þ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿þ 00000 00000000 0000 0000 377O 00000 J77t 30000000 O7J t7W 000Q 0000 H0000 d00000000 00000 00000000 0000; 0000000000 000 J000 0000 0003 0000 00000 W0000 0000 0000 W0000 00000 000W000 0000 ,0 0000O 0000 c0000 0000000d 0000 0000 c000000 0ZZ 0000 000000 00000 0000000000 0000000 0000 0000U 200000 0000000000 W00000 0000Q 0000 00000 0000 0000 U0000 00000 0000 W 0000 00000 0000d 0000 :0000 00000 0000Q 0000; 00000 0000t 000; 0000St0 0000 3000 00000 0d 0000 0000 t0000 0000Q 0000 000000000 00000000 00000000, 00000000 S000000000 00000 c0000 00000 HZZH 00ZZZZ0 HZWZ 00ZZZZZH 0000 QQ, :0QW0 U0000000000 t077H H0000U Cracking Tutorial #6: CrAcKiNG mIRC(R) v5.91 Internet Relay Chat Client [cracked bY:] sLeEpY¿[FWA/NWA/FTPR8Z] iN 01/2002 [difficulty:] beginner [where:] http://www.mirc.com þ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿þ tOOLz: w32dasm Hiew or ultraedit 9 Regmon (www.systeminternals.com) -optional -------------- [Part 1] -------------- OK, time to reg this program like its been done a million times before it seems. When will they ever get a better protection system, never probably because they relize it will be trashed like all the rest of em... Well first thing to do is open mirc32 and try to reg it, write down your error message when it doesnt work. Make 3 copies of mirc32.exe, name one mirc32.W32 and one mirc32.bak use w32dasm and load up mirc32.exe, check the SDR (string data reference) for your error message. Once found double click it and you'll be dropped here: * Possible blah balh from: "The registration name and number you have entered do not match. :004B0BCF :004B0BD4 :blah blah blah So we go up cause the code reads down, now we find that this code was called from: :004B0ACE (only one call so thats kool) So lets goto the call location 004B0ACE, a conditional jump.. :004B0AC7 E889FBFFFF call 004B0655 :004B0ACC 85C0 test eax, eax :004B0ACE 0F84B7000000 je 004B0B8B <-jump if reg info is bad : : hmm... a call and a test, then a jump to the crap, we dont want to jump into crap so......... change: :004B0ACE 0F84B7000000 je 004B0B8B to nop :004B0ACE 909090909090 nop Save and exit with HIEW or whatever, try to register MIRC. Mirc is regged with any code!, woohoo... Take a break, drink a beer, have a coffee, water, whatever, im broke so it sucks right now for me...suppose i shouldnt crack at work..maybe i'll sell more stuff and make some bonus cash..blah....boring! -------------- [PART 2] -------------- Now restart the prog and make sure it stays working. When you restart it isnt regged anymore..hmm It makes these keys in the registry, then deletes em after restarting. That must mean that it checks and validates the code in other places when it restarts. (you can find these keys with regmon) ------------------------------------------------ Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\mIRC] [HKEY_CURRENT_USER\Software\mIRC\DateUsed] @="980018610" [HKEY_CURRENT_USER\Software\mIRC\License] @="1234567" [HKEY_CURRENT_USER\Software\mIRC\UserName] @="sleepy909090909090909090909" ------------------------------------------------ go back to where you nopped it and check the call out above it: :004B0AC7 E889FBFFFF call 004B0655<--follow this :004B0ACC 85C0 test eax, eax :004B0ACE 0F84B7000000 je 004B0B8B (allready nopped) When we go there scrollup a little bit in w32dasm and you'll see.. :004B07F3, 004B08CD, and 004B0AC7 ok hmm check it out, our routine is called from 3 places total... :004B07F3, 004B08CD, and 004B0AC7 <--(the one we were at and took care of) so we goto the first one :004B07F3 and see what we can see... :004B07F3 E85DFEFFFF call 004B0655 :004B07F8 85C0 test eax, eax :004B07FA 7418 je 004B0814 ok this one is more of a educated guess, a call to our routine, test eax with 0 (i think but im still newbie so i may be wrong), if it equals then jump to shitty craphole so we goto the second one :004B08CD and see what we can see... :004B08CD E883FDFFFF call 004B0655 :004B08D2 85C0 test eax, eax :004B08D4 7445 je 004B091B : possible Ref to Menu: MenuID_003C, ITEM: "Register..." down a few to USER32.DeleteMenu... (DEAD GIVEAWAY HERE, if the code is correct then it deletes the register in the drop-down menu, otherwise it jumps over the menudelete and leaves the register button there, wouldn't it suck to get rid of this and still have it unregged!) I'm using ultraedit today because i heard it rocks so if you have HIEW, use it, you should be far enough along to understand what to do. For the first one i did a search for: E85DFEFFFF85C07418 change the 7418 to 9090, nopped serial check call #1 Now to a second search for: E883FDFFFF85C07445 change 7445 to 9090, nopped serial check call #2 Ok it took my reg info, it doesn't even check to validate numbers anymore either =0P user: sLeEpY¿_cRacKeD_mE pass: FUCK OFF So enter any name and serial you want and it will reg and stay regged. Another tutorial for you all finished. Now i have 49 mins till my shift is over. What the hell can i do now... email me if you are bored: sleepy@linuxwaves.com ._Tutorialz_. [-------------------------------------------------------------------] [1. Cracking Cosmi's Generic Installshield Protection ] [2. CRACKING(?) MATH WORKSHOP 2.0 ] [3. CrAcKiNG DLSuperCBT Resynchronizing Byte Compare Program ] [4. CrAcKiNG the nag on DLSuperCBF - Dir Binary File Compare Program] [5. CrAcKiNG n)0(va crackme v3 (crazy approach) ] [6. CrAcKiNG mIRC(R) v5.91 Internet Relay Chat Client ] ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ gReEtz: MiNioN, GreycZ, KlutCh, KiNgEr, MidNight, FWA, NWA, FTPiRatEz! HAR! BEASTFXP! ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ CopyLeft: s L e E p Y ¿ [all rights reversed] Boredom causes crackers and babies. ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿ FONTS