Welcome to Cracking Tutorial #79! Hiya guys, Sorry for delays, I was busy with coding and all shit, and still no phone at home.. Ah now, I'm proudly to present you tKC's Cracking Tutorial 2000! It's a fast, better Viewer, it can read old *.tKC files too. Also you can view *.NFO or *.TXT with this viewer! It has many features eg. change colors, load skins, print etc, you can find it at http://www.crackersinaction.org... enjoy it! Here's a tut79.tKC... OK, let's rave! ...or crack babes? :) You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.05 W32Dasm v8.93 Hacker's View v6.40 SmartCheck v6.03 ProcDump32 v1.6.2 Windows Commander v4.03 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good sites where you can grab tools from: http://protools.cjb.net http://w3.to/protools http://www.crackstore.com or ask any crackers to get you these tools! Are you ready?! OK! ;) Target: Firehand Lightning 2.1.3 Tools: SICE Symbol Loader, W32Dasm, Hex-Editor Level: 2 (2 only because of the crashes!) Protection: Nag/Timeout + some evaluation/unregistered texts :) Crack type: Patch URL: www.firehand.com Background: I only picked this program coz its name was very c00l :) guess its some sorta picture viewer.. Since there's no enter name/serial boxes where to enter our regcode, we shall simply patch the program to think its registered.. i dunno then if it really is coz i'm an incredibly lazy tester.. (well.. u at #c4n know I'm a lazy bastard, so not lazy tester but Lazy Bastard) Let's kick asz (make sure you made the backups! i woulda been lost without them) when you launch the program you see the annoying nag popping up.. blah, lets get rid of it BPX DialogBoxParamA and relaunch the program, *BREAK*.. lets see.. SICE is at 4210D4, lets use w32dasm to get a better picture (BD* and exit SICE) :004210D3 57 push edi * Reference To: USER32.DialogBoxParamA, Ord:0093h | :004210D4 FF1588724400 Call dword ptr [00447288] <-- call the nag mmm.. a simple thing, nop it out (5 x 90h).. ok launch the program again.. wtf? gpf? the program crashed.. oh damned.. *sigh*.. i hate these ones.. restore the original .exe.. and lets go to symbol loader ok, here's where symbol loader comes useful, open the .exe and translate it, when in SICE, press f10 to get into main program and type G 4210D4 you're in the above place.. now execute the call (step over it -> F10).. now look at the values in registers.. write them down or something and patch the nag again, reopen the .exe with symbol loader and translate again.. goto 4210D4 again.. look at the registers again, do they differ? Yup I remember a person once telling me on IRC that only thing you have to watch is that esp is restored correctly.. and thats exactly what we have to do (if you let esp remain as it is in the patched .exe the program will crash coz it'll return from the call to a wrong place..) Do a following patch : FF1588724400 (the nag caller after DialogBoxParamA) change it to (might differ on your comp): BC64EE6A00 (this one restores ESP like it has to be after the nag is displayed..) and 40 (inc eax to be 1) , so it'll look like BC64EE6A0040 Notice that BC64EE6A00 might differ on your comp depending on the correct ESP value. trace with symbol loader over the call (with the original .exe) and see ESP value after it, and modify the opcode to suit your comp save and exit and execute the program, does it crash anymore? nah.. right thing we did :) now at the point i had re-run the program so many times (over 30) that I could see the evaluation period has expired. Please register -text.. we dun wanna see it, do we? nope.. haha.. here comes the best part ;)) Yeah well.. i was lazy and because i should already be sleeping coz i gotta wake up early tomorrow morning i decided not to hunt for the timeout compare and decided to go for funny way Evaluation period has expired. Please register! .. i open the .exe with Hiew and search for the string (Evaluation). The first string I come to seems to be the right one, I edit it a bit and save and exit.. yah! looks nice ;) enter whatever u want but dont enter more chars than there originally are! now for the last parts, the stupid evaluation text.. and unregistered text in about box take the about box unregistered first.. search for unregistered in w32dasm and come across this one: :0040136D FFD5 call ebp :0040136F 8B8424CC020000 mov eax, dword ptr [esp+000002CC] :00401376 85C0 test eax, eax <-you can only wonder.. :00401378 7408 je 00401382 <-lamers away :0040137A 803800 cmp byte ptr [eax], 00 <-compare "you suck ass" or "you kick ass!" :0040137D 7403 je 00401382 <-not regged, jump lamer :0040137F 50 push eax :00401380 EB05 jmp 00401387 <-take this jump to "registered owner" * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00401378(C), :0040137D(C) | * Possible StringData Ref from Data Obj ->"" Thought i was gonna make it easy by patching the je's but not.. crashes crashes.. fackit .. ok, looks like we gotta fix this one too, symbol loader helps a lot but i'll show you the short way i did like this :00401376 85C0 test eax, eax :00401378 7408 je 00401382 :0040137A 803800 cmp byte ptr [eax], 00 :0040137D 7403 je 00401382 changes to: :00401376 40 inc eax :00401377 90 nop :00401378 7408 je 00401382 :0040137A 90 nop :0040137B 90 nop :0040137C 90 nop :0040137D 7403 je 00401382 eax is set for "passed flag" and comparing (that btw crashes this procedure) is nopped out.. look at about box now, what do you see? REGISTEREDOWNER.. looks nice :) now the last thing .. you see evaluation edition text in the top of the window? yup, easy done just search for it in Hiew eg. and replace it with the text of your choice :) Final notes: I think I never patched a program as much as I did now.. but it looks like it works. I'm a Lazy Bastard nevertheless so don't count on it :) also i never dealt with crashing problems before but i'm glad i could overcome them in this tute, i was little surprised myself that I got this thing to work. -C_DKnight reach me at c_dknight@iobox.com Greetings: (this part seems to be growing every tute and i'm sure there are still ppl left to be added) AB4DS, r!SC, Dead-Mike, NrOC, Warezpup, Hutch, [yAtEs], [E_BLiss], [LaZaRuS], Doufas, SeKt0r, nchanta, Icecream, |Xmen|, LordOfLA, F0dder, Predator, aCiDHaC, ACiD BuRN, X-Calibre, DnNuke, noos, nu, Thesmurf, defiler, Sinn0r, ^tCM^, Norika, cTT, Weazel, MisterE, Dawai, RevX, Maybird, BlackBird, FireWorx, N|Te, SheeP14o, extasy_, KaOsAuS, _zoltan, Torn@do, ByteBurn, Miscreant, croc, Br4t, [ViKiNg], Phrekie, =Metal=, B|aze, Moredhel, Seffren, Dafoe, Speedsta, Rad|cal, [Daze], VisionZ, KaKTuZ, Stilgreen, Kwazy Wabbit plus all my friends at #cdrinfo, #cracking4newbies and other chans.. Name : CD Box Labeler Pro Version : 1.3.5 Target : cdboxpro.exe Protection: 15 Days Trial,Serial,EXE PACKED! s/n saved : [HKEY_CLASSES_ROOT\Green Point Software UK\CD Box Labeler Pro\ Properties] Tools : Softice BRAIN! 15 mins time! ;) Cracker : DaMaster[XCï00] Tutorial : No.2 Download here: www.gpsoftuk.com Sorry about my poor english! Its not my mother lenguage! Introduction ~~~~~~~~~~~~ CD Box Labeler Pro are an easy to use labeler program for your CD Jewel Case & CD, Floppy & ZIP Labels. You can edit text, insert images, texboxes, lines, boxes circles, select colors to suite your needs. CD Box Labeler has utilities that helps you read the contents of the CD's and a wizard that helps you with the creation of label without need to learn the most advanced options of the program. CD Box Labeler Pro can also scan, rotate, flip images and a selection of filter effects to help you alter the images. 1. Fire up CD Box.Shit a nag appears ;) But we can see an intersting button... 'Register".Lets crack this small shit! ;) 2. Name: DaMaster[XCï00] Serial: 112233 *BOOM* Wrong Serial Number! Press OK. Wrong serial? Typical program bug ;) 3. Fire up Softice and set a breakpoint on hmemcpy: bpx hmemcpy [F5] to retur to the application. 