Welcome to Cracking Tutorial #102! Hiya guys, Well, here is another tut102.tKC... Let's rave! ...or crack babes? :) You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.05 W32Dasm v8.93 Hacker's View v6.55 SmartCheck v6.03 ProcDump32 v1.6.2 TRW2000 v1.22 IDA v4.04 Windows Commander v4.51 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good sites where you can grab tools from: http://protools.cjb.net http://w3.to/protools http://www.crackstore.com or ask any crackers to get you these tools! Are you ready?! OK! ;) DongJong's NEWBIE TUTORIAL DongJong's How to get a MACHINE SERIAL for Smart SMS v2.0 An ActiveLock Protected Software Tools to use ~~~~~~~~~~~~ SmartCheck 6.xx ActiveLock Keygen 1.5 Where to get Tools ~~~~~~~~~~~~~~~~~~ http://cracking.home.ml.org http://surt.to/HarvestR http://crackstore.com http://www.pepsoft.com http://www.insite.com.br/~nferraz/activelock/download/ Where to get the program ~~~~~~~~~~~~~~~~~~~~~~~~ Smart SMS v2.0 http://www.dalnet.se/~uffe/smartsms20.exe Activelock Keygen v1.5 http://www.insite.com.br/~nferraz/activelock/download/nslock15.zip Program description ~~~~~~~~~~~~~~~~~~~ SmartSMS enables you to send Caller Group Graphic, Operator Logo, Ringtones and FlashSMS. Caller Group Graphics, Operator Logos and Ringtones only work for Nokia phones. Most new phones can however receive FlashSMS. You dont need a cable or infrared connection. SmartSMS sends the ringtone, logo or group graphic as an ordinary SMS. Those SMS can be sent through Internet or by a modem (or ISDN modem) direct connection to a GSM operator with a dialup SMSC (SMS server) that use the UCP protocol. Procedures ~~~~~~~~~~ What is ActiveLock? ACTIVELOCK is an antipiracy tool and a way to get more information about your users, all rolled into one compact control. Use ActiveLock to disable certain features of your application until it is registered (the "crippleware" approach), or have the software disable itself entirely after a set time ("trialware"). And how do i know a program is protected by an ActiveLock? Well, for me, just use any progam that will keep track of installation information when you install a program. And what file will i track? The file that denotes that it is protected by Activelock is nslock15.ocx (15 suggest it's version 1.5), it's usually found at C:\Windows\System directory or just search for it :> he he :> OK, now i'm picking a sample program that's protected by ActiveLock, it's Smart SMS, version 2.0 at the moment. Start SmartCheck (sc) and open smartsms.exe, run the program by pressing F5, press some "few" ACKNOWLEDGE button and take a rest, because it's still about 1,500,000 program events before a program splash box appears that has a register button and a timer besides it and on the upper right corner is a license to UNREGISTERED word on it. If you click on register, a reg form displays with a Software Key, mine was 1680FC5EB4, then a blank registration code and name, well, let's kinda try to input any name and any number, say what? well it says "Invalid Registration Code!" Ok, stop SC and so now let's look at the left side of SmartCheck, luckily... just a few, but don't count on it, inside maybe is a lot for us to look to :> but just take a look at the string with [+]_Load, click that and it expand, whew! he he, i told you it's long :>, but the one we're looking for is just on top, it's kind of spoonfeeded at us for being so patient :> ha ha :> just below it is the []Left, click on it and see the right pane of SC, waddya got :> well, here it is : [+]-- string (variant) | | | |-- unsigned short * * .pbstrVal = 0068EB64 | | | |-- String = 004625A8 | | | |-- "g7TuhXmkol" | |--- Long length = 40 0x00000028 He he :> yes folks, show is over, basically :> the password for this SmartSMS is g7TuhXmkol (same in all computer, it just differs from software key) here's the round up :> When you run smartsms.exe and click on register button, it has three fields to fill up these are (check your different data, just follow my tut): Software key : 1680FC5EB4 {given by software} Registration Code: {blank} Name : {blank} Then run that Activelock key generator, and fill this information: Password : g7TuhXmkol Liberation Key length: {just leave blank, it just auto fill} Software Code : 1680FC5EB4 Press the generate key and a liberation key is produced : Liberation key : 2F596CAA3E8DF8BC So, here's the infos you gonna place when you ran smartsms.exe :> Software key : 1680FC5EB4 {given by software} Registration Code: {blank} --- place 2F596CAA3E8DF8BC Name : {blank} --- Albert Alexander Lay Then click OK, whoa! he he :> it says "Thank you for registering this program!" Well, that's it folks, just remember to follow my tut to get your own Name and Reg Code for your computer :> Maayung Buntag sa tanan! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greetings goes to these people: tkc- i would like to thank tKC for his tutors. MsJessca- for hosting the tuts and inspiring tkc :> Albert Alexander Lay- KeWl DuDe! for the computer and Internet, goodluck ;) Ms. KJF- hello 7372122 :-) Thanks for being with me! I Love You! ;) All cracking groups and cracking fanatics and newbies galores! Have fun :> keep on rockin' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ My good friend Albert Alexander Lay has a mobile phone +639179356877 I'd like to have some international friends all over the world, please text me via that mobile number, please state your full name, age, sex and the place (from where are you), will text you via INTERNET! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hanggang sa Muli... MABUHAY! Another Tutor by DongJong ;-) sutra@goplay.com WHY PATCHING WHILE SERIAL NUMBER IS FISHY AceFTP v1.30 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM AceFTP is a fully functional software that allows users to transfer files between their computers and their Internet servers. AceFTP can connect to all types of servers. It has unique and advance functions, such as simultaneous connection to several servers. With its intuitive interface, AceFTP makes navigating your Internet site and transferring your files fast and easy. WHERE TO DOWNLOAD Author : Visicom Media Inc. Homepage : http://www.visicommedia.com URL : ftp://ftp.xpert.net/pub/visicom/pub/aftp130.exe Size : Bytez as of Oct 10,2000 Release Date : HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run AceXFTP.exe, in the main program click HELP/ABOUT/ REGISTER button, then type these below informations : Name : Pirates Order Code : 7388105099 Do not click OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], set a new breakpoint in the Command Line : BPX HMEMCPY [enter] and F5 to return to the main program 3. Click OK button now, you'll return back into SoftIce. Press F11, F5, F11 once again and F12 several times until you reach the main program codes as follows : ___________________________________________________________________ 004B9CA6: E87D56F8FF call 00043F328 004B9CAB: 837DF400 cmp d,[ebp][-000C],000 004B9CAF: 751D jne 0004B9CCE ... ... 004B9CCE: 8D55F0 lea edx,[ebp][-0010] 004B9CD1: 8B83D4020000 mov eax,[ebx][0000002D4 004B9CD7: E84C56F8FF call 00043F328 004B9CDC: 8B55F0 mov edx,[ebp][-0010] 004B9CDF: 8D4DFC lea ecx,[ebp][-0004] 004B9CE2: A128484F00 mov eax,[0004F4828] 004B9CE7: 8B00 mov eax,[eax] 004B9CE9: E826BD0000 call 0004C5A14 004B9CEE: 8D55EC lea edx,[ebp][-0014] 004B9CF1: 8B83D8020000 mov eax,[ebx][0000002D8 004B9CF7: E82C56F8FF call 00043F328 004B9CFC: 8B55EC mov edx,[ebp][-0014] 004B9CFF: 8B45FC mov eax,[ebp][-0004] 004B9D02: E831A4F4FF call 000404138 004B9D07: 0F8580000000 jne 0004B9D8D ___________________________________________________________________ Disable/clear previous breakpoint ( bd or bc * [enter] ) Set a new breakpoint : bpx 015F:004B9CA6 [enter] NOTE : Otherwise you can do a search string to locate the address as follow : s 0 l fffffffffffffffff E8 7D 56 F8 FF 83 7D F4 [enter] SoftIce will response : Pattern found at xxxx:004B9CA6 (004B9CA6) 4. Now, let's start tracing the codes. Press F10 2 times, after jump pass the JNE instruction at 015F:004B9CAF you'll landing at 015F:004B9CCE . From here press F10 10 times dump/display EDX and EAX register, you will see your name and fake S/N appear in the Data Window. Starting from 015F:004B9CF7 let's continue our tracing by pressing F10 3 times ( stop at 015F:004B9D02 ). Now type in the Command Line : d eax [enter] Look at the Data Window, did you see 4BYR25-7RFJSB-3MN2Y4-AELT2R at memory address 0167:011EAEC8 ??? Write down this suspicious code number. If you scroll up a bit there are another alphanumeric characters without "-" ( dash ), Write it down, who knows they're gonna be usefull later on. 5. Disable all current existing breakpoint(s) : bd * [enter] F5 to return to registration window 6. Repeat registration procedure, and typed-in 4BYR25-7RFJSB-3MN2Y4 -AELT2R as your code number. Voila!... you're registered. 