Welcome to Cracking Tutorial #74! Hiya guys, Sorry for delays, too busy etc.. anyway this time a new TUTOR.EXE is included. Keep this version for next tutors! I've added File Associate, which you can doubleclick on *.tKC to load TUTOR.EXE! Now enjoy tut74.tKC... OK, let's rave! TOOLS ~~~~~ You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.05 W32Dasm v8.93 Hacker's View v6.30 SmartCheck v6.03 ProcDump32 v1.6.2 Windows Commander v4.03 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here is a good site where you can grab tools from: http://protools.cjb.net http://w3.to/protools http://www.crackstore.com or ask any crackers to get you these tools! Are you ready?! OK! ;) PART 1 ~~~~~~ Cracking Chinese Horoscope Target: Chinese Horoscope - chscope.exe (398336) WWW: http://www.springsoft.com or www.geocities.com/john_aum/john_files/ch.ace Cracker: --..__J_o_h_n_n_y__A_U_M__..-- Protections to be removed: expiring, begining nag and disabled options Tools: W32Dasm, Hacker's View, both backgrounded by Windows Commander 4.03 -------- What makes this cracking lesson interesting is a rare kind of protection that this program is having! -------- Motto: I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Free and freedom for all! -------- This is a nice program who tells you incredible details about you personality and many other important aspects of yourself. Ok, let's explode this baby! 1) Carefull observation! Install the program. Enter in program and look about protections. First we see begining nag, very uggly is'nt it? Second, we see that this program expires in 30 days and this window is called "About". Continuing with exploration we discover, third: disabled options in COPY and PRINT - the text "This Option is not available...". So, we have 3 protections. Let's explore a little more: let's see if the program it has some ini file. I discovered in c:\windows after detailed observation that is builded 2 files: chscope.ini and jqlreg.ini. Funny name: jqlreg.ini, may be about some kind of registration. May be sure! 2) First protection. Disassemble chscope.exe with w32dasm. Alt-S-F for searching text from about: "Chinese Horoscope". 1st case it is not relevant, continue, bingo! At w32dasm adress 2.596A (Delphi program) we found second text. Look above at 2.594D 55 push bp. Let's cancel this function: 55 -> C3 at hiew adress B44D. Try to see results: bingooo! Nag is gone forever! 3) Second: protection by expiring. We look into jqlreg.ini. It was created when we entered first time in program. Perhaps this number 36589 (my case & time) is a coded information who tell to the program the date of instalation. Let's try this: delete the both files - chscope.ini & jqlreg.ini from c:\windows. Now set clock on 2002, for example. Let's observe what's hapening. Very strange! It is expired! But how? Must be something connected with instalation, like date of subdirector c:\program files\chinese; this become very interesting! Let's try now this: delete first the 2 files and then set the clock on year 2050; then move the files of program from c:\program files\chinese to new location c:\program files\ch. Now we make probe: bingoo! it looks like we found how this protection really works: read the date of subdirector and then put the date in coded way in new jqlreg.ini. Now go back in year 2000 (adjust again clock). Let's see: works or what? The expiring protection is fired! Yohoo That's it! The file chscope.ini is not really needed to be deleted on every time, only jqlreg.ini. What I'm worried about is that now, this program will, oh, expire in 2050! That's very bad, isn'it it? Please, make a probe after 50 years from now, see expires, or what? Newbies, what you think? Ha, ha, ha! I'm laughing because I'm a sort of