Welcome to Cracking Tutorial #52! What do we have here? Ah yes, a new interface! What a long way since I started a first tutor way back in 1997.. Oh yes, I've written 2 quick tuts today, can't believe I've written my owns so long time ago, let's see... ah in tutors #10, #15, and #20. What a lazy boy I was hehe, as long as you enjoy other tutors, who cares then? :) And yes, CiA is 1 year old today! Let's celebrate with #50, #51, and #52 :) OK, let's rave! TOOLS ~~~~~ You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.01 W32Dasm v8.93 Hacker's View v6.20 SmartCheck v6.03 ProcDump32 v1.5.0 Windows Commander 4.01 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here is a good site where you can grab tools from: http://protools.cjb.net or http://w3.to/protools or ask any crackers to get you these tools! Are you ready?! OK! ;) PART 1 ~~~~~~ Finding the serial# in EasyText by VoodooKid ============================================ Heya cracker dudes! Today is a raining day so i have to stay in the house, i will go later on with my friend at the disco but for now i will resume at the fact that i found the serial no in a program and i'm telling you that it can't get more easy then this one:)(realy stupid programers). Target: EasyText v3.02 Location: http://www.nefcom.net/users/easyware/ Tools: Windows Commander 4.01 (is the best file manager, and even if it isn't a craking tool it helped me in finding the serial for the pROGGy) Run the program and go to the help menu. From there select **Enter registration number** and you will be shown a little window that says **Please Enter Your Registration Number**. Write this somewhere becouse you will need it later. Now go in Wincmd and go to the program directory. Put the cursor on the file EasyText.exe and press F3 in order to View the file. Afterwards press Ctrl+F and write in there the text above **Please Enter Your Registration Number**, then press Enter. You will see this underneeth from the Wincmd lister. /////////////////////cut from the wincmd's Lister\\\\\\\\\\\\\\\\\\\\\\ _______________________________________________________________________ ê?____^[Ô_]+ ____ Your Number ____% Please Enter Your Registration Number ____ Enter Registration Number ____ ET*543122 ____# Software\Easyware\Easytext\Easytext ____ Register ____ Program Thank You for Registering Easytext. If you have any Questions, Comments or Suggestions, please feel free to Contact the Author at: easyware@nef _______________________________________________________________________ Do you see in there something that looks like the registration no?:). Well i did see it and i was kind of suprised at first that how can someone be soo stupid to let a code such in view I thought that it can't be so easy but when i imputed the code **ET*543122** in the registration box it just worked! Kewl isn't it! This is all for now but i'll See you soon! VoodooKid gRETZ tO: :->tHE kEYBOARD cAPER :->[iNC] :->Northpole :->FileCat :->Sionide :->ACiD_BuRN :->all the members of cRACKERS iN aCTION and also to all the crackers from Romania If you want something from me contact me at VoodooKid_2000@yahoo.com PART 2 ~~~~~~ Cracking World Wide Watch v1.06 by VoodooKid ============================================ Hello again! Today i will show you how i've managed to crack a program that needed a key file in order to be registered. This is my first crack of this kind and i have to tell you it feelt very good when i managed to crack it. I used help from the tKC's 16th tutorial where in the 8th part is writen about **KeyFiles**, so if you wanna know more read that. Target: in the title Location http://www.erols.com/mstevens Tools: FileMonitor v 4.03 HexWorkshop Windows Commander 4.01 Let the show begin:) Soo this is what we are going to do: this litle program that tells us the hour evrywhere in the world needs a file to be registered and what we have to do is find out how that file is called, than create it and find out what properties has to have in order to be considerated the right file by the program. After instaling World Wide Watch in your computer go in the program's directory and read the file called **man106.txt** you will find the a part where is saying this: **Simply place the registration file called reginfo.dat into your wwwatch folder and your program will be fully operable and will run "forever".