Name : A RobFantastic MP3 Encoder Version : 1.4 Editor : Graceland Research Target : encoder.exe Tools : W32Dasm 8.93 Hacker's View 6.01 Brain Cracker : LW2000 Tutorial : No.5 http://www.lorenzini.com/jlorenzi/encoder.html --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- Please excuse my poor english, its not my mother language.... 1. Load A RobFantastic MP3 Encoder. Open with "Add Files" 6 Wave files. i.e. c:\windows\media there are often many waves. OK click on Encode. 2. *BOOM* "This is an Evaluation copy of the program. To encode more than 5 songs at a time you need to register. If you have a registration code, press the Enter Reg Code button to do this now or the Cancel button to continue." Mhmm, lets try to register. Press Register and enter the following: Name : LW2000 Key : [LW2000] Now press OK. 3. *BOOM* "The registration code you entered was not correct. Double-check the name and registration code to verify it was entered exactly as it was sent to you." Exit the program. 4. Lets crack this bitch of a program. Copy encoder.exe to try.exe. Load W32DASM with encoder.exe and click the SDR Button. Find "The registration code you entered was not correct. Double-ch" Doubleclick on this string and close the SDR window. 5. You see this: * Referenced by a (U)nconditional or (C)onditional Jump at Address: :0041A460(C) <<-- Here we go :0041A47E 6A40 push 00000040 * Possible Reference to String Resource ID=33007: "A Rob Fantastic MP3 Encoder" | :0041A480 68EF800000 push 000080EF :0041A485 E806290000 call 0041CD90 :0041A48A 83C404 add esp, 00000004 :0041A48D 50 push eax * Possible Reference to String Resource ID=33042: "The registration code you entered was not correct. Double-ch" <<-- Our messagetext | :0041A48E 6812810000 push 00008112 :0041A493 E8D8280000 call 0041CD70 :0041A498 83C404 add esp, 00000004 :0041A49B 8BCE mov ecx, esi :0041A49D 50 push eax :0041A49E E809920100 call 004336AC :0041A4A3 5E pop esi :0041A4A4 81C408020000 add esp, 00000208 :0041A4AA C3 ret 6. OK we go to the code location 0041A460, because we jumped from there. We see this now: * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0041A434(C) | :0041A449 8D8C2408010000 lea ecx, dword ptr [esp+00000108] :0041A450 8D542404 lea edx, dword ptr [esp+04] :0041A454 51 push ecx :0041A455 52 push edx :0041A456 E805030000 call 0041A760 :0041A45B 83C408 add esp, 00000008 :0041A45E 85C0 test eax, eax <<-- Our test :0041A460 741C je 0041A47E <<-- Bad BOY !!! :0041A462 8D442404 lea eax, dword ptr [esp+04] :0041A466 50 push eax :0041A467 E884020000 call 0041A6F0 :0041A46C 83C404 add esp, 00000004 :0041A46F 8BCE mov ecx, esi :0041A471 E81F760100 call 00431A95 :0041A476 5E pop esi :0041A477 81C408020000 add esp, 00000208 :0041A47D C3 ret 7. If you look at 0041A460 you see a jump. If equal then we go to 0041A47E which will popup this nasty messagebox and let the program unregistered! We are going to change this... Place the bar at : :0041A460 741C je 0041A47E. In the statusbar you will see the offset 1A460h (the h is for hex and you can forget it) Our offset is 1A460. 8. Exit W32Dasm and load hiew with try.exe. Press Enter twice to go to decode mode. Press F5 to go to codelocation 1A460. Press F3 to edit the file and change 741C to 751C. This changed je to jne. Now, he will always jump except you entered the correct serial number. Press F9 to update and F10 to quit. Run Encoder.exe and enter the details. Congratulation! You are an registered user! 9. Like to know your correct serial number? Open regedit and go to: [HKEY_CURRENT_USER\Software\Graceland Research\Encoder] You find "Register RegCode" with "36832761" Mhmm, looks nice! Write down the Code and delete this registry item. Start Encoder.exe (uncracked version!) and enter the following details: Name: LW2000 RegCode: 36832761 Congratulation! You are an registered user with your personal serial! FINISH! Easy, or? cu LW2000 Any comments? Mail me LW2000@gmx.net !!! ---- I'd like to thank tKC for his tutors! I started with tutor 1 and i still read them... they are the best!