Name : Xara 3D Version : 3.04 Editor : UltraEdit Target : xara3d304.exe Tools : W32Dasm 8.93 Hiew 6.16 Brain Cracker : LW2000 Tutorial : No.17 http://www.ultraedit.com/ --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- Please excuse my poor english, its not my mother language.... 1. OK, go to the Registrationscreen and enter the details. *BOOM* "You entered an invalid unlock code." Seems, that we found a bug ;) Let's fix it. Load W32Dasm with xara3d304.exe. Click on the SDR and search our message text. Doubleclick on it and close the SDR Window. Now it should look like this: * Possible Reference to String Resource ID=03005: "You entered an invalid unlock code." 2. Scroll up until you see this: * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0040FA34(C), :0040FA48(C), :0040FA64(C), :0040FA80(C), :0040FA9C(C) |:0040FAB8(C), :0040FAD4(C), :0040FAF0(C), :0040FB5D(C) 3. Let's take a look on it. Goto Code Location 0040FA34. :0040FA34 0F85DC010000 jne 0040FC16 <-- 1. Check :0040FA3A 0FBE10 movsx edx, byte ptr [eax] :0040FA3D 52 push edx :0040FA3E E89D7E0500 call 004678E0 :0040FA43 83C404 add esp, 00000004 :0040FA46 85C0 test eax, eax :0040FA48 0F84C8010000 je 0040FC16 <-- 2. Check :0040FA4E 8B842440010000 mov eax, dword ptr [esp+00000140] :0040FA55 0FBE4801 movsx ecx, byte ptr [eax+01] :0040FA59 51 push ecx :0040FA5A E8817E0500 call 004678E0 :0040FA5F 83C404 add esp, 00000004 :0040FA62 85C0 test eax, eax :0040FA64 0F84AC010000 je 0040FC16 <-- 3. Check :0040FA6A 8B942440010000 mov edx, dword ptr [esp+00000140] :0040FA71 0FBE4202 movsx eax, byte ptr [edx+02] :0040FA75 50 push eax :0040FA76 E8657E0500 call 004678E0 :0040FA7B 83C404 add esp, 00000004 :0040FA7E 85C0 test eax, eax :0040FA80 0F8490010000 je 0040FC16 <-- 4. Check :0040FA86 8B8C2440010000 mov ecx, dword ptr [esp+00000140] :0040FA8D 0FBE5103 movsx edx, byte ptr [ecx+03] :0040FA91 52 push edx :0040FA92 E8497E0500 call 004678E0 :0040FA97 83C404 add esp, 00000004 :0040FA9A 85C0 test eax, eax :0040FA9C 0F8474010000 je 0040FC16 <-- 5. Check :0040FAA2 8B842440010000 mov eax, dword ptr [esp+00000140] :0040FAA9 0FBE4804 movsx ecx, byte ptr [eax+04] :0040FAAD 51 push ecx :0040FAAE E82D7E0500 call 004678E0 :0040FAB3 83C404 add esp, 00000004 :0040FAB6 85C0 test eax, eax :0040FAB8 0F8458010000 je 0040FC16 <-- 6. Check :0040FABE 8B942440010000 mov edx, dword ptr [esp+00000140] :0040FAC5 0FBE4205 movsx eax, byte ptr [edx+05] :0040FAC9 50 push eax :0040FACA E8117E0500 call 004678E0 :0040FACF 83C404 add esp, 00000004 :0040FAD2 85C0 test eax, eax :0040FAD4 0F843C010000 je 0040FC16 <-- 7. Check :0040FADA 8B8C2440010000 mov ecx, dword ptr [esp+00000140] :0040FAE1 0FBE5106 movsx edx, byte ptr [ecx+06] :0040FAE5 52 push edx :0040FAE6 E8F57D0500 call 004678E0 :0040FAEB 83C404 add esp, 00000004 :0040FAEE 85C0 test eax, eax :0040FAF0 0F8420010000 je 0040FC16 <-- 8. Check :0040FB55 69C951ED8764 imul ecx, 6487ED51 :0040FB5B 3BC1 cmp eax, ecx :0040FB5D 0F85B3000000 jne 0040FC16 <-- 9. Check 4. Ok, we have nine checks. Let's fix them! Business as usual! Change the jne to je and the je to jne. I think there is no need to explain how to do this in hiew. If you don't know how to do this, read my old tut's or take a look into other tKC Cracking tutorials... 5. Done? Ok, let's try again to register. Congratulation! You are an registered user. FINISH! Easy, or? cu LW2000 Any comments? Mail me LW2000@gmx.net !!! ---- tKC, thx for your tutors! I started with tutor 1 and i still read them... they are the best!