Welcome to Cracking Tutorial #35! Hiya peepz, Here's another tutor for you, I was kinda busy last days, working on some projects... and also released Tutor Trilogy a few days ago! You can find it at www.msjessca.da.ru :) Anyway, let's go! You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE 4.00 W32Dasm 8.93 Hacker's View 6.15 SmartCheck 6.03 TASM 5.00 Windows Commander 4.00 (I use it coz of easier to multitask) Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good cracking sites where you can grab tools from: http://surf.to/HarvestR or http://harvestr.cjb.net http://atlantez.nl.eu.org/Iczelion http://protools.cjb.net or ask any crackers to get you these tools! Are you ready?! OK! ;) A Cracking Tutorial written by h4Ck07iC Cracking a VB program: PixNews99 1.0 Part 1: Finding The Serial Tools: Smartcheck 6.01 Target: PixNews99 1.0 Site: http://www.techsono.com Step 1: Ok Lets start - Open the program and the first u see is: Unregistered copy Registration Key: none Step 2: Goto Register ê Enter Registration key and select " Yes I agree this piece of shit etc" Step 3: Enter a name and registration key (mine was 07iC and 12345) and then hit Enter to receive the error msg: Invalid Registration Key Ok! Close the prog and run SmartCheck First of all we have to look at the configuration - Program ê Settings Error Detection window: All must be ticked Reporting window: All must be ticked except the "Report MouseMove events" Error Detection ê Advanced window: The first 4 boxes must be ticked - Now save Click on Open file ê PixNews99.exe Ok now a window appeared called: PixNews99.exe - Program Transcript Right click in this window and select 'start' - Now a new window appears called "PixNews99.exe - Program Results" It will take sometime, and if it does API Failure you must click always on "Acknowledge" and not at Surpress! At a little bit the PixNews99 program will automatically open - Go again at the registration window and enter your info to receive the error msg. Now close it. Ok it finished! Lets' see what we have here Scroll down until you see this: _Click (They are for about 3-4, but I'm talking about the last one) Expand it, and scroll down until you see this: Mid Asc returns Integer:48 Mid Asc returns Integer:55 Mid Asc returns Integer:105 Mid Asc returns Integer:67 Long (17875) ê String ("17875") Long (13475) ê String ("13475") Ok let's see The "Asc returns Integer:xx" contains the letters of your registration name which you typed in PixNews99. Place the bar on the first and you'll see at the left window: - String string = 004D0964 |_ = "0" That's the first letter of my name which was "07iC" If you'll place the bar at the second you'll see: - String string = 004D0964 |_ = "7" That's the second - So you can understand that: Asc returns Integer:87 ê "0" Asc returns Integer:111 ê "7" Asc returns Integer:76 ê "i" Asc returns Integer:70 ê "C" Got it ? Cool So, we can say that here someone could find a valid serial for his name And that's true. See this: Long (17875) ê String ("17875") Long (13475) ê String ("13475") That's our lovely code! Both of them will work: 1: 17875 2: 13475 But your unlock code will be different, if you didn't type the name 07iC Exit SmartCheck, run the program, and enter at the registration window: 07iC 17875 or 13475 Thank you for your support! We've did it! Yeeeeeehaaaaa! HKEY_CURRENT_USER/Software/VB and VBA Program Settings/PixNews99/The section To delete the key and unregister again. Email: HackedSucka@hotmail.com How to find a Serial for HotCorners 1.5 with SoftIce By: +SEKt0r G'day(Good Day in Australian ;)people, and welcome to my first ever tut. I will try to explain all this ASM and cracking stuff as simply as possible. In this tut you will find a valid serial, and will also make a crack, with a little ASM and Pascal knowledge you should breeze past this. OK enough shit, lets crack... PART 1: TOOLS You need the following tools: Numega Softice 3.xx (I use ver. 3.25) HotCorners Turbo Pascal A brain (heh) Get them from here: http://cracking.home.ml.org http://surf.to/HarvestR http://crackstore.com http://users.aol.com/felhasan/ After you have gotten the above tools continue. PART 2: FINDING A VALID SERIAL STEP 1: Open up HotCorners (HotC.Exe) STEP 2: Now click on Register. STEP 3: Type in