mIRC v6.01 tutorial by ChupA [CroHack]

HOW TO CRACK mIRC v6.01

Cracking tutorial by: ChupA [CroHack]

visit my page: CyberTools

target: mIRC v6.01

protection: name/serial

level: easy

tools used: W32Dasm, hex editor (doesn't matter which one), paper and something to write with, good music (rock)

This is my first tutorial. Bla, bla...

OK, Enough bullshit. Let's start.

First you need to backup your mirc.exe file to mirc.backup or something. Open mirc.exe -> help -> register. Enter your name and fake serial and click OK. You'll get some message "The registration name and number you have entered..." write it down.

Open mIRC in W32Dasm and goto Data String References. Find that message that you wrote on paper.

Double click on the message so you can see it in main window. Do this one more time to see if this message is on more than one place. OK, you are now here:

Scroll up until you find address of a jump that push this message. Now you are here (I hope so):

Now Goto Code Location (shift + F12). Enter address marked above. I've got 004C3C24. You land here:

OK, now we gonna try to reverse this jump. Look at the bootom of W32Dasm to find the offset.

Open mirc.exe in hex editor. Goto offset C3224 and change 0F84 to 0F85. Save and exit.

Start mIRC. Goto register. Enter your name and password -> OK. Woooow registered. Exit program. Now start it again and goto help -> about to see if you are still registered. It says UNREGISTERED, but we was expecting this. We need some other aproach. Now you can open mIRC in hex editor and change back 0F85 to 0F84 or delete mirc.exe and copy mirc.backup to mirc.exe.

Before that jump that we have changed (je 004C3CE1) we have "test eax, eax". It checks if eax is 0. If true jump "fuck off bad cracker", else "Thank you for your money, dear friend". So we need to set eax to 1 at the end of of that call (call 004C37B1). Click that line (call 004C37B1) and Execute Call

We are looking for something before return from call. Do you see it:

We've got test eax, eax , then je and mov eax, 00000001. We need that. Click je 004C38DB and read offset.

We are going to NOP (no operation) that jump so eax will always be equal to 1.

Open mIRC in hex editor. Goto offset C2ED2 and change that jump to 2 NOPs (7407 -> 9090). Save and exit.

That's it. Open mIRC. Goto register. Enter your name and serial. You are registered. Exit mIRC and start it again to see if you are still registered. Goto help -> about. It says Licenced to: YOUR NAME.

I hope you have learned something from this tutorial.

Any questions about cracking and stuff visit -=DARKBOARD=-