Welcome to Cracking Tutorial #30! Ah finally, sorry for delays but no modem at my home yet. :-/ For a bonus I'll do 5 versions today. (#26, 27, 28, 29, and 30) *HELL!* Like I said earlier, nothing is gonna stop me now! :) Anyway, enjoy it! :) Ok, let's rave! You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftIce 3.25 W32Dasm 8.93 Hacker's View 6.10 SmartCheck 6.03 TASM 5.00 Windows Commander 3.53 (I use it coz of easier to multitask) Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good cracking sites where you can grab tools from: http://surf.to/HarvestR or http://harvestr.cjb.net http://atlantez.nl.eu.org/Iczelion http://protools.cjb.net or ask any crackers to get you these tools! Are you ready?! OK! ;) HOW TO CRACK HyperPas (Freeware) bY dAvId/nIgHtMaRe'1 Jun 1999 Welcome to my 17th cracking Tutorial This time i'll teach you how to crack HyperPas (Freeware) Sorry for my bad grammatic, but i hope u will under stand it anyway... Tools Used: W32Dasm 89.3 (The Best Dissambler) Far 1.62 or any other Norton Commander like clone 1 or more cups off coffee (A Pot will usualy do) you an also drink tea 1 or more ciggys (A Pack will usualy do) (Smoke em Baby Smoke em) he he Where http://jans.hypermart.net Protection Type Serial Crack type Correct Serial 1st you might be wondering HyperPas (Freeware) ????????? well i'll tell you why i crack this one its becuse yes its freeware but you have to go to the authors page to get the correct password else you can't use the proggy sux and since i got this 1 at www.torry.ru (A Fucking Great Delphi Page) unless i want a newer version (if exists) i don't fucking waner visit his web page so thats what driving this crack well enough bull shit lets crack start proggy you'll be greated whit this message Title Box Logon Jans Freeware under that you'll see password given on http://jans.hypermart.net duh what is this shit freeware and still reguires a password ? hmm now why did the author do this to get more visitor on his site grr.idiot well maby any way don't do that do this enter 123454 now what happends nothing no message or anything proggy just exists grrr.fuck him goto Far isen't it great ? and copy hyperpas.exe to hyperpas.w32 start W32Dasm and dissamble hyperpas.w32 when done goto the Strn Button and Click it now what are we goner look for becuse when we tried to enter 123454 as the correct code HyperPas (Freeware) just exited well remember the title the (Logon Jans Freeware ) lets use it keep pressing down until you see Logon Jans Freeware when foudn double click it and close down the Strn Ref window and you'll end up here * Possible StringData Ref from Code Obj ->"Logon Jans Freeware" | :00483E44 B8383F4800 mov eax, 00483F38 :00483E49 E8DEEEFCFF call 00452D2C :00483E4E 8B45F8 mov eax, dword ptr [ebp-08] * Possible StringData Ref from Code Obj ->"926am" <-found the code ? hey look under the Logon Jans Freeware dosen't it look like a code ? try it Start HyperPas (Freeware) enter 926am *boom* *boom* HyperPas Start's cool now you just cracked your first freeware proggy hehe cracking freeware enjoy :) thats it folks bye bye sea next time if you got any comments or questions send em to me if i got enough time i'll send you an-email back you might find me on irc/EFNET in the channel #bsc or #c.i.a under the nick dAvId_nM1 if i got time i'll chat anyway i'hope to sea you in Tutor #18 Cracking Tutorial #17 Written bY dAvId/nIgHtMaRe'1 Jun 1999 Wanna contact me yeah its possibal e-mail me at dAvIdnM1@usa.net HOW TO CRACK XSource (Freeware) bY dAvId/nIgHtMaRe'1 Jun 1999 Welcome to my 18th cracking Tutorial This time i'll teach you how to crack HyperPas (Freeware) Sorry for my bad grammatic, but i hope u will under stand it anyway... Tools Used: W32Dasm 89.3 (The Best Dissambler) Hiew 6.04 (Simply The Best Hex Editor); Soft-Ice 4.00 (yes its true 4.00 is out get it now) (serious?!? *doh* ...tKC) Far 1.62 or any other Norton Commander like clone 1 or more cups off coffee (A Pot will usualy do) you an also drink tea 1 or more ciggys (A Pack will usualy do) (Smoke em Baby Smoke em) he he Where http://jans.hypermart.net Protection Type Serial Crack type Correct Serial 2nd tutor in 1 day just cracked 1 of his freeware proggys HyperPas (Freeware) and now i'm cracking his XSource and still i'm not going to visit his page 1st you might be wondering Xsource (Freeware) ????????? well i'll tell you why i crack this one its becuse yes its freeware but you have to go to the authors page to get the correct password else you can't use the proggy sux and since i got this 1 at www.torry.ru (A Fucking Great Delphi Page) unless i want a newer version (if exists) i don't fucking waner visit his web page so thats what driving this crack well enough bull shit lets crack start proggy you'll be greated whit this message Title Box Jans Freeware Logon under that you'll see password given on http://jans.hypermart.net duh what is this shit freeware and still reguires a password ? hmm now why did the author do this to get more visitor on his site grr.idiot well maby any way don't do that do this enter 123454 now what happends nothing no message or anything proggy just exists grrr.fuck him goto Far isen't it great ? and copy hyperpas.exe to hyperpas.w32 start W32Dasm and dissamble hyperpas.w32 when done goto the Strn Button and Click it now what are we goner look for becuse when we tried to enter 123454 as the correct code HyperPas (Freeware) just exited well remember the title the (Jans Freeware Logon) lets use it keep pressing down until you see it and you don't cuse its not here this time eh sux what now ? hmm lets try using hiew do hiew xsource.exe and search for password since i cracked the last program this guy wrote its probberly something like xxxxam i'm sure so you can try to search for am but that will take 2 long search for password instead keep searching you get to the last 1 and you'll see after the password** its 1205am heh cool now go start xsource and enter 1205am and Xsource Start cool but this isen't real cracking now is it ??? nah since we only used a hex editor and guessed it wood be something like password hmm lets do something else lets use Soft-Ice (IT ROX) but first delete xsource.ini cuse you want a uncracked (freeware) ver again start xsource and enter 123454 as code now go into soft-ice ctrl+d or whatever your hot key is and place a breakpoint on hmemcpy press F5 back into the program we are trying to crack press OK soft-ice will pop press F1 once now keep pressing F12 until your in the code of XSource now do a s 0 l ffffff '123454' you get a return addess mins was XXXX:00BE3758 but it can be diffrent on your system now place a bpmb thats (Break Point on Memory Access) when placed press x and you'll break into this code \ / \ / \ / \ / \/ \/ :00403E29 8B0E mov ecx, dword ptr [esi] :00403E2B 8B1F mov ebx, dword ptr [edi] :00403E2D 39D9 cmp ecx, ebx :00403E2F 7558 jne 00403E89 type d esi and you'll get your dummy code 123454 type d edi and you'll get 1205am you real code cool and this time we made did some real cracking whit our beloved debugger Soft ice so you did it huh ? but i did it first hehe when you got the code do a bc * (Clear all Break Points) and press X try it Start XSource (Freeware) enter 1205am *boom* *boom* XSource Start's cool now you just cracked your second freeware proggy hehe cracking freeware sux enjoy :) thats it folks bye bye sea next time if you got any