a bogus name eg. +SEKt0r and type in a fake serial eg. 12341234 STEP 4: Goto Softice by using CTRL + D, then set two breakpoints like this: BPX GetDlgItemTextA (ENTER) BPX GetWindoTextA (ENTER) STEP 5: Now press F5 or CTRL + D(Exit). STEM 6: Press OK now. STEP 7: *BOOM* Your should be instantaneously back into Softice with the breakpoint GetDlgItemTextA in use. STEP 8: Now at the bottom of the Command Window (look under notes for help where that is) it should say: Break Due To BPX USER32!GETDLGITEMTEXTA (ET=XXXX) STEP 9: Now press F5 then F12 till you see between the Command Window and the Code Window (refer to notes again...): HOTC!.TEXT+0DAA ^^^^ Offset STEP 10: We are now at 015F:00401DAC LEA EDX, [ESP+08] We know that we are in one of the right places because at the top of the screen in the Register Window it shows: EAX=00000008 <--This line is highlighted. ^ This equals the number of letters of my 'fake' serial. STEP 11: We know were near... Now we search for our false string that we put in (12341234 remember?). Type S cs:0 L ffffffff "12341234" We find a match at: 015F:8035856A ^^^^^^^^^^^^^ Again, it might differ on your puter :) STEP 12: Now set a Memory Breakpoint by typing: BPM 015F:8035856A <--Change it to whatever memory address you got STEP 13: Now press F5 once and we get this between the code and data windows: KERNEL32!ISBADWRITEPTR+01D4 (YES! Strings are compared) STEP 14: Now type D ESI or D EAX. Now what do we have here?!?!? OUR SERIAL! Mine was: 1202-11066-2509-485 with the name as: +SEKt0r. STEP 15: Go back to Hot Corners and put the serial, did it work... ayyyay IT DID! WTF WAS HAPPENING? For all you newbies *cough* here is what happened when our serial was calculated: ESI moved to AL EDI was compared to AL EAX = EBP + 10 EAX was compared to AL ECX was compared to AL To test this type D ECX and you see out 'fake' serial that we put it, eg 12341234 PART 3: NOTES This what a Softice layout screen should look like: |---------------| |Register | R to edit |---------------| |Data Window | D to view an address, E to edit it |---------------| |Code Window | U to view and address, A to insert code |---------------| |Command Window | Type commands |---------------| F5/CTRL + D - Run F8 - Step into functions F10 - Step over functions F11 - Step out of functions *Note* If some of the windows don't come up, just put the above letters eg, E,A then the windows will come up or try WD. You might want to print this tutorial out because you can't read stuff in microshit word while in Softice. Oh yeah, before you try to psycho with SoftIce and the ASM language, I recommend that you disassemble a file with Win32ASM so you know WTF is going on :) PART 4: FINAL THANKS Greets goes to these ppl: EFFeCT -For being my sidekick and newbie ARSN!K -For being there to teach me Pascal :) WoLf -For his help + tuts ED!SON -For his KICK ASS tutor tKC -For also his tuts Everyone at #Cracking #Cracking4Newbies #UCF2000 #Infected And everyone else that I forgot about :( How to find a Serial for WinAmp 2.xx with SoftIce By: +SEKt0r Hello people, I'm back with my second tut :) Hope you understand all the shite. I know that there have been quite a few tuts + keygens for this proggy, but, I think that I can explain it pretty good cos this was my first proggy that I cracked (other versions I mean ;). PART 1: TOOLS You need the following tools: Numega Softice 3.xx (I use 3.25) WinAmp (I'll use the new 3.23 ver.) A brain (heh) Get them from here: http://cracking.home.ml.org http://surf.to/HarvestR http://crackstore.com http://winamp.com/ After you have gotten the above tools continue. PART 2: CRACKING STEP 1: Open up WinAmp (WinAmp.Exe) STEP 2: Press ALT + F. Click on Nullsoft WinAmp. Then on Shareware. STEP 3: Now click on Enter Registration Info. Type in a bogus name except the last letter eg. +SEKt0. The reason why we don't type in the last letter and the serial because the code is calculated before the OK button becomes clickable. STEP 4: Goto Softice by using CTRL + D, then set two breakpoints like this: BPX GetDlgItemTextA (ENTER) BPX GetWindoTextA (ENTER) STEP 5: Now press F5 or CTRL + D(Exit). STEM 6: Type in the last letter of your name eg. r STEP 7: *BOOM* Your should be instantaneously back into Softice with the breakpoint GetDlgItemTextA