Welcome to Cracking Tutorial #83! Hiya guys, Sorry for delays, again I was busy with coding and all shit... And now, I would like to present my tKC's Tutorial Viewer 2000 v1.1! It's a fast, better Viewer and Tutor Editor, and more features added! Also released tKC's Tutorial Viewer 2000 Lite, for those who have problems with their 3D cards. You can find them at http://www.crackersinaction.org... enjoy it! Here's a tut83.tKC... OK, let's rave! ...or crack babes? :) You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.05 W32Dasm v8.93 Hacker's View v6.40 SmartCheck v6.03 ProcDump32 v1.6.2 Windows Commander v4.03 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good sites where you can grab tools from: http://protools.cjb.net http://w3.to/protools http://www.crackstore.com or ask any crackers to get you these tools! Are you ready?! OK! ;) DongJong's NEWBIE TUTORIAL DongJong's How to get a PERSONAL SERIAL for Recipe Guide v1.0 Tools to use ~~~~~~~~~~~~ SmartCheck 6.01 Where to get Tools ~~~~~~~~~~~~~~~~~~ http://cracking.home.ml.org http://surt.to/HarvestR http://crackstore.com http://www.pepsoft.com Where to get the program ~~~~~~~~~~~~~~~~~~~~~~~~ Recipe Guide v1.0 http://hem3.passagen.se/recette/recguide.zip Program description ~~~~~~~~~~~~~~~~~~~ RecipeGuide is the program for those of you who always find it hard dealing with all the loose recipes. This is why RecipeGuide was developed. It removes all nasty paperwork and it helps you find the recipes you need instantly. As an extra, there are also some drinks included.When you've found the recipe you wanted, it's easy to print them out on paper. Also grocery lists may be printed. Procedures ~~~~~~~~~~ Start SmartCheck (SC) and open RecipeGuide.exe, run the program by pressing F5, as usual, you need to click only the "ACKNOWLEDGE" button when SC is running and gives you option buttons to click to, until we came when SC now loads the program. The first time it loads, the program displays a nag screen telling us that it only allows you 30 days of evaluation time to try the recipe guide and that it costs you $29.95 to register (by then you already have cooked your Fetuccine :) he he :) But of course it has lots of niceties that you need, the one i like is where you only give the program what ingredients you have and what can it made with just those ingredients, and CARAMBA! it tells you the menu for the day! guess important for me, as i'm always in disarray, has shopping/grocery list too :> Okey! lets go on, enough of the advertisement (it only makes you drool :) Within that nag screen, are bar buttons, and one of them is the REGISTER button ( but you can also do it on the REGISTER menu within the program), but let's do it now! Click on Register, a registration screen ask you for your User's name and Password, i register with my friends name, like this (you can input your name and any number you want, just follow my tut) : Name: Albert Alexander Lay Serial: 1434 Then after filling on the details click on OK, and a nice message will greet you saying "Sorry, Invalid Password"! ouuccchhhh! walastik! mali pala! hehe :> (well just part of the game) :) Now just press on and just click on and exit the program, press on the error the "Acknowledge" button and SC stops tracing for us to begin hunting that code :> Ok, so now let's look on the left side of SmartCheck, luckily... just a few, it stops within 5 minutes :> just take a look and you'll see a lot of [+] GVBox1_MouseMove, but that's not the one, it's just counting our mouse movements (?), what we want is at [+] Command1_Click, now click on that [+] and what we got! Hmmm... if you've been following my tutors, we can say, from the looks anfd feel of it, well this is it! It shows our input name and password! There's a lot below it, which is which, just start with the one which when you click, the right pane of SC displays your input name, place the cursor on it and press it (blue line