comments or questions send em to me if i got enough time i'll send you an-email back you might find me on irc/EFNET in the channel #bsc or #c.i.a under the nick dAvId_nM1 if i got time i'll chat anyway i'hope to sea you in Tutor #19 Cracking Tutorial #18 Written bY dAvId/nIgHtMaRe'1 Jun 1999 Wanna contact me yeah its possibal e-mail me at dAvIdnM1@usa.net HOW TO CRACK BitMapShrinker 1.02 bY dAvId/nIgHtMaRe'1 Jun 1999 Welcome to my 19th cracking Tutorial This time i'll teach you how to crack BitMapShrinker 1.02 Sorry for my bad grammatic, but i hope u will under stand it anyway... Tools Used: W32Dasm 89.3 (The Best Dissambler) Hiew 6.04 (Simply The Best Hex Editor); Far 1.62 or any other Norton Commander like clone 1 or more cups off coffee (A Pot will usualy do) you an also drink tea 1 or more ciggys (A Pack will usualy do) (Smoke em Baby Smoke em) he he Where http://www.beyersdorf.com Protection Type Serial Crack type *PATCH* start BitMapShrinker 1.02 and goto register:enter key... enter name dAvId/nIgHtMaRe'1 or any name you like and as code 123454 or any code you like you'll get this error note it Sorry but the name and the key you entered cannot be accepted together A mistage often made when entering the name and key is to Confuse letters O and l whit the digits 0 and 1 Hmm what does the idiot think we are stupid we know its wrong hehe goto Far copy BitMapShrinker.exe to BitMapShrinker.w32 for use whit w32dasm start up w32dasm and dissamble BitMapShrinker.w32 when done goto the Strn Ref Button and click it and look for Sorry but the name and the key when found double click it and close down the Strn Ref Windows you'll end up here * Possible StringData Ref from Code Obj ->"Sorry, but the name and the key " ->"you entered cannot be accepted " ->"together. " you also see a (U)nconditional and (C)onditional Jump don't follow it instead press the up arrow until you get here * Possible StringData Ref from Code Obj ->"Thank you for registering!" * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0047EA16(C) :0047EA18 B888EA4700 mov eax, 0047EA88 :0047EA1D E82628FBFF call 00431248 :0047EA22 EB30 jmp 0047EA54 * Possible StringData Ref from Code Obj ->"Vielen Dank f" the other message you see is german i just says thank you ingore it and look at the stuff before it instead :0047E9F5 E81EF5FFFF call 0047DF18 <-a Call what can it be ? :0047E9FA 84C0 test al, al :0047E9FC 7432 je 0047EA30 :0047E9FE C605985B490001 mov byte ptr [00495B98], 01 :0047EA05 C7832801000001000000 mov dword ptr [ebx+00000128], 00000001 :0047EA0F 83BBD801000007 cmp dword ptr [ebx+000001D8], 00000007 :0047EA16 750C jne 0047EA24 Trace the call press right arrow and you'll end up here now just keep looking true this code and you'll find a cmp esi,eax :0047DF18 55 push ebp :0047DF19 8BEC mov ebp, esp :0047DF1B 83C4E0 add esp, FFFFFFE0 :0047DF1E 53 push ebx :0047DF1F 56 push esi :0047DF20 57 push edi :0047DF21 33DB xor ebx, ebx :0047DF23 895DE4 mov dword ptr [ebp-1C], ebx :0047DF26 895DE0 mov dword ptr [ebp-20], ebx :0047DF29 895DF0 mov dword ptr [ebp-10], ebx :0047DF2C 894DF8 mov dword ptr [ebp-08], ecx :0047DF2F 8955FC mov dword ptr [ebp-04], edx :0047DF32 8BD8 mov ebx, eax :0047DF34 8B45FC mov eax, dword ptr [ebp-04] :0047DF37 E8E058F8FF call 0040381C :0047DF3C 8B45F8 mov eax, dword ptr [ebp-08] :0047DF3F E8D858F8FF call 0040381C :0047DF44 8B4508 mov eax, dword ptr [ebp+08] :0047DF47 E8D058F8FF call 0040381C :0047DF4C 33C0 xor eax, eax :0047DF4E 55 push ebp :0047DF4F 6833E14700 push 0047E133 :0047DF54 64FF30 push dword ptr fs:[eax] :0047DF57 648920 mov dword ptr fs:[eax], esp :0047DF5A C645F700 mov [ebp-09], 00 :0047DF5E 33C0 xor eax, eax :0047DF60 55 push ebp :0047DF61 68F1E04700 push 