Welcome to Cracking Tutorial #104! Hiya guys, Well, here is another tut104.tKC... Let's rave! ...or crack babes? :) You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.05 W32Dasm v8.93 Hacker's View v6.55 SmartCheck v6.03 ProcDump32 v1.6.2 TRW2000 v1.22 IDA v4.04 Windows Commander v4.51 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good sites where you can grab tools from: http://protools.cjb.net http://w3.to/protools http://www.crackstore.com or ask any crackers to get you these tools! Are you ready?! OK! ;) WHY PATCHING WHILE SERIAL NUMBER IS FISHY LockBox v1.0.1 A Cracking Tutorial by ASTAGA [D4C/C4A] ABOUT THE PROGRAM LockBox is a program that will allow you to store confidential information onyour computer, in an encrypted file that is pro tected by a user password. Use it to store your web site pass words, credit card information, ordering information, etc. If more than one person uses your computer, each user can have their own copy of the program and each can secure their own information. LockBox uses two encryption techniques to insure that your info rmation is secure. It encrypts and decrypts using the 256-bit version of TwoFish (created by the team led by Bruce Schneier, author of the famous Blowfish algorithm). The encryption and decryption are performed using keys generated by Elliptic Curve public key encryption. This technology features 160-bit key length -- roughly equivalent to 1024-bit RSA. BACKGROUND INFORMATION Program Name: LockBox.exe Platforms: Windows 95/98/NT Free trial period: 30 days Registration cost: US$10. Current version: 1.0.1 Version date: 04-Apr-2000 (c)Copyright 2000 - Donth Technology Group Web site: www.donth.com Author : Joseph L. Donth HOW TO FISH SERIAL NUMBER by USING SOFTICE 1. Run the program, click REGISTER button and keyed-in fake reg code = 73881050 Do not click OK button yet. 2. Load SoftIce and create a new breakpoint : bpx hmemcpy Press F5 3. Click OK button now, and you'll break in SoftIce again. Press F11 once and press F12 several times until you see this below snippet codes. __________________________________________________________________ 015F:0044C302 E8BDE3FDFF CALL 0042A6C4 <=== break here 015F:0044C307 8B55D8 MOV EDX,[EBP-28] 015F:0044C30A 8B45F8 MOV EAX,[EBP-08] <== D EDX 015F:0044C30D E89276FBFF CALL 004039A4 ........ ........ ________________________LOCKBOX!CODE+0004B302_____________________ Break due to BPX KERNEL!HMEMCPY Break due to G bd * [enter] : BPX 015F:0044C302 [enter] : Press F10 2 times and display EDX register, your fake reg code appear in the Data Window at virtual address 0167:00C134D8 . : BPM 0167:00C134D8 [enter] : Press X or F5 You'll break again in SoftIce and see these below snippet codes : _________________________________________________________________ 015F:00403D05 8B0E MOV ECX,[ESI] 015F:00403D07 8B1F MOV EBX,[EDI] <=== here 015F:00403D09 39D9 CMP ECX,EBX <== D EDI 015F:00403D0B 7558 JNZ 00403D65 ..... ..... __________________________ LOCKBOX!CODE+2D05 ___________________ Break due to BPMB #0167:00C134D8 RW DR3 Press F10 once : ? ecx [enter] : 38383337 0943207223 "8837" ==> part of your fake code : ? ebx [enter] : 30373130 0808923440 "0710=" ==> part of the real code : d esi [enter] ===> your fake code at : d edi [enter] ===> did you see 0170-1920-7875-7537 at 0167:00C1AEE0 . Write down this potential reg code. Scroll up one line above you will see your own product ID ( in my case is 5565-5841-9770-4015 ) . : bd * : F5 to return to registration dialog box 4. Repeat registration procedures, and keyed-in 0170-1920-7875-7537 as your registration code. You're registered. 