Cracking for Newbies - by Dahood Target: ArtGem Version 1.2 Tools used: W32dasm Hview Protection: Serial NOTE: This tutorial is not totally for newbies so i excpect that u know 1.how to use w32dasm 2.how to use hview (change,search,etc...) 3.Assembly Try to register and write down ur error message Disassemble the program Find the string * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0043D5FE(C) | :0043D687 8B0D20378A00 mov ecx, dword ptr [008A3720] :0043D68D 6A10 push 00000010 * Possible StringData Ref from Data Obj ->"ArtGem" | :0043D68F 68CC7F4700 push 00477FCC * Possible StringData Ref from Data Obj ->"Invalid Key!" | :0043D694 6800814700 push 00478100 :0043D699 51 push ecx * Reference To: USER32.MessageBoxA, Ord:01BEh | :0043D69A FF15DC214700 Call dword ptr [004721DC] :0043D6A0 6A01 push 00000001 :0043D6A2 53 push ebx k go to the :0043D5FE(C) and ull land here :0043D5FE 0F8483000000 je 0043D687 :0043D604 8D7C2444 lea edi, dword ptr [esp+44] :0043D608 83C9FF or ecx, FFFFFFFF :0043D60B 33C0 xor eax, eax :0043D60D 33D2 xor edx, edx :0043D60F F2 repnz :0043D610 AE scasb :0043D611 F7D1 not ecx :0043D613 49 dec ecx :0043D614 741D je 0043D633 now change :0043D5FE 0F8483000000 je 0043D687 to :0043D5FE 0F8483000000 jne 0043D687 what happens when u exit and start it asks u again now u have to choices either kill the nag and enable save to and copy to clipboard or trace a little more and find the other check. well if u want to find the other check keep on reading if not get to work ;) now it must does a check when the program opens lets trace that i saw a very interesting string * Possible StringData Ref from Data Obj ->"ArtGem" | :0043F04F 68CC7F4700 push 00477FCC * Possible StringData Ref from Data Obj ->"Your registration key has expired!"***** | :0043F054 6850824700 push 00478250 :0043F059 56 push esi :0043F05A 891D207F4700 mov dword ptr [00477F20], ebx * Reference To: USER32.MessageBoxA, Ord:01BEh | now there is no where that i saw that said ur key is expired must be a trick by the author i think this is the check when we first open (checks if key is expired when we open it). scroll up but the code was 2 long so i scrolled down and found * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0043EFE9(C) | :0043F0B7 68F0328800 push 008832F0 * Possible StringData Ref from Data Obj ->"RegCode" | :0043F0BC 683C814700 push 0047813C :0043F0C1 891D207F4700 mov dword ptr [00477F20], ebx :0043F0C7 E824C9FFFF call 0043B9F0 :0043F0CC 83C408 add esp, 00000008 :0043F0CF EB95 jmp 0043F066 so i checked the conditional jmp |:0043EFE9(C) and landed here (somewhere in the longcode) :0043EFE9 0F84C8000000 je 0043F0B7 ***must be the first check :0043EFEF 395C2450 cmp dword ptr [esp+50], ebx :0043EFF3 7C71 jl 0043F066 change :0043EFE9 0F84C8000000 je 0043F0B7 to :0043EFE9 0F84C8000000 jne 0043F0B7 open up and check now it saved our old information from the last time we registered check ur save as and ur copy to clipboard and thats it have fun i hope i didnt confuse u and if u have any question, comments my icq# is 69518421 or u can e mail me at webcrawler28@hotmail.com i would like to say thanks to all the crackers 2 many 2 list , for helpin me also for there tutorials also a big thanks to krobar's site: http://zor.org/krobar/ Cracking for Newbies - by Dahood