in use. STEP 8: Now at the bottom of the Command Window (look under notes for help where that is) it should say: Break Due To BPX USER32!GETDLGITEMTEXTA (ET=XXXX) STEP 9: We are now at 015F:00401EB9 PUSH 00 Not what we are looking for. STEP 10: Trace down with F10 till we get to USER32!GetDlgItemInt. This is like GetDlgItemTextA but for a numbers Hrmmm... looks like, to me, that WinAmp is making an integer (Number) serial. STEP 11: Keep tracing down with F10 till we get to something that compares some string or something. STEP 12: We don't trace for very long till we get to 015F:00401ED0 CMP EAX,ESI Well well, we have a compare :) STEP 13: Type: ? eax ohhh ahhh *OUR SERIAL* Mine was 75344414 with the user +SEKt0r. WTF WAS HAPPENING? For all you newbies *cough* here is what happened when our serial was calculated: EAX is really EBP-80 We type ? ESI, we get 00000000, good, cos it shows us that we are we should be by telling us that we didn't put anything in the serial box. PART 3: NOTES This what a Softice layout screen should look like: |---------------| |Register | R to edit |---------------| |Data Window | D to view an address, E to edit it |---------------| |Code Window | U to view and address, A to insert code |---------------| |Command Window | Type commands |---------------| F5/CTRL + D - Run F8 - Step into functions F10 - Step over functions F11 - Step out of functions *Note* If some of the windows don't come up, just put the above letters eg, E,A then the windows will come up or try WD. You might want to print this tutorial out because you can't read stuff in microshit word while in Softice. PART 4: FINAL THANKS Many thx goes to these following ppl, again: eFFeCT -For being a friend and a newbie ;) ARSN!K -For being there to teach me Pascal :) WoLf -For his help + tuts ED!SON -For his KICK ASS tutor tKC -For also his tuts Everyone at #Cracking #Cracking4Newbies #UCF2000 #Infected And everyone else that I forgot about :) *sigh*, I mentioned in previous tutor #30 that I won't publish Winamp tutors, so for last time pls :) and +SEKt0r: no offence :) ......tKC How to find a Serial for WinXFiles32 with SoftIce By: +SEKt0r Howdy people, I'm back again! With my third tut, hooray, let's get started. WinXFiles with its attractive tabbed-dialog interface features secure encryption to prevent unauthorized access of all type of files and particularly of your image collection. (Copied it from it's help file :) PART 1: TOOLS You need the following tools: Numega Softice 3.xx (I use 3.25) WinXFiles A brain (heh) Get them from here: http://cracking.home.ml.org http://surf.to/HarvestR http://crackstore.com http://www.pepsoft.com/ After you have gotten the above tools continue. PART 2: CRACKING STEP 1: Open up WinXFiles(WXFiles.Exe) STEP 2: Click on whatever you need to input a serial number. My trial period was already over so it came up automagically :(. STEP 3: Type in a bogus name eg. +SEKt0r. And also type in a fake serial eg. 12341234. *NOTE* The reason why I don't use the serial 123456789 because some programs eg. WinZip has the numbers and letters in it's code so when you search for it, you land somewhere completely different. STEP 4: Goto Softice by using CTRL + D, then set the three main breakpoints like this: BPX GetDlgItemTextA (ENTER) BPX GetWindoTextA (ENTER) BPX HmemCpy (ENTER) I know that Hmemcpy will work because this is a Delphi application and they rarely use GetDlgItemTextA and GetWindowTextA. STEP 5: Now press F5 or CTRL + D(Exit). STEP 6: Click on OK. *BOOM* Your should be instantaneously back into Softice with the breakpoint Hmemcpy (told ya so :) in use. STEP 7: Now at the bottom of the Command Window (look under notes for help where that is) it should say: Break Due To BPX KERNEL!HMEMCPY (ET=XXXX) STEP 8: We are now at 013F:9EA6 PUSH BP Not what we are looking for. STEP 9: Now press F12 Seven (7) times till we get into the WinXFiles Code. We come across: WXFiles!Code+00027D94 Now at the top of the screen (in the register window) it should be highlighted and should display: EAX=00000008 Hrmmm... the length of out fake code that we entered. STEP 10: We are now at: 015F:00428D99 POP EDI Now we search for our fake serial, we do this by typing: S CS:0 L ffffffff "12341234" We found a match at: 015F:01044F1C ^^^^^^^^^^^^^ Note: Your memory addresses might change, so just type in the ones on your computer. STEP 11: Now disable the Hmemcpy breakpoint by typing: BD 0 (Breakpoint Disable) OR BC 0 (Breakpoint Clear) STEP 12: Now we set a memory breakpoint by typing: BPM 015F:01044F1C You may ask why do I use a memory breakpoint. I'll tell you why, because we don't want to use a Physical Breakpoint (BPX) because the fake serial is not stored in a file but in a memory address. Therefore we use a memory breakpoint. STEP 13: Press F5 because we want the serial and there is 2 textboxes. STEP 14: We are now at: 015F:004038FD CMP ECX,EBX Kewl, comparing happens. Hrmm... what is in out Data Window *OUR SERIAL*! and our name and fake serial that we put in, if they don't show up type this: D ESI. To view out fake code type: D EDI My reg info was: User=+SEKt0r Reg No=714077167088 WTF WAS HAPPENING? PART 3: NOTES This what a Softice layout screen should look like: |---------------| |Register | R to edit |---------------| |Data Window | D to view an address, E to edit it |---------------| |Code Window | U to view and address, A to insert code |---------------| |Command Window | Type commands |---------------| F5/CTRL + D - Run F8 - Step into functions F10 - Step over functions F11 - Step out of functions *Note* If some of the windows don't come up, just put the above letters eg, E,A then the windows will come up or try WD. You might want to print this tutorial out because you can't read stuff in microshit word and in winblows notepad while in Softice. PART 4: FINAL THANKS Many thx goes to these following ppl, again: Xzi -You know who you are. eFFeCT -For being a friend and a newbie ;) ARSN!K -For being there to teach me Pascal :) WoLf -For his help + tuts ED!SON -For his KICK ASS tutor tKC -For also his tuts Everyone at #Cracking #Crackers #Cracking4Newbies #UCF2000 #Infected on EFNet and #TeamFortress on OzOrg. And everyone else that I forgot about :) Manual Unpacking For Newbies by ACiD BuRN yo ! today , i will explain u how to unpack manually , but i take an app , freware , packed with aspack or something , i don't care hehe ! i will only show u how to have the string data reference in the app , so no import table , but i don't care , Newbies tutors , don't forget with this , you can patch the exe , so i think you will be happy :) Tools needed : - Soft ice 3.x or 4 - Procdump 1.5 (only used as Files Dumped) ftp://ftp.zcu.cz/pub/winsite/win95/miscutil/konix.zip 1st part : The loader! u will use the loader of Sice to unpack , so Run it (loader32.exe) and choose the exe u want to run! for us , it is : Konix.exe. ok , run it with the loader , but the prob is , this fucking app won't break in Sice :( hehe , np , run Proc Dump and use PE editor ! Edit the Code's section of the exe. (pe editor , choose the file , sections , click on CODE and right click , edit section ) ok , you see in sections caracteristic : C0000040 ok , change it to : E0000020 Don't nag me for ask me why , only trust me , this work all the time! do it , that's all! now , run the Loader of sice , run the app with it , and it will break in Sice :)) great , worked hehe 2nd part : tracing and dumping the file from memory to the disk! ok , so u just breaked on sice , u see invalid shit , but doesn't matter.trace with F10 u will arrive here : XXXXXXXX PUSHAD <-- when u unpack , if you see this , :) XXXXXXXX CALL 45A006 XXXXXXXX POP EBP XXXXXXXX SUB EBP,43D93E ............ XXXXXXXX CALL 0045A051 XXXXXXXX CALL 0045A2B2 XXXXXXXX CALL 0045A350 ............ XXXXXXXX POPAD <-- Good to see this too :) XXXXXXXX JMP EAX <-- Stop tracing here, coz it jump the real prog ....... Well.. when u unpack u see some POPAD and a JMP , look for one who jump to a register like EAX , EDX , ECX ... but it is really often : EAX ok , so when u are at the JMP EAX place , look the value on EAX and writte it down on a paper for me it was : 43F0A0.You will use this soon tust me ! heh To know if you are at the good place , try to F10 once and look if it jump to the real entry point of the programme. For us , he did , so it is ok ! NOW , exit Sice , and re run the exe with the sice loader , and trace to the Jump place. NOW , type : A {enter} <== this is to change the code at the current place JMP EIP {enter} <== this