New 2 Cracking ~~~~~~~~~~~~~~ Tutorial Type : Tutorial Tutorial Topic : Advanced Serial Fishing, Use The Mind Tutorial Target : NetSwitcher II v3.2.5 b 060402 (http://www.netswitcher.com/downloads/netsw_325_060102.exe) Utilities : Olly Debugger, W32Dasm Music : Silence, or music... Written By : ParaBytes Date : Jun. 21th, 2002. Remarks : The Utilities can be downloaded from www.exetools.com Start ~~~~~ 1st thing when you go when you crack a program logicly is knowing you enemy, lets try to register with a fake serial name: ParaBytes <--- that me! issue: 1/1/2001 <--- lets make it old expired: 31/12/2009 <--- and for many many years quantity: 1 <--- but we dont need more than 1, dont we ? enter as serial whatever you'd like, register with "Enter V3 License" if you got your name in the static box, you're the most lucky man in the world, or you already cracked it.. else you should get "I n v a l i d L i c e n s e" ok, so lets open w32dasm, disasm the .exe file, open the string data reference (SDR in short) lets seek for the "I n v a l i d L i c e n s e" string double click on the reference will search for the reference over the code, well, we found something, * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00412125(C), :00412195(C) | * Possible StringData Ref from Data Obj ->"I n v a l i d L i c e n s e" | :0041220D 68F4044700 push 004704F4 :00412212 EB4B jmp 0041225F that means, 2 places are jump to here, and both will jump only if certain condition will be followed.. i pressume that 1 will be the serial check, lets find out which.. but before, double click on the string (in the SDR window) again to make sure its not appears in more places.. none. good. lets go to the jumps locations, 00412125 is the 1st... lets check it up hmmm... :0041211E E847320200 call 0043536A :00412123 85C0 test eax, eax :00412125 0F84E2000000 je 0041220D that means, call a_procedure if return_value = 0 bad serial. lets check the other one, 00412195... :0041218E E8222A0200 call 00434BB5 :00412193 85C0 test eax, eax :00412195 7476 je 0041220D * Possible StringData Ref from Data Obj ->" - License E X P I R E D" | :00412197 6814054700 push 00470514 :0041219C 8D4DF0 lea ecx, dword ptr [ebp-10] i assume that this one is checking the dates validation... ok, lets go with our 1st choice.. open up Olly Debugger (if you dont know about Olly Debugger, retrive out tutorials about it in order to understand the usage of the debugger. http://New2Cracking.Cjb.Net ) so, open up, goto address 0041211E and set breakpoint (F2) why not the exact location of the jump ? because the jump is after the check, and we need to check itself.. now, F9 to run the file (keep clicking until you're in the window itself..) insert our fake details.. and register.. trace into the call with F7, we need to see what inside of it, if you pressed F8, just click again on the register button (and remember to trace into..) now, you can see the stack info, we dont see anything strange in there, only our data.. lets trace on.. we can see cmp's of memory with edi, if you check up, edi is 00000000 that actually a check to see if all the vars (dates, name, serial) are there and, just trace some more, until you see anything you think is suspicious.. like when you move over 00435451 E82E640000 CALL 0043B884 00435456 50 PUSH EAX take, a look after the call, you see the value there ? it looks like a serial number copy paste it for further use.. hmmmm, right after that we have a push for the possible serial and our serial.. it has to be something to check... pass over the call now, we have some more calls, but all are using the same arguments.. ok, run the program put the possible serial in the edit box, run the program (we dont need to go over the algo again) AHA! WE DID IT! Remeber, Using your logic is more important from where you break and where you started, logic is the main tool in cracking. Greets: ~~~~~~~ MrT`, for interducing me to the program.. New2Cracking Team and Staff, All My Friends, PhoX, TheFoX, #crackers, #New2Cracking, #cracking, #uxxxxx zebeddi, orkim, sonk1te, sinny, Lilith, Lockless Crew, EVC for the bots :D and all the people i know (#Waddixxxxx) all those i learnt from (AC_178, tKC, and more and more) all who publish my tutorials... etc.. and all who i forgot, i'm sorry ;) Contact Me: ~~~~~~~~~~~ E-Mail - Lewsers@Hotmail.com IRC - EFNet / #New2Cracking Web - http://New2Cracking.Cjb.Net Here! that all.. beam me up scronty ;) ParaBytes, Over and Out.