Welcome to Cracking Tutorial #99! Hiya guys, Sorry for delays, again I was busy with coding and all shit.. Here's a tut99.tKC... OK, let's rave! ...or crack babes? :) You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.05 W32Dasm v8.93 Hacker's View v6.55 SmartCheck v6.03 ProcDump32 v1.6.2 TRW2000 v1.22 IDA v4.04 Windows Commander v4.51 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good sites where you can grab tools from: http://protools.cjb.net http://w3.to/protools http://www.crackstore.com or ask any crackers to get you these tools! Are you ready?! OK! ;) Program: SafetyScan v 2.5J Homepage: http://www.iolo.com Size: 359Kb Prog Synopsis: This average sort of prog scans your hard drive for any 'rubbish' files such as .tmp .~ files including emptying the Internet Temp folder and Internet Cache folders. It can do this on a scheduled time basis as required. It resides in the system tray and costs $30 dollars or so to register. Please note that I am very much a 'newbie' to cracking so the other day I was reading the tut of Astaga [D4C/C4A] for a prog called SafetyScan v 2.5J. I downloaded the prog fired up SICE with bpx on hmemcpy, entered my reg. number but couldn't get nowhere near to the program lines of 0044FDF5 which Astaga got to no matter how I tried (Remember I am a newbie :)). I couldn't find any calls or references to any 44FDxx prog lines. So I fired up W32Dasm and looked at the text strings - sure enough "You have entered an invalid . . . " appears at line 44FFD4 but I still couldn't get to that in SICE. So I decided on another approach. I fired up SICE with a bpx getwindowtexta. A F11 took me into SafeScan at 0042F70C. I looked back into W32Dasm at 42F70C and scrolled up and followed the call references all the way back (438948, 43891C, 43890A, 438900, 4388E2, 4388D8, 438889, 43887C, 438873, 438861) to 438833. I decided to bpx on 438833. So fired up SICE, bpx first on getwindowtexta, run prog, F11 and set a bpx on 438833. (Don't forget to disable the bpx on getwindowtexta). Re-registered and SICE broke at 438833. I then started to F10 through the code and after pressing F10 (397 yes 397!) times (I am sure that experienced crackers would not need to do this but I don't know another way yet) you get to 438B63 pop ESI. At this point if you do d edi on the command line in SICE you will see the 'echo' that is the real serial number (in my case 8127901) in the data window. I must admit I tried this again whilst writing this tut but didn't see the echo again. However, I didn't re-type my fake serial number in again and just pressed OK. I then deleted and typed my fake serial number in again and went through the above again and the 'echo' was there. I hope the above helps but if I haven't made anything clear, please forgive me as this is my first tut. Many thanks to tKC and the crew - you really are the best! Regards jkon7 How to crack DiskList 1.5 Target: DiskList 1.5 WWW: http://www.blueface.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- Protections to be removed: entry nag, limitations on many volumes, unregistered style Tools: Hiew, W32Dasm & Windows Commander 4.51 --------Motto for my actions:------- I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Real happiness, free and freedom for all! -------- Let's do this baby! DiskList is a program similar to Advanced Disk Catalog 1.31a, but is more fast even if is not having so many facilities. So, it can store your informations from CD's and with a simple search you can find a file or a program name, or other interesting stuff...bleah, bleah, bleah... 1. Let's take a look at our exe: disklist.exe; I mean disassemble a little with W32Dasm for begining! 2. I looked in the code and my remark is that where are the limitations of unregistered version, there is also a reference to file blueface.dll. For instance at w32dasm line 406885 is the next limitation: "Printing is only available when DiskList has been registered" and above is that reference to blueface.dll -> blueface.IsRegistered (line 406870). OK, let's load in W32dasm our target file: blueface.dll. 3. It's loaded, and we search for words "IsRegistered". Bingo! At w32dasm line 4018BC is our piece of code which is dealing with registered style and all the boring stuff: nags, etc... 4. My first move: let's replace from this line, 4018BC - 51 with C3 for canceling the posibility to be found unregistered... so, this mean hiew EBC, done! Let's try... All seems to be OK, except in About where is still look unregistered! 5. Let's now search for About stuff, so word "about" -> Alt-S-Enter and go! At second try it line 401F01 with word "About" and a interesting jump below who tells you if you're registered or not in about window! So, let's switch it! W32dasm line 401F3D je 401F82; we can put jne but better is to be 90,90. Let's start at hiew 153D and replace... try and... Bingooooo! All looks now like you are a registered user, my friend! So, my job is done now, but... PS. A regkey for you (to register directly in Registry, after cracking, sure): -----copy from here without this line------- REGEDIT4 [HKEY_USERS\.Default\Software\BlueFace\DiskList V1.5\Settings] "License"="REGNO12345" "RegisteredTo"="Johnny AUM" -----copy until here without this line------ Of corse, you can switch to your name... bye! This was a fast technique, isn't it? Remember it! Have a good cracking time! ---------------- Greets: tKC & CIA (nice guys!), to all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. I love you all but be a good soul! Romanian Greets: Toate cele bune oamenilor inimosi din Romania! O sa vina si zile mai bune! Incercati sa evoluati spiritual daca vreti sa fiti fericiti! