Welcome to Cracking Tutorial #82! Hiya guys, Sorry for delays, I was busy with coding and all shit, and still no phone at home... Ah now, I'm proudly to present you tKC's Cracking Tutorial 2000! It's a fast, better Viewer, it can read old *.tKC files too. Also you can view *.NFO or *.TXT with this viewer! It has many features eg. change colors, load skins, print etc, you can find it at http://www.crackersinaction.org... enjoy it! Here's a tut82.tKC... OK, let's rave! ...or crack babes? :) You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.05 W32Dasm v8.93 Hacker's View v6.40 SmartCheck v6.03 ProcDump32 v1.6.2 Windows Commander v4.03 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good sites where you can grab tools from: http://protools.cjb.net http://w3.to/protools http://www.crackstore.com or ask any crackers to get you these tools! Are you ready?! OK! ;) sNaiK's Cracking Tutorial #1 ---------------------------- Target : GrabIt Pro(tm) Version 5.0 For Windows 95 and Windows NT 3.51 Where to get : Compuserve To User ID# 72200,576 Internet: 72200.576@compuserve.com Tools : W32Dasm 8.93 Hiew 6.00 or higher GrabIt Pro is a Screen capture program . I assume that you know how to use W32DASM and Hiew . The Essay ---------- Install GrabIt Pro and run it. Hmm...looks like a nagware .Click on I Agree-continue evaluation and then Click on Enter Reg. Number in next screen. Enter any shit....for the User name and Registration number . Click on o.k ..Note the error message and close the program . O.K So Let'z Begin.... ----------------------- Dissasemble Gp50.exe using W32DASM and goto SDR (=String Data Reference) menu . Search for your string and double click it to goto the referenced code . Now trace up ..you should see thiz... :0040914A FF75FC push [ebp-04] :0040914D 68509A4100 push 00419A50 :00409152 E81FFBFFFF call 00408C76 <=====A Call ? :00409157 83C408 add esp, 00000008 :0040915A 85C0 test eax, eax :0040915C 0F851C000000 jne 0040917E <====Remember thiz :00409162 6A30 push 00000030 * Possible StringData Ref from Data Obj ->"GrabIt Pro" | :00409164 6828DC4100 push 0041DC28 * Possible StringData Ref from Data Obj ->"Not A Valid Registration Number!" | :00409169 6850DD4100 push 0041DD50 :0040916E FF7508 push [ebp+08] Did you notice thiz :00409152 E81FFBFFFF call 00408C76 <=====Call If we entered the correct code then we'll return from the call with eax=1 -> ands 1 with 1 will result 1 -> zero flag not set If we entered the wrong code then we'll return from the call with eax=0 -> ands 0 with 0 will result 0 -> zero flag is set Let'z trace this call by placing the green bar over the call and pressing the CALL button and trace down....till you get here. * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00408CC5(C) | :00408D26 8B45E4 mov eax, dword ptr [ebp-1C] :00408D29 0345E8 add eax, dword ptr [ebp-18] :00408D2C 0345F0 add eax, dword ptr [ebp-10] :00408D2F 0345EC add eax, dword ptr [ebp-14] :00408D32 0345F4 add eax, dword ptr [ebp-0C] :00408D35 0345F8 add eax, dword ptr [ebp-08] :00408D38 B93DBB0D00 mov ecx, 000DBB3D :00408D3D 99 cdq :00408D3E F7F9 idiv ecx :00408D40 8D4201 lea eax, dword ptr [edx+01] :00408D43 8945DC mov dword ptr [ebp-24], eax :00408D46 8B450C mov eax, dword ptr [ebp+0C] :00408D49 3945DC cmp dword ptr [ebp-24], eax :00408D4C 0F850F000000 jne 00408D61 <=============Bad boy :00408D52 B801000000 mov eax, 00000001 :00408D57 E90C000000 jmp 00408D68 <------------------------| :00408D5C E907000000 jmp 00408D68 <------------------------|All jumps to |the * Referenced by a (U)nconditional or (C)onditional Jump at Address: | |:00408D4C(C) |same | |place :00408D61 33C0 xor eax, eax | :00408D63 E900000000 jmp 00408D68 <------------------------| | * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: | |:00408D57(U), :00408D5C(U), :00408D63(U) | | | :00408D68 5F pop edi <<<<---------------------| :00408D69 5E pop esi :00408D6A 5B pop ebx :00408D6B C9 leave :00408D6C C3 ret O.K let'z have a look at this...again :00408D49 3945DC cmp dword ptr [ebp-24], eax ; compare our serial with program serial. Set zero flag if code matches :00408D4C 0F850F000000 jne 00408D61 ;Jump if zero flag set :00408D52 B801000000 mov eax, 00000001 ;copy 1 to Eax :00408D57 E90C000000 jmp 00408D68 :00408D5C E907000000 jmp 00408D68 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00408D4C(C) | :00408D61 33C0 xor eax, eax ;zero eax :00408D63 E900000000 jmp 00408D68 Hey ..in this case (weak protection schemes), we can modify(patch) the code so we'll return from the call with eax=1 ... here is some theory : Changing the Bad boy from 0F85 (=JNE) to 0F84 (=JE) will do the job....you can enter any code except the correct one. When we enter the wrong code the Bad Boy jumps to the location .. :00408D61 33C0 xor eax, eax and hence we return from the CALL with Eax = 0 so changing this to B001 (Mov eax,1) will make the program registered even if you enter any code . So let'z change this byte so that we return with Eax = 1 Time to crack this one ... Bring the green bar on.... :00408D61 33C0 xor eax, eax and note down the code offset that is shown at the bottom....Close W32DASM . Run Hiew Gp50.exe .Press Enter twice to goto Decode mode. Press F5 key and enter the code offset Press F3 key and change 33C0 to B001 . Press F9 key to update this change . Quit Hiew . Now run GrabIt Pro ......Did you see any nags ????...Nope :-) Congrats You've just cracked the program. This is my first tut'z so, E-Mail me at sarnaik@zeenext.com with any comments or suggestions. -sNaiK =================================================================== ## ## ### ## ## ######## ### ## ###### ## ## ### #### ## ## ## ### ###### ######## ## #### ###### ### ## ## ### ## ### ## ## ### ## ## ######## ## ## ## ## ### ## ## =================================================================== THE tKc TUTORIALS (77) - list of analyzed programs: --------------------------------------------------- ££--..__list_made_by_Johnny_AUM__..--££ __N_O_T_I_C_E__ The list is made in the ideea that you will find quickly what you need or if a program has it's tut here and the tools used! When I say "How to crack" it means that tools are W32Dasm, hiew & when is "How to find a serial", "register" the tool is Softice. When is used Smartcheck, is written there. I hope this list will be usefull to you! ___T_U_T_O_R_I_A_L___0_1___ Quick View Plus 4.0 - How to crack HEX WorkShop 2.51 - How to crack How to make your own patchers ___T_U_T_O_R_I_A_L___0_2___ Private 2.0a - How to remove NAGs (using Debugger in W32Dasm) Private 2.0a - How to remove NAGs (without W32Dasm!) LView Pro 1.C/32 - How to remove NAGs (using Debugger in W32Dasm) LView Pro 1.C/32 - How to crack (to enter any serials) ___T_U_T_O_R_I_A_L___0_3___ Horas 2.1a - How to remove NAGs (without W32Dasm) Horas 2.1a - How to crack date expiration (with W32Dasm) WinHacker95 2.0b3 - How to crack date expiration (with W32Dasm) WinHacker95 2.0b3 - How to crack (to enter any serials) ___T_U_T_O_R_I_A_L___0_4___ System Cleaner 1.21 - How to crack date expiration (with W32Dasm) System Cleaner 1.21 - How to bypass NAG about invalid date (without W32Dasm) Macro Schedular 4.3.11 - How to enable crippled features (with W32Dasm) TrayCal 1.0 - How to crack (to enter any codes) Why I copy *.exe to *.w32 files ASM Source Code for a Patcher by Nop/PC'97 ___T_U_T_O_R_I_A_L___0_5___ TrayCal 1.0 - How to register using WIN Registry CopyPaste 1.20 - How to register RadioDestiny 0.2 - How to remove timeout PASCAL Source Code for a Patcher by tKc/PC'98 ___T_U_T_O_R_I_A_L___0_6___ DocSweep 3.0 - How to register Cover Your Tracks 2.0 - How to register CD Check in Quake 2 3.10 - how to crack Trayrun 2.0.1 - How to register Pascal Source Code for a Patcher by tKc/PC'98 ___T_U_T_O_R_I_A_L___0_7___ CD Check in Balls of Steel 1.1 - How to remove (using W32Dasm) NeverForget 1.00 - How to remove NAG and 30 days limit (using W32Dasm) Phone Plus 2.00 - How to register (using Softice) WinPatch 1.0.06 - How to register (using Softice) ___T_U_T_O_R_I_A_L___0_8___ CaptureExe97 6.0 - How to unlock (using Softice) MPEG Player 1.76 - How to register (using Softice) WinXFiles 2.8 - How to register (using Softice & W32Dasm) CD-R Diagnostic 0.1.1.3 - How to register (using Softice) ___T_U_T_O_R_I_A_L___0_9___ Winamp 2.01 - How to get a serial WinNavigator 1.0 how to get a serial WinBoost 98 1.1 - How to get a serial File Mag-Net 1.10 - How to make a "keygen" ___T_U_T_O_R_I_A_L___1_0___ CD Check in Age of Empires - How to remove Easy CD-DA Extractor 3.0 - How to get a serial MP3 to EXE 1.01 - How to get a serial Visual Day Planner 6.1 - How to get a serial (using SmartCheck) ___T_U_T_O_R_I_A_L___1_1___ Sex Machine 1.2.0 - How to get a serial (using Softice) PowerAIM 1.3.7 - How to get a serial (using SmartCheck) Stone's Connect Control 1.4.1 - How to crack (using W32Dasm) Stone's WebWriter 2 v2.1.1 - How to crack (using W32Dasm) GameLaunch 3D v1.00.0020 - How to get a serial (using SmartCheck) Uninstall Manager 2.5 - How to make a keygen LiveImage 1.29D build52 - How to crack (using W32Dasm) ___T_U_T_O_R_I_A_L___1_2___ MS Combat Simulator 98 - How to remove a CD check DigiSignature 3.0 - How to get a serial Braga's Crackme -- How to get a serial (using SmartCheck) Opera 3.50 - How to crack Dll Demon 1.0 - How to get a serial Nico's Commander 4.10 - How to crack Teleport 1.29 - How to get a serial & how to make a keygen FullDisk 3.3 - How to crack & how to code a patch in ASM Split32 1.1 - How to get a serial (SmartCheck)& how to make a keygen in ASM MP3 to EXE 1.5 - How to get a serial & how