Welcome to Cracking Tutorial #39! Hiya peepz, Here's another tutor for you, nothing special :) As always, I'm busy with coding other projects... Anyway, let's go! You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE 4.01 W32Dasm 8.93 Hacker's View 6.20 SmartCheck 6.03 TASM 5.00 Windows Commander 4.01 (I use it coz of easier to multitask) Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here is a good site where you can grab tools from: http://mercury.spaceports.com/~quel/protools/ or ask any crackers to get you these tools! Are you ready?! OK! ;) How to crack the CD-Check in Myth II v1.12 What Need: You need WDASM and HeditPro or any good hexadecimal editor. Hi dude, i will try to teach you how crack the CD-CHECk in myth 2. I hope you understand me because I'm a crap in english =). When I run the game without the CD an image tell me to insert it. There is no messagebox or anything like. No problem we will crack it. Made two copys of Myth II.exe. Call the first WDASMyth2.exe and the other one BAKUP.EXE! Now run W32DASM and disassemble 'WDASMyth2.exe'. When the file is disassembled click on the 'Imports Functions' button. Why on the Imports Funtions and no on the 'String Data reference'? Because the error message is not a message box or anything like, it's a picture. In the Imports functions, click on 'KERNEL32.GetDriveTypeA' two time. The program will show you a pice of code. It's not the good part, reclick on 'KERNEL32.GetDriveTypeA' two time. Now you must be in this pice of code. * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00487170(C) | * Possible Reference to String Resource ID=00001: "Myth II" | :004870B2 BA01000000 mov edx, 00000001 :004870B7 8ACB mov cl, bl :004870B9 D3E2 shl edx, cl :004870BB 8AC3 mov al, bl :004870BD 0441 add al, 41 :004870BF 88442410 mov byte ptr [esp+10], al :004870C3 85D5 test ebp, edx :004870C5 0F84A0000000 je 0048716B <-- JMP to the begin of CD-CHECk :004870CB 8D442410 lea eax, dword ptr [esp+10] :004870CF 50 push eax * Reference To: KERNEL32.GetDriveTypeA, Ord:00DFh <-- Very Used in the CD-CHECk | :004870D0 FF1520495B00 Call dword ptr [005B4920] :004870D6 83F805 cmp eax, 00000005 <-- Check if the CD is here :004870D9 0F858C000000 jne 0048716B <-- If no, do the begin of the CD-CHECk :004870DF 8A0D103E5500 mov cl, byte ptr [00553E10] :004870E5 33C0 xor eax, eax <-- Failed CD check :004870E7 884C2418 mov byte ptr [esp+18], cl :004870EB B93F000000 mov ecx, 0000003F :004870F0 8D7C2419 lea edi, dword ptr [esp+19] :004870F4 6A00 push 00000000 :004870F6 F3 repz :004870F7 AB stosd :004870F8 66AB stosw :004870FA 6A00 push 00000000 :004870FC 6A00 push 00000000 :004870FE 6A00 push 00000000 :00487100 6A00 push 00000000 :00487102 AA stosb :00487103 8D54242C lea edx, dword ptr [esp+2C] :00487107 68FF000000 push 000000FF :0048710C 8D442428 lea eax, dword ptr [esp+28] :00487110 52 push edx :00487111 50 push eax * Reference To: KERNEL32.GetVolumeInformationA, Ord:014Fh <- Very Used in CD-CHECK | :00487112 FF151C495B00 Call dword ptr [005B491C] :00487118 85C0 test eax, eax :0048711A 7447 je 00487163 :0048711C 8D4C2418 lea ecx, dword ptr [esp+18] :00487120 51 push ecx :00487121 E8AA060A00 call 005277D0 :00487126 83C404 add esp, 00000004 :00487129 8D742418 lea esi, dword ptr [esp+18] :0048712D 8D842418010000 lea eax, dword ptr [esp+00000118] ******** I have cut a small part of code ******** * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0048713E(C) | :00487154 33C0 xor eax, eax <-- Failed CD check :00487156 EB05 jmp 0048715D <-- JMP to the test eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0048713A(C), :00487148(C) | :00487158 1BC0 sbb eax, eax :0048715A 83D8FF sbb eax, FFFFFFFF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00487156(U) | :0048715D 85C0 test eax, eax <-- Test the results of Eax :0048715F 741B je 0048717C <-- If you have the CD he take the Je if