SERIAL NUMBER IS not FISHY - PATCHING IS MORE YUMMY FastFolders v2.5 A Cracking Tutorial by ASTAGA [WTF/TTM] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. Read END NOTES section at the end of this file. ABOUT THE PROGRAM Welcome to FastFolders, a system extension which increases yourproductivity dramatically by giving you quick and easy access tofolder contents and files. Without opening each and every folder,you can browse the directory structure starting at any point byclicking the right mouse button on a file, folder or drive. The program modifies the context menus of shell objects, adding a menuitem which displays the directory structure on demand. If you drag and drop an object on a folder or drive using the right mouse button, you can copy or move the object(s) to any folder of your computer by selecting it from the FastFolders menu. In addition, FastFolders includes a revolutionary feature to resize the items of the status bars of all Explorer win dows to fit all important information (e.g. file sizes) optimally. To use FastFolders, open the context menu of any shell object ("MyComputer", "Network Neighborhood", a drive, folder or file, etc.) by right-clicking it. When you move the mouse pointer over theFastFolders menu item, a submenu opens which displays the contents of the selected object. To open any object, simply click the menu item with the left mouse button. To access the context menu of the object, click the right mouse button on the item. WHERE TO DOWNLOAD Author : DeskSoft Team Copyright : DeskSoft Homepage : http://www.desksoft.com URL : http://www.desksoft.com/Download/Ffsetup.zip Size : 122 KB as of December 27,2000 Rel Date : Nov30, 2000 Updated : Dec 12,2000 HOW TO GET VALID PATCHING ADDRESS by using SoftIce Unlike fishing serial number in HardCopy Pro v1.62 from the same Author, this program is little bit different. In this tute I will travel you to manipulate the routine(s) so you can patch this program later on. I consider this approach is more WICKED rather than serial fishing. In my point of view this one is the second evil, the first rank is KEY GENERATOR !!! Here you will understand why the Author or Software Company are hates crackers or reverser. SO, USE THIS PAPER WITH ATTITUDE. At least I have warned you PAL ! 1. Activate FASTFOLDER, click REGISTER button, in the regis tration dialog box type these below informations : Name : Pirates Order Code : 73881050 Do not click OK button yet 2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX getdlgitemtexta [enter] and F5 to return to the main program 3. Now, click OK button... you'll return back into SoftIce! In within SoftIce press F11 once until you see and break at : ______________________________________________________________ 015F:10001CC6 FF1518620110 CALL [USER32!GetDlgItemTextA] 015F:10001CCC 8B7C242C MOV EDI,[ESP+2C] 015F:10001CD0 83C9FF OR ECX,-01 015F:10001CD3 33C0 XOR EAX,EAX 015F:10001CD5 8D9310010000 LEA EDX,[EBX+00000110] 015F:10001CDB F2AE REPNZ SCASB ... ... ______________________________________________________________ Do a search string as follow : : S 0 L FFFFFFFFFFF E8 A6 FC FF FF 8A 4C [enter] Pattern found at 0167:100095F5 Disable and Create a new breakpoint by typing : : bd * [enter] <== no longer needed : bpx 0167:100095F5 [enter] Press X to let SoftIce break into this location 5. If nothing goes wrong you'll break again at these below snippet codes : 015F:100095F5 E8A6FCFFFF CALL 100092A0 <== here 015F:100095FA 8A4C3424 MOV CL,[ESI+ESP+24] 015F:100095FE 83C410 ADD ESP,10 015F:10009601 3AC1 CMP AL,CL 015F:10009603 0F85BD000000 JNZ 100096C6 (JUMP) 015F:10009609 46 INC ESI 015F:1000960A 83FE07 CMP ESI,07 015F:1000960D 7CDA JL 100095E9 015F:1000960F 8BFD MOV EDI,EBP 015F:10009611 83C9FF OR ECX,-01 015F:10009614 33C0 XOR EAX,EAX 015F:10009616 33D2 XOR EDX,EDX 015F:10009618 F2AE REPNZ SCASB 015F:1000961A F7D1 NOT ECX 015F:1000961C 49 DEC ECX 015F:1000961D B3BE MOV BL,BE 015F:1000961F 85C9 TEST ECX,ECX 015F:10009621 885C2434 MOV [ESP+34],BL 015F:10009625 7E1A JLE 10009641 015F:10009627 8A0C2A MOV CL,[EBP+EDX] ____________________ FASTFOLDERS!.text+85F5 _________________ Start from 015F:100095F5 press F10 until you reach memory location 015F:10009603. During this journey dump EAX, EDI and ECX registers to see your name and fake code. If you step