7. Now, let's expierience with another suspicious number. Put a dash ("-") in every six character or take them all. Prior to this, delete/modify previous accepted code number in the registry ( manually open REGEDIT.COM ) to be like this : [HKEY_CURRENT_USER\Software\Visicom Media\AceExpertFTP\ Registration] "Name"="Pirates Order" "SerialNum"="" (Don't forget to press F5 to update registry entry.) 8. Re-run the program, and repeat registration procedure. Keyed-in those 2 couple numbers respectively. Does it work??? ...GOTCHA 9. How can I practise with my own user name ? - I strongly recommended you not to do this! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-aceftp130.zip [EOF] October 10,2000 12:45:24 PM 10/10/00 WHY PATCHING WHILE SERIAL NUMBER IS FISHY AS-Util98 v1.76 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM AS-Util98 ist das WIN98 Systemtool der Spitzenklasse! AS-Util98 beherrscht nahezu alle undokumentierten Funktionen von WIN98! Mit AS-Util98 erleichtern Sie sich das Arbeiten mit Windows98 und bekommen hilfreiche Tips sowie Zusatzfunktion in die Hand . Alle Administratorfunktionen die Sie vielleicht bereits von AS-UTIL95 kennen sind ebenfalls integriert! Es handelt sich hierbei um ein mchtiges Systemtool speziell fr Windows98. Das bedeutet aber auch fr den Anwender, da er sich im Klaren darber sein mu, da nicht jede Funktion des Programmes immer 100%-ig getestet sein kann... Dafr bentigt man Rechner mit verschiedenen Konfigurationen und jede Menge Zeit. Das heit aber dann auch die Kosten fr das Programm wrden sich in Hhen bewegen, die ein "normaler" Anwender kaum zahlen wrde! WHERE TO DOWNLOAD Author : Andreas Schrder Homepage : www.fantastic-art.com/team/asware/index.htm http://www.as-tools.de/ URL : http://www.as-tools.de/AndreasSchroeder/asutil98.exe Size : 1,157,408 Bytez as of Oct 10,2000 Release Date : August 01,2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run UTIL98.EXE, in the main program click XTRASS!+ZUSATZ PROGRAMME check box then click on REGISTRIERUNG submenu. In the right panel / registration dialog box type these below informations : Name : Pirates Order Code : 7388105099 Do not click UBERNEHMEN/OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], set a new breakpoint in the Command Line : BPX HMEMCPY [enter] and F5 to return to the main program 3. Click OK button now, you'll return back into SoftIce. Press F11, F5, F11 once again and F12 several times until you reach the main program codes as follows : ___________________________________________________________________ 00469001: E8B626FBFF call 00041B6BC <=== you land HERE 00469006: 8B95E8FEFFFF mov edx,[ebp][0FFFFFEE8] 0046900C: 8D85ECFEFFFF lea eax,[ebp][0FFFFFEEC] 00469012: B9FF000000 mov ecx,0000000FF 00469017: E848ABF9FF call 000403B64 0046901C: 8D95ECFEFFFF lea edx,[ebp][0FFFFFEEC] 00469022: 8B8344080000 mov eax,[ebx][000000844] 00469028: 8A8871030000 mov cl,[eax][000000371] 0046902E: 8B8344080000 mov eax,[ebx][000000844] 00469034: E86769FEFF call 00044F9A0 00469039: 8D55EC lea edx,[ebp][-0014] <== d edx 0046903C: 8D45F8 lea eax,[ebp][-0008] ___________________________________________________________________ Disable/clear previous breakpoint ( bd or bc * [enter] ) Set a new breakpoint : bpx 015F:00469001 [enter] NOTE : Otherwise you can do a search string to locate the address as follow : s 0 l fffffffffffffffff e8 b6 26 fb ff 8b 95 e8 [enter] SoftIce will response : Pattern found at xxxx:00469001 (00469001) 4. Now, let's start tracing the codes. Press F10 10 times, after jump pass the CALL instruction at 015F:00469034 ( stop at 015F:00469039 ) dump/display EDX register by typing : d edx [enter] Look at the Data Window (0167:73F5E4), did you see $03FB82BA ? 