---------------------------------------------- How to crack Mp3 File Editor --------------------------------------------- Cracker: stealthFIGHTER Target: Mp3 File Editor v3.06 build 2 Tools: W32dasm Hiew Brain Where: http://www.mpeg3.com/mp3fe/ Sorry for my english, its not my mother language. ----------- Step 1: ----------- === Run Mp3 File Editor, go to registration nag, enter any name, company and s/n. Press Register button ... Registration failed! ... Note this text. === Fire up W32dasm and load Mp3file.exe. Done? Click SDR window and find the text. Double click on it. You should be here: === * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0048FE52(C) <--- here we GO! | :0048FF1D A1587C4A00 mov eax, dword ptr [004A7C58] :0048FF22 8B00 mov eax, dword ptr [eax] :0048FF24 8B80F0010000 mov eax, dword ptr [eax+000001F0] :0048FF2A B201 mov dl, 01 :0048FF2C E8472EF9FF call 00422D78 :0048FF31 A1E07B4A00 mov eax, dword ptr [004A7BE0] :0048FF36 8B00 mov eax, dword ptr [eax] :0048FF38 8B80E0010000 mov eax, dword ptr [eax+000001E0] :0048FF3E 8B4050 mov eax, dword ptr [eax+50] :0048FF41 BAFF000000 mov edx, 000000FF :0048FF46 E87D7CF8FF call 00417BC8 :0048FF4B A1E07B4A00 mov eax, dword ptr [004A7BE0] :0048FF50 8B00 mov eax, dword ptr [eax] :0048FF52 8B80DC010000 mov eax, dword ptr [eax+000001DC] * Possible StringData Ref from Code Obj ->"Registration Failed !" :0048FF58 BADCFF4800 mov edx, 0048FFDC <--- we land here! :0048FF5D E8EA2EF9FF call 00422E4C :0048FF62 A1E07B4A00 mov eax, dword ptr [004A7BE0] :0048FF67 8B00 mov eax, dword ptr [eax] :0048FF69 8B80E0010000 mov eax, dword ptr [eax+000001E0] === In W32dasm, press Go to location and enter 0048FE52. You will land here: === :0048FE22 8BC0 mov eax, eax :0048FE24 55 push ebp :0048FE25 8BEC mov ebp, esp :0048FE27 6A00 push 00000000 :0048FE29 53 push ebx :0048FE2A 8BD8 mov ebx, eax :0048FE2C 33C0 xor eax, eax :0048FE2E 55 push ebp :0048FE2F 68A6FF4800 push 0048FFA6 :0048FE34 64FF30 push dword ptr fs:[eax] :0048FE37 648920 mov dword ptr fs:[eax], esp :0048FE3A 8D55FC lea edx, dword ptr [ebp-04] :0048FE3D 8B83F0010000 mov eax, dword ptr [ebx+000001F0] :0048FE43 E8D42FF9FF call 00422E1C :0048FE48 8B45FC mov eax, dword ptr [ebp-04] :0048FE4B E8A8FCFFFF call 0048FAF8 <--- call good serial :0048FE50 84C0 test al, al <--- test our serials :0048FE52 0F84C5000000 je 0048FF1D <--- jump to error msg :0048FE58 A1E07B4A00 mov eax, dword ptr [004A7BE0] :0048FE5D 8B00 mov eax, dword ptr [eax] :0048FE5F 8B80E0010000 mov eax, dword ptr [eax+000001E0] :0048FE65 8B4050 mov eax, dword ptr [eax+50] === On the TEST line should be AL=1, if not ... JUMP to error message. Execute the CALL (call 0048FAF8). You will land here: === * Referenced by a CALL at Addresses: |:0048FE4B , :0049F66C | :0048FAF8 55 push ebp <--- here we are :0048FAF9 8BEC mov ebp, esp :0048FAFB B905000000 mov ecx, 00000005 === Double click on 0048FAF8 ... PUSH EBP and note the offset (8EEF8). Run Hiew, select decode mode, press "F5" key and enter the offset. === Patching: Press "F3" and "F2" to assembler and type: mov al, 1 [ENTER] ret [ENTER] Then "F9" to save work. === === Run MFE again and try register again. === --------------------------------------------------------- If i make a mistake, please e-mail me to: stealthfighter@another.com ---------------------------------------------------------