to make a keygen ___T_U_T_O_R_I_A_L___1_3___ Basic of Cracking - Bullet Using Softice - Bullet Dll Show 3.9 - How to get a serial 4-Net 2.0 - How to crack Vodoo Lights & Cosmos 1.1.11 - How to crack PixShow 4.0 - How to crack CDRLabel 4.1 - How to crack ___T_U_T_O_R_I_A_L___1_4___ AtomTime 2.1a - How to crack Mirc 5.5 - How to crack Particle Fire Screen Saver - How to crack MP3/Tag Studio 1.2 - How to get a serial Symantec Visual Page 2.0 - How to crack DL PageASchedule v1.1 - How to create a keygen using Smartcheck How to crack a packed file with Petite ___T_U_T_O_R_I_A_L___1_5___ Blood2 - How to crack a CD Protection Easy CD-DA Extractor 3.0.2 - how to get a serial FlashFXP 1.0.58 - How to get a serial Waste Whacker 3.20 - How to get a serial HexDecOctBin 1.00 - How to crack FloppyLabel 4.1 - How to crack Calendar Builder 3.2d & Visual Business Cards 3.2c - How to make a keygen ___T_U_T_O_R_I_A_L___1_6___ Plan-It 1.02 - How to get a serial for 5 users NFO--Diz Viewer 1.26 - How to get a serial (using SmartCheck) Resize Image 3.3 - How to crack MPEG DJ Encoder 1.24a - How to crack Musical Generator - Keygen Anti-BO 1.5 - Keygen Very Easy Cracking Tutorial - Bullet A Dreaded Guide to Cracking - MisterE The Dark Art Of Cracking - paper articol 2 Source Code for Patches in Delphi 4 & tKC winice.dat ___T_U_T_O_R_I_A_L___1_7___ Winzip 7.0 SR1 - Patch for running without help files Winamp 2.10 - How to get a serial A Day In The Life 1.0 - Keygen Tutorial 1 Submit Wolf (demo) 4.01 - Keygen tutorial 2 Screen Loupe For Windows 95/NT 4.4 - Keygen Tutorial 3 Cruehead's Crueme 1.0 - How to crack ___T_U_T_O_R_I_A_L___1_8___ Pretty Good Solitaire 98 v.13 & PAM 1.13 - Serial Catching in VB5 Photoline 5.06 - How to think like a programmer Cpuidle 5.03 - Remove time limits Unreal Player Max 1.29 - Remove time limits Speak 1.8.21 - Serial Catching in VB6 WebFlix Pro 1.51 build 19990104 - How to crack WinBoost 98 1.24 - Key Generator ___T_U_T_O_R_I_A_L___1_9___ SkinMaker 0.27 - How to get a serial Stones ConnectControl 2.0.4 - How to crack GameSpy3D 2.08 - Cracking Tutorial Xceed Absolut Packager 1.1 - Patching a packed file with Shrinker 3.4 Basic Metods In Cracking Mp3 Explorer 2.3.0 - Key Generator ___T_U_T_O_R_I_A_L___2_0___ Nico's Commander 5.01 - How to put a random serial 12 Ghosts - Universal Keygen with C Source HTML Dir 2.0x with C Source - Keygen Tutorial Exepackers 1 - How to unpack programs packed with unknown exepackers under Win Exepackers 2 - How to unpack programs packed with unknown exepackers under Win AHM TRitonTools 2000 Beta 1.3 - How to crack components for Delphi ___T_U_T_O_R_I_A_L___2_1___ NetBus Pro 2.01 - How to crack CD-R Diagnostic 1.4.4 - How to enter a random serial/key Winpatch 1.2 - How to enter a random serial/key Net Gim Rummy 3.01 - How to crack Disk Cleanup 3.5 - How to crack Winzip 7.0 - How to crack for any name/serial WindowBlinds 0.85 (upd) - How to crack ___T_U_T_O_R_I_A_L___2_2___ Pretty HTML 3.5 - How to crack Acces Denied 1.11 - How to crack Instyler SmartSetup 2.0 - How to crack AudioCD MP3 Studio - How to crack Super Sensitive Disk-Scanner 98 2.00.4.99 - How to crack CoolRun 2.0 - How to crack ___T_U_T_O_R_I_A_L___2_3___ Swapper 3.00 - How to crack BluePrint Web Scripting Editor 1.03 - How to crack BVS Solitare Collection 2.2 - How to crack NBA Live '98 - How to crack CompuPic 4.50 build 979 - How to crack System Cleaner 908 2.0 build 2.0.0.34 - How to crack ___T_U_T_O_R_I_A_L___2_4___ SmartCheck 6.1 beta - How to get a valid serial Half Life 1.0 & 1.0.0.6 - CD crack by Risc Net Checkers 3.50 - How to crack Form-Printery 99 English 2.0 - How to crack Poster-Printery English 2.0 - how to crack Net Cribbage 4.01 - How to crack ___T_U_T_O_R_I_A_L___2_5___ Myth II - How to crack using w32dasm & hiew NeoTrace 1.22 - Patching of Packed/Protected files (writing a loader) Winzip 70 stuff for a keygen MetaMaster 2.5 & 2000 - How to crack (Softice & SmartCheck) ZipClean & programs with same register routine - How to crack using smartCheck Code for Anti-Softice in Delphi ___T_U_T_O_R_I_A_L___2_6___ Bryce 3D 3.1 - How to crack Kyoday Game - Keygen Tutorial Eternal Bliss's Camouflage - How to crack & make a keygen (Softice-SmartCheck) Binary Clock 2.3 - How to patch CD Protections - Tutorial Clancy's Rainbow Six 1.04 - How to crack ___T_U_T_O_R_I_A_L___2_7___ Anno 1602 - How to crack 3D Studio Max R2.5 (dongle) - How to crack using Softice & hiew Bleem - demo - How to crack Registration Defeating Petite 2.1 - Patching Tutorial by R!sc The Bat! 1.32 - How to crack ___T_U_T_O_R_I_A_L___2_8___ RollerCoaster Tycoon - How to crack RollCage Game - How to crack Might & Magic 6 v1.1 - How to patch Sin (UK) 1.01 Game - How to crack JForge 2.61 - How to crack CD Protections - 2nd Tutorial ___T_U_T_O_R_I_A_L___2_9___ WinHex 8.3 - How to crack Cookie Crusher 2.11 - How to enter a random serial/key Akai CDXtract 1.23 - How to enter a random serial/key High Grow 1.1 - How to enter a random serial/key EVE Text Editor 1.0 - How to enter a random serial/key HTML Publisher Pro 3.010 - How to crack ___T_U_T_O_R_I_A_L___3_0___ HyperPas - How to crack XSource - How to crack BitmapShrinker 1.02 - How to crack Delphi Debugger Pro 1.0.0 - How to crack Winamp 2.23 - How to crack Poker Patience Pack 1.0.0.0 - How to crack ___T_U_T_O_R_I_A_L___3_1___ Poster 6.1 - How to enter a random serial Lorenz Graf's HTMLtool 2.7 - How to get a serial @MailGate 2.75 - How to get a serial Tomb Raider 3 - Tutorial WWW GIF Animator 1.0 - How to get a serial HD Morph - Tutorial on how to get a serial from VB5 program ___T_U_T_O_R_I_A_L___3_2___ ICCD 4.x - How to crack EXE Protector 2.01a - How to get a serial from a passworded .exe (SmartCheck) Advanced Video Poker 1.00 - How to crack & make a keygen with SmartCheck Grand Theft Auto: London (UK) - How to crack Organize! 5.18 -- How to crack using SmartCheck All Software of Design Products (19 prgs) - How to crack ___T_U_T_O_R_I_A_L___3_3___ TempClean 3.01 - How to crack Toca2 1.0 - CD Check Protection FastCad32 6.032 - how to crack Infinity Textures 1.3.0 - How to crack for serial WinHex 8.3 - How to crack SalesAgent prg: FireWorks & FreeHand - How to crack ___T_U_T_O_R_I_A_L___3_4___ Winamp Skin Maker 1.05 - Find a serial (Softice) Directory Printer 2.4 - How to register (w32dasm) Home Buyer's Calculator Suite 1.0.0.2 - How to crack (w32dasm) WinRamTurbo 1.33 - How to crack (w32dasm) MechWarrior 1.0 US - Remove CD check with Softice Photoline 5.10 - How to crack (Softice + w32dasm) ___T_U_T_O_R_I_A_L___3_5___ PixNews99 1.0 - Find a serial (Smartcheck) HotCorners 1.5 - How to find a serial (Softice) Winamp 2.xx - How to find a serial (Softice) WinXFiles 32 - How to find a serial (Softice) Konix.zip (see www.adress) - Manual Unpacking for newbies IconPackager 0.98b - Find a serial & keygen (Smartcheck) ___T_U_T_O_R_I_A_L___3_6___ MechWarrior3 - Removing cd-check with Softice My PhoneBook 3.53 - How to crack (Softice & hiew) Ulead Cool 3D 2.5 - How to crack using ProcDump Secure 2.0 - How to crack with w32dasm Life of Crime 1.0 US - How to crack using w32dasm LP Ripper 3.0 - How to crack (w32dasm + hiew) ___T_U_T_O_R_I_A_L___3_7___ FTP Navigator 4.15 - How to crack (Softice + hiew) GearAudio 1.1 - How to find a serial (Softice) TechFacts 1.41 - How to crack using w32dasm Security Administrator for Win95/98 1.3 - Find a serial with w32dasm EascapeRC 1.01 - How to crack (w32dasm) ___T_U_T_O_R_I_A_L___3_8___ MS Age of Empires 2: Age of Kings - Cracking with w32dasm Jator 3.5 - How to crack (w32dasm) ReallyGood 2.7.0.6 - How to find a serial with w32dasm Crackme 3 project (cracking4newbies) - How to keygen ORDIX Mpack 1.x - How to find a serial with Smartcheck (VB keygening) ___T_U_T_O_R_I_A_L___3_9___ Myth II 1.12 - How to remove cd-check (w32dasm) Audionaut Music Manager 3.0 - Remove limitations (w32dasm) CD-QuickCache 3.10 - How to crack (w32dasm) Nokia Smart Messaging Agent 0.99 (partial) - How to get a serial (Samrtcheck) Killer_3K's CrackMe 2 - How to keygen (Smartcheck) ___T_U_T_O_R_I_A_L___4_0___ Nokia Smart Messaging Agent 0.99 (all) - How to get a serial (Samrtcheck) Directory Printer - How to crack (w32dasm) Tiberian Sun C-dilla - CD-check removal (Softice) Memory Patch (Delphi 4) - Piece of code ___T_U_T_O_R_I_A_L___4_1___ All software of Design Apps - How to get your personal serial CrackMe by Sionide - How to crack VB strings using SmartCheck Basics Of Cracking - by Sionide (sometimes with SmartCheck) Snowman32 2.42 - VB cracking; how to keygen using SmartCheck Ellipse HTML SideKick 2000 - How to keygen ___T_U_T_O_R_I_A_L___4_2___ C-Dilla SafeDisc - Another comercial Protection defeated Alot Nanny 1.0 build 03 - How to patch CD-R Diagnostic 0.1.4.8 - How to crack TweakJr 99 1.01 - How to crack (with publishing mistakes) Batch File Wizard 1.8 - Crack Tutorial with SmartCheck ___T_U_T_O_R_I_A_L___4_3___ TweakJr 99 1.01 - How to crack (correct version) Button Wizard 6.3 - Crack Tutorial (Smartcheck) TB Start 1.0 - Crack Tutorial (Smartcheck) CrackMe "Mask" - How to crack Assembly Tutor - Essential on short ___T_U_T_O_R_I_A_L___4_4___ Flodata Solitaire - Crack Tutorial (Smartcheck) Web Weaver & J-Perk 5.01 - Serials Tutorial MIZ CrackMe 2 - How to crack KingPin (french) - CD Protection CrackMe 2 VB by Sionide - How to crack (Softice & Smartcheck) ___T_U_T_O_R_I_A_L___4_5___ Stringz CrackMe VB6 - How to find a serial (Smartcheck) Virtua Fighter - How to make a crack Lime 5.10 - How to make a crack RAScounter 1.20 - Cracking Tutorial Addict 2.02 - How to get a personal serial (Smartcheck) ___T_U_T_O_R_I_A_L___4_6___ Datei Memo 1.00 - Cracking Tutorial (Smartcheck) eNotepad 2.1.3 - How to crack Teleport Pro 1.29 build 1107 - How to crack Sunkist competition DK - Cracking Tutorial LockDown 2000 4.0 - Cracking Tutorial ___T_U_T_O_R_I_A_L___4_7___ PowerStrip 2.51.02 - Manual unpacking with ProcDump32 Nokia Startup Logo Editor 1.0A & Nokia Smart Messaging Agent 0.99b \\ \\ Cracking Tutorial (SMartcheck) Lan-Box 1.01 - How to keygen (VB6 apps) with Smartcheck The Power 1.0 (fr) - Visual Basic Keygening (Smartcheck) MidTown Madness (french) - Another approach on c-dilla ___T_U_T_O_R_I_A_L___4_8___ JPEG Optimizer 3.07 - Registration code (hardcoded) GIF Movie Gear 2.63 - How to code a keygen (for newbies) PowerStrip 2.51.02 - Manual unpacking with ProcDump32 Notepad of Win98 - How to write an automatic script for Procdump 1.5 \\ \\ notepad crypted with Stone PE Encrypter 1.13 Programs packed with PECompact 0.975 - How to write an automatic script \\ \\ for Procdump 1.5 ___T_U_T_O_R_I_A_L___4_9___ Basic Cracking with some of the most popular tools (Smartcheck also) QControl 1.01 - How to get serial, keygen PC Trial CrackMe 1 - calculation of a valid serial 3 Apps - Java Reverse Engineering - How to defeat Java (with Java Decompiler) MPEG DJ Encoder 1.53 - How to crack Antisniff 1.01 - How to crack Free2Fax 1.00.03 - How to crack GameSpy 3D 2.16 - How to get a serial A RobFantastic MP3 Encoder 1.4 - How to crack Download Accelerator 3.5 - How to crack mIRC 5.61 - How to crack ___T_U_T_O_R_I_A_L___5_0___ MultiNet Manager 4.0.1 - How to get a serial Camouflage/Encryption System 3.0 Trial - How to crack Inf-Tool 5.3 - How to remove NAGs How to crack another Delphi Components Jumps in ASM - explained ___T_U_T_O_R_I_A_L___5_1___ CrackTips for Newbies MightyFax 2.9q - How to get a serial Text Cleaner 1.0.1 - How to get a serial Cool Page 1.9b - Hardcoded serial number to find DataArmour 1.3.0.1 - How to crack ___T_U_T_O_R_I_A_L___5_2___ EasyText 3.02 - Finding the serial World Wide Watch 1.06 - How to crack WinRescue 98 - How to crack Texturizer 1.48 - How to get a serial (Smartcheck) WebReadyManager 1.00.13 - How to crack (Smartcheck) ___T_U_T_O_R_I_A_L___5_3___ DataArmour 1.3.0.1 - How to get a serial Shadow Man 1.0 - How to crack & a patcher for it Email Via Phone 1.0 - How to get a serial in VB6 GifLine - How to crack ICQ 99b - How to crack protection ___T_U_T_O_R_I_A_L___5_4___ AcdSee 2.41 - How to crack PetWings 1.0 - Interesting way to find serial ClipMate 5 - How to find a serial MatchWare Screen Corder 2.1 - How to crack Universe 1.62 - How to get a serial ___T_U_T_O_R_I_A_L___5_5___ Windows Sniper 2.0 - How to find a serial Dirt Bike 3D - How to make a crack NetBuster 1.31 - How to crack P3Trick's CrackMe (VB6) - How to get a serial (Smartcheck) CoolZip 1.01 - How to get a serial ___T_U_T_O_R_I_A_L___5_6___ ColorSet 1.7 - How to get a serial WinSlide 2000 2.1 - How to get a serial Norton Antivirus 5.0 - How to get a serial VirusScan 4.0.3 - How to crack Applet Button Factory 5.0 - How to crack ___T_U_T_O_R_I_A_L___5_7___ Xara 3D 3.04 - How to crack Xara WebStyle 1.2 - How to crack Quick Note 1.0 - How to find serials without Softice Online Counter 5.45.1612 - How to get a serial Open Sound System 3.9.2.y - Remove time limit ___T_U_T_O_R_I_A_L___5_8___ Norton Antivirus 5.00.00 - How to crack World Time 2000 - How to crack Bullet's CrackMe 2 (VB) - How to get a serial (Smartcheck) Xara WebStyle 1.2 - How to crack Audition for W95/NT 3.5 - How to find a serial ___T_U_T_O_R_I_A_L___5_9___ DataArmour 1.3.0.1 - How to find a serial Ulead Web Razor Pro 2.0 - How to crack 007 Stealth Activity Monitor 4.2 - How to crack DU Meter 2.21 - How to crack Q-CrackMe 1.0 - How to crack ___T_U_T_O_R_I_A_L___6_0___ BVS Solitaire Collection 2.3.1 - How to get serials (decode them) Winamp 2.2x - How to get a serial Quick Editor 6.0 - How to crack PSplit 97 - How to crack using HMEMCPY Winzip 7.0 SR-1 - How to find serials ___T_U_T_O_R_I_A_L___6_1___ Sentry II Professional 2.2 - How to get a serial Packager MK1 - How to get a serial WinXFiles 4.3 - How to get a serial Web Tacho 1.20.3 - How to get a serial MP3 Wolf 1.04 - How to get a serial ___T_U_T_O_R_I_A_L___6_2___ Softice Cracking Overview eCatch - How to crack Alert Link Runner 3.0 - How to get a serial (Smartcheck) Need For Speed 3 - How to patch Total Recorder 2.1 ___T_U_T_O_R_I_A_L___6_3___ WinBoost 2000 Gold - How to crack (1) WinBoost 2000 Gold - How to crack (2) WinHacker 2.03 - How to crack (1) WinHacker 2.03 - How to crack (2) Notepad 95 - Remove window from translation to Wordpad ___T_U_T_O_R_I_A_L___6_4___ Quick View Plus Trial 5.1 - How to crack Windows Sniper 2.1 - How to crack Start Clean - How to crack Xaudio Wave Encoder 1.xx - How to crack StreamBox VCR 1.0 beta 2 - How to crack ___T_U_T_O_R_I_A_L___6_5___ Winamp Skin Maker 1.05 - How to find a serial (Softice) Silver (Photoshop Plug-in) - How to crack (w32dasm) GIF Movie Gear 2.63 - How to crack (w32dasm) HTML (Un)Compress 5.0 - How to crack (w32dasm) Offline Explorer 1.2 - How to crack (w32dasm + procdump) ___T_U_T_O_R_I_A_L___6_6___ Browserola 1.0 - How to find a serial Absolute Security Standard Encryption Program 3.3 - How to get a serial URLegal 2.1 - How to crack Lockdown 2000 3.01 - How to find a serial Just Another Commander 2.01 - How to crack ___T_U_T_O_R_I_A_L___6_7___ JD Tricks 3.271.7.0 - How to find a serial UltraEdit 7.0 - How to crack InternetMETER 2.0b - How to crack it (Exescope) WinRescue 98 4.16 - How to crack or find a serial with w32dasm Directory Snoop 3.11 - How to crack ___T_U_T_O_R_I_A_L___6_8___ MP3 Explorer 3.1.01 - How to crack Advanced Video Poker 1.2 - how to find a serial (Smartcheck) DLL Show 4.x - How to find a serial ArtGem 1.0 - How to crack WinZip 8.0 (b.2350) - How to find a serial ___T_U_T_O_R_I_A_L___6_9___ CIA's Trial CrackMe 4 - How to crack (Softice, ProcDump, Frogsice) EditPlus Text Editor 2.00h - How to crack it MeltIce - How to crack PowerStrip 2.55 - How to crack LW2000 script.ini (ProcDump 1.6.x) ___T_U_T_O_R_I_A_L___7_0___ SpyNet 3.12 - How to find a serial (Softice) WinZap - How to crack PsPar 1.32 - How to crack Total Recorder 2.2 - How to crack ButtonWiz 7.0 - How to crack ___T_U_T_O_R_I_A_L___7_1___ HotDog 6.0 - How to crack Account Pro 7.30f - How to crack FireBurner 1.05 - How to crack Backgammon, by George 1.70 - How to crack tKC tutorials 58-64 & Octavius 2.0 (setup also) - How to crack \ (works on tutorials 65-68 also) ___T_U_T_O_R_I_A_L___7_2___ PrivateEXE 2.2 - How to crack Sketch Effect 1.00 - How to crack Exescope 5.0 - How to crack Apx Reveal 1.0 - How to crack Quintessential CD Player 2.1.007 - How to find a serial ___T_U_T_O_R_I_A_L___7_3___ Exescope 5.11 - How to find a serial WinRescue 98 4.18 - How to crack Remote Snap Shot 1.0 - How to find a serial Vocabulizer 2.2 - How to find a serial Solsuite 5.0-5.2 - How to crack ___T_U_T_O_R_I_A_L___7_4___ Chinese Horoscope - How to crack Exescope 5.12 - How to find a serial Absolute Security Standard Encryption Program 3.5 - How to find a serial Jpeg Optimizer 3.10 - How to crack 007 Starr 1.1 - How to crack ___T_U_T_O_R_I_A_L___7_5___ Engineering Power Tools 1.9.3 - How to find a serial (Smartcheck) Electronic Survey Program 1.1 - How to get a serial (Smartcheck) Unique Filer 1.4 - how to crack (w32dasm) AudioCD MP3 Studio 2000 - How to crack Windows Commander 4.03 - How to remove NAG (w32dasm) ___T_U_T_O_R_I_A_L___7_6___ QuickHeal 5.19 - How to crack tKC Tutorials 58-64 & Octavius 2.0 - How to crack CrackMe RSA (factor.exe0 - How to crack Chop Shop 1.0 - How to keygen (Smartcheck) Tweaki for Power Users 2.6.0 - How to crack ___T_U_T_O_R_I_A_L___7_7___ Norton Antivirus 5.0-Uninstall Deluxe 1.01 & Macromedia FireWorks 1.0, 2.0 \ Flash 3.0, 4.0 & Dreamweaver 2.0 - How to crack PCWallet 5.0 - how to get a serial CD Spectrum Pro 2000.0306 - How to get a serial Terrapin Lite 1.2.1 - How to get a serial CoolFocus Flyer 1.0 - How to get a serial (Java Decompiler) Other usefull informations: ---------------------------- Tut 16/10 - winice.dat from Softice 3.24 of tKC! Tut 69/05 - script.ini (ProcDump) of LW2000 --..__e_n_d__..-- Find a serial with Softice in a VB 5 program - Engineering Power Tools 1.9.5 (works on others, too - like PAM V2, etc) Target: Engineering Power Tools 1.9.5 WWW: http://www.pwr-tools.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- Protections to be removed: unregistered state Tools: Softice & Windows Commander 4.03 --------Motto for my actions:------- I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Real happiness, free and freedom for all! -------- I'm back, nice guys. You wanna learn, ha? Right, let's do it! This method works on many VB 5 programs, like MP3 player PAM V2, etc. Some guys will say: but this target was shooted before, what the f.. ! Ya, but I couldn't set my Smartcheck to run with target because some errors & my PC is a little too old, so I couldn't make this program to run & find serial how was explained in tutor 75, part 1 and I must have this serial with my name because I'm a cracker, right? And this Engineering... is good! Start... now! 1. First , you must have in winice.dat these lines, in this way: AF4="^s 0 l ffffffff 56,57,8B,7C,24,10,8B,74,24,0C,8B,4C,24,14,33,C0,F3,66,A7;" ;AF3="^wc;" ;AF4="^ww;" EXP=c:\windows\system\msvbvm50.dll ;EXP=c:\windows\system\msvbvm60.dll Copy-paste-replace, whatever, fix your winice.dat - you can handle it! 2. After Softice is fixed & active (CTRL-D) I recommand to restart all. 3. In first window of Engineering Power... tralala, click on UNREGISTERED and register like this -> Name: Johnny AUM Code: 12345. 