newbie myself! Not bad! Learning is fun! 4) Third protection: disabled options in COPY and PRINT. Quick search in w32dasm with Alt-S-F - text "This Option". We found two places and 2 jumps: - w32dasm adresses 1) 2.433 2) 2.265D \ -> and jne on both cases. - hiew adresses 1) 7F33 815D / Let's make jne 75 -> EB on the both hiew adresses! Try for results: works just fine. Third protection defeated! Good job, Johnny! Final remark: this time protection focused on subdirector date is interesting! We must all notice that (in specially the new crackers) because we can encounter it on other programs! By now, let's have a good cracking time! PS. If you're wondering how to view your horoscope details, here's how: - press PEOPLE, put your name & infos, press ADD, OK, then select your name and press CLOSE. Lots of details must be showed now. ---------------- Greets: tKC (my love too!), CIA, PC, CORE, all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. Love you all (but you must be a good soul!). Romanian Greets: Salutari tuturor crackerilor din Romania! Mergeti inainte, o sa ne astepte si zile mai bune, ginditi optimist, Dumnezeu e aici cu noi! In curind, info despre Romanian Cracking Team la www.geocities.com/john_aum, sfirsitul paginii. At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time! God is love! E-mail: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ -----cut here------------------------------------------------------------------- PART 2 ~~~~~~ -= Dedicated to : Z-Wing =- One of my best friends in IRC *woff* :) Name : eXeScope Version : 5.12 Target : exescope.exe Tools : Softice Brain Cracker : LW2000 Tutorial : No.67 http://www.protools.cjb.net --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- 1. Let's do it fast! Goto the regscreen and enter your details: Your Name: LW2000 [CiA] ID: 1230099 *BOOM* 'Invalid ID or Name ' 2. Disassemble the file with W32Dasm and make a deadlisting * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0047CDC3(C), :0047CDD7(C) <-- here we go | :0047CE56 6A00 push 00000000 :0047CE58 8D55F8 lea edx, dword ptr [ebp-08] * Possible StringData Ref from Code Obj ->"Invalid ID or Name" 3. k, lets take a look at 0047CDC3 and 0047CDD7 :0047CDBA 8B00 mov eax, dword ptr [eax] :0047CDBC E84B770000 call 0048450C reg check routine :0047CDC1 84C0 test al, al al=0 ??? :0047CDC3 0F848D000000 je 0047CE56 error msg :0047CDC9 A1E8704800 mov eax, dword ptr [004870E8] :0047CDCE 8B00 mov eax, dword ptr [eax] :0047CDD0 E8A76DF8FF call 00403B7C :0047CDD5 85C0 test eax, eax :0047CDD7 7E7D jle 0047CE56 :0047CDD9 8D55F4 lea edx, dword ptr [ebp-0C] 4. We see over the first jmp a call followed by a check of al. k, lets go into the call 0048450. bpx hmemcpy Then press F12 until u're in the eXeScope code. bpx 48450C F5 to break there... :0048450C 55 push ebp :0048450D 8BEC mov ebp, esp :0048450F 51 push ecx :00484510 53 push ebx :00484511 8955FC mov dword ptr [ebp-04], edx :00484514 8B45FC mov eax, dword ptr [ebp-04] :00484517 E814F8F7FF call 00403D30 :0048451C 33C0 xor eax, eax :0048451E 55 push ebp :0048451F 6876454800 push 00484576 :00484524 64FF30 push dword ptr fs:[eax] :00484527 648920 mov dword ptr fs:[eax], esp :0048452A 33DB xor ebx, ebx :0048452C 8B45FC mov eax, dword ptr [ebp-04] fake s/n :0048452F E848F6F7FF call 00403B7C :00484534 83F80A cmp eax, 0000000A 10 chars long? :00484537 7527 jne 00484560 if not error 5. k, we must start again with a 10 char serial. Then we bypass the check: :00484539 8B45FC mov eax, dword ptr [ebp-04] eax = fake s/n :0048453C 803841 cmp byte ptr [eax], 41 IF not first char = A (41h) :0048453F 751F jne 00484560 then error 6. k, we must start again with A as first char in serial. Then we bypass the check: :00484541 8B45FC mov eax, dword ptr [ebp-04] :00484544 0FB64008 movzx eax, byte ptr [eax+08] 9.char -> eax :00484548 8B55FC mov edx, dword ptr [ebp-04] :0048454B 0FB65209 movzx edx, byte ptr [edx+09] 10.char -> edx :0048454F 03C2 add eax, edx eax = eax+edx :00484551 B90A000000 mov ecx, 0000000A :00484556 99 cdq :00484557 F7F9 idiv ecx :00484559 83FA04 cmp edx, 00000004 edx=4 ? :0048455C 7502 jne 00484560 if not error :0048455E B301 mov bl, 01 if true bl,1 I LOVE UPDATED & IMPROVED TOOLS WITH THE SAME SERIAL CHECK AS THE OLD VERSION ;) 7. All right boys & girls... u understand? -> A???????44 will always work to bypass all checks. Try your serial! Congratulation! You are a registered user. FINISH! Easy, or? cu LW2000 Any comments? Send a mail to LW2000@pcoscar.org or go to http://www.LW2000.cjb.net or come to the channel #c.i.a in EFNet! PART 3 ~~~~~~ -= Dedicated to : Spectre96 =- My best friend on IRC! :) Name : Absolute Security Standard Encryption Program Version : 3.5 Editor : Pepsoft Target : Absec.exe s/n saved : HKEY_CURRENT_USER\Software\Pepsoft\AbSec\Reg Tools : Softice Brain Cracker : LW2000 Tutorial : No.68 http://www.pepsoft.com --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- 1. Go to the regscreen and enter the details: User Name: Cracked by LW2000 Key: 1230099 Click on OK. *BOOM* 'Sorry... Invalid registration password.' Enter the same key again. 2. Switch to Sice and set a bpx on hmemcpy. 'bpx hmemcpy' Press F5 to return to the app and click on ok. *BOOM* Sice pops up. Press F5 and count how often sice breaks on hmemcpy. Then enter the details again (better to disable the bpxs first... ;) and try it again. Now press F5 one time minor than you count the breaks. If you done so, you should be now at the last call from hmemcpy. Then press F12 until you are in the 32Bit Code. Then trace with F10 until you are here (takes a while... because of a loop) :0048B6B3 E8949BF8FF call 0041524C :0048B6B8 8B85D4FBFFFF mov eax, dword ptr [ebp+FFFFFBD4] :0048B6BE 50 push eax :0048B6BF 8D85D8FBFFFF lea eax, dword ptr [ebp+FFFFFBD8] :0048B6C5 8D95F8FDFFFF lea edx, dword ptr [ebp+FFFFFDF8] :0048B6CB E8F080F7FF call 004037C0 :0048B6D0 8B95D8FBFFFF mov edx, dword ptr [ebp+FFFFFBD8] :0048B6D6 58 pop eax :0048B6D7 E84882F7FF call 00403924 :0048B6DC 757A jne 0048B758 <-- check :0048B6DE 8B45FC mov eax, dword ptr [ebp-04] 3. Trace with F10 trough the code and take a look at eax. btw: with 'd eax' you can display eax... ;) Then simply note the serial (EEYVEBLTULHMEAW) and try it, but first type 'bc hmemcpy' to clear the breakpoint. Congratulation! You are a registered user. FINISH! Easy, or? cu LW2000 Any comments? Send a mail to LW2000@pcoscar.org or go to http://www.LW2000.cjb.net or come to the channel #c.i.a in EFNet! PART 4 ~~~~~~ How to crack Jpeg Optimizer v3.10 by FaT[BiT] \ TNT!CRACK!TEAM!: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note : before I begin . this tut. was in tKC tut. #48 , and back then it was written by tBS , this tut is on v3.10 is the same as before ...... thanx tBS o.k here we go : 1st) toolz : a) Win32Dasm v8.93 b) An Ascii Table ( any Ascii Table will do ) 2nd) target : Jpeg Optimizer v3.10 http://www.xat.com size is : 401KB (kool ) 3rd) Protection : Registration code that is hard-coded <-- tBS Words 4th) The CracK : a) install Jpeg Optimizer v3.10 ,run it , u will c the unregistered on the main window ( tHe Magic Word )<-- tBS words b) copy the file jpegopt.exe to crack.exe and dasm it using win32Dasm c) after win32Dasm finish , click on the SDR window and look for " - unregistered " and double click it u should c something like this : * Possible StringData Ref from Data Obj ->" - Unregistered" | :00404885 BA07C74700 mov edx, 0047C707 :0040488A 8D8568FFFFFF lea eax, dword ptr [ebp+FFFFFF68] :00404890 