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time! God is pure love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY! Critics, comments, anything at: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ How to crack Quick View Plus 6.0.1 Trial Target: Quick View Plus 6.0.1 Trial WWW: http://www.jasc.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- Protections to be removed: nag, expiration Tools: Hiew, W32Dasm & Windows Commander 4.51 --------Motto for my actions:------- I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Real happiness, free and freedom for all! -------- Very soon I've downloaded this nice viewer and a complete one, Quick View Plus, version available is 6.0.1. Let's see what we can crack in it! Observations, first: we enter in it, see a nag with uninstall and continue buttons, press Continue, let's see more, exit and make date/year on 2001. Re-enter and we see that Quick View Plus has expired for good. So, we have to remove nag and expiration problem. 1. We take a look at size of qvp32.exe; 40960 bytes, very thin, ha? Couldn't contain too many code for such a program, so we look near it, at file qvp.dll. This file is more like a program file with plenty of code, principal code of program. Let's disassemble it with W32Dasm. 2. Let's take a look for words (Alt-S-Enter) like trial, coz it's a trial, isn't it?; w32dasm is stopped at next text: QVPTrialWareStart. Interesting... Let's search now for this word: QVPTrialWareStart. 3. We are now stopped at line 2080A770 and above is our nice word. It seems that here is processing some starts and registration stuff... Let's cancel this piece of code from here (I always try this first!): so w32dasm line 2080A770 is hiew A770. So, we replace 81 with C3, save and let's try for good! 4. Yohoo, or Yahoo, coz it's done and all look like a registered version! No nag, no expiration, we try to get back the good year, it's still OK! My job is done! So easy, he,he,he! PS. As you can see in my tutor with DiskList 1.5 was used a similar aproach coz is a type of similar code! Notice, please, that this is a good techique and very simple! Try it always first on similar types of code! Aaah, optional! You can delete also words "Evaluation Version" from splash and about! This is your homework, amigo! ---------------- Greets: tKC & CIA (nice guys!), to all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. I love you all but be a good soul! Romanian Greets: Toate cele bune oamenilor inimosi din Romania! O sa vina si zile mai bune! Incercati sa evoluati spiritual daca vreti sa fiti fericiti! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time! God is pure love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY! Critics, comments, anything at: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ DongJong's NEWBIE TUTORIAL DongJong's How to get a MACHINE SERIAL for Keno Reeves Video Keno v3.0 Tools to use ~~~~~~~~~~~~ SmartCheck 6.xx Where to get Tools ~~~~~~~~~~~~~~~~~~ http://cracking.home.ml.org http://surt.to/HarvestR http://crackstore.com http://www.pepsoft.com Where to get the program ~~~~~~~~~~~~~~~~~~~~~~~~ Keno Reeves Video Keno v3.0 http://www.cyrens.com/kenoreeves/krvk30.zip Program description ~~~~~~~~~~~~~~~~~~~ Keno Reeves lets you play casino-style Keno on your PC. Click to mark the game card with 2 to 10 spots. Odds are displayed immediately for your game. Bet from 1 to 4 coins per game and set the coin value in the registered version. Click play and the numbers are drawn and your hits are identified. The payoff is displayed and a sum window shows whether you are winning or losing. The registered version offers an auto-play feature, computer number picks, and detailed stats on number frequency. The controls are easy to figure out, but there is online help. This is one of the more full-featured computer Keno games you will find. The shareware version continues to function after 30 days, but register for the additional features. Procedures ~~~~~~~~~~ Start SmartCheck (SC) and open KenoReevesV30.exe, run the program by pressing F5, as usual, you need to click only the "ACKNOWLEDGE" button when SC is running and gives you option buttons to click to, until we came when SC now loads the program. There are lots of features that are disabled for the unregisterd version of this game, it is disabled because it doesn't work and as you could not click on it as the menu is grayed out! he he :> Registration is based on the computer and hard drive that the program is installed on. A $15.95 value after the 30 day demo :> Okey! lets go on, after clicking