Name : MPEGDJ ENCODER Version : 1.53 Editor : Xaudio Target : encoder.exe Tools : W32Dasm 8.93 Hacker's View 6.01 PEN & PAPER (old school) ;) Brain Cracker : LW2000 Tutorial : No.1 Where to get it: http://www.xaudio.de/encoder --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- Well, this is my first tutorial *ever* Please excuse my poor english, its not my mother language.... OK guy's, 16 steps to crack the bitch of a program. BUT remember if you like it - buy it! Ok lets start: 1. Insert any audio-cd in your drive and run MpegDj Encoder. Click on an track i.e. two an then click on Copy & Encode. *BOOM* "You are using the unregistered Version which can only Copy Track ONE.." 2. Quit and copy encode.exe into try.exe. Disassemble try.exe 3. Click on the SDR button and find the string: "You are using the unregistered 4. Doubleclick on it and press close in the SDR window 5. Look at this: * Referenced by a CALL at Address: |:004E8DD5 <<--- We go there | * Possible StringData Ref from Code Obj ->"DoublePlayer" :004E88F0 B81C894E00 mov eax, 004E891C :004E88F5 E8C60AFAFF call 004893C0 :004E88FA 84C0 test al, al :004E88FC 7513 jne 004E8911 :004E88FE 6A30 push 00000030 * Possible StringData Ref from Code Obj ->"Unregistered" | :004E8900 682C894E00 push 004E892C * Possible StringData Ref from Code Obj ->"You are using the unregistered " ->"Version which can only copy Track " ->"ONE of each Audio-CD." | :004E8905 683C894E00 push 004E893C :004E890A 6A00 push 00000000 6. Now go to 4E8DD5. * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004E8DC7(C) <<--- Here is the Jump | :004E8DD1 8BD6 mov edx, esi :004E8DD3 8BC7 mov eax, edi :004E8DD5 E816FBFFFF call 004E88F0 <<--- Here is our call 7. No we go to 4E8DC7 :004E8DAE E8152EF5FF call 0043BBC8 :004E8DB3 85C0 test eax, eax :004E8DB5 0F8E88050000 jle 004E9343 :004E8DBB BB01000000 mov ebx, 00000001 :004E8DC0 803D7F11510000 cmp byte ptr [0051117F], 00 :004E8DC7 7408 je 004E8DD1 <<--- Here we are :004E8DC9 8B1D54C55000 mov ebx, dword ptr [0050C554] :004E8DCF EB09 jmp 004E8DDA 8. If you look at 4E8DC7 you see a jump If equal then jump to 4E8DD1 which will popup this nasty nag. We are going to change this... Place the bar at : :004E8DC7 7408 je 004E8DD1 In the statusbar you will see the offset E81C7h (the h is for hex and you can forget it) Our offset is E81C7. 9. Run Hiew and open encoder.exe. Press enter twice to go to decode-mode. Press F5 and type E81C7. Place the indicator on 74 and press F3. Change 74 to 75 and press F9 to update. Press F10 to save and quit. 10. Run MpegDj Encoder and try encode any track on the CD *BOOM* YOU ARE THE CHAMP! IT WORKS! 11. When running MpegDJ Encoder we see "Unregistered Version" ... Well, i hate this text.... 12. Run Hiew and open encoder.exe 13. Press F7 to search In the ascii field type 'unregistered' It will find the bad messagebox, but we have fixed it Press CTRL+F7 to go to the next string 14. Now you will find Unregistered Version 15. Place the indicator at U Press F3 Press TAB Type '[lw2000] was here! ' Press F9 16. We also want to fix the aboutbox Press CTRL+HOME Press F7 Type 'unlicensed' Like before change it to '[lw2000] ' FINISH! Easy, or? cu lw2000 Any comments? Mail me lw2000@gmx.net !!! ---- I'd like to thank tKC for his tutors! I started with tutor 1 and i still read them... they are the best!