highlights it) and look at the right corner of SC, you'll see like this... [-] String string1 = 00566614 | |--"Albert Alexander Lay" Look here, just follow it, as the "Asc returns Integer:xx" keeps on appearing way down but of different value, why? you ask, because that corresponds to the letter of name you input, and that is case sensitive :> like this ... Place the cursor on Asc retuns Integer:65 (will be highlighted in blue) Now look at the right hand side of SmartCheck, waddaya see... of course a letter ... [-] String string=00567410 | |-- = "A" do the same for others, and you'll spell out your name, kewl ;-) we're near, for a test, what should be for a small letter "e"? well in case you still hadn't get it it's ... Asc returns Integer:69 ------> corresponds to letter "e" Ok, now trace down till the last line of this [+]Command1_Click and what you'll see is the flag Mid, click on it and see the right side of SC and you'll see like this: [-] String (variant) | | | |-- String .bstrVal = 0056642C | | | |-- = "36406887.3545617" | |--- Long start = 9 0x00000009 | |--- Long length = 1 0x00000001 | [-] Replacement (variant) | |-- String .bstrVal = 0041F234 | |-- = "-" Hmm... what do you think possibly it says? or what does that mean, no harm in trying but the final analysis is that, there will be 2 sets of 8 digit numbers and is separated by "-" (guess the variant replacement key) he he :> keep on guessing :> Well, that's it, you've made it! Start RecipeGuide.exe, and click on the Register bar button and use this info: User Name : Albert Alexander Lay Registration Code : 36406887-3545617 Click OK and what you got? Eureka! It says "Thank You, Albert Alexander Lay for buying RecipeGuide! Now restart RecipeGuide to finish the registration". So click the OK button, exit and restart RecipeGuide, a start-up screen will display License to: Albert Alexander Lay (or your name on it ;) kewl :> Maayung Gabii sa tanan! Matulog na ta! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greetings goes to these people: tKC- i would like to thank tKC for his tutors. MsJessca- for hosting the tuts and inspiring tKC :> Albert Alexander Lay- KeWl DuDe! for the computer and Internet, goodluck ;) Ms. KJF- hello 7372122 :-) TSUP! thanks a lot ;) All cracking groups and cracking fanatics and newbies galores! Have fun :> keep on rockin' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hanggang sa Muli... MABUHAY! Another Tutor by DongJong ;-) sutra@goplay.com WHY PATCHING WHILE SERIAL NUMBER IS FISHY BitmapShrinker V 1.02 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM The BitmapShrinker is mainly a tool for authors of web-pages and help-files. It can shrink and enlarge graphics. The BitmapShrinker tries to choose the best fitting colors for the pixels in the resulting graphic to avoid disturbing stair and block-effects. The used method is often called anti-aliasing or bilinear interpolation. Shareware; Win95; English&German Homepage: http://www.beyersdorf.com/ URL : http://www.beyersdorf.com/archives/BShrink.exe Level : Beginner ( non programmer ) Protection : Serial Number, Time Limo Tool(s) : SoftIce v3.24 or higher 1. Run BitmapShrinker.exe , when the nag pops up click on the ENTER KEY button. Type your desired name and fake serial number i.e Name : Tracy Lord Key : 9073884665 DO NOT CLICK 'OK' yet 2. Press [ Ctrl + D ] to get into SoftIce, and type breakpoint bpx hmemcpy [enter] and F5 to return to the program, you can click OK button now. 3. You'll get into SoftIce and break in HMEMCPY, all you have to do is press F11, F5 and F11. To get into main program press F12 eleven (11) times until you see these below follow ing codes : _____________________________________________________________ :0047E9E1 E872B0F9FF call 00419A58 <---- YOU LAND HERE :0047E9E6 8B4DF8 mov ecx, dword ptr [ebp-08] :0047E9E9 8B93E0010000 mov edx, dword ptr [ebx+000001E0] :0047E9EF 8B83DC010000 mov eax, dword ptr [ebx+000001DC] :0047E9F5 E81EF5FFFF call 0047DF18 <---- Follow this :0047E9FA 84C0 test al, al call :0047E9FC 7432 je 0047EA30 :0047E9FE C605985B490001 mov byte ptr [00495B98], 01 _________________BITMAPSHRINKER!CODE+0007D9E1________________ Press F10 4 times or until you get 0047E9F5 is highlighted, press F8 to follow and trace this call ... this time you'll land at these below codes : :0047DF16 8BC0 mov eax, eax :0047DF18 55 push ebp :0047DF19 8BEC mov ebp, esp :0047DF1B 83C4E0 add esp, FFFFFFE0 :0047DF1E 53 push ebx :0047DF1F 56 push esi ....... ....... 