5. Where the hell is my registration info is stored ?? - The correct registration code is stored in the HKCR and HKLM registry as follows ( before it's registered ) : REGEDIT4 [HKEY_CLASSES_ROOT\CLSID\{DD9633C1-FBE4-11D3-AA01-444553540010}] [HKEY_CLASSES_ROOT\CLSID\{DD9633C1-FBE4-11D3-AA01-444553540010}\ProgID] @="008FFC" [HKEY_CLASSES_ROOT\CLSID\{DD9633C1-FBE4-11D3-AA01-444553540010}\Mask] @="6E5A4D08" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{DD9633C1-FBE4-11D3-AA01-444553540010}] [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{DD9633C1-FBE4-11D3-AA01-444553540010}\ProgID] @="008FFC" [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{DD9633C1-FBE4-11D3-AA01-444553540010}\Mask] @="6E5A4D08" 6. How can I practise with another registration key ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-lockbox101.zip [EOF] 10/31/00 6:32:06 PM WHY PATCHING WHILE SERIAL NUMBER IS FISHY MiniSetup v1.3.2 A Cracking Tutorial by ASTAGA [D4C/C4A] ABOUT THE PROGRAM MiniSetup is a program that enables you to "collect" a group of files (programs, pictures, text files, spreadsheets, etc.) into one single compressed EXE file that when run on your client's computer will "install" the entire collection. If you're a programmer and are looking for a low-cost setup program or if you are a computer user just looking for an easy way to "package" up some files, MiniSetup is for you. BACKGROUND INFORMATION Program Name: MiniSetup.exe Platforms: Windows 95/98/NT Free trial period: 30 days Registration cost: $15 US$. Current version: 1.3.2 / (1.0.4 Installer) Version date: 06-Apr-2000 (c)Copyright 2000 - Donth Technology Group Web site: www.donth.com Author : Joseph L. Donth HOW TO FISH SERIAL NUMBER by USING SOFTICE 1. Run the program, click REGISTER button and keyed-in fake reg code = 73881050 Do not click OK button yet. 2. Load SoftIce and create a new breakpoint : bpx hmemcpy Press F5 3. Click OK button now, and you'll break in SoftIce again. Press F11 once and press F12 several times until you see this below snippet codes. __________________________________________________________________ 015F:0044A8BE E865F2FDFF CALL 00429B28 <== break here 015F:0044A8C3 8B55D8 MOV EDX,[EBP-28] 015F:0044A8C6 8B45F8 MOV EAX,[EBP-08] <== D EDX 015F:0044A8C9 E86291FBFF CALL 00403A30 ........ ........ ________________________MINISETUP!CODE+000498BC_____________________ Break due to BPX KERNEL!HMEMCPY Break due to G bd * [enter] : BPX 015F:0044A8BE [enter] : Press F10 2 times and display EDX register, your fake reg code appear in the Data Window at virtual address 0167:00BCADE0 . : BPM 0167:00BCADE0 [enter] : Press X or F5 You'll break again in SoftIce and see these below snippet codes : _________________________________________________________________ 015F:00403D91 8B0E MOV ECX,[ESI] 015F:00403D93 8B1F MOV EBX,[EDI] <== here 015F:00403D95 39D9 CMP ECX,EBX <== D EDI 015F:00403D97 7558 JNZ 00403DF1 ..... ..... __________________________ MINISETUP!CODE+2D91 ___________________ Break due to BPMB #0167:00BCADE0 RW DR3 Press F10 once : ? ecx [enter] : 38383337 0943207223 "8837" ==> part of your fake code : ? ebx [enter] : 32363130 0842412336 "2610" ==> part of the real code : d esi [enter] ===> your fake code at : d edi [enter] ===> did you see 0162-5328-0833-2286 at 0167:00BC8C6C . Write down this potential reg code. Scroll up one line above you will see your own product ID ( in my case is 5557-6193-0442-9236 ) . : bd * : F5 to return to registration dialog box 4. Repeat registration procedures, and keyed-in 0162-5328-0833-2286 as your registration code. You're registered. 5. Where the hell is my registration info is stored ?? - The correct registration code is stored in the HKCR and HKLM registry as follows ( before it's registered ) : REGEDIT4 [HKEY_CLASSES_ROOT\CLSID\{73C05900-6B69-11D3-AA01-E7A3A0900002}] [HKEY_CLASSES_ROOT\CLSID\{73C05900-6B69-11D3-AA01-E7A3A0900002}\ProgID] @="008FFD" [HKEY_CLASSES_ROOT\CLSID\{73C05900-6B69-11D3-AA01-E7A3A0900002}\Mask] @="428E271E" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{73C05900-6B69-11D3-AA01-E7A3A0900002}] [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{73C05900-6B69-11D3-AA01-E7A3A0900002}\ProgID] @="008FFD" [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{73C05900-6B69-11D3-AA01-E7A3A0900002}\Mask] @="428E271E" 6. How can I practise with another registration key ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-minisetup132.zip [EOF] 10/31/00 6:32:06 PM WHY PATCHING WHILE SERIAL