4. Name: DaMaster[XCï00] Serial: 112233 Click OK. *BOOM* Softice pops up. Now press [F11] to get the Caller. Press [F10] till you are here: 0167:0050BE20 685CBF5000 PUSH 0050BFEC 0167:0050BE2E 8D55E8 LEA EDX,[EBP.18] 0167:0050BE31 8BC3 MOV EAX,EBX 0167:0050BE33 E830CEEFFF CALL 00408C68 <----- Part one of the serial! 0167:0050BE38 FF75E8 PUSH DWPRD PTR [EBP-18] 0167:0050BE3B 68FCBF5000 PUSH 0050BFFC 0167:0050BE40 8D55E4 LEA EDX, [EBP-1C] 0167:0050BE43 8BC6 MOV EAX,ESI 0167:0050BE45 E81ECEEFFF CALL 00408C68 <----- Part two of the serial! 0167:0050BE4A FF75E4 PUSH DWORD PTR [EBP-1C] 0167:0050BE4D 8D45F0 LEA EAX, [EBP-10] 0167:0050BE50 BA04000000 MOV EDX,00000004 0167:0050BE55 E8F681EFFF CALL 00404050 <----- Dont need!(Its part two again) 0167:0050BE5A 8B45F4 MOV EAX,[EBP-0C] 0167:0050BE5D 8B55F0 MOV EDX,[EBP-10] 0167:0050BE60 E83B82EFFF CALL 004040A0 <----- This is for the next explaination! 0167:0050BE65 0F85A8000000 JNZ 0050BF13 0167:0050BE6B B201 MOV DL,01 0167:0050BE6D A124034700 MOV EAX, [00470324] 0137:0050BE72 E80947F6FF CALL 00470580 <---- *shit* Forget this! *G* 5. At first we must find the FIRST PART of the Serial! So we must go into the call one(Part one) Click [F8] and now u must see something like this: 0167:0040BC7A 8BC2 MOV EAX,EDX <--- This line is VERY interesting! Do this :" ? eax". Now we can see the first part of our serial: 0000457216 | WARNING: We only need this:"457216" 6: So.Now we can find the seccound part of the serial.For this we must go into the seccound call!(Part two of the serial) Click [F8] and now u must see something like this: 0167:00408C7A 8DC2 MOV EAX,EDX <---- Another good boy ;) Do this :" ? eax". Now we can see the seccound part of our serial: 0000747008 | The same as in the first part! We only need this "7470008" ----------------------------- DONE.U HAVE CRACKED DA BABY!- ----------------------------- User : DaMaster[XCï00] Serial: GPS-457216-747008 ----------------------------- Yep.Some ppl might ask: "Why the fuck he hasnït told us how to find this GPS at the beginning?" The answer is: 1) Couse I cracked it the seccound way and after that I wanted to know how this shit works ;)" 2) There are many ways to find this GPS.But I want to sleep now ;) One Tip: It can be found through the user name! Make a breakpoint on the User Name entering and find it!(bpx hmemcpy) ---------------------------------------------------------------------------------------------- THE SECCOUND WAY OF CRACKING DA BABY! ---------------------------------------------------------------------------------------------- 1. You have seen the fourth call? I have tould u we would need it for the next explaination. Now we need it!: ------------------------------------------ - 0167:0050BE60 E83B82EFFF CALL 004040A0 - ------------------------------------------ We use [F8] to go into this call! Done? Now u should see something like this: 0167:004040A7 39D0 CMP EAX,EDX <---- YEA.I LOVE THIS LINE ;) /\ || This line compairs your serial with the REAL serial! If not the right serial, it fucks up! Now its very easy: Do: " d eax " <----- Now u can see your fake serial! Do: " d edx " <----- What do u see now? ;=) Yes the REAL Serial! *g* ---------------------------------------------------------------------------------------------- Name: DaMaster[XCï00] Serial: GPS-457216-747008 Press OK. *BOOM* 'Registration Successful' ---------------------------------------------------------------------------------------------- YEA.U have cracked da baby! ;) - ------------------------------------------------------------------------- THE SAME WAY OF FINDING SERIAL WORKS WITH: "Easy Organizer v1.1" too!