** , so from this we know now how is called the file that makes the program think that is registered. If you should know the file name from this then you will have used FileMonitor to find it's name. Go in Wincmd and create a file (ofcourse in the wwwatch directory) called reginfo.dat, after that run the program. You will see that nothing is changed so what should we do now? Use FileMonitor. Open FileMonitor and then run wwwatch. The nAG apeares and tell us tha we have a certain # of days to use it, click **Continue** and close the program. Now save the data that FileMonitor has registered and use the View comand in Wincmd to see the data in there. press Ctrl+F and write the name of the file **reginfo.dat** and you will eventualy get here : /////////////////////cut out of the lister\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Wwwatch Open C:\WWWATCH\REGINFO.DAT SUCCESS OPENEXISTING READONLY DENYNONE Wwwatch Read C:\WWWATCH\REGINFO.DAT SUCCESS Offset:0 Length: 128 Wwwatch Read C:\WWWATCH\REGINFO.DAT SUCCESS Offset: 36 Length: 128 Wwwatch Read C:\WWWATCH\REGINFO.DAT SUCCESS Offset: 36 Length: 128 /////////////////////cut out of the lister\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ So what do you say about this? do you have any kind of ideea for what to do next. This is what i thought: so first it opens the file, then reads on the first line, then on the second one and the third one too, and the file should have 36 offsets, and if i'm any lucky the comparison with the offsets will be all. You know what?, i was lucky. Next open HexWorkshop and create a new file. Press Insert and write in there some numbers untill you will see written at the bottom of the program **Offset: 00000036** then you will stop& save the file under the name of reginfo.dat in the wwwatch directory. Now let's see what is going to hapen when we run the pROGGY. If you have done untill here evrything that i told you the program will be registered and will not show the nAG. When the program's main window apeares go to Help menu and choose **About wwwatch Ctrl+A** and you will see writen ** This program is registered to: ** ******************************************** ** Unregistered Evaluation Copy ** ******************************************** ** Please Registere Your Copy ** ******************************************** Now, why is that?! :0( hmmmmm! You remember that the file is read three times (as the FileMonitor) and where from i thought i has to read three line...so what is next is that we go in Wincmd and edit the reginfo file. Split the caracters in there in three lines and on the second line write your name but also delete the same number of caracters as your name has in order to keep the file's offsets to 36. On the third line do the same as you did for your name, but this time place there your's company name or anything else. Now run the program and you will see ** This program is registered to: ** ******************************************** ** Your name here ** ******************************************** ** Your company name ** ******************************************** If you are curiouse you can play with the file by editing it and changing the data as you wish, but from me this is all. gRETZ tO: :->tHE kEYBOARD cAPER :->Northpole :->FileCat :->[iNC] :->ACiD BuRN :->H3llSp4wn :->Sionide :->all the crakers in the world<|>in special celor din Romania VoodooKid_2000@yahoo.com See you soon! VoodooKid PART 3 ~~~~~~ Cracking WinRescue by VoodooKid =============================== ====heya all===== Here i am with another tutorial...finaly i've cracked another program, fucking teachers they won't let me in peace, but :) i'm not so easy on them myself...heh who do they think they are ?! :) But let's get to buisnes and let me show you how to crack WinRescue98 using W32Dasm&Hiew and just a litle piece of brain in order to read this. let's rOcK! you can find it at http://superwin.com/index.htm 1: Run the program and see what is happening so you will know what you have to crack...NO? You will see tha a nAG apeares and tells us that the program is Shareware and stuff like that. it also make us wait for a couple of second before we can continue. There is a field in the litle window where you can enter a serial; do that and then click continue you will see the error mSG telling you "WARNING-Inccorect Key Entered". Click Ok and close the program. 2: Make two copys of the file Rescue98.exe, called Rescue98.w32 to be used with W32dasm and Rescue98.xxx for backup copy. If you've done this let's go further... 