Welcome to Cracking Tutorial #104! Hiya guys, Well, here is another tut104.tKC... Let's rave! ...or crack babes? :) You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.05 W32Dasm v8.93 Hacker's View v6.55 SmartCheck v6.03 ProcDump32 v1.6.2 TRW2000 v1.22 IDA v4.04 Windows Commander v4.51 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good sites where you can grab tools from: http://protools.cjb.net http://w3.to/protools http://www.crackstore.com or ask any crackers to get you these tools! Are you ready?! OK! ;) WHY PATCHING WHILE SERIAL NUMBER IS FISHY AdWizard Version 1.1 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM AdWizard has been designed to help you manage a large number of classified advertisement sites and remind you when you should re-enter your ad. You can sort your entries into groups, and even use the Type function to automatically enter your informa tion and your ad. Are you spending a lot of time entering classified ads? AdWizard can make your life easier! AdWizard holds a list of all your favorite classified sites like a bookmark program. In addition, it keeps track of when you last entered your ad there, and based on an adjustable number of days it will let you know it's time to re-enter it again! Even better, AdWizard will do all the typing for you! Just put the cursor in the first text box and click the Type button to watch AdWizard fill the form out for you! WHERE TO DOWNLOAD Author : Paul P.M. Beuger Homepage : http://www.wavget.com URL : http://www.wavget.com/adwizard32.exe Size : 754 KB as of October 30,2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run ADWIZARD.EXE, right click mouse button at the URL link, in the registration dialog box type these below informations : Name : Pirates Order Code : 73881050 Do not click OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX hmemcpy [enter] and F5 to return to the main program 3. Now it's time to click OK button... you'll return back into SoftIce! In within SoftIce press F11, F5, F11, then F12 11 times until you see and break at : __________________________________________________________________ 015F:0044ECE8 8BC3 MOV EAX,EBX 015F:0044ECEA E845EAFDFF CALL 0042D734 <=== here 015F:0044ECEF 8B55D8 MOV EDX,[EBP-28] 015F:0044ECF2 8B45F8 MOV EAX,[EBP-08] 015F:0044ECF5 E8D64DFBFF CALL 00403AD0 015F:0044ECFA C645F701 MOV BYTE PTR [EBP-09],01 ......... ......... ____________________ ADWIZARD!CODE+0004DCE8 ______________________ Disable / clear previous breakpoint and create the new one : bd* [enter] BPX 015F:0044ECEA [enter] Press F10 then display EDX register : d edx [enter] ==> your fake S/N appear in the Data Window at virtual address 0167:0110F048 . In the Command Line type : BPM 0167:0110F048 [enter] Press X or F5 to let SoftIce break in this new location 4. If nothing goes wrong you'll break again in SoftIce and see these below snippet codes : EAX=00000006 EBX=38383337 ECX=48464555 ESI=011121F8 EDI=0110F048 EBP=006BFC08 ESP=006BFBCC EIP=00403E35 CS=015F DS=0167 SS=0167 ES=0167 FS=2627 GS=0000 __________________________________________________________________ 015F:00403E33 8B1F MOV EBX,[EDI] 015F:00403E35 39D9 CMP ECX,EBX <=== break here 015F:00403E37 7558 JNZ 00403E91 015F:00403E39 4A DEC EDX 015F:00403E3A 7415 JZ 00403E51 ______________________ ADWIZARD!CODE+2E33 _______________________ Break due to BPMB #0167:0110F048 RW DR3 ? ecx [enter] 48464555 1212564821 "HFEU" ==> part of S/N in reverse order ? ebx [enter] 38383337 0943207223 "8837" ==> part of fake code d edi [enter] ===> your fake appear at 0167:0110F048 d esi [enter] did you see UEFHVFVGXJUNJB at virtual address 0167:011121F8 ? 