Target : mIRC v6.03
Target URL : http://www.mirc.com
Tools : PEiD v0.8 or PE-Scan v3.13, W32Dasm v8.93+, HIEW (Hackers' View Hex Editor)
Tools URL : http://protools.cjb.net

INTRODUCTION
Welcome to my fifth tutor for the Phrozen Crew. In this tutor I show you by simple byte patching, you can register mIRC with ANY name and ANY serial number.

IDENTIFICATION
Like with all other target programs, it is an advantage to know whether or not an application is packed with a encryption/protection scheme and if so, with which one. For this reason I recommend the PEiD (PE iDentifier v0.8) coded by snaker & Qwerton or PE-Scan v3.13 by Snyper.

I also recommend that if you use PEiD that you turn on the HARDCORE scanning option number 2 ON. The reason for this is that a lot of the more advanced packers/encryptors will try and fake identifiers by using other packers/cryptors' identification strings as well as virtually no identification markings at all. This will limit those chances to allmost none!

After you had scanned mIRC for any known packers, you'll find it is NOT packed, so it makes your task as a cracker a little easier since you do NOT have to unpack and rebuild any part of the executable file.

CRACKING mIRC
Make a backup copy of the mIRC executable, ie. "Copy of mIRC.Exe". Load W32Dasm and load the backup copy of the main mIRC executable and wait for it to finish disassembling it. Becuase mIRC deals with mostly "text", there will a a LOT of String References. I'm going to help you make your task a little easier.

Run the original executable and try registering with your desired nickname and fake serial. You'll be greeted with a "The registration name and number you have entered ..." error message. Exit the main executable and Alt+TAB back to W32Dasm. Click the Search toolbar and type in "The registration" (without the "" markings of course!) and click search. If will find this error message for you.

Since this is NOT on the exact conditional jump that we are looking for, scroll up untill you reach the following lines and string references:

Run the HIEW hex editor and select the main "mIRC.Exe" executable. Press F4 and select "Decode". Now press F5 and type in the file offset, in this case: C5E9A and press ENTER. You will now be at the conditional jump. Press F3 and goto 85 and change it to 84. This means, change it from JNE to JE which is change from Jump if NOT equal to Jump if equal statement. Press F9 to save the changes and exit hiew.

Now execute the main "mIRC.Exe" file and register with ANY name and ANY serial. It worked! - Well, so you think... Exit the main file and run it again - Damn! it unregistered itself.. so what went wrong?

Load HIEW and go to the same offset and change it back to the original byte, ie. 85. If you look just above this conditional jump in W32Dasm, you'll se a CALL function, the very first one right about the conditional jump, select this line and click the "Jump To" W32Dasm speedbutton on the toolbar.

Once you have gone inside the "CALL" function, scroll all the way down untill you see THIS conditional jump:

Now using HIEW, change this specifc byte at this offset, save the changes, exit and execute the main "mIRC.Exe" file. Again register using ANY name and ANY serial number. Same thing again... it SEEMED to have worked, but lets find out for sure... Exit and restart it - yea baby yea... It is STILL registered

You have successfully cracked mIRc v6.03

Enjoy!

Valek / Phrozen Crew

PS: Click on the Phrozen Crew logo to visit our website or on my logo to contact me via email