4. CTRL-D to Softice. bpx hmemcpy. Enter. CTRL-D. Ok to register. Boom, back in Softice. 5. Pay atention! Press Alt-F4. Must appear something like "Pattern found at 0030:0F00D9EA" or if you don't reseted your PC, something like "... at 0157:0F00D9EA". Anyway, you must have an adress. If you don't have it, repeat operation from 1. with care and/or again reset. 6. So, you have adress 0030:0F00D9EA. Write in softice bc *. Meaning disable breakpoints. Now, bpx 0030:0F00D9EA. Press F11. Good. Now press F10 about 250- -320 times or better keep pressed F10 until adress 14F:0F00D9FA -> REPZ CMPSW. Be patient and look for this "REPZ CMPSW". It's after a few lines with "MSVBVM50...VBA...". 7. You stay with cursor now on 14F:0F00D9FA. Write in Sice: d esi. Bingo! What a nice serial: 2.2.0.1.2.2.A.0 . Without points (which are spaces): 220122A0 (remember for name Johnny AUM). Easy, ha? Now try with your dates! 8. Be patient & resist to temptation to abort. You are a smart guy, you can do it with this (for some, uggly) Softice. Job done! Bye! PS. I have all the time PS-s in my tuts, he! If you have registered already EPT 1.9.5 and you want it with your name, first delete reg infos from pwrtools.ini! ---------------- Greets: tKC & CIA (nice guys!), to all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. I love you all but be a good soul! Romanian Greets: Toate cele bune oamenilor inimosi din Romania! O sa vina si zile mai bune! Incercati sa evoluati spiritual daca vreti sa fiti fericiti! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time! God is pure love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY! Critics, comments, anything at: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ Find a serial in GoldWave 4.12 (pretty wav editor) Target: GoldWave 4.12 (method & serial below works on other versions too) WWW: http://www.goldwave.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- Protections to be removed: unregistered state Tools: Softice & Windows Commander 4.03 --------Motto for my actions:------- I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Real happiness, free and freedom for all! -------- ** Here is a nice method to quickly find a serial! Is not very used by crackers! All start when I discovered that I cannot find a serial in this program with the usual breakpoints. Of course, I have keymakers, serials for registering this, but for practicing with Softice. I'm still a sort of newbie, and I like to practice. So, I've looked in API functions and in the program code and after some observations I said: wow, what if this API function "lstrcmpA" works? Ha? Let's try this baby! 1. We Register in Options - Register with this: First Name: JOHNNY, Last Name: AUM, Password: 12345. 2. CTRL-D for Softice. Bpx lstrcmpa we write there, Enter. CTRL-D. OK to register. Back in Softice. 3. Softice said: Break due to BPX KERNEL32!lstrcmp C-01. OK. Let's see this register: esi, so write d esi. Wow! Incredible easy. Our serial is: KAJNBB. Of course for 1rst name JOHNNY and 2nd AUM. 4. My gift to you in case you don't succeed: 1st: YOUR 2nd: PERSON and serial: WSXGMEB. Bye now, job done! PS. If something seems to be wrong, reset first the program and/or PC and try again! ---------------- Greets: tKC & CIA (nice guys!), to all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. I love you all but be a good soul! Romanian Greets: Toate cele bune oamenilor inimosi din Romania! O sa vina si zile mai bune! Incercati sa evoluati spiritual daca vreti sa fiti fericiti! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time! God is pure love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY! Critics, comments, anything at: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ Find a serial in WinXFiles 4.0 and 4.7 (with packed executable) 100% Working Tutorial! Target: WinXFiles 4.0 & 4.7 (other versions too) WWW: http://www.pepsoft.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- Protections to be removed: unregistered state Tools: Softice, W32dasm 8.93 & Windows Commander 4.03 --------Motto for my actions:------- I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Real happiness, free and freedom for all! -------- Probably you asked yourself why another tutorial about WinXFiles. Here's why. Find a serial in a recent WinXFiles is in 2 tuts: 35/part 4 & 61/part 3. But, although I followed exactly the methods described there and in case 35/4 I found the place (& instructions) described but no serial at all and in LW2000 tutor 61/3, I found the first lines in code but never the ones with serial, and believe me, I know to look, maybe my PC and/or Softice can't perform something. Or the crackers forgot to mention something (I'm sorry