E83F790400 call 0044C1D4 :00404895 FF8548FFFFFF inc dword ptr [ebp+FFFFFF48] :0040489B 33C0 xor eax, eax :0040489D 898564FFFFFF mov dword ptr [ebp+FFFFFF64], eax :004048A3 8D9568FFFFFF lea edx, dword ptr [ebp+FFFFFF68] :004048A9 FF8548FFFFFF inc dword ptr [ebp+FFFFFF48] :004048AF 8D8D64FFFFFF lea ecx, dword ptr [ebp+FFFFFF64] :004048B5 58 pop eax :004048B6 E8D07B0400 call 0044C48B d) we now look for the last Call or compare or jump so scroll up a little bit to see something like this : * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040483E(U) | :00404845 51 push ecx :00404846 E899590200 call 0042A1E4 <-- a call :0040484B 59 pop ecx :0040484C 84C0 test al, al <-- a test :0040484E 0F85EC010000 jne 00404A40 <-- jump if invalid :00404854 66C7853CFFFFFFA001 mov word ptr [ebp+FFFFFF3C], 01A0 :0040485D 33C0 xor eax, eax :0040485F 89856CFFFFFF mov dword ptr [ebp+FFFFFF6C], eax :00404865 8D956CFFFFFF lea edx, dword ptr [ebp+FFFFFF6C] :0040486B FF8548FFFFFF inc dword ptr [ebp+FFFFFF48] :00404871 8B1D64984800 mov ebx, dword ptr [00489864] :00404877 8BC3 mov eax, ebx :00404879 E8BE0E0400 call 0044573C :0040487E 8D956CFFFFFF lea edx, dword ptr [ebp+FFFFFF6C] :00404884 52 push edx e) Now look at 00404846 there is a call let's follow it u should see something like this : * Referenced by a CALL at Addresses: |:00404846 , :00429651 <-- tBS Said this proc is called twice and look | :0042A1E4 55 push ebp :0042A1E5 8BEC mov ebp, esp :0042A1E7 83C4F4 add esp, FFFFFFF4 :0042A1EA 53 push ebx :0042A1EB 8B4508 mov eax, dword ptr [ebp+08] <-- put serial in eax :0042A1EE 8D5DF4 lea ebx, dword ptr [ebp-0C] <-duplicate the serial :0042A1F1 8A10 mov dl, byte ptr [eax] <- start of the duplication :0042A1F3 8813 mov byte ptr [ebx], dl :0042A1F5 8A4801 mov cl, byte ptr [eax+01] :0042A1F8 884B01 mov byte ptr [ebx+01], cl :0042A1FB 8A5002 mov dl, byte ptr [eax+02] :0042A1FE 885302 mov byte ptr [ebx+02], dl :0042A201 8A4803 mov cl, byte ptr [eax+03] :0042A204 884B03 mov byte ptr [ebx+03], cl :0042A207 8A5004 mov dl, byte ptr [eax+04] :0042A20A 885304 mov byte ptr [ebx+04], dl :0042A20D 8A4805 mov cl, byte ptr [eax+05] :0042A210 884B05 mov byte ptr [ebx+05], cl :0042A213 8A5006 mov dl, byte ptr [eax+06] :0042A216 885306 mov byte ptr [ebx+06], dl :0042A219 8A4807 mov cl, byte ptr [eax+07] :0042A21C 884B07 mov byte ptr [ebx+07], cl :0042A21F 8A4008 mov al, byte ptr [eax+08] :0042A222 884308 mov byte ptr [ebx+08], al :0042A225 C6430900 mov [ebx+09], 00 <-- End of the duplication :0042A229 0FBE03 movsx eax, byte ptr [ebx] <- check for or serial :0042A22C 50 push eax :0042A22D E8128A0400 call 00472C44 <-- checks if fisrt char is a letter :0042A232 59 pop ecx :0042A233 83F850 cmp eax, 00000050 <-- first char should be :0042A236 7559 jne 0042A291 <-- if not equal to (P) then unregged :0042A238 0FBE5301 movsx edx, byte ptr [ebx+01] :0042A23C 52 push edx :0042A23D E8028A0400 call 00472C44 <-- checks if 2nd char is a letter :0042A242 59 pop ecx :0042A243 83F847 cmp eax, 00000047 <-- 2nd char should be :0042A246 7549 jne 0042A291 <-- if not equal to (G) then unregged :0042A248 0FBE4B02 movsx ecx, byte ptr [ebx+02] :0042A24C 83F92D cmp ecx, 0000002D <-- 3rd char should be :0042A24F 7540 jne 0042A291 <-- if not equal to (-) then unregged :0042A251 0FBE4303 movsx eax, byte ptr [ebx+03] :0042A255 83F834 cmp eax, 00000034 <-- 4th char should be :0042A258 7537 jne 0042A291 <-- if not equal to (4) then unregged :0042A25A 0FBE5304 movsx edx, byte ptr [ebx+04] :0042A25E 83FA36 cmp edx, 00000036 <-- 5th char should be :0042A261 752E jne 0042A291 <-- if not equal to (6) then unregged :0042A263 0FBE4B05 movsx ecx, byte ptr [ebx+05] :0042A267 83F936 cmp ecx, 00000036 <-- 6th char should be :0042A26A 7525 jne 0042A291 <-- if not equal to (6) then