5. Disable all breakpoints by typing BD * [enter] Press F5 or X to return to the main program 8. Repeat registration procedure and keyed-in UEFHVFVGXJUNJB as your S/N Click OK/REGISTER button ..... Simply, YOU'RE REGISTERED now... as a matter of fact it's ILLEGAL REGISTRATION!!!!! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-adwizard11.zip [EOF] 10/31/00 5:18:12 AM WHY PATCHING WHILE SERIAL NUMBER IS FISHY B-Jigsaw v2.11 A Cracking Tutorial by ASTAGA [WWF/WTF] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM B-Jigsaw (short for BMP-Jigsaw) is the electronic version of the classic jigsaw puzzle game, with pieces shaped like the real jigsaw pieces. With B-Jigsaw, you can make your own jigsaw puzzles with your own BMP and JPEG files. There are three levels of difficulty - Beginner, Intermediate, and Expert. Each level corresponds with a certain size of puzzle pieces; Beginner - large pieces, Intermediate - normal pieces, Expert - small pieces. WHERE TO DOWNLOAD Author : Antony Pranata ( IndoWarez ) Homepage : http://www.antonypr.pair.com URL : maybe available in your CHIP CD Size : ??? KB as of , HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run the program, wait 5 seconds for the tick count, click REGISTER NOW button, type these below informations : User name : Rikishi ran over Stone Cold Reg code : 73881050 Do not click OK button yet. 2. Load SoftIce then set a new berakpoint as follow : bpx getwindowtexta [enter] F5 to return to prog's registration window 3. Hit OK button, you'll return back in SoftIce. Press F11, F5, F11 until you break and found these below snippet codes : _____________________________________________________________________ 015F:00402FCF E8B6820500 CALL USER32!GetWindowTextA <== HERE 015F:00402FD4 E8B37D0500 CALL KERNEL32!GetTickCount 015F:00402FD9 8BF0 MOV ESI,EAX 015F:00402FDB 8D45C8 LEA EAX,[EBP-38] 015F:00402FDE 50 PUSH EAX 015F:00402FDF E890F4FFFF CALL 00402474 015F:00402FE4 59 POP ECX 015F:00402FE5 8D55E8 LEA EDX,[EBP-18] 015F:00402FE8 6A0A PUSH 0A 015F:00402FEA 52 PUSH EDX 015F:00402FEB 50 PUSH EAX 015F:00402FEC E8C3430500 CALL 004573B4 015F:00402FF1 83C40C ADD ESP,0C 015F:00402FF4 8D4DF4 LEA ECX,[EBP-0C] 015F:00402FF7 51 PUSH ECX 015F:00402FF8 8D45E8 LEA EAX,[EBP-18] 015F:00402FFB 50 PUSH EAX 015F:00402FFC E8937E0500 CALL KERNEL32!lstrcmp 015F:00403001 85C0 TEST EAX,EAX 015F:00403003 753E JNZ 00403043 ____________________BJIGSAW!.text+1FCF____________________________ Break due to BPX USER32!GetWindowTextA Press F10 5 times - stop at 015F:00402FDF - display EAX register : : d eax [enter] ==> your name/code appear in the Data Window Press F10 again - stop at 015F:00402FF1 - did you feel a splash when jump over the CALL instruction at 015F:00402FEC ? Lookie the Data Window ... at virtual address 0167:006AEBA0 did you see 47195186 ? Press F10 once - stop at 015F:00402FF1 - display EAX register, you'll see again 47195186 . Don't you think this is a valid registration code ? WRITE it DOWN ! Disable current existing breakpoint : bd * [enter] : F5 to return to main program : 4. Repeat registration procedure, keyed-in 47195186 as your registration code. Click OK button ..... you're registered ! 5. Where the hell is my registration info is stored ?? - The correct registration code is stored in the BJIGSAW. INI as follows : [BJIGSAW] COLOR=8421504 LEVEL=1 PLACEMENT=1 SHADOW=1 [REGISTRATION] NAME=Rikishi ran over Stone Cold CODE=47195186 6. How can I practise with another registration key ? - I strongly recommended you not to do this ! 7. Finally Rikishi admitted ran over Steve Austin, and all he does is for The Rock. So, what is The Coccaine says : ...... this is a smellllelelelelelele ... of the Commiss ioner Mick ' mankind' Foley. Next, why Stephanie ignoring Triple H and permanently accompanied Kurt Angel in the ring ? coz.. she likes to be slapped in the ass as well as Angel always do. WWF ? .... ahhhhh what the fuck, over! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-bjigsaw211.zip [EOF] 11/3/00 5:33:03 PM . This section is for 100 % NEWBIES : EAX=006AEBA0 EBX=006AEF4C ECX=006AEB24 EDX=006AEB24 ESI=001B731F EDI=00000001 EBP=006AEBB8 ESP=006AEB6C EIP=00402FF1 o d I s z a p c CS=015F DS=0167 SS=0167 ES=0167 FS=10FF GS=0000 ______________________________________________________________________ 0167:006AEB80 52 69 6B ......... 76 65 72 Rikishi ran over 0167:006AEB90 20 53 74 ......... 2D FF 16 Stone Cold..-.. 0167:006AEBA0 34 37 31 ......... 33 38 38 47195186..j.7388 0167:006AEBB0 31 30 35 ......... 50 42 00 1050..j...j.vPB. 0167:006AEBC0 4C EF 6A ......... EF 6A 00 L.j...j.D.B.L.j. ... ... ______________________________________________________________________ ASTAGA [D4C/C4A] tute-bjigsaw211.zip [EOF] 11/3/00 5:33:03 PM WHY PATCHING WHILE SERIAL NUMBER IS FISHY IRC Color Editor Version 1.0 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM Like to make colorful messages for IRC? ICE makes it easy! Just copy a message from mIRC, Notepad, or any other program and paste it into ICE. Then select a foreground and background color and paint the message just the way you want it! You can also easily apply bold, underline, or reverse codes. When you are done, just paste it back. WHERE TO DOWNLOAD Author : Paul P.M. Beuger Homepage : http://www.wavget.com/download.html http://www.wavget.com/dlice.html URL : http://www.wavget.com/ice32.exe Size : 739 KB as of October 30,2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run ICE.EXE, click the globe icon in the taskbar, in the registration dialog box type these below informations : Name : Pirates Order Code : 73881050 Do not click OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX hmemcpy [enter] and F5 to return to the main program 3. Now it's time to click OK button... you'll return back into SoftIce! In within SoftIce press F11, then F12 11 times until you see and break at : __________________________________________________________________ 015F:00456B6E E82100FDFF CALL 00426B94 <==== here 015F:00456B73 8B55D8 MOV EDX,[EBP-28] <= d edx 015F:00456B76 8B45F8 MOV EAX,[EBP-08] 015F:00456B79 E882CEFAFF CALL 00403A00 015F:00456B7E C645F701 MOV BYTE PTR [EBP-09],01 ......... ......... 015F:00456BAC 8D45D8 LEA EAX,[EBP-28] 015F:00456BAF E8F8CDFAFF CALL 004039AC 015F:00456BB4 8D45DC LEA EAX,[EBP-24] <= d edx 015F:00456BB7 E8F0CDFAFF CALL 004039AC ......... ......... ____________________ ICE!CODE+00055B6E ______________________ Disable / clear previous breakpoint and create the new one : bd* [enter] BPX 015F:00456B6E [enter] Press F10 then display EDX register : d edx [enter] ==> your fake S/N appear in the Data Window at virtual address 0167:00C09E60 . But wait, 5 lines below did you see KIETDTQVZSVP at the virtual address 0167:00C09EB0 ? wasn't it looks like a serial number .... write it down ! 4. Disable all breakpoints by typing BD * [enter] Press F5 or X to return to the main program 5. Repeat registration procedure and keyed-in KIETDTQVZSVP as your S/N Click OK/REGISTER button ..... Simply, YOU'RE REGISTERED now... as a matter of fact it's ILLEGAL REGISTRATION!!!!! 