no... :00487161 EB08 jmp 0048716B <-- JMP to the CD-CHECk ******** I have cut a small part of code ******** * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:004870C5(C), :004870D9(C), :00487161(U) | :0048716B 43 inc ebx :0048716C 6683FB19 cmp bx, 0019 :00487170 0F8E3CFFFFFF jle 004870B2 <-- Call the GetDriveTypeA :00487176 8B442414 mov eax, dword ptr [esp+14] :0048717A EB05 jmp 00487181 <-- Failed CD check. For a GOOD BOY you must NOP this instruction and the mov eax, 00000001 instruction will be made. * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0048715F(C) | * Possible Reference to String Resource ID=00001: "Myth II" | :0048717C B801000000 mov eax, 00000001 <-- Good Boy, you have the CD in your drive. If this instruction is never made, you will never play without the CD. Do you have understand the protection ? It's very easy and stupid like the other game =). You have two different style for crack this game. The first is to force a Jump and the second is to NOP a jump for made the next instruction (mov eax, 00000001)! This method will work with the other version of Myth 2. I hope you understand this tutorial. Happy Cracking in 1999! Greeting & Salutations goes to : LA BOULE (j'tadore) FoX1 (Alors PiFTON! Quoi de 9 ?) Jethro Napoleon (Alors boulette =) ) Frog's Print (Pourquoi avoir arreter d'ecrire tes turorials?) Saltine (I don't know you but you are one of the best cracker in the World) Killer+Bee (You too =) ) +ORC (I love your tutorial!) Static Vengeance (I love your tutorial too ) ShadowRUNNER (Thanks to have made CRACKSTORE!) The Keyboad Caper (Your tutorial is great and the design is very cool :-) CLASS (I love your release but I have a lot of fake!) FUSiON (C'est bien d'avoir fait un groupe francais) CORE (We love your cracks) Phrozen Crew (Your cracks works fine) Cracker In Action (Have a long live) Heya dUdEs! Welcome to my second tutorial. In this one here i will tell you how to remove the limitation to only 30 times use of a program called Audionaut Music Manager v3.0 Tools required:W32Dasm(to find out where the bug is hidden) Hacker's View 6.00(to kill the bug) Wincmd4.01(only for the multitask function_notCrackTool) and i preferre a litle byt of music (MtV is good enoght) Target: as i've said Audionaut Music Manager v3.0 So let's go one: 1: The file we are going to patch is AMMTrial.exe, so copy it again into the files AMMTrial.w32 (to use with W32dasm) and AMMTrial.xxx (for back up copy). 2: Now run the program. At first there is a little nag that appeares and desappeares and that says how many times we can use AMM, after 30 starts of the program the naG won't disappear and it will tell us this: "You have used this program 30 times now? For non trial version check out http://www.audionaut.com/software." Nasty little bastard isn't it? Well, no problemo becouse we have two litle programs who will help us on the problem. 3: Run W32Dasm and desassemble the AMMTrial.w32 file. Then go to the REFS menu and choose StringDataReferences from there. Afterwards go down on those references that are in the box and find the text from the naG. When you will find it double click on it and you will be taken in the assembly text to this: * Possible StringData Ref form Code Obj->"You have used this program 30 " ->"times now? For non trial vers.. " ->"check out http://www.audionau.." :004B6BF6 B8C46F4B00 mov eax, 004B6FC4 :004B6BFB E89CDAF9FF call 0045469C ........ ..... ... . 