if is proving that I'm wrong). So, for me the tutors mentioned was useless, but not the third tutor, the one of tKC, who really worked, even if it was old version 2.8 (tut nr. 8/part 3). The reason of this tut is that is 100% working, simple and you can extend the method on older-future versions or the present one which you can download now, WinXFiles 4.7. Note: I'll explain on WinXfiles 4.0 first (because in not packed - the executable). Fast! 1. Register with Johnny AUM & 12345 as dates, CTRL-D. Put bpx showwindow, Enter. CTRL-D, press OK to register. We land in Sice. Press F11. We see that our call starting at 4252D3. Remember 4252D3. Exit with bc * and CTRL-D. 2. We are now in W32dasm -> in Wxfiles.exe. Shift-F12 with adress above: 4252D3. There is ShowWindow (the one with bmp: Sorry... Invalid Registration Password). We go up in the code at 4252B8. 4252b8 is jumped from 4251FF, as you can clearly see. Go to 4251FF. 3. The jne from 4251FF is the one responsible with jumping to bad code window. So, we remember 4251EB, the first line from this routine, you got it? 4. Register again with Johnny AUM, 12345 and press CTRL-D. Write bpx showwindow again, Enter. CTRL-D, Ok to register the program. We pops in Sice & now we will make it to stop at our memorized adress - 4251EB, we write G 4251EB, Enter. Good job! 5. Good because we are back in registration window. Put 12345 again & press OK. We are in Softice now with cursor on 14F:4251EB. Write d eax-20, Enter. Bingo! What a easy catched serial, and a nice one, long too: HKHUAQZFYHUPUGF. So, for WinXFiles 4.0, date 16 may 2000, name Johnny AUM, that's it. Change time to date above for working with this serial! Anyway, this serial works with actual and old versions of WinXFiles! Now, the method for WinXFiles 4.7 (Wxfiles.exe which is packed with Aspack) -------------------------------------------------------------------------- The steps are identically, but we have to find the new G adress,where to stop. We cannot dissasemble the Wxfiles.exe with w32dasm because is packed. Ok, no big problem. We can see the real adresses from Softice memory. From first method (4.0 version) we have 2 adresses: 4252D3 and 4251EB. Because we are smart guys, we think: what if we make 4252D3-4251EB=E8 in hexa, with calc.exe. Now, make big eyes: E8 (hexa) means 232 (decimal) instructions from G 4251EB to 4252D3 (bad code window adress). So, if we find the adress from where is called ShowWindow (new version 4.7) we can decrease 232 instructions from new ShowWindow 425XXX and obtain our needed G 425???. Easy, ha? (For unregistering, search with regedit.exe in Registry -> CTRL-F -> "userkey" from PEPSOFT/REG stuff & delete subdirectory "REG") 1. Like in (4.0 version) operation 1 above: Johnny AUM & 12345, CTRL-D, bpx showwindow, Enter. Ok to register. We are in Softice. Press F11 to see caller of ShowWindow: it's 42555B, you see it? How I just said, now we decrease with calc.exe 42555B-E8(232 zecimal)=425473, so prepare for G 425473. 2. Write bc *, Enter. CTRL-D for registering again with known dates. Again CTRL-D, bpx showwindow, CTRL-D, press OK to register. 3. We pops in Softice, write G 425473 (for 4.7 version). Everything is like in operations above. For serial, write d eax-20 and you have it: QQTGUZHZADPMKLW. The same date: 16 may 2000 and name: Johnny AUM. This serial looks different but is as good as the other. Job done! If something seems to be wrong, reset first the program and/or PC and try again! Put the above date with serials mentioned! PS. Aah, a gift to you: Date 16 may 2000, Name: REGISTERED and serial: VLMDGZFEXPDBKMF. It's a gift in case that you cannot or you don't wish to find your own serial! And restore time at normal after all! ---------------- Greets: tKC & CIA (nice guys!), to all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. I love you all but be a good soul! Romanian Greets: Toate cele bune oamenilor inimosi din Romania! O sa vina si zile mai bune! Incercati sa evoluati spiritual daca vreti sa fiti fericiti! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time! God is pure love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY! Critics, comments, anything at: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #83 soon! ;) Credits goto: bM[tfgx] for Splash Logo. sNaiK for providing a tut in this version. Johnny Aum for providing 4 tuts in this version. To ALL the crackers: You are welcome to send me your tutors to publish them .. see below for my email address! *** 95 chars per line in textfile please! *** And all the tutors can be found at: http://www.crackersinaction.org (or on IRC, ask CiA ops for urls!) Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action 2000 Compiled with Delphi 5 on 17 May 2000 Cracking Tutorial #82 is dedicated to Sonia...