those SC acknowledge button, the program will load, then choose the Registration menu, click on Enter Registration Code, there you'll see your machine specific code, mine is K$2-2-5-4-K-A-A-0, this software doesn't need any personal name, i mean not needed in the serial computation, but it does ask you your name after you have entered the correct serial, but it doesn't show in the About menu though :> it just enables those disabled grayed out menu! Okey, after you have click the Enter registration Code, there's a box for you to enter your suposedly serial, okey, here's the short of it (enter any serial just follow my tut) : Machine Code: K$2-2-5-4-K-A-A-0 Serial: 1434 Then after filling on the details click on OK, and a not so nice message will greet you saying "Invalid Registration Code! ggggrrrrrr! he he :> always a wrong guess huh :> Warning though! the SC runs too long before that error message appears, about an hour, as i already finished eating finished my lunch, it's still running, until i finish brushing my teeth it's still not finished! anyway, it's already done that's why i'm able to write this tutor for YOU ... go on and just click on and exit the program, press on the error the "Acknowledge" button and SC stops tracing for us to begin hunting that code :> Ok, so now let's look on the left side of SmartCheck, [+]Timer4_Timer, guess those waiting time are monitored by SC too! Just don't mind them, as they are not the one we're looking for, near the end look for [+]mnuRegCode_Click , after you've click on it, it will be very very long and that browsing thru it, you will noticed that it is just going over and over again, some kind of a loop, but never mind, just go near the end of this menu... of the pack click on it and see the right side of SC and you'll see like this: [+]mnuRegCode_Click | | (snip for brevity's sake) | |-- Left Now after arriving on that menu, watch the right hand side of SC and there you'll see this details: [+]-- string (variant) | | | [-]-- unsigned short * *.pbstrVal = 00476094 | | | [-]-- String = 00494418 | | | |-- = "MKMCLSSTK" | |--- Long length = 8 0x00000008 Hmm... he he, keep on smiling, as the long run is over, my lunch kinda digested for now :> But what does that tell us? Do you still remember my previous TUT???? he he, if i were you i'll say, it's kinda vague for now :> ha ha ha :> Anyway, that Long length simply tells us that we can take an X number of digit from that String, goes to say, a minimum of 8 digit from that String will be enough to register it or you can either take them all, same effect, it's now REGISTERED! Well, that's it, you've made it! Start KenoReevesV30.exe, and click on the Registration menu and use this info: Registration Code : MKMCLSST or MKMCLSSTK Click OK and what you got? Caramba! It says "Thank you for your purchase! Your game has been registered! Have fun and enjoy playing Keno Reeves Video Keno!" The Registration menu is gone already, kewl :> The registration details is place in the game directory in the kr.ini file. Play on it :> Remember it's machine specific, so follow my tut and get your own machine specific serial for this game :> Maayung Hapon sa tanan! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greetings goes to these people: tKC- i would like to thank tKC for his tutors. MsJessca- for hosting the tuts and inspiring tkc :> Albert Alexander Lay- KeWl DuDe! for the computer and Internet, goodluck ;) Ms. KJF- hello 7372122 :-) Ariba! Your BJ feels so GOODA!I Love You! ;) All cracking groups and cracking fanatics and newbies galores! Have fun :> keep on rockin' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ My good friend Albert Alexander Lay has a mobile phone +639179356877 I'd like to have some international friends all over the world, please text me via that mobile number, please state your full name, age, sex and the place (from where are you), will text you via INTERNET! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hanggang sa Muli... MABUHAY! Another Tutor by DongJong ;-) sutra@goplay.com DongJong's NEWBIE TUTORIAL DongJong's How to get a PERSONAL SERIAL for Lovers Ecstasy v4.0 Tools to use ~~~~~~~~~~~~ SmartCheck 6.xx Where to get Tools ~~~~~~~~~~~~~~~~~~ http://cracking.home.ml.org http://surt.to/HarvestR http://crackstore.com http://www.pepsoft.com Where to get the program ~~~~~~~~~~~~~~~~~~~~~~~~ Lovers Ecstasy v4.0 http://www.loversecstasy.com/LoveInst.exe Program description ~~~~~~~~~~~~~~~~~~~ Lovers Ecstasy is a romantic activity game that allows you and your lover to express your desires and discover exciting new ways of having them satisfied. To be truthful, it is just another way of getting laid. Oops, I mean get closer to your loved one. Hopefully you will find new things that you and your lover enjoy. This may have an added side effect; it may allow you to "get some" a whole lot more and more often. Also, if your lover is not interested in playing the game, a pleasure database browser is available. Use this to gather ideas to surprise your lover in your next escapade. Either way, please enjoy! Procedures ~~~~~~~~~~ Start SmartCheck (SC) and