4: What we have to look now is comparison je, jne, cmp, test. Push UpKey until you will get to this piece: *Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004B6B91(C) | :004B6BA7 A1E0E04B00 mov eax, dword ptr [004BE0E0] :004B6BAC 803800 cmp byte ptr [eax], 00 :004B6BAF 747E je 004B6C2F *Possible StringData Ref from Code Obj -> "btq" So what do you think that is interestring here?Hmm? Maybe that "je" that makes the message appeares:) Now all we have to do is a little reverse engeniering and change the "je" to "jne". But for that we need the offset location of the byte that we have to change, so look down at the bottom of W32dasm and you will see there the offset that is in our case 000B5FAF. 5: FireUp Hacker's View and load the exe file. Press F4 and chose DECODE to see the information in assembler code. After that press F5 and enter the offset 000B5FAF, press enter and your cursor will be next on 74 that is the same with "je". Press F3 to edit and change 74 to 75 to make it "jne". Last thing that you will have to do is to press F9 to save the changes and then ESC to exit Hiew. Now run the program and see if we made any kinde of difference. Well we did now the Nag is saying this : "You have 0 times left" Wow, what a big difference:) but at least the program is working right? I wanna thanks again: the Keyboard Caper(your tutorials meant evrything to me) FileCat Northpole [iNC] If you wanna contact me please do, my e-mail address is VoodooKid_2000@yahoo.com See you soon! VoodooKid Hy again! Missing me?:) Here i am with anothere tutorial. But this time i will tell you how to crack a utility for the cd-rom drive. It's makeing the cache for the drive to grow as much as you wanna or you can afford. Target:CD-Quick Cache v3.10 Tools: W32Dasm 8.93 Hacker's View 6.10(or any other HexEditor) Windows Commander (just becouse is the best file manager) brain(not a necessity, but you will have to know how to read) Okay Let's go crack! 1: You know that you should do some copy of the files that you will use so please do this. Copy Quickmon.exe to Quickmon.w32 to use with W32Dasm and Quickmon.xxx for backUp copy. But this is not all couse we have to do some changes to a .dll file that is in the Windows\System directory. It is called VCDQD32.dll. Becouse we have to be careful to don't fuck any other files in the System, i think {<- :) look at this kid, he thinks:))))} you should copy it to a directory at your choise and there made the changes. Then copy the file in System dir after the changes are made. This is sayed so let's go on! 2: At StartUp a window (naG) appeares and tells us that this is not a registered copy of CD-Quick Cache and that we are only to use it for 30 days :) what a Joker (: who does it think it is telling us that. But doesn't matter couse It's going down the little bastard. You should look at the bottom of the window and you will see written in red "You are in day 1 of your 30 days of your evaluation period" That isall that we need for now. 3: So did you copy that VCDQD32.dll somewher with the extension .w32? If you did then disassemble it and go to the SDR window in W32dasm and look on the third line, there it is, there it is! the red written msg that we've seen at the botoom of the window. Double click on it and it will take you here: * Possible StringData Ref from Data Obj ->" You are on day %d of your " ->""30 day evaluation period :1000189C 6860DA0110 push 1001DA60 :100018A1 8D852CFFFFFF lea eax, dword ptr [ebp+FFFFFF2C] 4: From where you are just push UpKey for 8 times and you will land on a "jne" looking like this: :10001887 397508 cmp dword ptr [ebp+08], esi<- the place where *the comparation is made :1000188A 0F8585000000 jne 10001915 <---- this guy must die This is what it's hapening. On "*cmp dword ptr [ebp+08], esi*" it's made a comparison between the #of days we have been used CD-Quick Cache and the #of days that we are allowed to use it. If the program is registered it will not jump and show us the message written in red, but as in our case as we are unregistered user it will jump. So let's make it not jump. The "jne" has to be changed to "je" in order to make it skip the message. Look down on W32dasm main window and se the offset where we have to patch it (the must be standing on the line with the "jne". So did