0047E0F1 :0047DF66 64FF30 push dword ptr fs:[eax] :0047DF69 648920 mov dword ptr fs:[eax], esp :0047DF6C 8D55E4 lea edx, dword ptr [ebp-1C] :0047DF6F 8B45F8 mov eax, dword ptr [ebp-08] :0047DF72 E8417CF8FF call 00405BB8 :0047DF77 8B55E4 mov edx, dword ptr [ebp-1C] :0047DF7A 8D45F8 lea eax, dword ptr [ebp-08] :0047DF7D E80656F8FF call 00403588 :0047DF82 8D55E4 lea edx, dword ptr [ebp-1C] :0047DF85 8B4508 mov eax, dword ptr [ebp+08] :0047DF88 E82B7CF8FF call 00405BB8 :0047DF8D 8B55E4 mov edx, dword ptr [ebp-1C] :0047DF90 8D4508 lea eax, dword ptr [ebp+08] :0047DF93 E8F055F8FF call 00403588 :0047DF98 8B55F8 mov edx, dword ptr [ebp-08] :0047DF9B 8BC3 mov eax, ebx :0047DF9D E886FEFFFF call 0047DE28 :0047DFA2 8BF0 mov esi, eax :0047DFA4 8B4508 mov eax, dword ptr [ebp+08] :0047DFA7 E8C87DF8FF call 00405D74 :0047DFAC 3BF0 cmp esi, eax < hey you found it :0047DFAE 0F8533010000 jne 0047E0E7 cool you found the spot its at offset 7D3AC ok load hiew bitmapshrinker.exe press F4 select decode mode press F5 enter 7D3AC press F3 and change the 3BF0 to 3BF6 press F9 to update the file exit run and return to the program start BitMapShrinker 1.02 goto register:enter key.. and enter dAvId/nIgHtMaRe'1 or any name you like and as code 123454 or any code you like you'll now be greated whit this message Thank you for Registering! You Might want to have a look at my web-site http://www.beyersdorf.com once a while and download updates of this application and other software products. Yeah i just might do that i love free software heh heh heh ha ha :) if you got any comments or questions send em to me if i got enough time i'll send you an-email back you might find me on irc/EFNET in the channel #bsc or #c.i.a under the nick dAvId_nM1 if i got time i'll chat anyway i'hope to sea you in Tutor #20 Cracking Tutorial #19 Written bY dAvId/nIgHtMaRe'1 Jun 1999 Wanna contact me yeah its possibal e-mail me at dAvIdnM1@usa.net HOW TO CRACK Delphi DebuggerPro 1.0.0 bY dAvId/nIgHtMaRe'1 Jun 1999 Welcome to my 20th cracking Tutorial This time i'll teach you how to crack Delphi DebuggerPro 1.0.0 Sorry for my bad grammatic, but i hope u will under stand it anyway... Tools Used: W32Dasm 89.3 (The Best Dissambler) Soft-Ice 4.00 (IT Really ROX) Far 1.62 or any other Norton Commander like clone 1 or more cups off coffee (A Pot will usualy do) you an also drink tea how about a Bottle Of Martine cuse thats what i'm drinking right now 1 or more ciggys (A Pack will usualy do) (Smoke em Baby Smoke em) he he Where http://www.torry.ru Protection Type Serial Crack type Correct Serial sorry if this tut is very very hard to follow this time cuse i'm SO DRUNK heh but i hope it wont be that hard anyway enjoy :) !BURP! he he Start DebuggerPro 1.0.0 you'll be greated whit a !BURP! nag screen telling you this (Title) Nag Screen - Trial Version Day 1 of 30 this is a very annoying that reminds you that Debugger Pro is not Registretered Debugger Pro Costs $5 (UK). to register Debugger Pro email me at John.Wood@Gwc.Co.uk Please Include your scramble code below mine is !BURP! heh 34833082 i am also open to any suggestions or comments you may have version 2 will be totally intergrated into Delphi and should be availble to download in September are you guys sure you want be to go on in this state (DRUNK) ? well it will he he anyway press register enter drunk or 123454 or any code you like and you'll get this message: Invalid Registration Code: - Please Contact John Wood! ah i knew that for sure i did so drunk wasen't the code sux goto far and copy DebuggerPro.exe to DebuggerPro.w32 for use with w32dasm start w32dasm and dissamble DebuggerPro.w32 When done goto the Strn Ref Button and enter eh what it is you do ???? can't remember