unregged :0042A26C 0FBE4306 movsx eax, byte ptr [ebx+06] :0042A270 83F837 cmp eax, 00000037 <-- 7th char should be :0042A273 751C jne 0042A291 <-- if not equal to (7) then unregged :0042A275 0FBE5307 movsx edx, byte ptr [ebx+07] :0042A279 83FA32 cmp edx, 00000032 <-- 8th char should be :0042A27C 7513 jne 0042A291 <-- if not equal to (2) then unregged :0042A27E C705F49F48001443FC69 mov dword ptr [00489FF4], 69FC4314 :0042A288 E8DFA8FDFF call 00404B6C :0042A28D B001 mov al, 01 :0042A28F EB1B jmp 0042A2AC f) so! what do u think , the serial is 8 char long and 1st and 2nd char is a letter and , 3rd is a dash - , and then from 4 to 8 is numbers , so the serial is : hex : 50 47 2D 34 36 36 37 32 Dec : P G - 4 6 6 7 2 <-- *boom* our serial g) so as tBS said in his tut that there is a universal serial for this prog , same here in this version .......! h) so let's try our serial , run jpeg optimizer and click on Help\Register enter or code ....... *boom* --> Thank for Registering <--- *boom* o.k! so i think u got the picture of this tut , but i don't take all the crediets for cracking this prog. ....... 5th) finally i would like to thank : tKC (ur tuts ROX , i have them all) , LW2000 ( Thank u for showing me how to use my brain ) , R!SC ( if only ur tut is more compleX MAn u rox ) , tBS ( this is what ur tut made ) XasX ( ur toolz is great ) , BoneZ ( thanx for ur support it ment alot ) and if i may say so , if u r from PSUCT and reading this , yes i'm in ur fuckin' Univ , and sorry about this tKC but i had to say it FUCK PSUCT FaT[BiT] \ TNT!CracK!TeaM '2000 \ phrozen_bit@gohip.com written on 25th of MarcH 2000 cya! in Another TUT and remeber 2much crackinG will K!ll you PART 5 ~~~~~~ How to crack 007 STARR v1.1 by FaT[BiT] \ TNT!CRACK!TEAM! : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wellcome to my thrid tut. , in this tut we'll crack 007 STARR to take any serial We PUt just STARR i think we will crack 3 progz in one time and they are all by the same company! read & C! let's go 1st) tools a) Win32Dasm v8.93 b) Hiew v6.16 ( any version will do ) 2nd) target 007 STARR v1.1 http://www.iopus.com size is : 381 KB 3rd) protection : Serial + Nag 4th) The CracK : a) install STARR , and run it , u will see a nag at first never mind it , click on register u will see : UNREGISTERED <-- KOOL! enter any code , in my case TNT! *boom* Wrong registereation code entered ........ b) copy the file starrcmd.exe to crack.exe and dasm it c) in win32dasm click on the SDR window and find the error message..... look! what do u see , a message says , " Your 007 STARR registration was.." there the last message ,click on it to find out what it is , u should see something like this : * Possible StringData Ref from Data Obj ->"Your 007 STARR registration was " ->"successful - Thank you! " | :004062F9 6854CD4200 push 0042CD54 :004062FE 8BCE mov ecx, esi :00406300 E879270100 call 00418A7E * Possible StringData Ref from Data Obj ->"REGISTERED VERSION" :00406305 684CB44200 push 0042B44C :0040630A 8D8E54010000 lea ecx, dword ptr [esi+00000154] :00406310 C7868C00000001000000 mov dword ptr [esi+0000008C], 00000001 d) o.k! KOol! , scroll up a little bit , tell u see this : :004062EF 50 push eax :004062F0 FFD7 call edi :004062F2 85C0 test eax, eax :004062F4 756C jne 00406362 <-- KOOL JumP :004062F6 6A40 push 00000040 :004062F8 53 push ebx * Possible StringData Ref from Data Obj ->"Your 007 STARR registration was " ->"successful - Thank you! " :004062F9 6854CD4200 push 0042CD54 e) Now look at 4062F4 there is a jump let's follow it , put the line on it and when it is green click the button jump 2 , u should c this : :00406362 8D85D4FEFFFF lea eax, dword ptr [ebp+FFFFFED4] * Possible StringData Ref from Data Obj ->"KXA23T" <-- A CODE :00406368 68DCCC4200 push 0042CCDC :0040636D 50 push eax :0040636E FFD7 call edi :00406370 85C0 test eax, eax :00406372 753E jne 004063B2 <-- Another KOOL! JumP :00406374 6A40 push 00000040 :00406376 53 push ebx * Possible StringData Ref from Data Obj ->"You entered a valid SAM (not: " ->"STARR) registration code. " :00406377 6858CB4200 push 0042CB58 :0040637C 8BCE mov ecx, esi :0040637E E8FB260100 call 00418A7E f) i think u know what i want to tell , WE HAVE FOUND A CODE FOR SAM! by the WAY Sam is also another prog by iopus it is there on the site go get it! g) look at the line 406372 there is another jump let's follow it do tha same thing with the line , and u should c something like this : :004063B2 80A5D6FEFFFF00 and byte ptr [ebp+FFFFFED6], 00 :004063B9 8D85D4FEFFFF lea eax, dword ptr [ebp+FFFFFED4] * Possible StringData Ref from Data Obj ->"kx" :004063BF 6814CB4200 push 0042CB14 :004063C4 50 push eax :004063C5 FFD7 call edi :004063C7 85C0 test eax, eax :004063C9 6A30 push 00000030 * Possible StringData Ref from Data Obj ->"No valid registration code entered " ->"!" :004063CB 68ECCA4200 push 0042CAEC :004063D0 7507 jne 004063D9 * Possible StringData Ref from Data Obj ->"Wrong registration code entered... " | :004063D2 6864CA4200 push 0042CA64 :004063D7 EB05 jmp 004063DE h) HEHEHE! we r now at the error message ? so! what is going on here when u enter a serial STARR check if it's a SAM registeration code if it's not then display the error message get it! i) so let's go back to : :004062F0 FFD7 call edi :004062F2 85C0 test eax, eax :004062F4 756C jne 00406362 <-- Patch this jump :004062F6 6A40 push 00000040 :004062F8 53 push ebx * Possible StringData Ref from Data Obj ->"Your 007 STARR registration was " ->"successful - Thank you! " :004062F9 6854CD4200 push 0042CD54 j) as u can see if we make the jump at 4062f4 then we're registered! open hiew and change 75 --> 74 , run STARR . enter any code and! *boom*--> Your 007 STARR registration was successful - Thank you! <--*boom* k) WOW KOOL , Now remeber to save setting and exit , run it again click on register what dose it say! l) as u can see we have found another prog code in this prog the code we have found is for sam , if u look harder , u will find a code for Sesame which is also another prog by iopus! yes it is there on there site go and get it o.k! so i think u got the picture of this tut 5th) finally i would like to thank : tKC (ur tuts ROX , i have them all) , LW2000 ( Thank u for showing me how to use my brain ) , R!SC ( if only ur tut is more compleX MAn u rox ) , XasX ( ur toolz is great ) , BoneZ ( thanx for ur support it ment alot ) and if i may say so , if u r from PSUCT and reading this , yes i'm in ur fuckin' Univ , and sorry about this tKC but i had to say it FUCK PSUCT FaT[BiT] \ TNT!CracK!TeaM '2000 \ phrozen_bit@gohip.com written on 25th of MarcH 2000 cya! in Another TUT and remeber 2much crackinG will K!ll you ABOUT ~~~~~ I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #75 soon! ;) And as I said last time: Without knowledge, there's no power! ;) Credits go to: DnNuke for Interface. tKC for Splash Logo. LW2000 for providing 2 tuts in this version. Johnny Aum for providing a tut in this version. FaT[BiT] for providing 2 tuts in this version. tKC for coding this version :) All the crackers (non-members of CiA) are welcome to send tutors for the next tutorials .. see below for my email address! *** 80 chars per line in textfile please! *** And all the tutors can be found at: http://www.crackersinaction.org (or on IRC, ask CiA ops for urls!) Greetz goto all my friends You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action 2000 Compiled with Delphi 5 on 12 April 2000 Cracking Tutorial #74 is dedicated to all the crackers...