Net Cruiser Web Server 0.1.2.8

Web : http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com

Net Cruiser Web Server 0.1.2.8

Type : Web Server
Protection : Serial
Tech : Serial fishing

Crack : This is a tricky program .... it calls the api GETWINDOWTEXTA ...but
after this it does nothing with our S/N.Which means all the shit is done while
we are entering S/N .....Enter fake S/N and in SICE BPX HMEMCPY ...Now
enter one more char soon we will break in to SICE .....now remove this BPT
and trace till we find our fake S/N in memory....now use BPR XXXX XXXX
and come out of SICE and click "OK" button .....trace .....

0x4BD880 CALL 4BCD20
0x4BD885 TEST AL,AL
0x4BD887 JZ 4BD895

INSIDE THIS CALL ...

0x4BCDAA CALL 47CFB8
0x4BCDAF CMP EBX,[EBP-04] --- REAL S/N ; EBX = FAKE S/N FIRST SET
0x4BCDB2 JNZ 4BCDB9
0x4BCDB4 CMP EAX,[EBP-08] --- REAL S/N ; EAX = FAKE S/N SEC SET
0x4BCDB7 JZ 4BCDBD

Registration Info :

Name = DHEERAJ
S/N = E5514B1E-47FB1F3D

0x67A04579 CALL EDI
...................
0x67A04589 CMP EAX,05 >> LOOP CHECKING FOR '-' AFTER 5 CHAR

SO OUR S/N IS IN THE FORM

S/N = XXXXX-XXXXX-XXXXX-XXXXX

Registration Info :

S/N = 0C587-C4255-55555-55555

LEA EAX,[EBP-0178] --- FAKE PASSWORD
0x41E412 LEA EDX,[EBP-0194] --- REAL PASSWORD
0x41E418 MOV CL,[EAX]
0x41E41A CMP CL,[EDX] ---- COMPARE BOTH

So change real encrypted key :

C2smjxwrs7Sj6 => C2.HEKRCFNhaw. -- offset = E3EFC
Hex = 43 32 2E 48 45 4B 52 43 46 4E 68 61 77 00

Registration Info : Change real encrypted key and enter following code in register window

Key = 3254-345-345
First name = DHEERAJ
Last name = MXB
Password = BDPWBYAI

- "Muexplor.exe"
********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = 1531

5. LIBRARIAN - "Librarian.exe"
**********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = ADF1

6. ON DISPLAY - "Mupanel.exe"
***********************
Use API Spy we can see it is reading three registry keys - "Eval1 - Eval2 - Eval3"
starting from address 0x004091E6 ...
So in SICE BPX 4091E6 ...TRACE ....

0x40937D MOV EAX,[0041AD10]
0x409382 JNZ 00409393
0x409384 CMP EAX,1E = 30 DAYS

So it is storing no: of days at 0x0041AD10 ....So in SICE
BPMB 41AD10 RW ---- Restart ....

0x409355 TEST EAX,EAX
0x409357 MOV [0041AD10],EAX --- STORE NO: OF DAYS :)
0x40935C JLE 40936C

So our crack will be :

0x409355 XOR EAX,EAX - 33 C0 - OFFSET = 9355

E86C0A0000 CALL 004111F5
015F:00410789 48 DEC EAX --------> Make EAX = 0
015F:0041078A 7403 JZ 0041078F ---> BAD Boy
015F:0041078C 48 DEC EAX
015F:0041078D 750C JNZ 0041079B ---> Good Boy

Patch : Offset : FB89

015F:00410784 E86C0A0000 CALL 004111F5
015F:00410789 90 NOP
015F:0041078A 90 NOP
015F:0041078B 90 NOP
015F:0041078C 90 NOP
015F:0041078D EB0C JMP 0041079B

Opps this DREAMPOP.EXE is using CRC checking :(