SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING CleanUp v1.9 A Cracking Tutorial by ASTAGA [WTF/TTM] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. Read END NOTES section at the end of this file. ABOUT THE PROGRAM What would you think of an application that automatically finds potentially useless files on your drives so you can deal with them all with just one click. You can identify useless files by extension type (*.tmp for example), exclude files of a certain name, protect fol ders from being searched, search for zero-length files and so on. You can even have CleanUp clean your Temp directori es and purge your Netscape cache & URL history. You get to review every file before any actions are taken. And if you are a little wary of deletions, you can simply direct CleanUp to move the files to a destination folder. Features : o WHERE TO DOWNLOAD Author : Paul Gerhart Copyright : Paul Gerhart Homepage : http://www.worldlynx.net/pgerhart/_clean.html URL : http://www.winsite.com/info/pc/win95/dskutil /cleanu19.zip Size : 1.2 MB as of December 26, 2000 Rel Date : December 14, 2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run .EXE, in the registration dialog box type these below informations : Name : Red Rackham Code : 73881050 ( default is 8 characters ) Do not click OK button yet 2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX hmemcpy [enter] and F5 to return to the main program 3. Now, click OK button... you'll return back into SoftIce! In within SoftIce press F11, F5, F11, then F12 11 times until you see and break at : ______________________________________________________________ 015F:0040AB4C E891400000 CALL 0040EBE2 015F:0040AB51 6A32 PUSH 32 ==> d ecx 015F:0040AB53 8B4DFC MOV ECX,[EBP-04] 015F:0040AB56 83C164 ADD ECX,64 ... _________________________ CLEANUP!.text+9B4C _______________ While stay at 015F:0040AB51 - dump ECX register : : d ecx [enter] ==> your name appear at virtual 0167:006654C0 Now, let's do a search string for your fake code as follow : : bd * [enter] ==> no longer needed : bpx 015F:0040AB4C [enter] : s 0 l fffffffffffffff '73881050' [enter] Pattern found at 0167:00664340 <=== may differ in your PC Disable and create new breakpoint as follows : : bd * [enter] : bpr 0167:00664340 0167:00664340+8 rw [enter] Press F5 to let SoftIce break into new location 5. If nothing goes wrong you'll break again at these below snippet codes : 015F:78002E90 8B02 MOV EAX,[EDX] 015F:78002E92 3A01 CMP AL,[ECX] ==> D ECX ; D EDX 015F:78002E94 7530 JNZ 78002EC6 .... _________________________ MSVCRT!.text+1E90 _________________ While break at 015F:78002E92 do these followings : :d edx did you see interesting D7D8BD33 at virtual address 0167:00665510 ? write it down! :d ecx your fake code at virtual address 0167:00664340 7. Disable all breakpoints by typing BD * [enter] Press F5 or X to return to the main program 8. Repeat registration procedure and keyed-in D7D8BD33 as your S/N. Click OK button ..... there you're registered. 9. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Paul Gerhart Software\ CleanUp\User] "Name"="Red Rackham" "Code"="D7D8BD33" 10. How can I practise with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [WTF/TTM/D4C/C4A] tute-cleanup19.zip [EOF] First Edited : 12/27/00 6:08:55 PM Updated : 1/16/01 11:49:06 PM ( for MoLoToV CoMpuTeR's ) History of BPX Listing for CleanUp v1.9 - ASTAGA [TTM] 00) * BPX KERNEL!HMEMCPY 01) * BPX #0001:00009B4C 02) * BPX #0001:0000E347 03) * BPR #0167:00664340 #0167:00664348 RW 04) * BPMB #0167:00664340 RW DR3