. .
: .
: : /| :
____ |\ / |__ /\___ ___ __
. / \ ___| \/ \/ \/ V \
:/ _\/ | \ _/ O \ \
/ \/\ : /_ ) ____ \ \
../ \ . \ \/ \ \\_/| \
\ \ \ / \ | \.... . .
\________ /_|_____/___/\ /__| / / /
|/ C.r.E.a.M |/ |_/ \____/
: : :
. . . .
. . . . .
. . . .
.
\-------------------------------\
\ How to crack Opera 4.0 Beta 4 \
\-------------------------------\
00/05/24
/-------------------------------------\
| Tutorial made By: -=Metal=- |
\-------------------------------------/
/-------------------------------------\
| Program Name: Opera 4.0 Beta 4 2 |
\-------------------------------------/
/-------------------------------------\
| Level: Medium (for newbies) |
\-------------------------------------/
/-------------------------------------\
| Protection: Serial/Expire |
\-------------------------------------/
/-------------------------------------\
| Tools: W32Dasm, HView 6.16 |
\-------------------------------------/
/-------------------------------------\
| Where: http://www.opera.com |
\-------------------------------------/
Hello all out there!!
In this tutorial we shall try to crack Opera 4.0 Beta 4.
=====================================
- The Protection -
=====================================
The protection Opera use is just a normal serialnumber,
it also expires after 30-days.
The way we shall crack it in is to fool the program so
it think it is registered.
So...The program will not be licensed to you.
But it will be registered.
And that´s what we shall do!!
=====================================
- Cracking The Program -
=====================================
Ok...Let´s begin!!
Fire up Opera, The first thing you see is a nag that want´s you to
register Opera, you have 3 choices:
1. Evaluate
2. Purchase
3. Register <---- The one we shall look at.
Ok....click Register then type in some fake info
and press OK.
Hmm....it must be some bug in this program?
I can´t register you think..:-)
well....memorize the error message and then leave Opera
(The registration information you have entered is invalid)
Start W32dasm and disassemble opera.exe
This may take some while..
Ok...are you finished?
Good!..
Now we shall find the error message so we click on
Search/Find
Then enter: "The Registration"
I didn´t find the string...did you find it?
if you did something must be damn wrong!!
Ok..what shall we do now then...?
AHH....we can look in the STRN REF's and see ig we find something
there!
Do you see the words "Uregistered version" ??
great...doubleclick on that string!
You will land here!
============================BEGIN CODE=======================================
:0041FA3F 50 push eax
:0041FA40 68262B0000 push 00002B26
:0041FA45 FF7508 push [ebp+08]
:0041FA48 FFD6 call esi
:0041FA4A 391D788C5500 cmp dword ptr [00558C78], ebx <--Checks if the value in "dword ptr [00559C78] is the same as ebx.
:0041FA50 7550 jne 0041FAA2
:0041FA52 8D85C4FEFFFF lea eax, dword ptr [ebp+FFFFFEC4]
:0041FA58 68FF000000 push 000000FF
:0041FA5D 50 push eax
* Possible Reference to String Resource ID=21428: "Unregistered version"
|
:0041FA5E 68B4530000 push 000053B4
:0041FA63 FF3530955500 push dword ptr [00559530]
* Reference To: USER32.LoadStringA, Ord:01ABh
|
:0041FA69 FF1550D65200 Call dword ptr [0052D650]
:0041FA6F 8D85C4FEFFFF lea eax, dword ptr [ebp+FFFFFEC4]
:0041FA75 50 push eax
============================END CODE=======================================
Ok...what do we see here.
If the value isn´t the same it jumps from Unregistered.
So....lets serach for "dword ptr [00530064]"
You shall see this now:
============================BEGIN CODE======================================
:0041F8D0 E8FC5FFFFF call 004158D1
:0041F8D5 8D8DE8F2FFFF lea ecx, dword ptr [ebp+FFFFF2E8]
:0041F8DB E8625EFFFF call 00415742
:0041F8E0 3BC3 cmp eax, ebx
:0041F8E2 A3788C5500 mov dword ptr [00558C78], eax <----Put in a value in mov dword ptr [00558C78]
:0041F8E7 68BC040000 push 000004BC
============================END CODE========================================
But hey...look at the call 2 steps before "mov dword ptr [00558C78], eax"
doubleclick it and press CALL in the menu!
We land here:
============================BEGIN CODE======================================
:00415742 8D8138010000 lea eax, dword ptr [ecx+00000138]
:00415748 85C0 test eax, eax
:0041574A 741A je 00415766
:0041574C 803800 cmp byte ptr [eax], 00
:0041574F 7415 je 00415766
:00415751 81C190030000 add ecx, 00000390
:00415757 51 push ecx
:00415758 E83EA00200 call 0043F79B
:0041575D 85C0 test eax, eax
:0041575F 59 pop ecx
:00415760 7404 je 00415766
:00415762 6A01 push 00000001
:00415764 58 pop eax
:00415765 C3 ret
============================END CODE=========================================
There are 3 Condicional Jumps here, And if anyof those jumps executes
the program will be Unregistered. So what shall we do??
The only thing we have to do is to change so it jumps from:
============================BEGIN CODE======================================
:0041574A 741A je 00415766
:0041574C 803800 cmp byte ptr [eax], 00
:0041574F 7415 je 00415766 <--------| from
:00415751 81C190030000 add ecx, 00000390 |
:00415757 51 push ecx |
:00415758 E83EA00200 call 0043F79B |
:0041575D 85C0 test eax, eax |
:0041575F 59 pop ecx |
:00415760 7404 je 00415766 |
:00415762 6A01 push 00000001 <--------| to
============================END CODE=========================================
Ok highlight the "je 00415766" and write down the offset "0001574A".
Also highlight the push at :00415762 push 00000001 and write down the offset.
Close W32Dasm and open HView!
Browse to your opera.exe and press ENTER
then F4 / Decode / F5, type the offset of the je 00415766.
Then Press enter.
You shall see this:
741A JE 000415766
Now..press F3 / TAB or F2
Delete everything in the window that was poping up!
Now type the offset of the push in the window instead:
JMP 00015762
then ESC / F9 / F10
Run the program and it´s registered!....JIPPEE!!!!!
Have fun!!
////////////////////////////////
See ya!!
-=Metal=-
-------------------------------------
Contact Me: metal_cracker@hotmail.com
-------------------------------------
-------------------------------------
Greetings goes to:
-------------------------------------
- The CrEaM Crew -
[http://cream2k.org]
- Mantana -
- Stimpy -
- MagicMike - (for all help)
- And the rest I forgot -