‏؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟‏


                                              غغغغ       غغ
                          غغغ                    غغ    غغغ
                      غغغغ غغ                     غغ  غغ
                  غغغغ    غغ                 غغغغ  غغغغ
                غغ        غ    غغغغ غغغغغ  غغ   غ   غ      غ
                غ        غ     غ    غ      غ    غ   غ
                غ       غغ     غ    غغ     غ   غغ   غغ
                غ       غ      غغ    غ     غ  غغ     غ
               غغ      غغ     غغغغغ  غغغغ  غغغغ      غغ    غ
              غغ       غ     غغ      غ     غ          غ    غ
              غغغغغغ   غ     غ      غغ     غ          غ    غ
                   غ  غغ     غغغغغ  غغغغغ  غ          غ    غغغغغ
       غغغ         غ  غ                   غغ          غغ   غ   غغ
         غغغ       غ  غغغغغغ             غغ                      غ
           غغغ     غ       غغغ           غ                       غ
              غغغغغغ         غ           غ                       غ
                                        غغ                      غغ
                                                        غ       غ
                                                        غ      غغ
                                                        غغ  غغغغ
                                                         غغغغ

ىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىى

Cracking Tutorial #17:
CrAcKiNG iuVCR 4.0.0.205 beta5 Trial (R_02-28-2002)
[cracked bY:] sLeEpY؟[FWA/NWA/FTPR8Z] iN 02/2002
[difficulty:] beginner
[where:] http://www.iulab.com
[tOOLz:] w32dasm, Hiew or hex editor of your choice...

ىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىىى

WORD IS BORN. 

Well the usual, make 3 copies of iuVCR.exe...(bak & w32).
Run the program and what do we have, yes a friggen nag. I got a hold of this nice 
piece of software and i need to email the author to tell him it works with my old old
Pixelview tv tuner with the BT878 chipset. Works with XP no less. No sound but good
job and i would mail you money but im poor so all i can do is crack your prog because
the nag screen is just too horrible. Anyway here's the nag:


Register
This program distributes as shareware and
requires registration. Having get licensing
key this reminder will be disabled.

You can register online - just visit
http://www.iulab.com
[close] (5 sec timer)

Close the program and we get that same NAG again.

Well ya light a smoke, whatever, lets look for "Register" in W32dasm SDR.
Here we find it at this code location:
:00447AA9
and thats the only place...that saves time.
Trace it back and find the caller...
-->called from 00447A4F
I was going to cut and paste the code for you but the file ended up being 20.6 Meg and
im on a crappy computer right now. Just try to follow.

At location 00447A4F we look up through the code a bit and find 2 places where we are 
called from to get to that call. 
Called from these 2 places:

004329A0 and 00437B60

hmm..two places, two nags...


First we piss with :00437B60
right before this call is a jne, lets make it jmp!
The offset in HIEW is 37159.

But keep your eye open because we have to nop a code before that so it doesn't 
execute first before our jmp.

Above it is a je to the nag so nop it @ offset 37155 Start the prog, we have that 
damn startup nag...end the prog..WOOHOO the close nag is wasted!!!!!!!

فàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàف

:lines of blah
:00437B52 F6C402		test ah, 02
:00437B55 7404			je 00437B5B  <- our bad guy to closing nag
:00437B57 A840			test al, 40
:00437B59 750A			jne 00437B65  <- our good guy, kill closing nag

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00437B5B(C)

:00437B58 blah blah
:00437B60 E863FE0000		call 004479C8

فàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàف

SO here are the modifications we need to make first:
:00437B55 7404			je 00437B5B (offset 37155 in HIEW)
:00437B57 A840			test al, 40
:00437B59 750A			jne 00437B65 (offset 37159 in HIEW)
change to:
:00437B55 9090			nop nop
:00437B57 A840			test al, 40
:00437B59 EB0A			jmp 00437B65  

This will defeat the closing nag screen.
فàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàف

Now the beginning nag screen is simply at the other call:004329A0
and we basically do the same thing:


:lines of blah
:00432992 F6C402		test ah, 02
:00432995 7404			je 0043299B  <- our bad guy to starting nag
:00432997 A840			test al, 40
:00432999 750A			jne 004329A5  <- our good guy, kill starting nag

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432995(C)

:0043299B blah blah
:004329A0 E823500100		call 004479C8

فàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàف
So here are the rest of the modifications we need to make:

:00432995 7404			je 0043299B (offset 31F95 in HIEW)
:00432997 A840			test al, 40
:00432999 750A			jne 004329A5 (offset 31F99 in HIEW)

change to:
:00432995 9090			nop
:00432997 A840			test al, 40
:00432999 EB0A			jmp 004329A5
 
فàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàلâمنهàف

As you can see this causes the program to skip the first jump and take the second
jump no matter what, the second jump puts us past the Call to the nag:

(:004329A0 E823500100		call 004479C8) <--call the nag

So if the nag is never called it never shows, simple.
The prog isn't registered but since there is no other protection we dont have to mess
with it anymore. We wasted the nags all that is left is the unsightly "unregistered"
at the top of the program box.

Laterz

؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟

email me if you are bored: sleepy@linuxwaves.com

                           ._Tutorialz_.
[--------------------------------------------------------------------]
[ 1. Cracking Cosmi's Generic Installshield Protection               ]
[ 2. CRACKING(?) MATH WORKSHOP 2.0                                   ]
[ 3. CrAcKiNG DLSuperCBT Resynchronizing Byte Compare Program        ]
[ 4. CrAcKiNG the nag on DLSuperCBF - Dir Binary File Compare Program]
[ 5. CrAcKiNG n)0(va crackme v3 (crazy approach)                     ]
[ 6. CrAcKiNG mIRC(R) v5.91 Internet Relay Chat Client               ]
[ 7. CrAcKiNG Actionizer 1.4                                         ]
[ 8. CrAcKiNG Tag Wizard 4.3.0                                       ]
[ 9. CrAcKiNG Freecell for Win2k and WinXP                           ]
[10. CrAcKiNG Netrace 1.0a                                           ]
[11. CrAcKiNG Winrar 3 Beta 2 THROUGHLY                              ]
[12. CrAcKiNG Aditor Pro 3.05 build 1                                ]
[13. CrAcKiNG EasyType 1.0                                           ]
[14. CrAcKiNG The Psychedelic Screen Saver v2002.0215                ]
[15. CrAcKiNG Applet Headline Factory Version 4.0                    ]
[16. CrAcKiNG Codewhiz Editor Version 1.7 (build 1.01b)              ]
[17. CrAcKiNG iuVCR 4.0.0.205 beta5 Trial (R_02-28-2002)             ]
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟

gReEtz: MiNioN, GreycZ, KlutCh, KiNgEr, MidNight, FWA, NWA, FTPiRatEz! HAR! BEASTFXP!

؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟

CopyLeft:
                              __        ______  __  __ _
                        _____/ /  ___  / ____/__\ \/ /(_)
                       / ___/ /  / _ \/ __/ / __ \  // /
                      (__  ) /__/  __/ /___/ /_/ / / _/_
                     /____/_____|___/_____/ .___/_/\___/
                                         /_/

	                   [all rights reversed]
                     Boredom causes crackers and babies.

؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