010011110000010010100101010110011011010101010100110101011001010 011010101110101110110101101010101010101010110100100101010110101 10 10 01 @@@ pppppp @@@ ccccc 11 10 @ @ pp pp @ @ ccccccc 11 01 @ @ @ pppppp @ @ @ cc 10 01 @ @ p p @ @ cc 01 01 @ @ @ p p @ @ @ ccccccc 00 10 @ @ @ @ ppp @ @ @ @ ccccc 11 11 @p@c 10 10 fffffffff oooooo ''' eeeeeeeevvv vvv @@@ 01 01 fffffffff oooooooo ' eeeeeeee vv vv @ @ 00 10 fff oo oo eee vv vv @ @ @ 11 00 fffffffff oo oo eeeeeeeeee v v @ @ 01 11 fffffffff oo oo eee v v @ @ 10 00 fff oooooooo eeeeeeee v v @ @ @ 00 11 fff oooooo eeeeeeee v @ @ @ @ 10 01 wILDcAT*******************NeMo 01 010110101001101010101101001010101010101010101010101010101001101 101010101010110101010101010101010101010101101010101010101110010 MATHXPERT TOOLS:HIEW, W32DASM WELCOME LADIES AND GENTELMAN TO ANOTHER EPISODE OF CRACKING WITH NEMO AND WILDCAT. THIS TIME WE WILL BE DOIN MATHEXPERT FOR ALL THOSE GEEKS MAJORING IN MATHEMATICS. AS ALWAYS LETS DOWNLOAD THE PROGRAM AND INSTALL IT. AFTER WE HAVE INSTALLED IT WE WILL SEARCH FOR THAT NAG SCREEN THAT POPS UP AND SAYS SORRY WRONG INFO, OR WRONG SERIAL. ONCE WE HAVE DONE THAT WE WILL GO TO W32DASM AND DISASSEMBLE THE PROGRAM. BUT BE AWARE, THE INFORMAION WE NEED IS NOT IN THE EXE FILE THIS TIME, NOPE, IT IS IN THE DLL FILE CALLED "MGODO59.DLL" ONCE YOU HAVE DISASSEMBLED TAHT FILE SEE IT YOU CAN LOCATE THE NAG SCREEN. TO DO THAT YOU NEED TO CLICK THAT ONE BUTTON TAHT SAYS STRING REFERENCES. IT SHOULD BE IN THE FAR RIGHT UP TOP...ONCE YOU HACE CLICKED THAT, TRY TO SCROLL DOWN AND SEE IT YOU CAN LOCATE THE NAG SCREEN. ONCE YOU HAVE DONE THAT DOUBLE CLICK ON IT AND HIT THE CLOSE BUTTON IN THE FAR LOWER LEFT CORNER. THEN SCROOL UP TILL THE POINT * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0001.134B(C)<<<<<<<<<<<<<<<<==========================================THESE ONES | :0001.13BA 89E5 mov bp, sp * Possible StringData Ref from Data Seg 013 ->"o" YOU SEE THOSE NUMBERS UP TOP. WELL WE WILL HAVE WRITE THEM DOWN OR REMEMBER THEM. AFTER WE HAVE THEM GO AHEAD AN CLICK THAT BUTTON UP TOP THAT SAYS GO TO CODE LOCATION. IT SHOULD BE YELLOW AND FOURTH ONE DOWN FROM THE RIGHT. CAREFULLY TYPE IN THE NUMBERS FIRST WINDOW 0001 THEN 134B THIS SHOULD TAKE YOU SOMEPLACE IN THE CODE THAT WE DONT KNOW. AND DON'T WANT TO KNOW... NOW THAT YOU ARE LOST IN THE COMPLICATED CODE YOU BAR THAT STREATCHES ALL THE WAY ACCROSS THE SCREEN SHOULD BE GREEN. AND AS IT IS GO AHEAD AN COPY THE OFFSET NYMBERS TAHT ARE AT THE BOTTOM OF THE PROGRAMS WINDOW, THEY SHOULD LOOK LIKE THIS...@OFFSET 00001A4Bh THOSE ARE THE CRITICAL NUMBERS.....YOU CAN PRETTY MUCH INGNORE THE FISRT THREE # AND THE LAST LETTER "h" CAUSE WE DON'T NEED THEM. NOW GO AHEAD AND OPEN UP HIEW AND LOCATE THE DLL FILE THAT WE JUST DISASSEMBLED...ONSE YOU HAVE DONE THAT OPEN IN BY HITTING 'ENTER' AND THEN F4 AND SCROOL DOWN TO DECODE. THEN HIT F5 AND TYPE IN 01A4B, IT SHOULD TAKE YOU TO SOME RANDOM PART OF THE CODE. THEN HIT F3 AND CHANGE ALL THE NUMERS ON THE LINE WITH A '90'. SO IF THERE ARE NUMBERS THAT LOOK LIKE THIS '646143' THEN CHANGE THEM TO '909090' AND THEN SAVE BY HITTING F9 AND F10 TO QUIT. RUN THE PROGRAM AND REGISTER.....TYPE IN ANY NAME YOU WISH AND IT SHOULD SAY...REGISTERED.....AAAAAAAAAAAA.......I LOVE CRACKING.... YOU CAN ALSO GO TO MY SITE DIAL.TO/NEMO AND CHECK SOME COOL THINGS OUT MY EMAIL IS CRZZYY@YAHOO.COM PEACE OUT MAN