‏؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟‏



               00000              00000000            0000  0000
      377O    00000      J77t    30000000  O7J  t7W   000Q 0000      H0000
   d00000000  00000    00000000  0000;    0000000000  000 J000       0000
   0003 0000 00000   W0000 0000  0000    W0000 00000  000W000
  0000   ,0  0000O   0000 c0000 0000000d 0000  0000  c000000    0ZZ 0000
  000000    00000   0000000000  0000000  0000 0000U  200000   0000000000
    W00000  0000Q   0000       00000    0000  0000   U0000   00000 0000
 W    0000 00000   0000d 0000 :0000    00000 0000Q   0000;  00000
0000t 000; 0000St0 0000 3000  00000 0d 0000  0000   t0000   0000Q  0000
000000000 00000000 00000000, 00000000 S000000000    00000  c0000  00000
  HZZH    00ZZZZ0    HZWZ    00ZZZZZH 0000  QQ,    :0QW0   U0000000000
                                     t077H                  H0000U


Cracking Tutorial #14:
CrAcKiNG The Psychedelic Screen Saver v2002.0215
[cracked bY:] sLeEpY؟[FWA/NWA/FTPR8Z] iN 03/2002
[difficulty:] beginner
[where:] http://www.synthesoft.com 

‏؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟‏

[TOOLZ:] w32dasm 8.93 & HIEW 5 or 6 or whatever.

فàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàف


The Psychedelic Screen Saver is a light synthesizer that generates an astounding
variety of mesmerizing patterns. As the patterns materialize on your screen, the
colors will shift, undulate, and blow your mind. Whether you're into abstract art,
mathematics, or just have a history of mental illness, you'll love this screen saver.



Installs to "C:\Program Files\Psych" and the main executable is Psych.exe, but the 
registration routine is not in this exe file. You can disassemble psych.exe but you
wont find any string references in there. I though it was a good protection maybe, but
it was just in a different exe file.

At this time we use filemon, and it shows these files: 
C:\WINNT\d4c_kcsv.exe
C:\WINNT\sdkill.exe
C:\WINNT\psycss-c.exe
C:\WINNT\System32\hplun.dll

Filemon will show this when you goto the reg screen area in the prog:
C:\WINNT\PKCREGD.EXE

Well we found are target, half the problem is there.
(HOW DO I USE FILEMON YOU ASK? Easy just start filemon, then start your program and
it will show what your program uses or looks at. DLL's, EXE's, and shit.


so we disassemble that and get dropped here on the bad message:
:00401DCE
so I'll open up the code around it a lil.



|:00401D9A(C) <--where our error message is called from...go there.
|
:00401DC7 6A00      push 00000000

* Possible StringData Ref from Data Obj ->"Registration Code Error"

:00401DC9 68C0924000      push 004092C0

* Possible StringData Ref from Data Obj ->"You have entered and invalid code "
->"- please try again."
:00401DCE 6888924000      push 00409288

* more crap that we dont care about at this point



so now we go to where the code was called from, 00402D9A



:00401D97
:00401D99
:00401D9A 742B je 00401DC7 <-call error msg on bad serial!
:00401D9C 33F6      xor esi, esi
:00401D9E 56      push esi

* Possible StringData Ref from Data Obj ->"Thank you for registering!"

:00401D9F 6818934000      push 00409318

* Possible StringData Ref from Data Obj ->"One or more Synthesoft products "
->"were successfully registered."
:00401DA4 68D8924000      push 004092D8

*blah blah blah code



well we change this:
:00401D9A 742B      je 00401DC7 (OFFSET 1D9A)
to this:
:00401D9A 9090      noppity nop

Well this gives us the happy you're regged message, but the product isn't registered.

So next I look for a code that goes to "Registered"
and get dumped here: 00401505

Then I look for a code that goes to "UnRegistered"
and get dumped here: 0040150E



:004014F9 85C0      test eax, eax
:004014FB C78578FFFFFF02000000      mov dword ptr [ebp+FFFFFF78], 00000002

* Possible StringData Ref from Data Obj ->"Registered"
|
:00401505 C7458438894000      mov [ebp-7C], 00408938
:0040150C 7507      jne 00401515 <--jump if correct serial!

* Possible StringData Ref from Data Obj ->"UnRegistered"
|
:0040150E C7458428894000      mov [ebp-7C], 00408928



There is only one jump inside this routine and its at 0040150C.
it looks like it just changes to unregistered unless the flag is tripped to take the
jne, so lets make it jmp, and that flag is at offset 150C in HIEW.

Change this:
:0040150C 7507      jne 00401515
to this:
:0040150C EB07      jmps 00401515

We restart the prog and registered!

Even more of a joke is that all the progs by this company are registered now, even the
ones that arn't installed on my computer are registered according to this. This is a
pretty kool screensaver though, check it out.

Laterz

BTW: THIS PROG HASN'T BEEN FULLY CRACKED.
THERE IS STILL A NAG MESSAGE WHILE RUNNING IT.
I WILL UPDATE THIS TUTORIAL LATER.



؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟

email me if you are bored: sleepy@linuxwaves.com

                           ._Tutorialz_.
[--------------------------------------------------------------------]
[ 1. Cracking Cosmi's Generic Installshield Protection               ]
[ 2. CRACKING(?) MATH WORKSHOP 2.0                                   ]
[ 3. CrAcKiNG DLSuperCBT Resynchronizing Byte Compare Program        ]
[ 4. CrAcKiNG the nag on DLSuperCBF - Dir Binary File Compare Program]
[ 5. CrAcKiNG n)0(va crackme v3 (crazy approach)                     ]
[ 6. CrAcKiNG mIRC(R) v5.91 Internet Relay Chat Client               ]
[ 7. CrAcKiNG Actionizer 1.4                                         ]
[ 8. CrAcKiNG Tag Wizard 4.3.0                                       ]
[ 9. CrAcKiNG Freecell for Win2k and WinXP                           ]
[10. CrAcKiNG Netrace 1.0a                                           ]
[11. CrAcKiNG Winrar 3 Beta 2 THROUGHLY                              ]
[12. CrAcKiNG Aditor Pro 3.05 build 1                                ]
[13. CrAcKiNG EasyType 1.0                                           ]
[14. CrAcKiNG The Psychedelic Screen Saver v2002.0215                ]
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟

gReEtz: MiNioN, GreycZ, KlutCh, KiNgEr, MidNight, FWA, NWA, FTPiRatEz! HAR! BEASTFXP!

؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟

CopyLeft:
                              __        ______  __  __ _
                        _____/ /  ___  / ____/__\ \/ /(_)
                       / ___/ /  / _ \/ __/ / __ \  // /
                      (__  ) /__/  __/ /___/ /_/ / / _/_
                     /____/_____|___/_____/ .___/_/\___/
                                         /_/

	                   [all rights reversed]
                     Boredom causes crackers and babies.

؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