Reversing MSHearts and FreeCell  

                                                                                                        by     CoDe BreAkeR 

 

This tutorial teaches how to to reverse/crack the card games "MSHearts" and " FreeCell". This is a very easy tutorial but still should be a good practice .I choose this game because it is easily available with windows OS. Although this is written for beginners who have little knowledge of cracking, does not demand any knowledge of assembly, most of the things are easy to understand for any one who hasn’t even heard words like ASM or HEXEDITOR.

 

It is believed, although not proven, that every game can be won. May be you can prove this.  

 

 Tools Needed :

W32DASM

HEXWorkshop

 

You can search for the tools on filesearching

 

 

  Part 1:  MSHearts

 

1)  make backup of mshearts.exe on your desktop. (its in the windows folder)

 

2) Open the backed up file in w32dasm.

 

3) Now open mshearts.exe (one in your windows folder). (Try to) play it. You will notice that if other people have 

played  club  and also if you have any club then you cannot play a spade or any other card .It shows the message -

 "You must follow suit. Play a club"  at the bottom of the window.

 

4) So lets crack it...In w32dasm click on the second last button of "String Data References "

  Locate the string "You must follow suit. Play a %s" and double click it. You should land here...

 

---------------------

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|:0001.4FE9(C)

|

:0001.5098 8D46F0                   lea ax, [bp-10]

:0001.509B 50                          push ax

:0001.509C 9AF895A850           call 0001.95F8

:0001.50A1 8D46EA                  lea ax, [bp-16]

:0001.50A4 50                          push ax

:0001.50A5 9AF895B450           call 0001.95F8

 

* Possible Reference to String Resource ID=00312: "You must follow suit.  Play a %s."

                                  |

:0001.50AA 683801                 push 0138    ; <=== you landed here

:0001.50AD 8D46F0                lea ax, [bp-10]

:0001.50B0 50                        push ax

:0001.50B1 9AAEBECD50      call 0001.BEAE

 

----------------------

Note  : Your address might be different. My version of the file  is 4.90.0.3000

 

5)Now scroll up a little. As you see the part of the code you have reached is  Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0001.4FE9(C) " So lets go to the address where the jump is. (a jump is a way of branching in assembly language just like if else statements in C). Click on Goto>Goto code location and type the address as follows and click ok.

 

Code seg    (Decimal)    0001

Code Offset (hex)          4fe9

 

You should land here:

 

----------------------

 

0001.4FE4 99                        cwd

:0001.4FE5 F7F9                   idiv cx

:0001.4FE7 3BD3                   cmp dx, bx

:0001.4FE9 0F84AB00            je 5098  ; <==You reached here. je = jump if equal.

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|:0001.4FD3(C)

|

:0001.4FED 83C608                 add si, 0008

:0001.4FF0 47                          inc di

 

----------------------

 

7) Make sure the green strip is on the je 5098 and note the offset number at the

 bottom of W32dasm just above the Taskbar.

 It is    @Offset 00005609h

 

6) Lets nop this jump.( nop means no operation or do nothing)

 Open the MSHeart.exe  in Hexworkshop.( not the one opened in W32DASM coz you cannot save changes made to the file)

 click Edit>goto..

 Choose HEX and write 5609

 

 7) Now you are at the offset where the jump is. We want to replace the jump with nop (90) so change the following bytes...

 

    0F 84AB 00  to 90 9090 90

Now save your file and play the game ...great ! you can play any card now.

 

 

Part 2  :  FreeCell

 

This is same as cracking MShearts. Moves to a column must be made in order of highest to lowest, alternating suit colors. If you don't it shows the message " This move is not allowed ". So remember this message and follow the same steps as above. Try it yourselves. Crack it so that you can move any card anywhere.

Click on Goto>Goto code location and type the address as follows and click ok.

 

Code seg    (Decimal)    0001

Code Offset (hex)          173B

 

You should reach here :

-----------------------------------

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.16F2(C)
|
:0001.1738  E9B200  jmp 17ED

-----------------------------------

nothing here, this is a jmp (i.e.  jump always) no condition here so we need to go to :0001.16F2

Go there as done above and nop that jump.

 This is fun :-).

 

Note  : Your address might be different. My version of file is 4.90.0.3000.(Windoze ME)

 

This file was downloaded from http://IndianCrackersOnline.cjb.net

If you find any mistakes or don't understand anything mail me codebreaker2k2@yahoo.com

 

 Happy Cracking !