Music Match Juke Box 6.00.0255

Web : http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com

Music Match Juke Box 6.00.0255

Type : Digital music solution
Protection : Serial
Tech : Serial Fishing

Crack : Enter fake S/N and in SICE BPX HMEMCPY
Now click "OK" ... trace ....

Main check CALL

0x67A022FF CALL 0x67A04805
0x67A02304 CMP EAX,01
0x67A02307 JNZ 0x67A0240D >> BAD BOY

INSIDE CALL 0x67A04805

0x67A0486F CALL 0x67A0452B
..........................
0x67A04877 CMP ESI,01
0x67A0487A JNZ 0x67A04914 >> BAD BOY
.........................
0x67A048F3 LEA ECX,[EBP+08] >> REAL S/N

INSIDE CALL 0x67A0452B

0x67A04557 CMP [EAX-08],17 >> S/N MUST BE 23 CHAR LONG
..........................
0x67A0456E MOV EBP,0x67A096B0 >> '-' = 0x2D S/N CONTAINS '-'
0x67A04573 LEA EAX,[ESP+10] >> FAKE S/N
0x67A04577 PUSH EBP
0x67A04578 PUSH EAX
0x67A04579 CALL EDI
...................
0x67A04589 CMP EAX,05 >> LOOP CHECKING FOR '-' AFTER 5 CHAR

SO OUR S/N IS IN THE FORM

S/N = XXXXX-XXXXX-XXXXX-XXXXX

Registration Info :

S/N = 0C587-C4255-55555-55555

LEA EAX,[EBP-0178] --- FAKE PASSWORD
0x41E412 LEA EDX,[EBP-0194] --- REAL PASSWORD
0x41E418 MOV CL,[EAX]
0x41E41A CMP CL,[EDX] ---- COMPARE BOTH

So change real encrypted key :

C2smjxwrs7Sj6 => C2.HEKRCFNhaw. -- offset = E3EFC
Hex = 43 32 2E 48 45 4B 52 43 46 4E 68 61 77 00

Registration Info : Change real encrypted key and enter following code in register window

Key = 3254-345-345
First name = DHEERAJ
Last name = MXB
Password = BDPWBYAI

- "Muexplor.exe"
********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = 1531

5. LIBRARIAN - "Librarian.exe"
**********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = ADF1

6. ON DISPLAY - "Mupanel.exe"
***********************
Use API Spy we can see it is reading three registry keys - "Eval1 - Eval2 - Eval3"
starting from address 0x004091E6 ...
So in SICE BPX 4091E6 ...TRACE ....

0x40937D MOV EAX,[0041AD10]
0x409382 JNZ 00409393
0x409384 CMP EAX,1E = 30 DAYS

So it is storing no: of days at 0x0041AD10 ....So in SICE
BPMB 41AD10 RW ---- Restart ....

0x409355 TEST EAX,EAX
0x409357 MOV [0041AD10],EAX --- STORE NO: OF DAYS :)
0x40935C JLE 40936C

So our crack will be :

0x409355 XOR EAX,EAX - 33 C0 - OFFSET = 9355

E86C0A0000 CALL 004111F5
015F:00410789 48 DEC EAX --------> Make EAX = 0
015F:0041078A 7403 JZ 0041078F ---> BAD Boy
015F:0041078C 48 DEC EAX
015F:0041078D 750C JNZ 0041079B ---> Good Boy

Patch : Offset : FB89

015F:00410784 E86C0A0000 CALL 004111F5
015F:00410789 90 NOP
015F:0041078A 90 NOP
015F:0041078B 90 NOP
015F:0041078C 90 NOP
015F:0041078D EB0C JMP 0041079B

Opps this DREAMPOP.EXE is using CRC checking :(