-----------------------------------------------------------------------------
How to find a serial in Applet Button Factory v4.5
-----------------------------------------------------------------------------

Cracker: stealthFIGHTER 

Target: Applet Button Factory v4.5

Tools: W32dasm
       Brain

Where: http://www.coffecup.com

Sorry for my english, its not my mother language.

-----------
Step 1:
-----------

Run Button Factory, go to about - registration - enter any name
and password. Then press Register <Boom> - Incorrect username ...
Write this message down. Run W32Dasm - click SDR window, find
the message and double click on it. You are here:


* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0046F4DC(C), :0046F504(C)			<---- this is what we want
|

* Possible StringData Ref from Code Obj ->"Incorrect username and password."
                                  |
:0046F592 B890F64600              mov eax, 0046F690
:0046F597 E81839FEFF              call 00452EB4       <---- we are here



Now press SHIFT+F12 and enter 0046F4DC. You should be here:


* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046F439(C)
|
:0046F4AE 55                      push ebp
:0046F4AF 68B2F54600              push 0046F5B2
:0046F4B4 64FF30                  push dword ptr fs:[eax]
:0046F4B7 648920                  mov dword ptr fs:[eax], esp
:0046F4BA 8D55FC                  lea edx, dword ptr [ebp-04]
:0046F4BD 8B8314030000            mov eax, dword ptr [ebx+00000314]
:0046F4C3 E88817FCFF              call 00430C50
:0046F4C8 8B45FC                  mov eax, dword ptr [ebp-04]
:0046F4CB E8A04AF9FF              call 00403F70

* Possible StringData Ref from Code Obj ->"mk67z"	<--- whata hell, what is it?
                                  |				      looks like a name	
:0046F4D0 BAC0F54600              mov edx, 0046F5C0
:0046F4D5 E80699F9FF              call 00408DE0
:0046F4DA 85C0                    test eax, eax
:0046F4DC 0F85B0000000            jne 0046F592		<--- we land here
:0046F4E2 8D55FC                  lea edx, dword ptr [ebp-04]
:0046F4E5 8B8318030000            mov eax, dword ptr [ebx+00000318]
:0046F4EB E86017FCFF              call 00430C50
:0046F4F0 8B45FC                  mov eax, dword ptr [ebp-04]
:0046F4F3 E8784AF9FF              call 00403F70

* Possible StringData Ref from Code Obj ->"trs98z"		<--- and this? (s/n?)
                                  |
:0046F4F8 BAC8F54600              mov edx, 0046F5C8
:0046F4FD E8DE98F9FF              call 00408DE0
:0046F502 85C0                    test eax, eax


Write down these numbers and quit W32dasm.
Run Button Fact. again and enter what we found.
<Yes> We are registered !!!


---------------------------------------
If i make a mistake, please e-mail 
me to: stealthfighter@another.com
---------------------------------------      cmp eax, 00000001