you got the offset. It's: 00000C8A! 5: Fire up Hacker's View and load VCDQD32.dll. Press F5 and enter the offset 00000C8A. Ok? Done? The grey cursor will be on 0F and you have to move it to 85 that is not the equal of 75 but they both mean "jne" Press F3 to edit the file and write instead of 85, 84 to make the jne, je After the change is made use F9 to save the changes and exit Hiew. Now don't forget, if you have copyed VCDQD32.dll in another directory and use that copy to make the changes you must copy the changed one to win\sys dir so that can be used by Quickmon.exe when this is loaded. Have you done that too? Okay, now restart your computer to see if we made any changes:Ok? See you soon? Well did we make some changes. I hope soo becouse in my computer there were. The naG didn't appeare and that it's all for now. I mean with the changes on the VCDQD32.dll file couse now ve have another thing to think about. You will say what and i will answer you: maybe we make the nag dissapeare(and also the program will never expire now) but how about to register it on out name *duh* forgoten about this part??? 6: I have to tell you in this part there isn't any litle piece of reverse engeneering you will just have to write your name in stead of UNREGISTERED VERSION. Hard isn't it?!:) If you right click on the Cd-Quick icon in Systray and select open one small window will apeare. Right click againg this time where is written QuickMon Cache Monitor and select About. See there it is "*Licensend to : UNREGISTERED VERSION*" Ugly, very Ugly; so lets change it oK? 7: Now this part hmm, i don't know how to tell you but i'm a litle byte ashamed of what i did in this part, becouse it has nothig to do with the reverse engeneering, but i hope that you won't be dissapointed on me too much. Remember a little file that i was talking erlyer about the one in the CDQUICK dir it was called Quickmon.exe. Yeah thats the one. Load it in Hiew and by presing F4 select HEX, then press F7 to search something and in ASCII write down UNREGISTERED VERSION, then press Enter and voila! there it is, we've found it. Now all you have to do is to write your name in there and put spaces if there are some letters left from the text UNREGISTERED VERSION, and after that you can enjo it as your own registered copy.! This is all i could do by now and i hope that you aren't upset on me for the last part. If any of you that read this will realy crack the program (by doing only reverse engeneeering) please write to me at VoodooKid_2000@yahoo.com. Greetz: tKC, FileCat,Northpole, [iNC] and anyone on #C.i.A See you soon! VoodooKid DongJong's NEWBIE TUTORIAL DongJong's How to get a PERSONAL SERIAL for Nokia Smart Messaging Agent v0.99b Tools to use ~~~~~~~~~~~~ SmartCheck 6.01 Where to get Tools ~~~~~~~~~~~~~~~~~~ http://cracking.home.ml.org http://surt.to/HarvestR http://crackstore.com http://www.pepsoft.com Where to get the program ~~~~~~~~~~~~~~~~~~~~~~~~ Nokia Smart Messaging Agent v0.99b http://www.wildies.de/nokia Program description ~~~~~~~~~~~~~~~~~~~ Adventure Maker lets you design your own Monkey-Island click and use like adventures. You can include music, graphics, anything you need. Adventures are edited as scenes, where you put your items and doors and... Really a great tool. Procedures ~~~~~~~~~~ Start SmartCheck (sc) and open Smart Messaging Agent.exe, run the program by pressing F5 Press on all the errors the "Acknowledge" button until the program starts, NOTE: DO NOT PRESS "SUPRESS" BUTTON! as undesirable outcome will appear :> After the StartUp Logo program appears, it will have a 5 second delay message dialog, just wait till countdown and press OK, now you are in program proper, click on help menu then scroll down to register and click it, i register with my friends name, like this (you can input your name and any number you want, just follow my