NUMBER IS FISHY MKopy v1.07 A Cracking Tutorial by ASTAGA [D4C/C4A] ABOUT THE PROGRAM You have downloaded a file and want to save a backup to your A: drive. Oops, the file is larger than your floppy drive can handle! No problem -- with MKopy. This simple utility program allows you to easily copy files larger than the size of your floppy drive. It automatically includes a restore program so restoring the information from a multiple-floppy set is a snap! BACKGROUND INFORMATION Program Name: MKopy.exe Platforms: Windows 95/98/NT Free trial period: 30 days Registration cost: $10 US$. Current version: 1.0.7 Version date: 25-Apr-2000 (c)Copyright 2000 - Donth Technology Group Web site: www.donth.com Author : Joseph L. Donth HOW TO FISH SERIAL NUMBER by USING SOFTICE 1. Run the program, click REGISTER button and keyed-in fake reg code = 73881050 Do not click OK button yet. 2. Load SoftIce and create a new breakpoint : bpx hmemcpy Press F5 3. Click OK button now, and you'll break in SoftIce again. Press F11 once and press F12 several times until you see this below snippet codes. __________________________________________________________________ 015F:00445698 8BC3 MOV EAX,EBX 015F:0044569A E87D04FEFF CALL 00425B1C <=== break here 015F:0044569F 8B55D8 MOV EDX,[EBP-28] 015F:004456A2 8B45F8 MOV EAX,[EBP-08] <== D EDX 015F:004456A5 E882E4FBFF CALL 00403B2C 015F:004456AA C645F701 MOV BYTE PTR [EBP-09],01 ........ ........ ________________________MKOPY!CODE+00044698_____________________ Break due to BPX KERNEL!HMEMCPY Break due to G : bd * [enter] : BPX 015F:0044569A [enter] : Press F10 2 times and display EDX register, your fake reg code appear in the Data Window at virtual address 0167:00BC3470 . : BPM 0167:00BC3470 [enter] : Press X or F5 You'll break again in SoftIce and see these below snippet codes : _________________________________________________________________ 015F:00403E8D 8B0E MOV ECX,[ESI] 015F:00403E8F 8B1F MOV EBX,[EDI] <== here 015F:00403E91 39D9 CMP ECX,EBX <=== D EDI 015F:00403E93 7558 JNZ 00403EED 015F:00403E95 4A DEC EDX 015F:00403E96 7415 JZ 00403EAD ..... ..... __________________________ MKOPY!CODE+2E8D ______________________ Break due to BPMB #0167:00BC3470 RW DR3 Press F10 once : ? ecx [enter] : 38383337 0943207223 "8837" ==> part of your fake code : ? ebx [enter] : 34363130 0875966768 "4610" ==> part of the real code : d esi [enter] ===> your fake code at : d edi [enter] ===> did you see 0164-1385-5895-1987 at 0167:00BC4654 . Write down this potential reg code. Scroll up one line above you will see your own product ID ( in my case is 5554-7305-2998-0857 ) . : bd * : F5 to return to registration dialog box 4. Repeat registration procedures, and keyed-in 0164-1385-5895-1987 as your registration code. You're registered. 5. Where the hell is my registration info is stored ?? - The correct registration code is stored in the HKCR and HKLM registry as follows ( before it's registered ) : REGEDIT4 [HKEY_CLASSES_ROOT\CLSID\{9E75C100-7B25-11D3-AA01-C0B30A8C0003}] [HKEY_CLASSES_ROOT\CLSID\{9E75C100-7B25-11D3-AA01-C0B30A8C0003}\ ProgID] @="008FFC" [HKEY_CLASSES_ROOT\CLSID\{9E75C100-7B25-11D3-AA01-C0B30A8C0003} \Mask] @="74161794" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{9E75C100-7B25-11D3- AA01-C0B30A8C0003}] [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{9E75C100-7B25-11D3- AA01-C0B30A8C0003}\ProgID] @="008FFC" [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{9E75C100-7B25-11D3- AA01-C0B30A8C0003}\Mask] @="74161794" 6. How can I practise with another registration key ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-mkopy107.zip [EOF] 10/31/00 6:32:06 PM WHY PATCHING WHILE SERIAL NUMBER IS FISHY MoreInfo v1.3.2 A Cracking Tutorial by ASTAGA [D4C/C4A] ABOUT THE PROGRAM You've just installed a new program on your computer. You'd like to jot down some notes you have about the installation or record some new features or a caution that the manufacturer told you about. With MoreInfo, just right-click on the program within Windows Explorer and choose the MoreInfo