6. Where the hell is my registration info is stored ? The saved registration info is stored in the WIN.INI file under this below statement : [files] eci=99876 leci=36830 o`ld=Qhs`udr!Nseds bned=JHDUEUPW[RWQ 7. How can I practise with another registration key ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-IRCColorEd10.zip [EOF] 10/31/00 5:18:12 AM WHY PATCHING WHILE SERIAL NUMBER IS FISHY SetTime v1.0.5 A Cracking Tutorial by ASTAGA [D4C/C4A] ABOUT THE PROGRAM SetTime is a program that will automatically set the correct time on your computer when you connect to the Internet. BACKGROUND INFORMATION Program Name: SetTime.exe Platforms: Windows 95/98/NT Free trial period: 30 days Registration cost: US$10. Current version: 1.0.5 Version date: 30-Mar-2000 Web site: www.donth.com Author : Joseph L. Donth HOW TO FISH SERIAL NUMBER by USING SOFTICE 1. Run the program, click REGISTER button and keyed-in fake reg code = 73881050 Do not click OK button yet. 2. Load SoftIce and create a new breakpoint : bpx hmemcpy Press F5 3. Click OK button now, and you'll break in SoftIce again. Press F11 once and press F12 several times until you see this below snippet codes. __________________________________________________________________ 015F:0044693A E83505FEFF CALL 00426E74 <== break here 015F:0044693F 8B55D8 MOV EDX,[EBP-28] 015F:00446942 8B45F8 MOV EAX,[EBP-08] <== D EDX 015F:00446945 E852D0FBFF CALL 0040399C ........ ........ ________________________SETTIME!CODE+0004593A_____________________ Break due to BPX KERNEL!HMEMCPY Break due to G : bd * [enter] : BPX 015F:0044693A [enter] : Press F10 2 times and display EDX register, your fake reg code appear in the Data Window at virtual address 0167:010D2AFC . : BPM 0167:010D2AFC [enter] : Press X or F5 You'll break again in SoftIce and see these below snippet codes : _________________________________________________________________ 015F:00403CFD 8B0E MOV ECX,[ESI] 015F:00403CFF 8B1F MOV EBX,[EDI] <== here 015F:00403D01 39D9 CMP ECX,EBX 015F:00403D03 7558 JNZ 00403D5D ..... ..... __________________________ SETTIME!CODE+2CFD ___________________ Break due to BPMB #0167:010D2AFC RW DR3 : Press F10 once : ? ecx [enter] : 38383337 0943207223 "8837" ==> part of your fake code : ? ebx [enter] : 37363130 0926298416 "7610" ==> part of the real code : d esi [enter] ===> your fake code at : d edi [enter] ===> did you see 0167-6344-1692-5776 at 0167:010D8FB0 . Write down this potential reg code. Scroll up one line above you will see your own product ID ( in my case is 5553-1062-7554-6421 ) . : bd * : F5 to return to registration dialog box 4. Repeat registration procedures, and keyed-in 0167-6344-1692-5776 as your registration code. You're registered. 5. Where the hell is my registration info is stored ?? - The correct registration code is stored in the HKCR and HKLM registry as follows ( before it's registered ) : REGEDIT4 [HKEY_CLASSES_ROOT\CLSID\{323590C0-C516-11D3-AA01-DE79475E0009}] [HKEY_CLASSES_ROOT\CLSID\{323590C0-C516-11D3-AA01-DE79475E0009}\Mask] @="5D573755" [HKEY_CLASSES_ROOT\CLSID\{323590C0-C516-11D3-AA01-DE79475E0009}\ProgID] @="008FFD" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{323590C0-C516-11D3-AA01-DE79475E0009}] [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{323590C0-C516-11D3-AA01-DE79475E0009}\Mask] @="5D573755" [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{323590C0-C516-11D3-AA01-DE79475E0009}\ProgID] @="008FFD" 6. How can I practise with another registration key ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-SetTime105.zip [EOF] 10/31/00 6:32:06 PM WHY PATCHING WHILE SERIAL NUMBER IS FISHY TypeItIn Pro v2.1 A Cracking Tutorial by ASTAGA [D4C/C4A] ABOUT THE PROGRAM TypeItIn was created to make it easier to fill out forms on the web or any other program. Any string you need to type frequently can be assigned to a button. For example, you can create a button called 'FirstName' that will type 'Paul' wherever the cursor is in your active window. Simply put the text cursor where you want TypeItIn to type by clicking with your mouse. Then click the button in TypeItIn, and TypeItIn will type in the text assigned to that