Name : PowerStrip Version : 2.55 Editor : Pstrip.exe Target : EntechTaiwan Tools : W32Dasm Hiew Procdump Brain Cracker : LW2000 Tutorial : No.59 http://www.entechtaiwan.com/ --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- 1. Mhmm, lets try to register first.. Name: LW2000 [CiA] Key: 1230099 Mhmm, don't work! Why? Lets fix this bug... ;) 2. Ok, first we take a look at PStrip.exe with getTyp (I always do this first!). Why? -> Mhmm, because more and more proggies are packed with a exe-packer. ... like this one: AsPack !!! Ok, load Procdump and unpack PowerStrip (you should know how this works...) 3. Unpacked? Fine! Load the unpacked Pstrip.exe in W32Dasm and click on the String Data Reference. Mhmm, nice strings.... "Thank you for registering. You " sounds very interesting ;) Lets go there! | :004B1515 B904164B00 mov ecx, 004B1604 :004B151A E861D2F8FF call 0043E780 :004B151F A134174F00 mov eax, dword ptr [004F1734] :004B1524 E8E30F0100 call 004C250C :004B1529 3C01 cmp al, 01 :004B152B 752B jne 004B1558 <--- Bad Boy! :004B152D A134174F00 mov eax, dword ptr [004F1734] :004B1532 C6803805000001 mov byte ptr [eax+00000538], 01 :004B1539 6A40 push 00000040 * Possible StringData Ref from Code Obj ->"PowerStrip Registration" | :004B153B B908164B00 mov ecx, 004B1608 * Possible StringData Ref from Code Obj ->"Thank you for registering. You " 4. Easy going! The jne in :004B152B is our bad boy. IF al=0 our proggy is registered else we fail. Lets fix it... Go into the Call 004C250C and note the offset. 5. Start Hiew, open the unpacked pstrip.exe, goto our offset and change to decode mode. Press F3 to Edit, F2 to enter Asm commands. Now type the following: mov al,1 [Enter] ret [Enter] [Esc] Save your work. 6. Ok, lets try it. Congratulation! You are a registered user. FINISH! Easy, or? cu LW2000 Any comments? Mail me LW2000@gmx.net or go to http://www.LW2000.cjb.net ---- tKC, thx for your tutors! I started with tutor 1 and i still read them... they are the best!