؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟ 00000 00000000 0000 0000 377O 00000 J77t 30000000 O7J t7W 000Q 0000 H0000 d00000000 00000 00000000 0000; 0000000000 000 J000 0000 0003 0000 00000 W0000 0000 0000 W0000 00000 000W000 0000 ,0 0000O 0000 c0000 0000000d 0000 0000 c000000 0ZZ 0000 000000 00000 0000000000 0000000 0000 0000U 200000 0000000000 W00000 0000Q 0000 00000 0000 0000 U0000 00000 0000 W 0000 00000 0000d 0000 :0000 00000 0000Q 0000; 00000 0000t 000; 0000St0 0000 3000 00000 0d 0000 0000 t0000 0000Q 0000 000000000 00000000 00000000, 00000000 S000000000 00000 c0000 00000 HZZH 00ZZZZ0 HZWZ 00ZZZZZH 0000 QQ, :0QW0 U0000000000 t077H H0000U Cracking Tutorial #14: CrAcKiNG The Psychedelic Screen Saver v2002.0215 [cracked bY:] sLeEpY؟[FWA/NWA/FTPR8Z] iN 03/2002 [difficulty:] beginner [where:] http://www.synthesoft.com ؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟ [TOOLZ:] w32dasm 8.93 & HIEW 5 or 6 or whatever. فàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàف The Psychedelic Screen Saver is a light synthesizer that generates an astounding variety of mesmerizing patterns. As the patterns materialize on your screen, the colors will shift, undulate, and blow your mind. Whether you're into abstract art, mathematics, or just have a history of mental illness, you'll love this screen saver. Installs to "C:\Program Files\Psych" and the main executable is Psych.exe, but the registration routine is not in this exe file. You can disassemble psych.exe but you wont find any string references in there. I though it was a good protection maybe, but it was just in a different exe file. At this time we use filemon, and it shows these files: C:\WINNT\d4c_kcsv.exe C:\WINNT\sdkill.exe C:\WINNT\psycss-c.exe C:\WINNT\System32\hplun.dll Filemon will show this when you goto the reg screen area in the prog: C:\WINNT\PKCREGD.EXE Well we found are target, half the problem is there. (HOW DO I USE FILEMON YOU ASK? Easy just start filemon, then start your program and it will show what your program uses or looks at. DLL's, EXE's, and shit. so we disassemble that and get dropped here on the bad message: :00401DCE so I'll open up the code around it a lil. |:00401D9A(C) <--where our error message is called from...go there. | :00401DC7 6A00 push 00000000 * Possible StringData Ref from Data Obj ->"Registration Code Error" :00401DC9 68C0924000 push 004092C0 * Possible StringData Ref from Data Obj ->"You have entered and invalid code " ->"- please try again." :00401DCE 6888924000 push 00409288 * more crap that we dont care about at this point so now we go to where the code was called from, 00402D9A :00401D97 :00401D99 :00401D9A 742B je 00401DC7 <-call error msg on bad serial! :00401D9C 33F6 xor esi, esi :00401D9E 56 push esi * Possible StringData Ref from Data Obj ->"Thank you for registering!" :00401D9F 6818934000 push 00409318 * Possible StringData Ref from Data Obj ->"One or more Synthesoft products " ->"were successfully registered." :00401DA4 68D8924000 push 004092D8 *blah blah blah code well we change this: :00401D9A 742B je 00401DC7 (OFFSET 1D9A) to this: :00401D9A 9090 noppity nop Well this gives us the happy you're regged message, but the product isn't registered. So next I look for a code that goes to "Registered" and get dumped here: 00401505 Then I look for a code that goes to "UnRegistered" and get dumped here: 0040150E :004014F9 85C0 test eax, eax :004014FB C78578FFFFFF02000000 mov dword ptr [ebp+FFFFFF78], 00000002 * Possible StringData Ref from Data Obj ->"Registered" | :00401505 C7458438894000 mov [ebp-7C], 00408938 :0040150C 7507 jne 00401515 <--jump if correct serial! * Possible StringData Ref from Data Obj ->"UnRegistered" | :0040150E C7458428894000 mov [ebp-7C], 00408928 There is only one jump inside this routine and its at 0040150C. it looks like it just changes to unregistered unless the flag is tripped to take the jne, so lets make it jmp, and that flag is at offset 150C in HIEW. Change this: :0040150C 7507 jne 00401515 to this: :0040150C EB07 jmps 00401515 We restart the prog and registered! Even more of a joke is that all the progs by this company are registered now, even the ones that arn't installed on my computer are registered according to this. This is a pretty kool screensaver though, check it out. Laterz BTW: THIS PROG HASN'T BEEN FULLY CRACKED. THERE IS STILL A NAG MESSAGE WHILE RUNNING IT. I WILL UPDATE THIS TUTORIAL LATER. ؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟ email me if you are bored: sleepy@linuxwaves.com ._Tutorialz_. [--------------------------------------------------------------------] [ 1. Cracking Cosmi's Generic Installshield Protection ] [ 2. CRACKING(?) MATH WORKSHOP 2.0 ] [ 3. CrAcKiNG DLSuperCBT Resynchronizing Byte Compare Program ] [ 4. CrAcKiNG the nag on DLSuperCBF - Dir Binary File Compare Program] [ 5. CrAcKiNG n)0(va crackme v3 (crazy approach) ] [ 6. CrAcKiNG mIRC(R) v5.91 Internet Relay Chat Client ] [ 7. CrAcKiNG Actionizer 1.4 ] [ 8. CrAcKiNG Tag Wizard 4.3.0 ] [ 9. CrAcKiNG Freecell for Win2k and WinXP ] [10. CrAcKiNG Netrace 1.0a ] [11. CrAcKiNG Winrar 3 Beta 2 THROUGHLY ] [12. CrAcKiNG Aditor Pro 3.05 build 1 ] [13. CrAcKiNG EasyType 1.0 ] [14. CrAcKiNG The Psychedelic Screen Saver v2002.0215 ] ؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟ gReEtz: MiNioN, GreycZ, KlutCh, KiNgEr, MidNight, FWA, NWA, FTPiRatEz! HAR! BEASTFXP! ؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟ CopyLeft: __ ______ __ __ _ _____/ / ___ / ____/__\ \/ /(_) / ___/ / / _ \/ __/ / __ \ // / (__ ) /__/ __/ /___/ /_/ / / _/_ /____/_____|___/_____/ .___/_/\___/ /_/ [all rights reversed] Boredom causes crackers and babies. ؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