open Lovers.exe, run the program by pressing F5, as usual, you need to click only the "ACKNOWLEDGE" button when SC is running and gives you option buttons to click to, until we came when SC now loads the program. A $29.95 value after the 30 day demo :> Hmm... what's more, you got free future minor or major upgrade for the life of Lovers Ecstasy :> Okey! lets go on, after clicking those SC acknowledge button, the program will load, then choose the Help --> Registration menu, it brings forth a big page covering your whole screen, there enter any name and serial number you like. Okey, after you have click the Enter registration Code, there's a box for you to enter your suposedly serial, okey, here's the short of it (enter any serial just follow my tut) : Serial Number: 1434 Name: Albert Alexander Lay Then after filling on the details click on SAVE, and a not so nice message will greet you saying "Error validating serial number, please check to make sure.... etc." Just click OK and CANCEL go on and just click on and exit the program, press on the error the "Acknowledge" button and SC stops tracing for us to begin hunting that code :> Ok, so now let's look on the left side of SmartCheck, [+]btnSave_Click, after you've click on it, there'll be a long line of Mid(s) along it when you continue to browse way down below it, but never mind, just go near the end of this menu... Mid... click on it and see the right side of SC and you'll see like this: [-]-- string (variant) | | | [-]-- unsigned short * *.pbstrVal = 0068F154 | | | [-]-- String = 004874E8 | | | |-- = "961799967597" | |--- Long length = 9 0x00000009 | [-]-- start (variant) | |--- Integer .iVal = 4 0x0004 Hmm... if you try that out... he he... don't smile! as it won't work! I was finding out why and analyze the upper Mid directly above that what we have been working on... still the same except for this... |--- Long length = 4 0x00000004 Hmmm... take a deep breath, the answer must be somewhere within this mumbo jumbo of codes that's hidden and waiting to be discovered, if SC could only speak and help me out just by yelling the answer :> he he :> silly thought, he he, who knows future versions :> I dunno where to look for that, but as i was browsing all those SC clues, i kinda always, saw that string "" , but there ain't nothing in it :< but the way i analyze it is that (anybody have any idea, do inform me, as this would be a great learning improvement for me) : |--- Long length = 4 0x00000004 |--- Long length = 9 0x00000009 You need to put a string "-" on the 4th and 9th of that suspected serial 961799967597:> hmmm... everybody clear on this? he he, ok me myself am confuse :< okey, how do we say it, ok, here it is, put a string "-" before the fourth and ninth digit of 961799967597 :> and that translate to: Serial Number : 961-79996-7597 Well, that's it, you've made it! Start Lovers.exe, and click on the Registration menu and use this info: Serial Number : 961-79996-7597 Name: Albert Alexander Lay Click OK and what you got? Coitus! Ariba! It says "You have been succesfully registered. Again, thank you for registering!" kewl :> The next time you load Lovers Ecstasy, click on about menu and see your name on it, beautiful, nice gift for your lover indeed, plenty of fun, all night long ..... The registration details is place in the registry directory : My Computer/HKEY_CURRENT_USER/Software/VB and VBA Program Settings\LakeLE40 just delete the Name and RegNbr string value to revert to the unregisterd state of the program, follow my tut and get your own name and serial for this sexy game :> Maayung Gabi-i sa tanan! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greetings goes to these people: tKC- i would like to thank tKC for his tutors. MsJessca- for hosting the tuts and inspiring tkc :> Albert Alexander Lay- KeWl DuDe! for the computer and Internet, goodluck ;) Ms. KJF- hello 7372122 :-) Happy Moon Festival! I Love You! ;) All cracking groups and cracking fanatics and newbies galores! Have fun :> keep on rockin' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ My good friend Albert Alexander Lay has a mobile phone +639179356877 I'd like to have some international friends all over the world, please text me via that mobile number, please state your full name, age, sex and the place (from where are you), will text you via INTERNET! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hanggang sa Muli... MABUHAY! Another Tutor by DongJong ;-) sutra@goplay.com I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #100 soon! ;) Credits goto: cokine for Splash Logo. jkon7 for providing a tut in this version. Johnny Aum for providing 2 tuts in this version. DongJong for providing 2 tuts in this version. To ALL the crackers: You are welcome to send me your tutors to publish them .. see below for my email address! *** 95 chars per line in textfile please! *** And all the tutors can be found at: http://www.crackersinaction.com (or on IRC, ask CiA ops for urls!) Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action 2000 Compiled with Delphi 5 on 23 September 2000 Cracking Tutorial #99 is dedicated to LW2000...