tut) : Name: Albert Alexander Lay Serial: 3593 Key: 3456789 When all pertinent data is entered press OK, hmmm... the program just exits from the registration dialog, no error messages!, never mind, what we are after is to have done that registration thing so that SmartCheck will follow our every move, then quit or exit Startup Logo Editor and after few clickings of "ACKNOWLEDGE" button (do you still remember that and the warning... he he, ic, that's good) SmartCheck would stop tracing already, leaving you, those bits and pieces of the traces it made for the program Startup Logo Editor. Ok, so now let's look on the left side of SmartCheck, and look at the string with [+] Toolbars_MouseDown, click that and it expand, whew! he he, we're kind of near, below that is [+]_Click, so click on it and trace down, you'll see as Len returns LONG:20 --------> The number of input character (name) --- snip for brevity --- Mid Asc returns Integer:65 Mid Asc returns Integer:108 Mid Asc returns Integer:98 Mid --- snip for brevity --- Look here, just follow it, as the "Asc returns Integer:xx" keeps on appearing way down but of different value, why? you ask, because that corresponds to the letter of name you input, and that is case sensitive :> like this ... Place the cursor on Asc retuns Integer:65 ( it would be highlighted in blue) Now look at the right hand side of SmartCheck, waddaya see... of course a letter ... [-] String string=004557AC | |-- = "A" do the same for others, and you'll spell out your name, kewl ;-) we're near, yes checkout what should be for a small letter "a", well in case you still hadn't get it it's ... Asc retyrns Integer:97 ------> corresponds to letter "a" Ok, now trace down till the last letter of your name, wat da ya got? Well, same as tracing down your name input but this time, it's for the serial key you input (remember, that's the second line of input we have to deal from the registration dialog) trace down... Len returns Long:4 -----> number of input numbers, check out the right hand side... :) Mid Asc returns Integer:51 Mid --- snip for brevity--- "51" corresponds to 3, trace down, you'll notice your input serial (e.g. 3593), until... Len returns LONG:19 -----> highlight on it and see the right hand side of SmartCheck ;) [-] String string1=00455A78 | |-- = "1426836896311058481" Well, what we have, it simply says we have 19 digits for our serial input, copy it! Hep, we aren't finish yet, as we have to find our third input, which is the key input, now trace down till the end of the loop of [+] Toolbars_MouseDown, what it shows is ... Left Len returns Long:30 Click on Left and you'll see something like this... [-] sting (variant) | | | |-- Unsigned short ** .pbstrVal=0066FB64 | | | |-- String =0044855C | | | |-- = "5858585003265858553523394B351E08542F" | |-- Long Length = 30 0X0000001E It kind of suggest to get the first 30 numbers, and it's verified by the Len returns Long:30, click on it and check out the right side of SmartCheck, waddya got ... hehe... [-] String string1 = 0054014F | |-- "5858585003265858553523394B351E" Well, that's it, you've made it! Start Smart Messenger Agent.exe, and register using this: Name: Albert Alexander Lay Serial: 1426836896311058481 Key: 5858585003265858553523394B351E Check the Help --> About box and see what we got there :> Say cheese ^^!^^, in place of the Share-It! Registration reminder is your name and serial number, how kewl :> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greetings goes to these people: tkc- would like to thank tKC for his tutors. MsJessca- for hosting the tuts and inspiring tkc :> Albert Alexander Lay- KeWl DuDe! for the computer and Internet ;) All cracking groups and cracking fanatics and newbies galores! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hanggang sa Muli... MABUHAY! Another Tutor by DongJong ;-) sutra@goplay.com How to keygen Killer_3K's VB crackme 2 by ACiD BuRN [ECLiPSE / CiA] intro: this man is a good friend , and lemme show us what he says about his crackme (on irc): - - - - - - - - - - - - - quotes from IRC : - - - - - - - - - - - - - - - - - - - Killer_3K> heya ACiD_B> heya Killer_3K> heh u mind testing my new crackme ACiD_B> heh Killer_3K> i made it so u can't "fish" the serial :) Killer_3K> u wanna try it? ACiD_B> send ACiD_B> vb ? Killer_3K> ya ACiD_B> gimme ACiD_B> thx Killer_3K> heh tell me if u manage to get a valid serial :) Killer_3K> lemme help u out abit, u CAN'T fish it :) ACiD_B> eh ACiD_B> sure ACiD_B> i will try 1st Killer_3K> btw don't try to brute force ;) ACiD_B> okie ACiD_B> cya man - - - - - - - - - - - - - End of quotes from IRC : - - - - - - - - - - - - - - - -- Arf =) , as you can see , this crackme should be kinda hard but, i did it, and also made keygen for it! the phrase who make me laught is: "lemme help u out abit, u CAN'T fish it :)" hey bro , i did a keygen ;) now , stop talking like bitch , and lets crack this little crackme... Tools needed : - Smart check (and only it) - a brain (that is need too) I)Let's go Fire up smart check , and open it on the K3K's crackme 2 =) now , enter your name : ACiD BuRN , serial : 112233 ... click on the button , and close the crackme. Well , now u must see this in smart check after clicking on "command1_click" : As you can see , this bith is takin the ascii value for each char , but what he does with ??! i suppose your smart check is well configurated , so , click on : "show all events" now u must see , some interesting stuff! : now , you see the crackme taking ascii value of the current char (1st it is "A" from ACiD BuRN) and then it add it to previous ascii value from others chars... 1st it add "65" to "0" coz no chars before "A" ... in smart check you see this with this line : __vbavaradd(VARIANT:Empty,VARIANT:Integer:65) this add 65 to 0 (empty means : no value yet) if you look down , you see same with the next chars of the name "C" (C from ACiD BuRN) Asc(String("C") returns Integer: 67 <== take ascii value of the current char , here "C" then add it to the last add of ascii value: __vbavaradd(VARIANT:65,VARIANT:Integer:67) then u see the result : __vbavarmove(VARIANT:integer:132,VARIANT:Integer:65) the result is : 132 , and the value:65 is the old result.So we can assume it replace 65 by the new value : 132 Well it does this for each char ascii value , so this loop take each char ascii value in decimal from your name , and add them... -------------------------------- A = 65 + 0 C = 67 + 65 = 132 i = 132 + 105 = 237 D = 237 + 68 = 305 space = 305 + 32 = 337 B = 337 + 66 = 403 u = 403 + 117 = 520 R = 520 + 82 = 602 N = 602 + 78 = 680 --------------------------------- so , the final value from this addition of ascii value is : 680 in decimal .... now , lets look at the final calcul : lemme explain you this little shit! 1st : you see the entered fake serial : 112233 2nd : you see this : 112133 (it changed! fake - 100) 3rd : you see : __vbavardiv(VARIANT:112133,VARIANT:12) : this divise the modifed serial with 12 4th : you see : __vbavarmul(VARIANT:9344.42,VARIANT:2) : this multiple the result from the div with 2 5th : you see : __vbavarTstEq(VARIANT:18688,8,VARIANT:Integer:680) : compare the final result with 680 (this is the calculed value with ascii) 6th : you see : Msgbox (VARIANT:"WRONG SERIAL" ... blablabla) well , now what do u think we must do ? , if you use your brain , all is clear! Lemme explain! II)Final Explanation : this crackme does some operations on the entered serial , and compare the serial returned from this operations to the value of all additioned ascii value (in decimal)... Well , it is quite easy to find what to do now! the result of the operations must be equal to the value of all additioned ascii value (in decimal) so , lets take