passed this JL instruction, sooner or later you'll faced beggar-off message. Now, in the Command Line type : : r fl z [enter] ==> now (JUMP) indicator changed into (NO JUMP) Continue your tracing until you see these below codes : 015F:1000964E E84DFCFFFF CALL 100092A0 015F:10009653 8A4C242B MOV CL,[ESP+2B] 015F:10009657 83C410 ADD ESP,10 015F:1000965A 3AC1 CMP AL,CL 015F:1000965C 7568 JNZ 100096C6 (JUMP v) 015F:1000965E BB188D0110 MOV EBX,10018D18 015F:10009663 8BFB MOV EDI,EBX .... _________________ FASTFOLDERS!.text+864E _______________ Stop at 015F:1000965C - in the Command Line type : : r fl z [enter] ==> now (JUMP) indicator changed into (NO JUMP) Since now you're free tracing the whole codes within the program without any disturbances. I recommend you to always check every changes in the Register Window, and if you candid you'll find correct serial number - it's 16 characters long! 6. Finally, you'll reach and see these below snippet codes : 015F:10009AA2 E8A9FAFFFF CALL 10009550 015F:10009AA7 83C408 ADD ESP,08 015F:10009AAA 85C0 TEST EAX,EAX 015F:10009AAC 6A00 PUSH 00 015F:10009AAE 68D0960010 PUSH 100096D0 015F:10009AB3 56 PUSH ESI 015F:10009AB4 7510 JNZ 10009AC6 015F:10009AB6 8B0D2CCF0110 MOV ECX,[1001CF2C] 015F:10009ABC 6A69 PUSH 69 015F:10009ABE 51 PUSH ECX 015F:10009ABF FFD7 CALL EDI 015F:10009AC1 5F POP EDI 015F:10009AC2 33C0 XOR EAX,EAX 015F:10009AC4 5E POP ESI 015F:10009AC5 C3 RET 015F:10009AC6 8B152CCF0110 MOV EDX,[1001CF2C] 015F:10009ACC 6A6B PUSH 6B 015F:10009ACE 52 PUSH EDX 015F:10009ACF FFD7 CALL EDI ==> Good Guy 015F:10009AD1 5F POP EDI __________________ FASTFOLDERS!.text+8AA2 ____________________ Stop at 015F:10009ACF - take a deep breath before you step passed ( F10 ) this location .... yeah, you got a classic " thank you for registering ... " message. Click OK button to confirm you dirty registration. 7. Disable all breakpoints by typing BD * [enter] Press F5 or X to return to the main program 8. Okay, let's recap your job a while. You've done 2 times of " R FL Z " - that are at the location 015F:10009603 and 015F:1000965C respectively. You may ask why should I do that - why not do a NOP'ing ? NOP'ing it at those location is accepted, but it will write something in the registry. When you permanently patching those bytes using HexEditor, the program will think you're already registered user. In this case, you lost your opportunity to rego under your name and fakecode anything you like. 9. Now, patch permanently FASTFOLDERS.DLL using HexEditor. Make a copy of FASTFOLDERS.DLL in another folder, and patch it there. Because you can't patch this file while still active within Windows environment , this is a ShellContext prog .... remember ? ^^^^^ Change 0F 85 BD 00 00 00 46 into 0F 84 BD 00 00 00 46 in my case is at hex #9604 and ^^^^^ Change 75 68 BB 18 8D into 74 68 BB 18 8D in my case is at hex #965C Save your work ( in HexEditor ), and follow these below steps. TWO ALTERNATIVES ON HOW TO COPY PATCHED .DLL into Windows folder : Re-start your PC in DOS mode. Copy / Move your patched FASTFOLDERS.DLL into Windows directory. Start Windows again. Later on Windows will report FASTFOLDERS.DLL NOT FOUND, don't be panic - just go to Windows folder and rename that truncated FASTFO~1.DLL into FASTFOLDERS.DLL Secondly, restart your PC in SAFE MODE Open WinExplorer, copy patched .DLL to and overwrite original .DLL in Windows folder ... they're fully copied in long file name. Re-start your PC in normal way. 10. Repeat registration procedure and keyed-in any name and code you like. Click OK button ..... there you're registered. NOTE : Iam registering this program thru Win Commander, but, when I test in WinExplorer it's still unregistered. Dont worry, just register again so the program register ed in both environment. 11. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 [HKEY_CURRENT_USER\Software\DeskSoft\FastFolders] "RegName"="Pirates Order" "RegCode"="73881050212469" <=== FAKE !!!! "DropDispFldOnly"=hex:01,00,00,00 "DropOpenTarget"=hex:00,00,00,00 12. How can I practise with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [WTF/TTM/D4C/C4A] tute-fastfolders25.zip [EOF] 1/5/01 4:21:15 AM Remember, Patching is EVIL. ASTAGA [WTF/TTM]-1/5/01 4:21:15 Difference(s) between FASTFO~1.org & FASTFO~1.dll FASTFO~1.org 00009604: 85 84 0000965C: 75 74