4. Keep continue pressing F10 and stop at the 15th, at this step you have to watch what's going on in the SoftIce's Register Window and Data Window : :0047DF37 E8E058F8FF call 0040381C :0047DF3C 8B45F8 mov eax, dword ptr [ebp-08] :0047DF3F E8D858F8FF call 0040381C REGISTER WINDOW : EAX=00D36C10 SS:006EFD8 Dump/display the contents in EAX by typing : d eax ----> you'll see your Name and fake Serial Number in the SoftIce's Data Window. or d 006EFD8 ----> your Name is there ( note:alternatively you can double click your RIGHT mouse button and choose DISPLAY to see the contents ) 5. Press F10 again and stop at the 45th, and take care should be taken because I see the classic comparison code between ESI and EAX ( :0047DFAC 3BF0 cmp esi, eax ) ... let's prove it .. does the REAL Serial Number is there or not ? REGISTER WINDOW : EAX=00031372 ESI=006EF6D0 :0047DFA2 8BF0 mov esi, eax ---> YOU LAND HERE :0047DFA4 8B4508 mov eax, dword ptr [ebp+08] :0047DFA7 E8C87DF8FF call 00405D74 :0047DFAC 3BF0 cmp esi, eax ---> DO ?EAX or ?ESI :0047DFAE 0F8533010000 jne 0047E0E7 At memory address 0047DFA2 type in the SoftIce Command Line ? EAX ---> you'll get 201586 ? ESI ---> 7272144 ( Note: why shouldn't we do ?EAX at memory address 0047DFAC ?, because at the 47th of F10 you'll returned to the program and get 'Invalid code' message. However, by clicking OK in the prog's registration window you'll back into SoftIce and landed at memory address 0047DFA7. Press F10 once and do ?EAX and ?ESI ) 6. Disable all breakpoint by typing BD * , press F5 to return to the main program, and keyed in 201586 as your Serial Number. Click OK . Badass... you're registered! TIPS FOR BEGINNERS/NEWBIES * From the above explanation we have learn that do not always wait until classic CMP ESI,EAX ( or similar ) comes to your eyes... even it's exactly true. Keep on eyes the changes in the Register Window. END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] [EOF] WHY PATCHING WHILE SERIAL NUMBER IS FISHY Waste Whacker 4.1 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM Waste Whacker (4.1) - Remove wasted space! Waste Whacker automates the process of removing unwanted files from your hard drives. These files can be backup files, temp files, files with a zero-byte size,old Internet cache files, plus many others. Files can be sent to the Recycle Bin, completely removed from the system, or archived for later retrieval. WHERE TO DOWNLOAD Homepage : http://www.dbytes.com/ URL : http://www.dbytes.com/wastew.zip Size : KB HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run the program (WASTEW.EXE - 673,792 Bytes ), click VIEW STATISTICS icon button, okay now double click on the TRASHCAN / RECYCLE BIN icon to retrieve registration window that required your name and code. Unlike the previous version, this one is little bit fancy. 2. Type our fake codes i.e : Name : Malin Kundang Code : 9073884665 DO NOT CLICK OK button Yet! 3. Fire up SoftIce by pressing [ Ctrl + D ], set new breakpoint, in this regard iam using HMEMCPY : bpx hmemcpy [enter] then press F5 to return to the main program. Now you can click OK button which brings you back into SoftIce. 