þ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿þ 00000 00000000 0000 0000 377O 00000 J77t 30000000 O7J t7W 000Q 0000 H0000 d00000000 00000 00000000 0000; 0000000000 000 J000 0000 0003 0000 00000 W0000 0000 0000 W0000 00000 000W000 0000 ,0 0000O 0000 c0000 0000000d 0000 0000 c000000 0ZZ 0000 000000 00000 0000000000 0000000 0000 0000U 200000 0000000000 W00000 0000Q 0000 00000 0000 0000 U0000 00000 0000 W 0000 00000 0000d 0000 :0000 00000 0000Q 0000; 00000 0000t 000; 0000St0 0000 3000 00000 0d 0000 0000 t0000 0000Q 0000 000000000 00000000 00000000, 00000000 S000000000 00000 c0000 00000 HZZH 00ZZZZ0 HZWZ 00ZZZZZH 0000 QQ, :0QW0 U0000000000 t077H H0000U Cracking Tutorial #12: CrAcKiNG Aditor Pro 3.05 build 1 [cracked bY:] sLeEpY¿[FWA/NWA/FTPR8Z] iN 02/2002 [difficulty:] beginner [where:] http://aditor.swrus.com/download.htm http://www.davecentral.com/projects/aditorpro/ þ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿þ [TOOLZ:] w32dasm 8.93 & HIEW 5 or 6 or whatever. ÝàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàÝ [WHAT IS THIS PROGRAM?] Language :: C/C++ License :: Shareware Platform :: Windows 95/98 [i got it to work on 2k as well] Platform :: Windows NT 4.0 Price :: Between $10 and $40 Aditor Pro 3.05 build 1 ($24.99) Advanced text editor that is an ideal tool for programmers and Web masters. Fully-customizable power syntax highlight schemes for HTML, C/C++, Delphi, Java, Perl and any other user-defined programming languages. Highlighting and activating URL directly from editor. Multilanguage support. Unlimited Undo/Redo, powerfull Find/Replace with regular expression and possibility to replace in multiply files. Unlimited number of bookmarks for each file. Clip libraries support, which allows you add any of your own clips to Aditor. Fully customizable appearance - colors, fonts, toolbar etc.. Minimizing to system tray. Execution files without leaving the editor. Removing HTML tag, case conversion, bracked autocomplete, word wrap. Possibility to send email directly from the editor, autosave and many, many more. ÝàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàÝ This protection code was fairly easy to break, iT involved making you think any code you entered work and then on restart it screws ya over with the error msg. Well we could be optimistic and say that it is half cracked allready! Well write down your error msg... "Your registration code is incorrect." and lets disassemble in w32dasm (you made your backups i presume) Click the SDR button and we will see: "Your registration code is incorrect." and click it and it takes us to 2 places! ÝàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàÝ :0041127A & :004113CB - :00411274 0F846D010000 je 004113E7 (offset 11274) * Possible Reference to String Resource ID=07005: "Your registration code is incorrect." :0041127A <--you get dropped here on the first one Well a jump right before our error msg, you know what to do... (change the first: :00411274 0F846D010000 je 004113E7 to: :00411274 0F836D010000 jae 004113E7 We use this code again because i cant remember how to change it to jump (OFEB is no good) [from crackers notes] [0F 83 cw/cd JAE rel16/32 Jump near if above or equal (CF=0)] We have to change it to jae instead of jne because otherwise when we dont have a name in it then it will give us the invalid user error, with jae we dont get the message anymore regardless. If you want to see what i mean change it to jne and try to register it, each time you start you'll get the error because it finds the name in the registry instead of deleting it now and uses it.(which is good for us!) I skipped the second one because i think it gets wiped when we modify some of the other code (below), and i didnt get the error anymore. OK, so this gets rid of the "Your registration code is incorrect." box and hey, it keeps our name in the registered too box under help. That works out great! On with the pillaging.... ÝàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàáâãäåàÝ Ok, so we got it to reg and save our regged name, but what about that annoying startup nag?? Well lets crack it out......... write down (or remember) the parts that are in the nag Heres what I see: "this version is unregistered" "Howto" "Register" "ok" So im doing this a little different, check out the dead listing of the code in w32dasm. Check out the DialogID, its right at the top, or here for you to see: Name: DialogID_008B, # of controls=006, Caption:"", Classname:"" 001 - ControlID:FFFF, Control Class:"STATIC" Control Text:"" 002 - ControlID:0630, Control Class:"STATIC" Control Text:"This version is unregistered" 003 - ControlID:0631, Control Class:"STATIC" Control Text:"Howto" 004 - ControlID:0632, Control Class:"STATIC" Control Text:"reg" 005 - ControlID:0633, Control Class:"STATIC" Control Text:"ok" 006 - ControlID:0001, Control Class:"BUTTON" Control Text:"." WELL THIS TELLS US THAT DialogID_008B is the nag window! So click the DLG ref button and you will see: Dialog: DialogID_008B (you'll also see the rest of the dialogs below that, but we want this one) Double click it and it drops you here and only here: :0040E4A6 a lot of code surrounds that nag but there has to be something that jumps it and i dont see anything, so scroll up 12 lines from where we landed and you see this: * Referenced by a CALL at Address: |:00425BBC so our nag is called from here :00425BBC <-code location so we trace to it and find this (in w32dasm click goto, and type in code location) :00425BBC E8D188FEFF call 0040E492 let me open the code up a bit so we can see what to do :00425BB1 85C0 test eax, eax :00425BB3 742A je 00425BDF <--jump if reg is good on startup :00425BB5 53 push ebx :00425BB6 8D8DC0FBFFFF lea ecx, dword ptr [ebp+FFFFFBC0] :00425BBC E8D188FEFF call 0040E492 <--call our nag screen routine I see 2 ways to crack this part of the code, 1st: :00425BB3 742A je 00425BDF (offset 25BB3 in HIEW) change to: :00425BB3 EB2A jmps 00425BDF This will jump us past the code everytime. the second way is this: :00425BBC E8D188FEFF call 0040E492 change to: :00425BBC 9090909090 noppity nop nop so lets go with the first way (the second way gives me several error messages and crashes =P) OK, this prog is cracked and I see nothing else to check...except the 30 day limit, sheeeeeeeit i almost forgot, lets jump ahead out calender a year cause its easy that way and start the program. NOTHING...KOOL, i guess that means that the 30 day protection was trashed by us somehow in the process or it just had a nag. (BTW, to UNREG this program run regmon! it told me that the username was stored here =0) --> HKEY_CURRENT_USER\Software\ADWare\Aditor\General you will see a key called: User and you fake regname in it! DELETE IT! ) Well enjoy this prog and if ya like it, crack it.......... later all! ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ email me if you are bored: sleepy@linuxwaves.com ._Tutorialz_. [--------------------------------------------------------------------] [ 1. Cracking Cosmi's Generic Installshield Protection ] [ 2. CRACKING(?) MATH WORKSHOP 2.0 ] [ 3. CrAcKiNG DLSuperCBT Resynchronizing Byte Compare Program ] [ 4. CrAcKiNG the nag on DLSuperCBF - Dir Binary File Compare Program] [ 5. CrAcKiNG n)0(va crackme v3 (crazy approach) ] [ 6. CrAcKiNG mIRC(R) v5.91 Internet Relay Chat Client ] [ 7. CrAcKiNG Actionizer 1.4 ] [ 8. CrAcKiNG Tag Wizard 4.3.0 ] [ 9. CrAcKiNG Freecell for Win2k and WinXP ] [10. CrAcKiNG Netrace 1.0a ] [11. CrAcKiNG Winrar 3 Beta 2 THROUGHLY ] [12. CrAcKiNG Aditor Pro 3.05 build 1 ] ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ gReEtz: MiNioN, GreycZ, KlutCh, KiNgEr, MidNight, FWA, NWA, FTPiRatEz! HAR! BEASTFXP! ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ CopyLeft: __ ______ __ __ _ _____/ / ___ / ____/__\ \/ /(_) / ___/ / / _ \/ __/ / __ \ // / (__ ) /__/ __/ /___/ /_/ / / _/_ /____/_____|___/_____/ .___/_/\___/ /_/ [all rights reversed] Boredom causes crackers and babies. ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