Cracking Tutorial
#69:
Robs Stupid Mp3
PLayer
[cracked bY:] sLeEpY¿[FWA/NWA/FTPR8Z] iN 08/2002
[difficulty:] beginner
[where:]
http://rddone.home.att.net/index.htm
[tOOLz:] W32dasm 8.93 & Hiew
KANAL23 Tutorial
Robs Stupid Mp3 PLayer |
|
---|---|
Download it from |
Written by |
sLeEpY¿ |
---|
Tools |
|
---|
Rating |
|
---|
Introduction |
---|
OK so I'm bored again today and decide to search
for a prog to crack. Goto www.shareware.com
and enter "stupid" into the search and we find some progs including this one.
Robs Stupid Mp3 PLayer.
Robs Stupid Mp3 Player does everything you need for listening to and managing
your mp3 collection except ripping the files.
Version: 5.03.01
Size: 620KB
Date: November 29, 2001
License: Shareware $20
OS: Windows 95/98/NT/2000
The Essay |
---|
I guess we are going to have to pay for robs
stupid mp3 player so he can make a better one? robs not-so-stupid mp3 player
maybe? heh anyway thats my kinda humor, i like stupid programs, i have coded
some myself. Anyway mail rob his 20 bucks and pay for what we're going to do to
his program.
http://rddone.home.att.net/index.htm
http://home.att.net/~rddone/mp3main.htm
What is so great about the full version versus our version:
The full version supports up to 2000 albums, 50 songs per album, for a total of
100,000 songs.
The full version comes with a mp3 server that can be controlled with the same
interface.
The full version doesn't rescan every time it starts up.
Ok so i checked it out and the shareware one we download has a limit of 50
albums, the other stuff we don't really care about, as its probably a separate
dll or something.
Well first lets make the backups and check the
string refs of this program.
We see this first that catches are eye, maybe triggering it will set a flag?
:0040BFFB 7416 je 0040C013
<-jump to full version
* Possible StringData Ref from Data Obj ->"SHAREWARE VERSION"
<-err..
:0040BFFD 6868DF4E00 push 004EDF68
:0040C002 8D9578FFFFFF lea edx, dword ptr [ebp+FFFFFF78]
:0040C008 52 push edx
:0040C009 E8328A0400 call 00454A40
:0040C00E 83C408 add esp, 00000008
:0040C011 EB14 jmp 0040C027
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040BFFB(U)
|
* Possible StringData Ref from Data Obj ->"FULL VERSION"
:0040C013 687CDF4E00 push 004EDF7C <-above jump lands here to full version.
So we just change this:
:0040BFFB 7416 je 0040C013
To this:
:0040BFFB EB16 jmp 0040C013
Well we fixed that little tag although the only difference it made is in the
about screen. Now we are full version according to that. Next we have the
problem of the 50 album limit! Check in the String refs for the error message.
:0041DFD1 753C jne 0041E00F
<-make me jump for
unlimited albums
:0041DFD3 6A32 push 00000032
* Possible StringData Ref from Data Obj ->"This is a shareware version. It "
->"is limited to %d albums. Click "
->"OK to proceed with the limited "
->"album set. If you really like "
->"this program you can get the full "
->"version by emailing rdone@bigfoot.com"
:0041DFD5 68340F4F00 push 004F0F34
:0041DFDA 8D95D4E1F9FF lea edx, dword ptr [ebp+FFF9E1D4]
:0041DFE0 52 push edx
* Reference To: USER32.wsprintfA, Ord:02ACh
:0041DFE1 FF15A42A8600 Call dword ptr [00862AA4]
:0041DFE7 83C40C add esp, 0000000C
:0041DFEA 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Warning"
:0041DFEC 68F80F4F00 push 004F0FF8
:0041DFF1 8D85D4E1F9FF lea eax, dword ptr [ebp+FFF9E1D4]
:0041DFF7 50 push eax
:0041DFF8 8B0D50E96900 mov ecx, dword ptr [0069E950]
:0041DFFE 51 push ecx
* Reference To: USER32.MessageBoxA, Ord:01BEh
:0041DFFF FF15902A8600 Call dword ptr [00862A90]
:0041E005 C7058400840001000000 mov dword ptr [00840084], 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041DFD1(U)
|
:0041E00F B801000000 mov eax, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0041DC8A(U), :0041DCC9(U), :0041DD0D(U)
|
:0041E014 5E pop esi
:0041E015 8BE5 mov esp, ebp
:0041E017 5D pop ebp
:0041E018 C3 ret
So we just change this:
:0041DFD1 753C jne 0041E00F
To this:
:0041DFD1 EB3C jmp 0041E00F
Next we have this in the options:
Network server (registered version only)
You put in something and it never works, get the error msg and i dunno if this
will fix it as i dont have any test servers to connect to however you wont get
the error messages.
This can be changed by the following lines...
:00418149 7514 jne 0041815F
<-make jump
:0041814B 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Network Error"
:0041814D 685C044F00 push 004F045C
* Possible StringData Ref from
Data Obj ->"Error connecting to player server"
These locations below may not have to be modified as they look like authentic
errors. I just changed em for the hell of it.
:00419415 7534 jne 0041944B
<-nop(goes to network
error)
:00419417 837DF401 cmp dword ptr [ebp-0C], 00000001
:0041941B 751D jne 0041943A
<-make jump
:0041941D 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Protocol Error"
:0041941F 6878054F00 push 004F0578
* Possible StringData Ref from Data Obj ->"Other Suite in in 2 Suite Mode, "
->"Change modes on other Suite first"
:00419424 6888054F00 push 004F0588
Another location:
:004230DE 7546 jne 00423126
<-make jump
:004230E0 6A00 push 00000000
:
:lines of code
:
* Possible StringData Ref from Data Obj ->"Network Error"
:0042310D 68541E4F00 push 004F1E54
* Possible StringData Ref from Data Obj ->"Error connecting to player server"
:00423112 68641E4F00 push 004F1E64
:00423117 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:01BEh
Change this:
:00418149 7514 jne 0041815F
To this:
:00418149 EB14 jmp 0041815F
Optionally since i can't test it you can try these:
:00419415 7534 jne 0041944B
:0041941B 751D jne 0041943A
:004230DE 7546 jne 00423126
To these:
:00419415 EB00 jmp 00419417
(EB00 just jumps to the next line, you can nop here too)
:0041941B EB1D jmp 0041943A
:004230DE EB46 jmp 00423126
Now you can put in a server address and try it.
Cracked!
Final thoughts |
---|
Laterz!
Greetings |
---|
Groups:
FWA, NWA, FTPiRatEz! HAR! BEASTFXP!, KANAL23
Individuals:
MiNioN,
GreycZ & his cuppy, KlutCh, KiNgEr, MidNight, Edogg, Neoman, movax4c00int21, Acid_Cool_178, All those tuts I read
from everyone who writes them.
CopyLeft:
sLeEpY¿
[all rights reversed]
Boredom causes crackers and babies.
Visit http://zor.org/sleepy &
http://www.bright.net/~testsubject001
Mail sleepy@linuxwaves.com
This Document is copyrighted by kanal23 and it's members. Please mail the
author of this document for complaints and those things.
Kanal23
is signing out for now.