is for make a unlimited Loop , like this we can dump the file , without dumping shit {escape} F5 now the programme is doing an unfinite loop in Memory and we can dump now ! ok , run procdump and you see in the main form the list of the curent task , click on the one who contain Konix.exe. Now right click and chose Full Dump.save the new exe with the name you want. ex : Konixdumped.exe now , click on it again , right click and do : kill task instead of dump , this will kill this task and end the programme who is still doing the unlimited Loop. 3rd parts : fix the programme entry point! ok , look ate the exe u just have dumped , and you see the size is bigger than the packed , great :) but wait , if you run it , the prog will crash like a silly bastard:( ok , u remember , u have noted the OEP (original entry point) on a paper , the value you found in EAX. in this case , it was : 43F0A0 ok Run the Procdump's PE editor again and change the entry point to 0x0003F0A0. (OEP - the image base : 43F0A0-400000=3F0A0) i said you this number will help us ! hehe now , close procdump , and the you unpacked / dumped executable IT WORKS ! yea , we did it ! hehe Now Wdasm it and you will have String Data references :) u can patch it now ! heh! Well , this tut is finish , hope u understand all this piece of text , but if you have a comment or one question, mail me to : ACiD_BuRN@nema.com or acid2600@caramail.com. have Fun and happy cracking ! greets to my groups : ECLiPSE / PWA / CiA / oDDiTY also greetingz to: R!SC, ^Inferno^, AB4DS, Cyber Blade, Klefz, , Volatility, Torn@do, T4D Jeff, [Virus], JaNe , Appbusta , Duelist , tKC , BuLLeT , Lucifer48 , MiZ , DnNuke , Bjanes , Skymarshall , afkayas , elmopio , SiFLyiNG , Fire Worx , Crackz , neural_en ... Sorry if you are not here too many people to greetz !) *T*U*T*O*R*I*A*L* By Northpole [CiA '99] Hiya. This is my first tutorial on cracking, I hope you will enjoy it. Please don't mind the errors in my language, but I'll think you'll understand (almost) everything... ----------------------------------- Target program: IconPackager 0.98b Get it from: www.stardock.com Other things you need: * All standard cracker tools * Some good brains Result: Keygen ----------------------------------- OK, here we go. After you installed the program, first take a look at it. So fire up IconPackager (IP). You see a nag, which we want to remove don't we ? If you don't, go eat some cookies and delete this tutorial ;p Next, we go looking in the About... menu, because that's most likely the place to register the software, and... *BINGO* A Register button! Press it and fill in some dummy name and code. I use "Northpole" as name and "123456" as serial. Press OK, and you'll get a nice messagebox saying it's incorrect. (We knew that, didn't we ?) Time to crack the proggie. Launch W32Dasm and disassemble the program. Take a look at the string references... Hmm, only "VB5!" and some other shit... Uh oh, we were wrong, it's a VB proggie. There goes W32dasm, let's open SmartCheck (SC). Run the program in SC, but disable Event Reporting first... We only need to see what happens at the registration... When you come at the registration part, enable Event Reporting again. Enter some dummy info, and press OK. My dummy info was "Northpole" and "123456", I advise you to use it to so will have less problems following... You'll notice that there is an annoying timer, that's for the available memory. So when you get the messagebox, disable Event Reporting again. Now you can easily look through the code. Start at the bottom and scroll up until you see the MsgBox. Then look at the lines above that one. txtName.Text txtNumber.Text txtName.Text Len(String:"Northpole") returns... Instr(long:1, VARIANT:VT_..., VARIANT:STring:"-") + MsgBox(...) (Note: if you don't see the arguments after the instructions, turn them on in the View menu) After that Instr, you get the msgbox... OK, we can suppose there has to be a - in out serial... OK, let's try it again. Enter a serial with a - somewhere in it. (Don't forget to enable Event Reporting again !) txtName.Text txtNumber.Text txtName.Text Len(String:"Northpole") returns... Instr(long:1, VARIANT:VT_..., VARIANT:STring:"-") ; We will pass it now txtName.Text txtNumber.Text