SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING
System Mechanic 3.5F
A Cracking Tutorial
by ASTAGA [D4C/C4A]
DISCLAIMER
This reading material is not intended to violate Copyrights
and/or it is law, but educational purposes only. I hold no
responsibility ( by all means and in any shape whatsoever )
of the mis-used of this material.
Read END NOTES section at the end of this file.
ABOUT THE PROGRAM
System Mechanic is a complete collection of all of the
necessary tools to keep your system running smooth, fast,
and error free.
System Mechanic’s collection of tools were created because
their vital functions are not available under your operating
system. These tools are well beyond the scope of “Scandisk”
and “Defrag” type utilities, and pick up where other system
tools leave off in their ease of use, power, and flexibility.
WHERE TO DOWNLOAD
Author : IOLO Technologies, LLC
Copyright : IOLO Technologies, LLC
Homepage : http://www.iolo.com
URL : http://ftp.loop.com/~unisyn/system_mechanic.exe
Size : 1.4 MB as of December 17,2000
Rel Date : October 19, 2000
HOW TO GET VALID SERIAL NUMBER by using SoftIce
Unlike previous ver3.5b, this time supplied with survielance
routine to detect keygenerator in your folder ( maybe on your
H/D), check by yourself I forgot what are the address.
Try to place someone's keygenarator ( DUELIST,R!SC,etc ) in
the folder where you installed SYSMECHANIC.EXE and observe
what the prog'S do.
Further, to trace real valid code is quiet long compared to
v3.5b which only took 4 times of F10 . The Author seems like
get mad on keygen. Take a look on their commitment to use
fullest extent of law of software piracy.
1. Run SYSMCEHANIC.EXE, in the registration dialog box type these
below informations :
Name : PIRATES ORDER
Code : 7388-1050-6969
Do not click OK button yet
2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as
follow :
BPX hmemcpy [enter] and
F5 to return to the main program
3. Now, click OK button... you'll return back into SoftIce!
In within SoftIce press F11, F5, F11, then F12 11 times until you
see and break at :
______________________________________________________________
015F:0042349E E8ADFFFFFF CALL 00423450 <== break here
015F:004234A3 8B45FC MOV EAX,[EBP-04]
015F:004234A6 8BD6 MOV EDX,ESI ==> d eax
015F:004234A8 E8C30AFEFF CALL 00403F70
015F:004234AD 7410 JZ 004234BF
....
....
015F:0048F633 5A POP EDX ==> d eax
015F:0048F634 E8AFA20600 CALL 004F98E8
015F:0048F639 84C0 TEST AL,AL
015F:0048F63B 740F JZ 0048F64C
015F:0048F63D E8569E0600 CALL 004F9498
015F:0048F642 E829D30600 CALL 004FC970
015F:0048F647 E993010000 JMP 0048F7DF
015F:0048F64C E8CBD00600 CALL 004FC71C
015F:0048F651 84C0 TEST AL,AL ==> d edx
015F:0048F653 740A JZ 0048F65F
...
...
015F:0048F661 8B83FC010000 MOV EAX,[EBX+000001FC]==> d edx
015F:0048F667 E8403DF9FF CALL 004233AC
015F:0048F66C 33F6 XOR ESI,ESI
015F:0048F66E 8BC3 MOV EAX,EBX
015F:0048F670 E8BFF6FFFF CALL 0048ED34
015F:0048F675 84C0 TEST AL,AL
015F:0048F677 0F8462010000 JZ 0048F7DF
015F:0048F67D A114C15000 MOV EAX,[0050C114]
015F:0048F682 803800 CMP BYTE PTR [EAX],00
015F:0048F685 7449 JZ 0048F6D0
....
....
015F:0048F6F1 50 PUSH EAX ==> d eax
015F:0048F6F2 8D55F8 LEA EDX,[EBP-08]
015F:0048F6F5 8B83E8010000 MOV EAX,[EBX+000001E8]
015F:0048F6FB E8503DF9FF CALL 00423450
015F:0048F700 8B55F8 MOV EDX,[EBP-08]
015F:0048F703 58 POP EAX ==> D EDX
015F:0048F704 E86748F7FF CALL 00403F70 ==> D EAX
015F:0048F709 7505 JNZ 0048F710
015F:0048F70B BE01000000 MOV ESI,00000001
015F:0048F710 8D55F8 LEA EDX,[EBP-08]
015F:0048F713 8B83DC010000 MOV EAX,[EBX+000001DC]
....
....