---- ------------------------------------------------------------------------- So,it was my seccound Tut.I hope u have learned something from it! If u have got any questions Mail me: " damaster@gmx.at " or "damaster@xcrypt.couriers.org" cya DaMaster Greets: /\/\/\/ Pinda,DieSelz,Churchi,Visper,Spliff,Nitz............. All XC members! And you! How to crack Nero 4.0.9.1 with Softice ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by yoda Welcome to my first cracking tutorial. I'm a Newby ( I started cracking about 3 month ago ) but I hope I still can teach you sth. Don't blame me for any faults in this tut or my bad english :)... Let's CRACK! First install Nero 4.0.9.1 (downloadable at: www.ahead.de , I think :). Then run it. Sth like that should appear: ---------------------------------------------- | blah ? X | ---------------------------------------------- | blah, blah, ... | | | | Name: ______________________________ | | Company: ______________________________ | | Serial No.: ______________________________ | | ________ ________ ________ | | | Demo | | OK | | EXIT | | ---------------------------------------------- Let's try to skip this shit >:). Enter your name, company and a Serial number ( I prefer 1223 because sth like 12345 you will very often find in the Ram ). What's that, the OK button is deaktivated :(. Press str+d, so Softice will pop up. Normally we should set a breakpoint (with bpx) on the windowsapi "enablewindow" but let's use getwindowtexta, so type in "bpx getwindowtexta", press enter and F5. We'll be back at the proggy. Now add a 3 in the Serialeditbox Softice pops up. Press F5 so long until we are back in the proggy (to test how many getwindowtext's there are). Ok, the proggy does 3 getwindowtext. One for the name, one for the Company and one for the Serial. Now let's erase the last "3" in the Serialeditbox. Softice pops up. Then press 2 times F5 to go to the last getwindowtext, press F12 to go to the call of this getwindowtext. Trace (F10) down some ret's until you reach sth like this: :00435122 E8BF190B00 call 004E6AE6 :00435127 85C0 test eax, eax :00435129 7503 jne 0043512E <- the first con- :0043512B 50 push eax ditional jump :0043512C EB34 jmp 00435162 ... Trace to the conditional jump which wants to jump. Maybe we don't want :), so type in "r fl z" to change the ZeroFlag, disable your breakpoint ("bd*") and Press F5 to go back to the proggy. WoW the OK button is active, so let's press it. The proggy runs fine, but let's try to restart it. Nero says you that your Serialnumber is invalid (very smart). Click on the OK button and you will see the old Box which wants you to enter a valid serial :(. Let's try sth different! Close Nero and set a breakpoint on the windowsapi (API = Application Programming Interface) messagebox because the first Nag looks like a messagebox. Type in (in Softice) "bpx messageboxa" (the a is for 32bit - win 9x/2000/NT). Now start Nero again. It'll break, so press F12 to get the caller. The messagebox will now appear. That's not bad just click on OK and you'll be here: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 004F0B18 6804010000 push 00000104 :004F0B1D 50 push eax :004F0B1E 6A00 push 00000000 :004F0B20 8DBDECFEFFFF lea edi, dword ptr [ebp+FFFFFEEC] * Reference To: KERNEL32.GetModuleFileNameA, Ord:0124h | :004F0B26 FF1504845100 Call dword ptr [00518404] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004F0B10(U) | :004F0B2C 53 push ebx :004F0B2D 57 push edi :004F0B2E FF7508 push [ebp+08] :004F0B31 FF75F4 push [ebp-0C] * Reference To: USER32.MessageBoxA, Ord:01BEh | :004F0B34 FF1584855100 Call dword ptr [00518584] :004F0B3A 85F6 test esi, esi <- you are here :004F0B3C 8BF8 mov edi, eax :004F0B3E 7405 je 004F0B45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We must find a jump which jumps over this messagebox but you'll see nothing like this over this messageboxcall :(. Hmmm.. Let's go to the caller's call :), so Press F12 and look whether you find a conditional jump over the call. When it is so then set a Breakpoint on this conditional jump (with a doubleclick in Softice) and