SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING SearchPad v1.0 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM This utility allows you to enter keywords and select an Internet search engine to perform a search on your keywords. It uses your default configured browser to hit the search engine with the key words which have been entered. It also saves your keyword lists so that you can keep track of your searches without having to re- enter keywords on a web form. It also tracks the search engine you have selected, which prevents having to enter a URL into your browser to get to the search page. WHERE TO DOWNLOAD Author : Barefoot Productions, Inc. Copyright : Barefoot Productions, Inc. Homepage : http://www.barefootinc.com/ URL : http://www.barefootinc.com/files/ Size : KB as of , Rel Date : HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run SEARCHPAD.EXE, click HELP/REGISTER submenu, in the registration dialog box type these below informations : Name : RED RACKHAM Code : 73881069 Do not click OK button yet. You realized that button is dimmed/grayed 2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX getdlgitemtexta [enter] and F5 to return to the main program 3. Now press BACKSPACE once ( means delete the "9" in your fake code ) ... you'll return back into SoftIce! In within SoftIce press F11, F5, F11, times until you break at : ______________________________________________________________ 015F:00415C11 FF15E8D84200 CALL [USER32!GetDlgItemTextA] 015F:00415C17 EB13 JMP 00415C2C (JUMP v) ..... ..... ==> 00415C2C 5D POP EBP 015F:00415C2D C20C00 RET 000C ... ... 015F:00402E63 8BCE MOV ECX,ESI 015F:00402E65 E8912D0100 CALL 00415BFB <== break here 015F:00402E6A 8D542404 LEA EDX,[ESP+04] 015F:00402E6E 8D442424 LEA EAX,[ESP+24] ==> d edx 015F:00402E72 52 PUSH EDX ==> d eax 015F:00402E73 50 PUSH EAX 015F:00402E74 E887E1FFFF CALL 00401000 015F:00402E79 83C408 ADD ESP,08 015F:00402E7C 8BCE MOV ECX,ESI 015F:00402E7E 50 PUSH EAX 015F:00402E7F 6A01 PUSH 01 _________________________SEARCHPAD!.text+1E63___________________ After jump passed RET function you'll land at the memory address 015F:00402E65, here you know where the program is actually starts. Disable previous breakpoint and set a new one as follows : : bd * [enter] : bpx 015F:00402E65 [enter] Press X or F5 to let SoftIce break into this location Break due to BPX #015F:00402E65 <== you break here Press F10 2 times - stop at 015F:00402E6E - display EDX register : d edx [enter] ==> did you see 7388106 at 0167:0066F608 ? it's your fake code without the "9" and two lines below is your name. Press F10 once - stop at 015F:00402E6E - display EAX register : d eax [enter] ==> your name appear at 0167:0066F628 . Now scroll up your DAta Window ( Alt+PgUp ) around 10-12 lines Press F10 3 times - after you jump passed CALL function at 015F: 015F:00402E74 - did you see KFD1269 at virtual address 0167: 0066F598 on your Data window ? Write it down. This would be a posible suspected reg.code. Heres what i got in my screen : 0167:0066F588 18 FB ... 00 00 00 ..f...f.T.f..... 0167:0066F598 4B 46 ... 3A 41 00 KFD1269...f..:A. <==== 0167:0066F5A8 01 00 ... 17 F5 BF ......f.$.f.c... 0167:0066F5B8 49 53 ... 4B 48 41 ISPX7-RED RACKHA 0167:0066F5C8 4D 00 ... 00 00 00 M.f...f...f..... 0167:0066F5D8 F0 F5 ... 0B 00 00 ..f..\A......... 0167:0066F5E8 50 68 ... 2E 40 00 Ph.. ...T.f.j.@. 0167:0066F5F8 79 2E ... E3 41 00 y.@.(.f...f.0.A. 0167:0066F608 37 33 ... 00 00 00 7388106..(...... 0167:0066F618 0C A1 ... F6 66 00 ..B...B...f.H.f. 0167:0066F628 52 45 ... 70 66 00 RED RACKHAM..pf. 4. Disable all breakpoints by typing BC * [enter] Press F5 or X to return to the main program 5. Repeat registration procedure and keyed-in KFD1269 as your S/N. Click OK button ..... you're registered. 6. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 [HKEY_CURRENT_USER\Software\Barefoot Productions\SEARCHPAD\ Settings] "SearchEngine"=dword:00000000 "RegName"="RED RACKHAM" "RegCode"="KFD1269" 7. How can I practise with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [D4C/C4A] tute-searchpad10.zip [EOF] 12/3/00 10:38:29 AM