Name : Applet Button Factory Version : 5.0 Editor : CoffeeCup Target : Applet Button Factory.exe Tools : W32Dasm 8.93 Hiew 6.16 Brain Cracker : LW2000 Tutorial : No.16 http://www.coffeecup.com/ --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- Please excuse my poor english, its not my mother language.... 1. Go to the register screen and enter LW2000 as username and 1234 as registration code. *BOOM* Incorrect username and password. Note this text and exit Applet Button Factory. Fire up W32Dasm with Applet Button Factory.exe and click on the string data reference. Doubleclick on 'Incorrect username and password' and close the SDR window. * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004752E4(C), :0047530C(C) <--- here we come from... * Possible StringData Ref from Code Obj -> "Incorrect username and password." 2. Let's take a look at this two references! * Possible StringData Ref from Code Obj ->"12aew" | :004752D8 BAC8534700 mov edx, 004753C8 :004752DD E82A3BF9FF call 00408E0C :004752E2 85C0 test eax, eax :004752E4 0F85B0000000 jne 0047539A <-- if not equal jmp to msg :004752EA 8D55FC lea edx, dword ptr [ebp-04] :004752ED 8B8318030000 mov eax, dword ptr [ebx+00000318] :004752F3 E80CB8FBFF call 00430B04 :004752F8 8B45FC mov eax, dword ptr [ebp-04] :004752FB E8B0ECF8FF call 00403FB0 * Possible StringData Ref from Code Obj ->"9j8f5" | :00475300 BAD0534700 mov edx, 004753D0 :00475305 E8023BF9FF call 00408E0C :0047530A 85C0 test eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004752A5(C) | :0047530C 0F8588000000 jne 0047539A <-- if not equal jump to message :00475312 A1E04B4B00 mov eax, dword ptr [004B4BE0] :00475317 8B00 mov eax, dword ptr [eax] :00475319 8B8038030000 mov eax, dword ptr [eax+00000338] :0047531F 33D2 xor edx, edx :00475321 E8CEB6FBFF call 004309F4 :00475326 A1E04B4B00 mov eax, dword ptr [004B4BE0] :0047532B 8B00 mov eax, dword ptr [eax] 3. I LOVE THOSE STUPID PROGRAMERS! Seems that we have two very hard coded serials *g* 9j8f5 and 12aew, but let's play a bit with hiew. Write down the offsets from 4752E4 and from 47530C. Fire up hiew and change both jmp's from jne to je. Congratulation! You are an registered user. FINISH! Easy, or? cu LW2000 Any comments? Mail me LW2000@gmx.net !!! ---- tKC, thx for your tutors! I started with tutor 1 and i still read them... they are the best!