SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING File Edit 2000 v1.0 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. Read END NOTES section at the end of this file. ABOUT THE PROGRAM A Windows™ notepad replacement with all the bells and whistles, and few surprise features at this price... Major Features: Advanced formatting controls Appearance customisation Automatic word count function Built-in calculator Insert file at cursor feature No file size limit Save selected text to file feature System command line access System tray minimization Unix / Mac file import / export..plus more WHERE TO DOWNLOAD Author : G Pearson Copyright : G Pearson Homepage : http://www.gpcom.f2s.com URL : http://www.simtel.net/pub/simtelnet/win95/editor /fe2k_10.zip Size : 800 KB as of December 24,2000 Rel Date : July 2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce I remind you that this program is packed with UPX v1.01, and no unpacking procedure is taken in this tutorial. An unexpected occurances might happen in your PC if you do not unpacking it them at first attemp. 1. Run FILEEDIT.EXE, in the registration dialog box type these below informations : Code : 73881050 ( appear in the form ******** ) Do not click OK button yet 2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX hmemcpy [enter] and F5 to return to the main program 3. Now, click OK button... you'll return back into SoftIce! In within SoftIce press F5, then F12 11 times until you see and break at : ______________________________________________________________ 015F:00453573 E83C18FCFF CALL 00414DB4 <== break here 015F:00453578 8B45F8 MOV EAX,[EBP-08] 015F:0045357B 5A POP EDX ==> D EAX 015F:0045357C E80F03FBFF CALL 00403890 ==> D EDX 015F:00453581 85C0 TEST EAX,EAX 015F:00453583 751C JNZ 004535A1 015F:00453585 E83A4EFBFF CALL 004083C4 _________________________ FILEEDIT!UPX0+00052573 _______________ : bc 00 [enter] ==> no longer needed : bpx 015F:00453573 [enter] Press F10 2 times - stop at 015F:0045357B - display EAX register : d eax [enter] see that fake code at virtual address 0167:00BFD540 ?? Now, take your time to scroll up ( Alt+PgUp ) one or two times - see that chronological order of sequence numbers - wasn't it too obvious ?? Here what will you see in the Data Window : 0167:00BFD410 34 30 35 2D 34 30 405568..FE201-40 0167:00BFD420 36 35 36 30 37 35 6569..FE201-4075 0167:00BFD430 37 30 0D 35 37 31 70..FE201-408571 0167:00BFD440 0D 0A 46 32 0D 0A ..FE201-409572.. 0167:00BFD450 46 45 32 0A 46 45 FE201-410573..FE 0167:00BFD460 32 30 31 45 32 30 201-411574..FE20 0167:00BFD470 31 2D 34 30 31 2D 1-412575..FE201- .... .... 0167:00BFD530 00 00 00 00 00 00 ................ your fake 0167:00BFD540 37 33 38 C4 45 00 73881050.588`.E. <== code But, what is my real code anyway ? Press F10 once - stop at 015F:0045357C - display EDX register : : d edx [enter] see that FE201-315648 at virtual address 0167:00BFD31C ?? again, several lines below are couples of another potential reg codes ...lookie at the prefix FE201. They're all starts with "FE201-", so take one of them. Further, I think they're all hardcoded inside packed .EXE file. 5. Disable all breakpoints by typing BD * [enter] Press F5 or X to return to the main program 8. Repeat registration procedure and keyed-in FE201-412897 as your S/N. Click OK button ..... there you're registered. 9. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Lod] [HKEY_CURRENT_USER\Software\Microsoft\Lod\Peel] "TimesUsed"="-1" Note : deletion over "TimeUsed" value will return the program unregistered. 10. How can I practise with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [D4C/C4A] tute-fileedit2k10.zip [EOF] 12/24/00 2:53:38 AM