wait... i'll remember soon i think .................................................................................................... oh yeah the Invalid Registration Code: - Please Contact John Wood! error gotta use that one go down until you see "Invalid Registration Code - Please " now double click it and close down the em what is it now oh yeah the Strn Ref Windows i mean window you'll land here * Possible StringData Ref from Code Obj ->"Invalid Registration Code - Please " ->"Contact John Wood!" :0047C2C5 68A8C34700 push 0047C3A8 * Possible StringData Ref from Code Obj ->"Error" :0047C2C3 6A30 push 00000030 * Referenced by a (U)nconditional or (C)onditional Jump at Address: :0047C28B(C) what the fuck are you watting for follow the (U)nconditional or (C)onditional Jump you know how right? hmm press shift+f..... its $$$DUH$$$ its F12 so press F12 and enter 0047C28B you now land here (God I Love flying don't you ? ); :0047C286 E8457AF8FF call 00403CD0 <-trace this call :0047C28B 7536 jne 0047C2C3 :0047C28D 8B4DF8 mov ecx, dword ptr [ebp-08] * Possible StringData Ref from Code Obj ->"RegisterCode" trace the call press the right arrow and you'll be here just wait... a minute and i'll take you there but first i need a drink again :00403CD0 53 push ebx :00403CD1 56 push esi :00403CD2 57 push edi :00403CD3 89C6 mov esi, eax :00403CD5 89D7 mov edi, edx :00403CD7 39D0 cmp eax, edx <-he i think i found it! :00403CD9 0F848F000000 je 00403D6E :00403CDF 85F6 test esi, esi its that it ? hell how is it you use ice oh yeah start Debugger Pro 1.0.0 press register enter 123454 (DON*T) press oK go into Soft-Ice ctrl+d or what ever your hot key is place a breakpoint on 00403CD7 thats bpx 00403CD7 press F5 and press ok soft-ice will pop :00403CD7 39D0 cmp eax, edx <-he i think i found it! :00403CD9 0F848F000000 je 00403D6E :00403CDF 85F6 test esi, esi do a d eax and you get your dummy code in my case 123454 do a d edx and you get your real code in my case 6966196 (COOL); when you got your code do a bc * (Clear all Break Points) and press X *boom* *boom* i want you in my room duh i listren to that song 2 mutch *REGGED* enjoy :) personaly i think i did pretty good even doh i getting more and more drunk eatch minute better buy some beer running out off Matine heh heh if you got any comments or questions send em to me if i got enough time i'll send you an-email back you might find me on irc/EFNET in the channel #bsc or #c.i.a under the nick dAvId_nM1 if i got time i'll chat anyway i'hope to sea you in Tutor #21 Cracking Tutorial #20 Written bY dAvId/nIgHtMaRe'1 Jun 1999 Wanna contact me yeah its possibal e-mail me at dAvIdnM1@usa.net HOW TO CRACK WinAMP 2.23 bY dAvId/nIgHtMaRe'1 Jun 1999 <<....see below at end of this article....>> Welcome to my 21th cracking Tutorial This time i'll teach you how to crack WinAMP 2.23 Sorry for my bad grammatic, but i hope u will under stand it anyway... Tools Used: Soft-Ice 4.00 (IT Really ROX) 1 or more cups off coffee (A Pot will usualy do) you an also drink tea 1 or more ciggys (A Pack will usualy do) (Smoke em Baby Smoke em) he he NOTE NOTE NOTE always remember to check out WWW.WINAMP.COM for a new version cuse it really !RUX! i think don't you i love mp3's heh heh Where http://www.winamp.com Protection Type Serial Crack type Correct Serial goto NullSoft:shareware:enter registration info enter name dAvId/nIgHtMaRe'1 or any name you like as code enter 1234541 or any code you like go into Soft-Ice press ctrl+d or what ever your hot key is and place a breakpoint on getdlgitemint bpx getdlgitemint press F5 your now back in the proggy and erase the 123454-1 <- the 1 soft-ice will pop now press F11 once and you'll end up here keep pressing