rerun the proggy when it breaks on the jump take it (e.g.: "r fl z"), F5 and look whether the messagebox appears. If it appears try the next caller's caller. The third caller's caller is good( :0043519D 7E0E jle 004351AD <- jump we must force :0043519F 6AFF push FFFFFFFF * Possible Reference to String Resource ID=00048: "Writing Wave file" | :004351A1 6A30 push 00000030 * Possible Reference to String Resource ID=61265: "This serial number... | :004351A3 6851EF0000 push 0000EF51 :004351A8 E8F4B90B00 call 004F0BA1 <- calls the first Nag * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00435195(C), :0043519D(C) | :004351AD 8BCF mov ecx, edi :004351AF E895A90100 call 0044FB49 ) Force the jump (jle) and the messagebox telling us that we entered a invalid serial won't pop up. But what's that, again the bitchy Box (where on can enter name, company and serial) appears :(. Before we do sth against this clear your breakpoints ("bc*") and change the jle to a jmp with any Hexeditor (File: Nero.exe offset: 3519D patch: EB ). Now the first Nag won't appear on startup of Nero. Close Nero and set a breakpoint on showwindow ("bpx showwindow") in Softice and run Nero. When Softice breaks on the bitchy box try to find a conditional jump which jumps over this call. Try also the caller's callers. ... Solution: After the break press 3 times F12 then the bitchy box will appear. Click on exit and Softice pops up again, 2 times F12 and you'll see: :00483BBD E85672FFFF call 0047AE18 :00483BC2 E8F415FBFF call 004351BB <- calls bitchy box :00483BC7 85C0 test eax, eax <- you are here :00483BC9 0F84D6020000 je 00483EA5 <- closes Nero :00483BCF 8B86C0000000 mov eax, dword ptr [esi+000000C0] :00483BD5 8D8EC0000000 lea ecx, dword ptr [esi+000000C0] Now we are able to kill the box :). Just nop with a heweditor the call at 00483BC2 and nop the jump at 00483BC9.( Offsets are the same number but without the first 4 -> memory offset: 483BC2 = offset 83BC2). Now Nero should run without any Nags :) - Done. I hope I could explain all a bit understandable. GreetZ go out to all cracker on this planet! Thx tKC for your great tut collections. I've read all. Feel free to mail me: yoda_f2f@gmx.net (Don't ask me where to find any cracking tools, please) Inetsides where to find tools: www.crackstore.com protools.cjb.net www.warez.com (search for the program you are looking for) CU Hello all Romanian Crackers, Hello all Crackers, ..::Calculici::.. FROM ONE NEWBIE TO ANOTHER Tutor Nr. 1 Program: Mexelite Crackme 1 ( www.suddendischarge.com ) Protection: Serial Level: Beginner Tools: SoftIce 4.05 W32Dasm 8.93 Brain A cool drink. E-mail: calculici83@yahoo.com Please excuse my english I don't speak it very good. We are going to try too approaches. One very simple with W32Dasm. First Approach Run the Crackme and enter "Calculici" as the serial and press the CHECK IT button. You get the messege "Wrong Code DUDE". Don't get nervous just read ahead. Fire up W32Dasm. Choose Disassambler\Open File to disasamble from the menu. Then select the file crack1.exe . Wait a few seconds(or minutes). After that click String Data References (SDR). Double-click on "Wrong Code DUDE". You are here: :0042D543 BAA4D54200 mov edx, 0042D5A4 :0042D548 8B83E8010000 mov eax, dword ptr [ebx+000001E8] :0042D54E E865CCFEFF call 0041A1B8 :0042D553 EB10 jmp 0042D565 Scroll up a little until here: :0042D523 648920 mov dword ptr fs:[eax], esp :0042D526 8D55FC lea edx, dword ptr [ebp-04] :0042D529 8B83DC010000 mov eax, dword ptr [ebx+000001DC] :0042D52F E854CCFEFF call 0041A188 :0042D534 8B45FC mov eax, dword ptr [ebp-04] * Possible StringData Ref from Code Obj ->"Benadryl" | :0042D537 BA90D54200 mov edx, 0042D590 :0042D53C E88F63FDFF call 004038D0 :0042D541 7412 je 0042D555<------GOOD BOY * Possible StringData Ref from Code Obj ->"Wrong Code DUDE" | :0042D543 BAA4D54200 mov edx, 0042D5A4 :0042D548 8B83E8010000 mov eax, dword ptr [ebx+000001E8] :0042D54E E865CCFEFF call 0041A1B8<------BAD BOY :0042D553 EB10 jmp 0042D565 See that jump at 42D541 it is to the GOOD BOY. Do you see that StringData Ref ->"Benadryl". What could it be. Let's try that as the serial. You get the GOOD BOY message. See you just cracked the Crackme. Second Approach Run the Crackme and enter "Calculici" as serial# then press the CHECK IT button. You get the message "Wrong Code DUDE". Fire up SoftICE 4.05(any would do). Press CTRL+D to enter SoftIce. Inside SoftICE but a breakpoint on HMEMCPY. So type BPX HMEMCPY. Press CTRL+D in SoftICE to exit. Press the CHECK IT again. You will break in SoftICE. Press F11 once and then F10 till you get to this piece of code: 0042D52F E854CCFEFF call 0041A188 0042D534 8B45FC mov eax, dword ptr [ebp-04] 0042D537 BA90D54200 mov edx, 0042D590 0042D53C E88F63FDFF call 004038D0 0042D541 7412 je 0042D555<----GOOD BOY When you get to 42D537 do a "d edx" in SoftICE and what appears in our code window the GOOD serial number which is "Benadryl". Hope you learned something from this. This is from one newbie to another. Greets: -->tKC for his tutorials -->DRaCooLA because he has opened my eyes -->All the crackers -->Phrozen Crew because of you guys the cracking bug got to me too -->Pentru toti crackerii romani nu va lasati e loc si pentru noi E-mail me at: calculici83@yahoo.com Hello all Romanian Crackers, Hello all Crackers, ..::Calculici::.. FROM ONE NEWBIE TO ANOTHER Tutor Nr. 2 Program: Giger's crack me by cupofcoffe ( www.suddendischarge.com ) Protection: Password Level: Beginner Tools: SoftIce 4.05 Brain A cool drink. E-mail: calculici83@yahoo.com First run the crack me and enter "Calculici" as the password. Then press the CHECK button. Now let's get cracking. First be sure that you have loaded the exports from MSVBVM50.DLL . Then press CTRL+D to get into SoftICE. There put a breakpoint on __VbaStrCmp. So type in SoftICE : "bpx __vbaStrCmp".Then press CTRL+D to exit. Enter again "Calculici" as password and then press the CHECK button. This time you will break in SOFTICE. In SoftICE press F11 once and you will land at 521693. Press CTRL+Page Up once and at the bottom of the page there is this instruction: 521687 PUSH ECX 521688 PUSH 00450560 <--so do a D 450560 Did you do it? Did you see something? No? Shame? Look at the Data Window it has some strange numbers. Of course because is a VB5 program. So if we entered "Calculici" it will be written in Data Window like this "C a l c u l i c i". Ok,let's look at our Data Windows we see something like this: 00450560 2E002E002E002E002E002E002E002E00 ................ 00450570 2E002E00000000000024000000290000 ................ SoftICE displays 00 as ".". And guess what 2E is? Do a "? 2E" in SoftICE. You get this: 0000002E 0000000046 "." So nice one. The Password is: 2E,2E,2E,2E,2E,2E,2E,2E,2E,2E which means 10 "."="..........". Enter the password and the image will grow. That all! Hope you understood something. Greets:Greets: -->tKC for his tutorials -->DRaCooLA because he has opened my eyes -->All the crackers -->Phrozen Crew because of you guys the cracking bug got to me too -->Pentru toti crackerii romani nu va lasati e loc si pentru noi E-mail me at: calculici83@yahoo.com I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #80 soon! ;) Credits goto: m0zzie for Splash Logo. C_DKnight for providing a tut in this version. DaMaster for providing a tut in this version. Yoda for providing a tut in this version. Calculici for providing 2 tuts in this version. To ALL the crackers: You are welcome to send me your tutors to publish them .. see below for my email address! *** 95 chars per line in textfile please! *** And all the tutors can be found at: http://www.crackersinaction.org (or on IRC, ask CiA ops for urls!) Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action 2000 Compiled with Delphi 5 on 17 May 2000 Cracking Tutorial #79 is dedicated to Sonia...