4. You're in SoftIce now. All you have to do is to reach the main prog codes, press F11, F5, F11 and F12 eleven (11) times until you see : ____________________________________________________________________ .004B1B04: E87F02F8FF call 000431D88 <==== you land here .004B1B09: 8B55F4 mov edx,[ebp][-000C] .004B1B0C: 8D433C lea eax,[ebx][0003C] .004B1B0F: E8D820F5FF call 000403BEC .004B1B14: 8D4DFC lea ecx,[ebp][-0004] .004B1B17: 8B533C mov edx,[ebx][0003C] .004B1B1A: 8B4324 mov eax,[ebx][00024] <== d edx here .004B1B1D: E822F9FFFF call 0004B1444 .004B1B22: 837DFC00 cmp d,[ebp][-0004],000 .004B1B26: 741F je 0004B1B47 .004B1B28: 8B45FC mov eax,[ebp][-0004] _____________________WASTEW!.shrink 0 + 000b0b04_____________________ TIPS : soon afterward you're in the main program codes, disable HMEMCPY by typing BD 00 , and create new breakpoint BPX 004B1B04 [ENTER] Press F10 five ( 5 ) times , stop the highlight bar at 0137:004B1B1A . Now, let's dump/display that memory address and see the contents in Data Window - here you can either by dragging your mouse cursor to the desired memory address followed with clicking the "right mouse button/display" or type : d edx [enter] Kewl .... your name appear in the Data Window, and if you scroll up a bit [ Alt + upArrow ] your fake serial number is also showed up. In my case they're around memory address 013F:00E09638. 5. Press F10 two ( 2 ) times, stop the highlight bar at 0137:004B1B22 . Look at the Data Window, did you see MALINKUNDANG and 118126865188 ? 6. Hell .... aren't we going too fast ? Is that the serial number we are looking ? Write it down! don't even hesitate, then disable all breakpoints by typing : bd * [enter] F5 7. Repeat registration procedure, and keyed-in that numbers, click OK and .... you're illegaly registered!. 8. We got lucky we can fish the correct serial number within shrinked (packed) executable .EXE file, while in some other program it's almost imposible unless you deshrinked first and start tracing the codes. END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] [EOF] Find a serial in HTML (Un)Compress 5.1 - step by step catched serial Target: HTML (Un)Compress 5.1 WWW: search with ultrapower engine www.profusion.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- Protections to be removed: unregistered state Tools: Softice, W32dasm & Windows Commander 4.03 --------Motto for my actions:------- I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Real happiness, free and freedom for all! -------- In tKC tutorial 65/part 4, the cracker LW2000 showed us a nice manner to crack this program with tandem w32dasm/hiew. Nice job LW2000! You have great tuts! Please go on! This is valid for anyone who make tutors and for tKC in special! Today I'll show you the method with Softice, because if this proggie has a registration window, let's take advantage from it and grab a valid serial which works with other versions too. Let's rave! 1. We are in w32dasm with file HTMLComp.exe decompiled. After I scanned for a period of time the code I arrived here: 45F129 with text "THE_Q". If you are looking at this portion of code you see that the program is preparing to compare your serial with the good one but first annulate the ones founded by the author on Internet from previous cracked versions. So the adress were the comparation is made is at 45F23A, first cmp after annulated serials: cmp al, byte ptr [edx+esi-01]. This is the point were our fake serial is comparated with the real one, step by step. Prepare for a G at 45F23A. 2. Now abort with W32Dasm. Prepare for Softice. Register with this dates: Johnny AUM and 1234567890. CTRL-D for Softice. Write breakpoint ShowWindow, Enter. CTRL-D, register with OK. 3. We pops in Softice. Write now adress from w32dasm, G 45F23A, for stoping at that adress. Oops! We are again in Registration Window. Press OK twice. We land in Sice for good at this time. 4. We are with cursor on adress 45F23A -> cmp al, byte ptr [edx+esi-01]. If you are not on adress 45F23A, something was wrong, repeat untill succeed. Ok, watch. So in al is doing all the comparations, one at a time. Let's see the content of al, write ? al, Enter. We see 118 "v". So this is the first symbol from our real serial. Write on paper every character discovered. Next. 5. Press F10 a few times with care, big eyes. We are again at 45F23A. Verifying again register al. Write ? al. Is 109 "m". So our serial, until now is "vm...". 