F10 until you reatch the cmp eax,esi :00401EBF FF1534E34300 Call dword ptr [0043E334] :00401EC5 8BF0 mov esi, eax :00401EC7 8D4580 lea eax, dword ptr [ebp-80] :00401ECA 50 push eax :00401ECB E8E13A0200 call 004259B1 :00401ED0 3BC6 cmp eax, esi <- you stop here do a ? esi and you see your dummy code in my case 123454 do a ? eax and you see your real code in my case 34932514 do a bc * (Clear all Break Points) and press X now goto NullSoft:shareware:enter registration info name dAvId/nIgHtMaRe'1 or the name you choose and as code enter 34932514 or the code you got **booM** *regged* enjoy :) if you got any comments or questions send em to me if i got enough time i'll send you an-email back you might find me on irc/EFNET in the channel #bsc or #c.i.a under the nick dAvId_nM1 if i got time i'll chat anyway i'hope to sea you in Tutor #22 Cracking Tutorial #21 Written bY dAvId/nIgHtMaRe'1 Jun 1999 Wanna contact me yeah its possibal e-mail me at dAvIdnM1@usa.net (I won't publish any article for Winamp in the future, I'm sure we all know how to regged it, tnx tKC.....) HOW TO CRACK Poker Patience Pack 1.0.0.0 bY dAvId/nIgHtMaRe'1 Jun 1999 Welcome to my 22th cracking Tutorial This time i'll teach you how to crack Poker Patience Pack 1.0.0.0 Sorry for my bad grammatic, but i hope u will under stand it anyway... Tools Used: Soft-Ice 4.00 (IT Really ROX) 1 or more cups off coffee (A Pot will usualy do) you an also drink tea 1 or more ciggys (A Pack will usualy do) (Smoke em Baby Smoke em) he he NOTE remember to check out this web site for more (Free) solitare games heh Where http://www.www.solitairecentral.com Protection Type Serial Crack type Correct Serial goto help: about: register and enter name dAvid/nIgHtMaRe'1 or any name you like and as code enter 123454 or any code you like goto into Soft-Ice press ctrl+d or what ever your hot key is place a breakpoint on hmemcpy now press F5 or x to return to the program em game your about to crack press ok and soft-ice will pop you'll be in kernel now press F11 F5 F11 then keep pressing F12 until you in the code of pokerpak when you there keep pressing F10 until you reatch here :0041B12F E810ED0300 call 00459E44 :0041B134 8D55E8 lea edx, dword ptr [ebp-18] <-you got it! now do a D EDX and press the page up 5 or 6 of times and you'll get your real code in my case 5944713 (COOL huh?) when you got your code do a bc * (Clear all Break Points) and press X goto help:about:register and enter 5944713 you'll get a message telling you thanks for registering *boom* *regged* if you got any comments or questions send em to me if i got enough time i'll send you an-email back you might find me on irc/EFNET in the channel #bsc or #c.i.a under the nick dAvId_nM1 if i got time i'll chat anyway i'hope to sea you in Tutor #23 Cracking Tutorial #22 Written bY dAvId/nIgHtMaRe'1 Jun 1999 Wanna contact me yeah its possibal e-mail me at dAvIdnM1@usa.net We really hope you've enjoyed this tutorial too much as we did! Don't miss Tutor #31 soon! ;) And as I said last time: Without knowledge, there's no power! ;) Credits go to: THE 1 for Splash Logo. dAvid/nIgHtMaRe'1 for providing 6 tuts in this version. tKC/CiA (hey it's me!) for coding this version :) All the crackers (non-members of CiA) are welcome to send tutors for the next tutorials .. see below for my email address! Greetz goto all my friends!!! You can find me on IRC or email me at tkc@reaper.org Oh btw, please don't expect me to reply your mails, since I get 50+/- mails everyday.. be sure that I really appreciate your mails! :) Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action '99 Compiled on 23 June 1999 Cracking Tutorial #30 is dedicated to Ms_Jessca my liefie only ...who else?