SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING Lock Down 1.1 build 9001 A Cracking Tutorial by ASTAGA [WTF/TTM] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. Read END NOTES section at the end of this file. ABOUT THE PROGRAM Lock Down is a file encryption/decryption utility that securely encrypts your files to protect your sensitive data. Lock Down uses a user supplied alphnumeric key to encrypt your data, and then uses the same key to decrypt the data. Some uses for Lock Down included pro tecting sensitive data at work. Protecting files on a computer accessed by numerous people. Protecting files at school. WHERE TO DOWNLOAD Author : DCM Software Copyright : DCM Software Homepage : http://www.dcmsoftware.bizland.com URL : Size : 561KB as of December 27,2000 Rel Date : September 24, 2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run LOCKDOWN.EXE, in the registration dialog box type these below informations : Name : Red Rackham Code : 73881050 Do not click OK button yet 2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX hmemcpy [enter] and F5 to return to the main program 3. Now, click OK button... you'll return back into SoftIce! In within SoftIce press F11, F5, F11, then F12 13 times until you see and break at : ____________________________________________________________ 015F:7B34A5C0 E86F6FFEFF CALL 7B331534 015F:7B34A5C5 C20800 RET 0008 <== BREAK HERE 015F:7B34A5C8 53 PUSH EBX _________________________ MSVBVM50!.text+000595C0 __________ At 015F:7B34A5C5 , press F10 to step pass this RET call function. 5. If nothing goes wrong you'll break again at these below snippet codes : 015F:00414C69 FF91A0000000 CALL [ECX+000000A0] 015F:00414C6F 85C0 TEST EAX,EAX <== BREAK HERE 015F:00414C71 7D18 JGE 00414C8B 015F:00414C73 8B8D38FFFFFF MOV ECX,[EBP-00C8] 015F:00414C79 68A0000000 PUSH 000000A0 015F:00414C7E 68CC5F4000 PUSH 00405FCC 015F:00414C83 51 PUSH ECX 015F:00414C84 50 PUSH EAX 015F:00414C85 FF1588D24100 CALL [0041D288] 015F:00414C8B 8B55C8 MOV EDX,[EBP-38] 015F:00414C8E 52 PUSH EDX 015F:00414C8F FFD7 CALL EDI 015F:00414C91 8BD0 MOV EDX,EAX 015F:00414C93 B968A04100 MOV ECX,0041A068 015F:00414C98 FFD6 CALL ESI 015F:00414C9A 8D4DC8 LEA ECX,[EBP-38] 015F:00414C9D FF1508D44100 CALL [0041D408] 015F:00414CA3 8D4DC0 LEA ECX,[EBP-40] 015F:00414CA6 FF1504D44100 CALL [0041D404] 015F:00414CAC 68EC0F0800 PUSH 00080FEC __________________ LOCKDOWN!.text+00013C69 _____________________ Press F10 10 times - stop at 015F:00414C8E - dump EDX register : : d edx ==> Did you see your fake code at 1067:00433F60 ?? Look several lines below is your name and something like this D.D.1.C.-.F.8.1. 2.-.1.B.1 .C.-.1.8.1.1 at 0167:00433FB0 ?? Write it down, and remove that prevailing dot sign (.) from every characters when keyed-in this potential s/n. EAX=00000000 EBX=00434034 EDX=00433F60 ESI=7B30F8DA EDI=7B3CF2B5 EBP=0065FA88 EIP=00414C8E o d I s Z a P c ----------------------------------------------------------- 0167:00433F60 00330037 00300035 7.3.8.8.1.0.5.0. 0167:00433F70 00610000 A000002C ..a.m...t.w.,... 0167:00433F80 00000016 00610052 ....R.e.d. .R.a. 0167:00433F90 006B0063 00000000 c.k.h.a.m....... 0167:00433FA0 000A0000 00000026 ....|?C.D...&... 0167:00433FB0 00440044 00310038 D.D.1.C.-.F.8.1. 0167:00433FC0 002D0032 0031002D 2.-.1.B.1.C.-.1. 0167:00433FD0 00310038 006E0000 8.1.1 7. Disable all breakpoints by typing BD * [enter] Press F5 or X to return to the main program 8. Repeat registration procedure and keyed-in DD1C-F812-1B1C -1811 as your S/N. Click OK button ..... there you're registered. 9. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 [HKEY_CURRENT_USER\Software\VB and VBA Program Settings \LockDown] [HKEY_CURRENT_USER\Software\VB and VBA Program Settings \LockDown\Install] "Registered User"="Red Rackham" "Installation Date"="02=330" "Nr of Times operated"="/" "Registration Number"="CG5G0E74614A0F15;00" 10. How can I practise with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [WTF/TTM/D4C/C4A] tute-lockdown11.zip [EOF] 1/7/01 2:16:34 AM