG Netrace 1.0a ] ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ gReEtz: MiNioN, GreycZ, KlutCh, KiNgEr, MidNight, FWA, NWA, FTPiRatEz! HAR! BEASTFXP! ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ CopyLeft: __ ______ __ __ _ _____/ / ___ / ____/__\ \/ /(_) / ___/ / / _ \/ __/ / __ \ // / (__ ) /__/ __/ /___/ /_/ / / _/_ /____/_____|___/_____/ .___/_/\___/ /_/ [all rights reversed] Boredom causes crackers and babies. ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