015F:0048F729 E89EAC0600 CALL 004FA3CC ==> D EAX
015F:0048F72E 8B45FC MOV EAX,[EBP-04]
015F:0048F731 50 PUSH EAX
015F:0048F732 8D55F8 LEA EDX,[EBP-08]
_________________________ SYSMECHANIC!CODE+000YYYY _______________
: bc * [enter] ==> since you dont need HMEMCPY any longer
Create a new breakpoint as follow :
: BPX 015F:0042349E [enter]
Press F10 once - stop at 015F:004234A6 - display EAX register
: d eax [enter] ==> your fake code appear at 0167:012A4B40
Stop at 015F:0048F633 - display EAX register
: d eax [enter] ==> your name appear at 0167:012A4B08
Press F10 8 times - stop at 015F:0048F651 - display EDX register
: d edx [enter] ==> did you see string " Keygenerator " appear
at 0167:004FC86C. The CALL instruction at
015F:0048F634 is trying to check/detect
whether entered name and reg code is using
keygen or not.
Stop at 015F:0048F661 - display EDX register
: d edx [enter] ==> look at the Data Window at 0167:004FC801 did
you see sticky notes like "..Duelist....
*Keygen*.....serial.com...Keygenerator.."??
I think Duelist is #1 enemy for the Author.
Stop at 015F:0048F6F1 - display EAX register
: d eax [enter] ==> you'll get 62536-ST364-0490160164 at virtual
address 0167:012A977C.
Write it down, this would be your real code.
Stop at 015F:0048F703 - display EDX register
: d edx [enter] ==> your fake code re-appear at the virtual address
0167:012A9750
Press F10 once - Stop at 015F:0048F704 - display EAX register
: d eax [enter] ==> 62536-ST364-0490160164 appear again
Press F10 11 times - Stop at 015F:0048F729 - display EAX register
: d eax [enter] ==> you'll get you'll get 56475-PR477-4351121104
at virtual address 0167:012A97A0
Write it down, this would be your second real
code.
4. Disable all breakpoints by typing
BD * [enter]
Press F5 or X to return to the main program
5. Repeat registration procedure and keyed-in 56475-PR477-4351121104
as your S/N.
Click OK button ..... there you're registered and having a licen
se of Professional Edition.
6. Where the hell is my registration code is stored ??
The correct registration code is stored in the registry as
follows :
REGEDIT4
[HKEY_CURRENT_USER\Software\Iolo\System Mechanic]
"UserConfig"=hex:78,6c,b6,75,c3,01,e2,40
"S"=dword:00000000
"UserID"="PIRATES ORDER"
"Serial"="67586-ND859-5440110115" <== Mechanical Industrial
"FirstRun"=dword:00000000 Edition License.
"ActiveSection"=dword:00000001
7. How can I practise with my own user name ?
- I strongly recommended you not to do this !
E N D N O T E S
Distributing your serial number is illegal and is no
different than distributing illegal
copies of the registered
software. Violation of
this rule may
result in
temporary or permanent revocation of this
license and cancellation of the
serial number;
the original licensee
will also be held responsible for
damages, physical and estimated.
Do not distribute your crack release based on this tutorial, because
you become a LAMER(s)!!!!!!!!
( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
personal computer, using Hex Editor, ripping off other group(s)
crack release, repacking (distro) them under his name.
Adopted from newsgroup alt.cracks, alt.crackers - February 1997 )
More about LAMER(s):
lamer /n./ [prob. originated in skateboarder slang]
Synonym for luser, not used much by hackers but common among warez
d00dz, crackers, and phreakers. Oppose elite. Has the same connota
tions of self-conscious elitism that use of luser does among
hackers.
< SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >
Never attribute to malice that which is adequately
explained by stupidity
ASTAGA [D4C/C4A] tute-sysmechanic35f.zip
[EOF] 12/17/00 6:08:55 PM
A dirty cheap trick to get Mecahnical Industrial license :
: BPX 015F:0042349E [enter]
: BPX 015F:0048F713 [enter]
Press X trace until you reach these below codes
EAX=0082F244 EBX=012A2E70 ECX=00000000 EDX=0082F250 ESI=00000000
EDI=0082F2BC EBP=0082F270 ESP=0082F250 EIP=0048F76E o d I s Z a P c
CS=015F DS=0167 SS=0167 ES=0167 FS=32A7 GS=0000 SS:0082F26C=012A9294
--------------------------------------------------dword-------------PROT---(0)--
0167:012A9294 38353736 444E2D36 2D393538 30343435 67586-ND859-5440
0167:012A92A4 31303131 01003531 012A92AC 012A92AC 110115....*...*.
0167:012A92B4 0000001C 012ADD08 00000014 00000010 ......*.........
--------------------------------------------------------------------------------
015F:0048F75E 8B45F8 MOV EAX,[EBP-08]
015F:0048F761 8D4DFC LEA ECX,[EBP-04]
015F:0048F764 BA03000000 MOV EDX,00000003
015F:0048F769 E85EAC0600 CALL 004FA3CC
015F:0048F76E 8B45FC MOV EAX,[EBP-04] ==> D eAX
015F:0048F771 50 PUSH EAX
------------------------------------SYSMECHANIC!CODE+0008E75E-------------------
[eof] ASTAGA 12/18/00 2:54:09 AM
crack release, repacking (distro) them under his name.