this value , and lets reverse this operations! - Division become Multiplication ( "/" become " * " ) - Multiplication become Division ( " * " become " / " ) - substracion become addition ( " - " become " + " ) Sorry , but i writte all , to be sure to not have LAME mails and questions! heh so , just reverse the serial check to make good serial : 4th : you see : __vbavarmul(VARIANT:9344.42,VARIANT:2) : this multiple the result from the div with 2 so take ascii value and Divise it with "2" 3rd : you see : __vbavardiv(VARIANT:112133,VARIANT:12) : this divise the modifed serial with 12 so , take the result of the divistion and mutliply it with 12 2nd : you see this : 112133 (it changed! fake - 100) so , add the result of the mul with 100 1st : you see the entered fake serial : 112233 now , is not fake but GOOD serial coz it is calculated from the ascii value :) HERE COMES THE ALGO : 1st = calculate ascii total 2nd = take ascii total and Divise it with "2" 3rd = take the result of the divistion and mutliply it with "12" 4th = add 100 to the result of the multiply. 5th = FUCK! nothing much , i though u understand =) kidding dude! Exemple for my nick: ACiD BuRN 1st = 680 (ascii total) 2nd = 680 / 2 = 340 3rd = 340 * 12 = 4080 4th = 4080 + 100 = 4180 NOW TEST IT! open the crackme , enter ACiD BuRN as name , and : 4180 as serial! A nice little messagebox tell us : GOOD WORK =) arff! WE DiD it! i hope you enjoyed all this tut! III)Bonus : Source in VB5 of the Keygen! i coded a little keygen for this , and i will show u source : --------------------- START OF VB 5 SOURCE ------------------------------------- Private Sub Text1_Change() If Text1.Text = "" Then Text2.Text = "Enter your name!" Else Text2.Text = "" For i = 1 To Len(Text1.Text) '\ bignum = Val(bignum) + Val(Asc(Mid$(Text1.Text, i, 1))) ' > LOOP for total of ascii Next i '/ bignum = bignum / 2 'Div with 2 bignum = bignum * 12 'Mul with 12 bignum = bignum + 100 'add 100 Text2.Text = bignum 'this is the final code End If End Sub --------------------- END OF VB 5 SOURCE --------------------------------------- IV)Ending... Well , this tut is finish , hope u understand all this piece of shit, but if you have a comment or one question, mail me to : ACiD_BuRN@crackersinaction.org you can found all my tuts at : http://acidburn2000.cjb.net/ Enjoy! Greetings to my groups : ECLiPSE / CiA Also greetingz to: (no specific order) R!SC, ^Inferno^, AB4DS, Cyber Blade, Klefz, , Volatility, TORN@DO, T4D Jeff, [Virus], JaNe , Appbusta , Duelist , tKC , BuLLeT , Lucifer48 , MiZ , DnNuke , Bjanes , Skymarshall , afkayas , elmopio , SiFLyiNG , Fire Worx , Crackz , neural_en , WarezPup , _y , SiONIDE , SKORPIEN Lazarus , Eternal_Bliss , Magic Raphoun , DEZM , Bisoux , Carpathia , K17 , theMc , noos , Xmen , TeeJi , JB007 , Arobas , T0AD ,ytc , Kwai_lo, Killer_3K.... if your name is not here sorry! lot of men to greets! ACiD BuRN [ECL/CiA] We really hope you've enjoyed this tutorial too much as we did! Don't miss Tutor #40 soon! ;) And as I said last time: Without knowledge, there's no power! ;) Credits go to: PeeWee for Splash Logo. TimeLord for providing a tut in this version. VoodooKid for providing 2 tuts in this version. DongJong for providing a tut in this version. ACiD BuRN for providing a tut in this version. tKC/CiA (hey it's me!) for coding this version :) All the crackers (non-members of CiA) are welcome to send tutors for the next tutorials .. see below for my email address! And all the tutors can be found at www.msjessca.da.ru Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Oh btw, please don't expect me to reply your mails, since I get 50+/- mails everyday.. be sure that I really appreciate your mails! :) Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action '99 Compiled on 09 September 1999 Cracking Tutorial #39 is dedicated to Ms_Jessca, my liefie only. Who else?