Len(String:"123-456") returns... + MsgBox(...) Hmm, now it seems the length of our serial is not good... Let try something else. Let's make it a little longer: "123-456789" for example. Run it... AARGH! Errors! Acknowledge them, and your program will stop running. OK, if you look through the code, you will find out that the program will use "-489" for something and for that, it will convert "-" to a number... That fails. + String("-") --> Integer - coercion fails OK then, let's try a different place for the -, like in "12-3456789". YES! This does work :) txtName.Text txtNumber.Text txtName.Text Len(String:"Northpole") returns... Instr(long:1, VARIANT:VT_..., VARIANT:STring:"-") ; We will pass it now txtName.Text txtNumber.Text Len(String:"123-456") returns... Mid(...) Right(...) IsNumeric("3489")... Look what happens here: the program takes the 2 characters on position 4&5 (that's the mid) and the 2 last characters and combines them into one string, which has to be numeric... We can derive some format of the key now: ??-##????##... Len(String:"12-456789")... Mid(...) Len(String:"Northpole")... Mid$(...) Asc(...) Mid$(...) Asc(...) Mid(...) (This block keeps repeating) Len(String:"567")... Mid$(String:"567"...) Asc(String:"5") returns Integer:53 Mid$(String:"3489"...) String("3") --> Integer(3) Chr$(Integer:50) Len(String:"567")... Mid$(String:"567"...) Asc(String:"6") returns Integer:54 Mid$(String:"3489"...) String("4") --> Integer(4) Chr$(Integer:50) Len(String:"567")... Mid$(String:"567"...) Asc(String:"7") returns Integer:55 Mid$(String:"3489"...) String("8") --> Integer(8) Chr$(Integer:47) + MsgBox(...) Hmm.. take a close look at that... It takes the ASCII value of every character x in "12-34xxx89"... Then it takes the real value of each character in "3489" (that was numeric, you remember ?) And then it generates a character with some value... I don't know if you noticed it, but (and this is the clue) that 'some value' is the substraction of the ASCII value - the real value... Now we only have one more problem: how comes there is a MsgBox ? What is invalid about our serial ? Let's think again... We suppose that those characters generated with Chr$() would be wrong. But what would be the correct value ? Now, we're gonna guess: since we saw no other operations on our name, could it be the characters of our name ? <= believe me, it is :)) But, then we're done for this part. Now we can make it easy to ourselves: since the program takes the value of that combined string ("3478") to substract, it means that if we make that string "0000" nothing will be substracted... (you got it ?) And our name will be in the serial unchanged... Let's try it: since we don't know something about the first 2 characters, make them "12". Now we get (for "Northpole"): "12-00Northpole00" as serial... Heh, try it out, you'll see it works.. You can change the first two characters, it will stay registered. And I suppose it won't be hard to write a keygen now, eh ? Hehe... Do you also think it's a pretty lame protection ? (note: that whole block of Mid / Asc functions on our name, probably checks and filters out spaces and other special characters...) OK, that's it ! Cya! Northpole CiA (Crackers In Actions) '99 Greetz go to: * the whole CiA crew * everybody in #c.i.a * PeeWee * Natazzz (yep, you're right, C-Dance rulezzz :) We really hope you've enjoyed this tutorial too much as we did! Don't miss Tutor #36 soon! ;) And as I said last time: Without knowledge, there's no power! ;) Credits go to: Nephasto for Splash Logo. h4Ck07iC for providing a tut in this version. +SEKt0r for providing 3 tuts in this version. ACiD BuRN for providing a tut in this version. Northpole for providing a tut in this version. tKC/CiA (hey it's me!) for coding this version :) All the crackers (non-members of CiA) are welcome to send tutors for the next tutorials .. see below for my email address! And all the tutors can be found at www.msjessca.da.ru! Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Oh btw, please don't expect me to reply your mails, since I get 50+/- mails everyday.. be sure that I really appreciate your mails! :) Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action '99 Compiled on 08 August 1999 Cracking Tutorial #35 is dedicated to Ms_Jessca... my liefie only - who else?