5. Write down this suspected registration code and disable all break points : bd * [enter] F5 to return to registration window 6. Just click the "beggar-off" message, typed-in $03FB82BA as your code number. " Vielen Dank fr die Registrierung " will appear on the screen, then continue by clicking OK button. But WAIT, don't you see in the NAME and CODE field box showed ' *UNREGISTRIERT*! ' and ' Danken fr die Registrierung ' ???? What the heck is this ? the OK button got dimmed also! 7. Dont be panic, just click SCHLIEEN button to quit the program. Restart UTIL98.EXE, look at the left panel "AS-UTIL98 INFOFEN STER" and the right panel "REGISTRIERT AUF: Pirates Order"! Hehehehe ...... you're ILLEGALLY REGISTERED now ...... da hast Du Dich aber anscheien lassen!. 7. Where the hell is my registration code is stored ?? - The correct registration code is encrypted and stored in the file called UTIL98.KEY which located in your AS-UTIL98 directory. 8. How can I practise with my own user name ? - I strongly recommended you not to do this! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-asutil98.zip [EOF] October 10,2000 12:45:24 PM 10/10/00 WHY PATCHING WHILE SERIAL NUMBER IS FISHY Secure Browser v1.10 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM Secure Browser (tm) is the ultimate tool to insure your co-workers are going to only allowed websites. This browser is great for web shows if you just want to feature your domain. Secure Browser is also very easy to use and very powerful making it the best secure browser of its kind. WHERE TO DOWNLOAD Author : Tropical Software Homepage : http://tropsoft.com/stealth URL : http://tropsoft.com/secbrowd.exe Size : 518.454 Bytez as of Oct 10,2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run SecBrowser.exe, click REGISTER menu. In the registration dialog box type these below informations : Registered User : Pirates Order Registration Key: 7388105099 Do not click OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], put a new breakpoint in this regard is GetWindowTextA : BPX GetWindowTextA [enter] and F5 to return to the main program 3. Click OK button now, you'll return back into SoftIce. Press F11, F5, and F11 once again to get into the main program codes as follows : ___________________________________________________________________ 0044316D: FF15D0964A00 call GetWindowTextA <== you land 00443173: 8B4C2408 mov ecx,[esp][00008 <== here 00443177: 6AFF push 0FF 00443179: E8F8330000 call 000446576 0044317E: EB0C jmps 00044318C 00443180: 8B01 mov eax,[ecx] 00443182: FF742408 push d,[esp][00008] 00443186: FF9088000000 call d,[eax][0000000 ___________________________________________________________________ 4. Iam not going into detail because I've been traced for you. The details can be read in my tute called TUTE-STEALTH33.TXT ( c_tkc10x.zip ) for which this program have similar protection. 5. Now do a search string to locate the address where your valid S/N copied ( echoed ? ) into memory address : s 0 l fffffffffffffffff e8 87 ae ff ff 59 59 85 c0 [enter] SoftIce will response : Pattern found at 015F:004064D0 G 015F:004064D0 [enter] If nothing goes wrong your Code Window will look as follow : 004064CF: 51 push ecx 004064D0: E887AEFFFF call 00040135C <== you land here 004064D5: 59 pop ecx 004064D6: 59 pop ecx Press F10 once and after jump pass CALL instruction at 015F:004064D0 ( or stop at 015F:004064D5 ) dump/display ECX or EDX register by typing : d ecx or d edx [enter] Now, look at the Data Window .... what the hell is 774A2AA406 near your fake serial number ? It was in the memory address of 0167:6AECE1! 6. Write down this suspected registration code and disable all break points : bd * [enter] F5 to return to registration window 7. Soon you're return back to the program, the 'beggar-off' msg appear on the screen, just click OK to confirm and quit the application ( nice try .... Kuczynski! ). 6. Re-run the program, repeat registration procedure and keyed-in 774A2AA406 as your serial number. Successful registration will appear on the screen, you're illegaly registered now. 7. Where the hell is my registration code is stored ?? - The correct registration code is encrypted and stored in the file called GERWRBES.DRU which located in your Windows directory ( usually C:\WINDOWS ). 8. How can I practise with my own user name ? - I strongly recommended you not to do this! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-SecBrowser110.zip [EOF] October 10,2000 01:00:08AM WHY PATCHING WHILE SERIAL NUMBER IS FISHY Stealth Encryptor v3.4 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM Stealth Encryptor(tm) brings powerful encryption with ease of use. You enter a secret key, Stealth then performs complicated mathematical calculations using the key and the contents of the file resulting in a file the has no apparent resemblance with the original and is completely unreadable until the reverse calculations are performed by using the exact same key. The name of the file is also changed to a random numeric name but within Stealth the original name shows in the lists. Special E-Mail encrypt/Decrypt Wizard lets use your favorite e-mail program with total privacy. With the File/folder Shredder, files can be completely erased making them unrecoverable even with the use of unerase utilities. WHERE TO DOWNLOAD Author : Tropical Software Homepage : http://tropsoft.com/stealth URL : http://tropsoft.com/stlth32.exe Size : 496,734 Bytez as of Oct 10,2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run STEALTH.EXE, type STEALTH as your password on the screen, in the main program click REGISTER menu. In the registration dialog box type these below informations : Registered User : Pirates Order Registration Key: 7388105099 Do not click OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], put a new breakpoint in this regard is GetWindowTextA : BPX GetWindowTextA [enter] and F5 to return to the main program 3. Click OK button now, you'll return back into SoftIce. Press F11, F5, and F11 once again to get into the main program codes as follows : ___________________________________________________________________ 00422E94: FF15EC244400 call GetWindowTextA <== you land 00422E9A: 8B4C2408 mov ecx,[esp][00008 <== here 00422E9E: 6AFF push 0FF 00422EA0: E8753D0000 call 000426C1A 00422EA5: EB0C jmps 000422EB3 00422EA7: 8B01 mov eax,[ecx] ___________________________________________________________________ 4. Iam not going into detail because I've been traced for you. The details can be read in my tute called TUTE-STEALTH33.TXT ( c_tkc10x.zip ) for which this program have similar protection. 5. Now do a search string to locate the address where your valid S/N copied ( echoed ? ) into memory address : s 0 l fffffffffffffffff e8 37 0f ff 00 00 59 59 85 c0 [enter] SoftIce will response : Pattern found at 0167:0040A4F8 G 0167:0040A4F8 [enter] If nothing goes wrong your Code Window will look as follow : 0040A4F7: 51 push ecx <== you land here 0040A4F8: E8370F0000 call 00040B434 0040A4FD: 59 pop ecx 0040A4FE: 59 pop ecx Press F10 once and after jump pass CALL instruction at 015F:0040A4F8 ( or stop at 015F:0040A4FD ) dump/display ECX or EDX register by typing : d ecx or d edx [enter] Now, look at the Data Window .... what the hell is 4D84378084 near your fake serial number ? It was in the memory address of 0167:6AECE0! 6. Write down this suspected registration code and disable all break points : bd * [enter] F5 to return to registration window 7. Soon you're return back to the program, the 'beggar-off' msg appear on the screen, just click OK to confirm and quit the application ( nice try .... Kuczynski! ). 6. Re-run the program, repeat registration procedure and keyed-in 4D84378084 as your serial number. Successful registration will appear on the screen, you're illegaly registered now. 7. Where the hell is my registration code is stored ?? - The correct registration code is encrypted and stored in the file called GERHTS23.DRU which located in your Windows directory ( usually C:\WINDOWS ). 8. How can I practise with my own user name ? - I strongly recommended you not to do this! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-stealth34.zip [EOF] October 10,2000 12:45:24 PM 10/10/00 I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #103 soon! ;) Credits goto: The Ghost for Splash Logo. DongJong for providing a tut in this version. ASTAGA for providing 4 tuts in this version. To ALL the crackers: You are welcome to send me your tutors to publish them .. see below for my email address! *** 95 chars per line in textfile please! *** And all the tutors can be found at: http://www.crackersinaction.com (or on IRC, ask CiA ops for urls!) Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action 2000 Compiled with Delphi 5 on 12 October 2000 Cracking Tutorial #100 is dedicated to CiA, all new and old members for the support they gave me all the years!