3: Now disassemble Rescue98.w32 and go to the SDR(String Data References) window from the Refs menu. In there search at the end of the list the error mSG and double click it, you will lend here: ________________________________________________________________________ * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0046A276(C) This is the adress off the jump that makes the error appears | * Possible StringData Ref from Code Obj ->"WARNING - Incorrect Key Entered" | :0046A2A5 B8A0A34600 mov eax, 0046A3A0 :0046A2AA E8E541FDFF call 0043E494 :0046A2AF A14C4A4900 mov eax, dword ptr [00494A4C] :0046A2B4 8B00 mov eax, dword ptr [eax] :0046A2B6 E83563FCFF call 004305F0 ________________________________________________________________________ 4: Press UpKey until you the bar will be at the adress 0046A276, and then you will se that it turns green an you will see this: ________________________________________________________________________ :0046A26F E8409DF9FF call 00403FB4 :0046A274 85C0 test eax, eax :0046A276 742D je 0046A2A5 <-|This is where you should |be and where we're going |to patch it:) :0046A278 33D2 xor edx, edx :0046A27A 8B83F4010000 mov eax, dword ptr [ebx+000001F4] :0046A280 E8C761FBFF call 0042044C ________________________________________________________________________ 5: Now is time for some patching so get the offset for **je 0046A2A5** and that should be (see the bottom of W32dasm window where is also writen the line , the page, code data and the @Offset) and that will be 00069676. 6: Run Hiew and load the file Rescue98.exe. Press F5 and write the offset then press Enter. Now press F3 to edit the file and owerwrite 742D (je 0046A2A5) with 9090(nop nop). That nop will make the program perform no operation so will skip the error and will go on. 7: Now run the program and enter any number that you want and it will work. Fortunatly the coder was not too smart and that is the only protection so next time that you start the program it will still be registered. gRETZ; :->tHE kEYBOARD cAPER ACiD_BuRN Northpole FileCat [iNC] SiONiDE Socko H3llSp4wn and all the crackers in the world especialy the one in Romania I won't minde :) if you will contact me at VoodooKid_2000@yahoo.com See you soon! VoodooKid PART 4 ~~~~~~ Finding a serial in Texturizer v1.48 ==================================== Heya craker dudes, and welcome to my second tutorial about finding a serial for your own name in a VB program. It took me about one hour but i finaly found the litle bastard :).... It is 2:32 AM like my clock is saying and i'm listening Kelly Family with "One more song" and i'm not sleepy at all so i decide to write this tutorial, and here i am. Target: look above Location:http://star.at/djst Tools: i used Smart Check 6.01 Let's rock! 1: Open SmartCheck and open the file texturizer.exe, then press F5 to run the program. For about 5 to 7 times a window will apeare and you will have to press Acnowlege to go on. Do that and after the program will finish loading go to the Help menu and chose from there Enter Registration Code. In the new window fill up the fields the first with your name and the second with a random serial #. Press OK and then you will be shown the error mSG. Click on OK button and close the program. You will see again the window from Smart Check and press for every time Acnowlege and go on. 2: Now in SmartCheck press Ctrl+F and enter this **mnuHelpRegister_Click** and after a while you will see the blue line on this: ** + mnuHelpRegister_Click** . Expand the + by pressing RightKey and you will see this: + mnuHelpRegister_Click | Integer(1) -> Byte(1) | frmRegister(Form) created | cmdCancel (CommandButton) created | cmdOK (CommandButton) created | txtCode (TextBox) created | txtUser (TextBox) created | lblCode (Label) created | lblUser (Label) created | + frmRegister_Load | + frmRegister.Show 3: Now expand ** + frmRegister.Show** and press DownKey until you will see the line where is written ** + cmdOK_Click** and expand this one too. Again you should press DownKey but this time untill you will see this : | | | Right | | | Len returns LONG:33 | | | Left$ | | | Len returns LONG:32 | | | + MsgBox returns Integer:1 | | | txtUser.SelStart <-0(Long) | | | txtUser.SelLenght <- 128(Long) | | | txtUser.SetFocus | | |_ cmdOK_Click 4: If you put the bar on the line that says ** + MsgBox returns Integer:1** you will see in the right window the error mSG which is "The user name or registration code is not valid". Press UpKey only once to get on the line ** Len returns LONG:32 ** and look in the right window. ?:)! What is that...hmmm it can't be... no :0) it can't be that easy. Well, it is the registration code for your name. In my case the serial was ** D57C-411E-75A-1291-DC70-97F-A5B8 ** for the name Florin Popescu. gRETZ tO: :->tHE kEYBOARD cAPER :->Northpole :->FileCat :->[iNC] :->ACiD BuRN :->H3llSp4wn :->Sionide :->all the crakers in the world<|>in special celor din Romania I guess this is all for today soo i'll see you soon dudes all over the world. Bye VoodooKid_2000@yahoo.com PART 5 ~~~~~~ Cracking WebReadyManager v 1.00.13 by VoodooKid =============================================== And another one goes down:). Hey, remember me? I'm here with another tutorial about cracking a VB program. I hope as always that this will help you in your further cracking attempts against some vbS so let me show you how it's done! Larget: in the title Location: http://www.monocle-solutions.com Tools: SmartCheck 6.01 Let's rock First configure SmartCheck like this: -open a program in SmartCheck but do not Start It -go to **Program** menu and chose from there Settings. -in the **Error Detection** under **Type of errors to check for select all of them. Unselect **Report errors imediately** then go to the **Advanced** button. There select all except the three ones from **Performance Optimization**. -now go to the **Reporting** and select evry one except **Report MouseMove events...** -go again in **Error Detection** and select **Save this settings as the initial values for new programs** so you won't have to do these check every time you start a new program. Now we can start cracking! Run SmartCheck and load WebReadyManager and then you should press F5 to start the program. But before that press the last button from the Toolbar, that way you will stop SM from reporting the events . You will press again that button again later. Now press F5 to run the program and when it finishes loading go to the the help menu and choose **Registration** and write down your name and the Unlock Code (the code will be generated only after your name). Now go in SM an press the button again (now SM will report everything that hapens with the program. Return to out program, and press enter. You will be shown the error mSG, **that won't be shown if you are lucky, but realy lucky and write the right code:)**; press ok and go in SM and stop it from reporting events, then close the program. Now let's see what we have in **SM-Program Results** window. At the begining you won't find anything interestring but if you scrool till the end you will see this: ---------------------------------------------------------------------- txtUnlockCode.Text }} txtCompanyName.Text -==}} you won't find nothing interestring here txtDiskSerialNum.Text -==}} txtName.Text }} vsAwk. <--"995599559955"(String) }}here is the unlock code that vsAwk.FS<--"."(String) i've entered vsAwk.NF vsAwk.NF vsAwk.F Left$ + ShareLock.EnterUnlockCode-method fails <-now here if you expand this you ^ will find yourself in the code | routine so expand it :) ---------------------|------------------------------------------------ | After expanding this | you will see tons of stuff there, but don't be scared becouse if you scrool down till the end and you will find the serial very easy. This is how it's looking in SM: ---------------------------------------------------------------------- | UCase | UCase | Left$ {=- in here is the real registration code | Left$ {=- in here is the code that you've entered | MsgBox returns Integer 1 {=- in here the error mSG | mnuHelpAbout.Caption <-"About WebReady Manager (BETA-2) Pro"(String) | + MsgBox returns Integer:1| |___Method fails ---------------------------------------------------------------------- For my name **VoodooKid** the serial was **1E1B181C1D1EE61614**. Find out what is the one for your name. This is all; hope it helped you! See you soon! gRETZ tO: :->tHE kEYBOARD cAPER :->Northpole :->FileCat :->[iNC] :->ACiD BuRN :->H3llSp4wn :->Sionide :->all the crakers in the world<|>in special celor din Romania VoodooKid_2000@yahoo.com ABOUT ~~~~~ I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #53 soon! ;) And as I said last time: Without knowledge, there's no power! ;) Credits go to: DnNuke for Splash Logo. Socko for Interface. VoodooKid for providing 5 tuts in this version. tKC for coding this version :) All the crackers (non-members of CiA) are welcome to send tutors for the next tutorials .. see below for my email address! *** 75 chars per line in textfile please! *** And all the tutors can be found at http://www.msjessca.da.ru Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action '99 Compiled with Delphi 5 on 16 November 1999 Cracking Tutorial #52 is dedicated to Ginny.