option. Instantly the MoreInfo Viewer pops up allowing you to enter in the information associated with the program while it is still fresh in your mind. With MoreInfo installed on your computer, adding your personal comments and attaching them to ANY file in your system is just a simple right-click away. Can't remember what you recorded concerning a file? No problem -- right-click on the file name and MoreInfo pops up with the information. As an added bonus, MoreInfo also comes with a file monitoring program called MIM. With MIM running and monitoring your download directory, every time you download a new file from the Internet, MoreInfo will pop up automatically to allow you to enter informa tion about the download. Rather than having to remember what, for example, "API502E.EXE" was, you can attach your comments to the MoreInfo entry for that file and record it as "The ActivePerl version 5.02 distribution." Any time you want to know what "API502E.EXE" is, just right-click on the file and select MoreInfo. BACKGROUND INFORMATION Program Name: MoreInfo (MOREINFO.EXE, MIM.EXE, ACTIVATE.EXE, DEACTIVATE.EXE, MINFO32A.DLL) Platforms: Windows 95/98/NT Free trial period: 30 days Registration cost: US$10. Current version: 1.0.0 Version date: 17-Apr-2000 Web site: www.donth.com Author : Joseph L. Donth HOW TO FISH SERIAL NUMBER by USING SOFTICE 1. Run the program, click REGISTER button and keyed-in fake reg code = 73881050 Do not click OK button yet. 2. Load SoftIce and create a new breakpoint : bpx hmemcpy Press F5 3. Click OK button now, and you'll break in SoftIce again. Press F11 once and press F12 several times until you see this below snippet codes. __________________________________________________________________ 015F:00449CBA E875F7FDFF CALL 00429434 <== break here 015F:00449CBF 8B55D8 MOV EDX,[EBP-28] 015F:00449CC2 8B45F8 MOV EAX,[EBP-08] <== D EDX 015F:00449CC5 E82A9DFBFF CALL 004039F4 ........ ........ ________________________MOREINFO!CODE+00048CBA_____________________ Break due to BPX KERNEL!HMEMCPY Break due to G : bd * [enter] : BPX 015F:00449CBA [enter] : Press F10 2 times and display EDX register, your fake reg code appear in the Data Window at virtual address 0167:00BCA6B8 . : BPM 0167:00BCA6B8 [enter] : Press X or F5 You'll break again in SoftIce and see these below snippet codes : _________________________________________________________________ 015F:00403D55 8B0E MOV ECX,[ESI] 015F:00403D57 8B1F MOV EBX,[EDI] <== here 015F:00403D59 39D9 CMP ECX,EBX <== D EDI 015F:00403D5B 7558 JNZ 00403DB5 ..... ..... __________________________ MOREINFO!CODE+2D55 ___________________ Break due to BPMB #0167:00BCA6B8 RW DR3 : Press F10 once : ? ecx [enter] : 38383337 0943207223 "8837" ==> part of your fake code : ? ebx [enter] : 32373130 0842477872 "2710" ==> part of the real code : d esi [enter] ===> your fake code at : d edi [enter] ===> did you see 0172-5328-0833-2286 at 0167:00BC83B8 . Write down this potential reg code. Scroll up one line above you will see your own product ID ( in my case is 5566-6193-0442-9236 ) . : bd * : F5 to return to registration dialog box 4. Repeat registration procedures, and keyed-in 0172-5328-0833-2286 as your registration code. You're registered. 5. Where the hell is my registration info is stored ?? - The correct registration code is stored in the HKCR and HKLM registry as follows ( before it's registered ) : REGEDIT4 [HKEY_CLASSES_ROOT\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}] [HKEY_CLASSES_ROOT\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}\Mask] @="58E9C6CD" [HKEY_CLASSES_ROOT\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}\ProgID] @="008FFC" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}] [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}\Mask] @="58E9C6CD" [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}\ProgID] @="008FFC" 6. How can I practise with another registration key ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-moreinfo132.zip [EOF] 10/31/00 6:32:06 PM WHY PATCHING WHILE SERIAL NUMBER IS FISHY PrintScreen