New 2 Cracking
~~~~~~~~~~~~~~

Tutorial Type   : Tutorial
Tutorial Topic  : Advanced Serial Fishing, Use The Mind
Tutorial Target : NetSwitcher II v3.2.5 b 060402 (http://www.netswitcher.com/downloads/netsw_325_060102.exe)
Utilities       : Olly Debugger, W32Dasm
Music           : Silence, or music...
Written By      : ParaBytes
Date            : Jun. 21th, 2002.
Remarks         : The Utilities can be downloaded from www.exetools.com

Start
~~~~~

1st thing when you go when you crack a program logicly is knowing you enemy,
lets try to register with a fake serial
name: ParaBytes <--- that me!
issue: 1/1/2001 <--- lets make it old
expired: 31/12/2009 <--- and for many many years
quantity: 1 <--- but we dont need more than 1, dont we ?

enter as serial whatever you'd like,
register with "Enter V3 License"
if you got your name in the static box, you're the most lucky man in the world, or you already cracked it..
else you should get

"I n v a l i d   L i c e n s e"

ok, so lets open w32dasm, disasm the .exe file,
open the string data reference (SDR in short)

lets seek for the "I n v a l i d   L i c e n s e" string
double click on the reference will search for the reference over the code,
well, we found something,

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00412125(C), :00412195(C)
|

* Possible StringData Ref from Data Obj ->"I n v a l i d   L i c e n s e"
                                  |
:0041220D 68F4044700              push 004704F4
:00412212 EB4B                    jmp 0041225F

that means, 2 places are jump to here, and both will jump only if certain condition will be followed..
i pressume that 1 will be the serial check, lets find out which..

but before, double click on the string (in the SDR window) again to make sure its not appears in more places..
none. good.

lets go to the jumps locations,
00412125 is the 1st...
lets check it up
hmmm...

:0041211E E847320200              call 0043536A
:00412123 85C0                    test eax, eax 
:00412125 0F84E2000000            je 0041220D

that means, 
call a_procedure
if return_value = 0
bad serial.

lets check the other one, 00412195...

:0041218E E8222A0200              call 00434BB5
:00412193 85C0                    test eax, eax
:00412195 7476                    je 0041220D

* Possible StringData Ref from Data Obj ->" - License E X P I R E D"
                                  |
:00412197 6814054700              push 00470514
:0041219C 8D4DF0                  lea ecx, dword ptr [ebp-10]

i assume that this one is checking the dates validation...

ok, lets go with our 1st choice..
open up Olly Debugger 
(if you dont know about Olly Debugger, 
 retrive out tutorials about it in order to understand 
 the usage of the debugger. http://New2Cracking.Cjb.Net )

so, open up,
goto address 0041211E and set breakpoint (F2)
why not the exact location of the jump ?
because the jump is after the check, and we need to check itself..
now, F9 to run the file (keep clicking until you're in the window itself..)
insert our fake details..
and register..

trace into the call with F7, we need to see what inside of it, 
if you pressed F8, just click again on the register button (and remember to trace into..)

now, you can see the stack info,
we dont see anything strange in there, only our data..
lets trace on..
we can see cmp's of memory with edi,
if you check up, edi is 00000000
that actually a check to see if all the vars (dates, name, serial) are there

and, just trace some more,
until you see anything you think is suspicious..
like when you move over 
00435451 E82E640000    CALL 0043B884
00435456 50            PUSH EAX

take, a look after the call,
you see the value there ?
it looks like a serial number
copy paste it for further use..

hmmmm,
right after that we have a push for the possible serial and our serial..
it has to be something to check...
pass over the call
now, we have some more calls, but all are using the same arguments..
ok, run the program
put the possible serial in the edit box,
run the program (we dont need to go over the algo again)
AHA!
WE DID IT!

Remeber,
Using your logic is more important from where you break and where you started,
logic is the main tool in cracking.

Greets:
~~~~~~~
MrT`, for interducing me to the program..
New2Cracking Team and Staff,
All My Friends,
PhoX, TheFoX, #crackers, #New2Cracking, #cracking, #uxxxxx
zebeddi, orkim, sonk1te, sinny, Lilith, Lockless Crew, EVC for the bots :D
and all the people i know (#Waddixxxxx)
all those i learnt from (AC_178, tKC, and more and more)
all who publish my tutorials...
etc..
and all who i forgot, i'm sorry ;)

Contact Me:
~~~~~~~~~~~
E-Mail - Lewsers@Hotmail.com
IRC    - EFNet / #New2Cracking
Web    - http://New2Cracking.Cjb.Net
Here!

that all..
beam me up scronty ;)
ParaBytes, Over and Out.