6. Press F10, we collect again the value of al. Is "l". Serial: "vml..." 7. Next al is "y". Serial is: "vmly...". Now you catch the method... 8. ... When you observe that we escaped from the check routine and adress 45f23A don't appear anymore, it's meaning that we have already the all serial. Write bc *. CTRL-D. Our catched serial is v,m,l,y,0,T,S,w - vmly0TSw. For name Johnny AUM. Registering seems to be OK. Easy, ha? For unregistering, search with CTRL-F in regedit: "Johnny AUM". Now, a gift for you: Name: Anyone, Serial: GjhsLy0c. Job done, bye now! ---------------- Greets: tKC & CIA (nice guys!), to all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. I love you all but be a good soul! Romanian Greets: Toate cele bune oamenilor inimosi din Romania! O sa vina si zile mai bune! Incercati sa evoluati spiritual daca vreti sa fiti fericiti! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time! God is pure love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY! Critics, comments, anything at: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ Find a serial in Tickle 1.1 Target: Tickle 1.1 (Tickle.exe - 38400 bites) WWW: search on WEB with metaengine www.profusion.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- Protections to be removed: unregistered state Tools: Softice & Windows Commander 4.03 --------Motto for my actions:------- I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Real happiness, free and freedom for all! -------- The program Tickle 1.1 is a kind of program that keeps your conections with WEB alive. So, a serial is needed for this little proggie! Let's do it fast! 1. Register in registration window with Johnny AUM and 123acd. 2. Put bpx hmemcpy in softice. CTRL-D. Register. Press F5 once when you pop in Sice for second comparation. 3. Let's search in memory of sice after the serial we entered: 123acd. Write now s 0 l ffffffff '123acd', Enter. 4. We read down "Patern found at 157:76177C" (76177C on my PC - may be different on yours). Let's make a memory breakpoint at this adress: bpm 76177C, Enter. I choose memory breakpoint because is the only one which take me to the real serial. 5. Press F5 for activating the breakpoint, Enter. 6. Now we go a few times with F10 until adress 7800E856 or until you see the register ecx highlighted, at adress 14F:7800E856 -> POP ECX. Here the program grab the values comparated previously in memory. Let's see the content of ecx. Write d ecx, Enter. Bingo! Our good serial for name Johnny AUM is here: 9C54E1E1. Job done! PS. Aah, a gift from me to you: N: Anyone & S: 89ACF947. ---------------- Greets: tKC & CIA (nice guys!), to all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. I love you all but be a good soul! Romanian Greets: Toate cele bune oamenilor inimosi din Romania! O sa vina si zile mai bune! Incercati sa evoluati spiritual daca vreti sa fiti fericiti! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time! God is pure love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY! Critics, comments, anything at: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #84 soon! ;) Credits goto: Sir Dawg for Splash Logo. DongJong for providing a tut in this version. ASTAGA for providing 2 tuts in this version. Johnny Aum for providing 2 tuts in this version. To ALL the crackers: You are welcome to send me your tutors to publish them... see below for my email address! *** 95 chars per line in textfile please! *** And all the tutors can be found at: http://www.crackersinaction.org (or on IRC, ask CiA ops for urls!) Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action 2000 Compiled with Delphi 5 on 5 June 2000 Cracking Tutorial #83 is dedicated to Sonia...