v1.3.0 A Cracking Tutorial by ASTAGA [D4C/C4A] ABOUT THE PROGRAM PrintScreen is a utility program that brings back the "Print Screen" key to Windows 95, 98 and NT users. PrintScreen is a great tool to have on hand for easily capturing error messages that pop up with application and system problems. Never again will you need to tediously hand-write the text of those messages to relay them to tech support personnel. BACKGROUND INFORMATION Program Name: PrintScreen.exe Platforms: Windows 95/98/NT Free trial period: 30 days Registration cost: $10 US$. Current version: 1.3.0 Version date: 30-Jan-2000 Web site: www.donth.com Author : Joseph L. Donth HOW TO FISH SERIAL NUMBER by USING SOFTICE 1. Run the program, click REGISTER button and keyed-in fake reg code = 73881050 Do not click OK button yet. 2. Load SoftIce and create a new breakpoint : bpx hmemcpy Press F5 3. Click OK button now, and you'll break in SoftIce again. Press F11 once and press F12 several times until you see this below snippet codes. __________________________________________________________________ 015F:0044CE06 E861E0FDFF CALL 0042AE6C <== break here 015F:0044CE0B 8B55D8 MOV EDX,[EBP-28] 015F:0044CE0E 8B45F8 MOV EAX,[EBP-08] <== D EDX 015F:0044CE11 E88E6BFBFF CALL 004039A4 ........ ........ ________________________PRINTSCREEN!CODE+0004BE06_________________ Break due to BPX KERNEL!HMEMCPY Break due to G : bd * [enter] : BPX 015F:0044CE06 [enter] : Press F10 2 times and display EDX register, your fake reg code appear in the Data Window at virtual address 0167:00BCB6E0 . : BPM 0167:00BCB6E0 [enter] : Press X or F5 You'll break again in SoftIce and see these below snippet codes : _________________________________________________________________ 015F:00403D05 8B0E MOV ECX,[ESI] 015F:00403D07 8B1F MOV EBX,[EDI] <== here 015F:00403D09 39D9 CMP ECX,EBX <== D EDI 015F:00403D0B 7558 JNZ 00403D65 ..... ..... __________________________ PRINTSCREEN!CODE+2D05 ________________ Break due to BPMB #0167:00BCB6E0 RW DR3 Press F10 once : ? ecx [enter] : 38383337 0943207223 "8837" ==> part of your fake code : ? ebx [enter] : 30363130 0808857904 "0610" ==> part of the real code : d esi [enter] ===> your fake code at : d edi [enter] ===> did you see 0160-1920-7875-7537 at 0167:00BC808C . Write down this potential reg code. Scroll up one line above you will see your own product ID ( in my case is 5556-5841-9770-4015 ) . : bd * : F5 to return to registration dialog box 4. Repeat registration procedures, and keyed-in 0160-1920-7875-7537 as your registration code. You're registered. 5. Where the hell is my registration info is stored ?? - The correct registration code is stored in the HKCR and HKLM registry as follows ( before it's registered ) : REGEDIT4 [HKEY_CLASSES_ROOT\CLSID\{F291C121-70E0-11D3-AA01-E00DCCB90001}] [HKEY_CLASSES_ROOT\CLSID\{F291C121-70E0-11D3-AA01-E00DCCB90001}\ProgID] @="008FFD" [HKEY_CLASSES_ROOT\CLSID\{F291C121-70E0-11D3-AA01-E00DCCB90001}\Mask] @="41AC5E55" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{F291C121-70E0-11D3-AA01-E00DCCB90001}] [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{F291C121-70E0-11D3-AA01-E00DCCB90001}\ProgID] @="008FFD" [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{F291C121-70E0-11D3-AA01-E00DCCB90001}\Mask] @="41AC5E55" 6. How can I practise with another registration key ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-PrintScreen130.zip [EOF] 10/31/00 6:32:06 PM I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #108 soon! ;) Credits goto: IC_666 for Splash Logo. ASTAGA for providing 5 tuts in this version. To ALL the crackers: You are welcome to send me your tutors to publish them .. see below for my email address! *** 95 chars per line in textfile please! *** And all the tutors can be found at: http://www.crackersinaction.com (or on IRC, ask CiA ops for urls!) Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action 2000 Compiled with Delphi 5 on 12 November 2000 Cracking Tutorial #107 is dedicated to CiA, all new and old members for the support they gave me all the years!