button. TypeItIn works by stuffing keys into the windows keyboard buffer, so programs can not tell the difference between a person typing and TypeItIn. You can use TypeItIn to perform any repetitive task. Use it to enter your name and address into forms, use it to create HTML pages, or to add special signatures to the end of emails. It's applications are only limited by your imagination! BACKGROUND INFORMATION Program Name: TypeItIn.exe Platforms: Windows 95/98/NT Current version: 2.1 Pro Version date: March 2000 Web site: http://www.wavget.com/typeitin.html http://www.wavget.com/typeitinpro32.exe Author : Paul P.M. Beuger HOW TO FISH SERIAL NUMBER by USING SOFTICE 1. Run the program, right click prog's icon in the traybar, choose REGISTER menu. Type these below informations : User Name = Pirates Order Reg Code = 73881050 Do not click OK button yet. 2. Load SoftIce and create a new breakpoint : bpx hmemcpy Press F5 3. Click OK button now, and you'll break in SoftIce again. Press F11, F5, F11 and press F12 several times until you see this below snippet codes. __________________________________________________________________ 015F:0044CA6A E875ECFDFF CALL 0042B6E4 015F:0044CA6F 8B55D8 MOV EDX,[EBP-28] 015F:0044CA72 8B45F8 MOV EAX,[EBP-08] ........ ........ ________________________TYPEITIN!CODE+0004BA68_____________________ This time I just wanna straight to the groin because I've been traced the code for you, just follow these below steps : : s 0 l fffffffffffffff e8 18 07 fb ff 74 0f [enter] Pattern found at 0167:00453583 (00453583) : bc * [enter] ==> clear previous breakpoint : bpx 0167:00453583 [enter] : x or F5 ==> to let SoftIce break in the new location Break due to BPX #0167:00453583 ( note : sometime you have to repeat registration procedure before you break in the new location ) 4. If nothing goes wrong you should break again in SoftIce and you'll see these below snippet codes : _________________________________________________________________ 015F:0045357E BA50374500 MOV EDX,00453750 break 015F:00453583 E81807FBFF CALL 00403CA0 <== here 015F:00453588 740F JZ 00453599 015F:0045358A 8B45F8 MOV EAX,[EBP-08] 015F:0045358D BA64374500 MOV EDX,00453764 015F:00453592 E80907FBFF CALL 00403CA0 015F:00453597 7508 JNZ 004535A1 015F:00453599 8D45F8 LEA EAX,[EBP-08] 015F:0045359C E87303FBFF CALL 00403914 015F:004535A1 8D4DF4 LEA ECX,[EBP-0C] 015F:004535A4 A108BD4500 MOV EAX,[0045BD08] 015F:004535A9 8B00 MOV EAX,[EAX] 015F:004535AB 8B55FC MOV EDX,[EBP-04] 015F:004535AE E87D230000 CALL 00455930 015F:004535B3 8B45F4 MOV EAX,[EBP-0C] 015F:004535B6 8B55F8 MOV EDX,[EBP-08] <== D EAX 015F:004535B9 E8E206FBFF CALL 00403CA0 <== D EDX ..... ..... _____________________ TYPEITIN!CODE+0005257E ____________________ Break due to BPX #0167:00453583 Press F10 14 times - stop at 015F:004535B6 - display EAX register : d eax [enter] ===> did you see HTYRHVSSFKSPIRA at 0167:00D096D8 ???. Write down this potential reg code. Disable current existing breakpoint : bd * : F5 to return to registration dialog box NOTE : ( you can also change your breakpoint to be " BPX 015F:00453583 " for further practice ) 4. Repeat registration procedures, and keyed-in HTYRHVSSFKSPIRA as your registration code. You're registered. 5. Where the hell is my registration info is stored ?? - The correct registration code is stored in the TYPEITIN.INI under these below statement : [Registration] Name=ASTAGA [D4C] Code=EXJOXNXKKBGQAAY BaseCode=36641 6. How can I practise with another registration key ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-TypeItIn21.zip [EOF] 10/31/00 6:32:06 PM I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #109 soon! ;) Credits goto: IC_666 for Splash Logo. ASTAGA for providing 5 tuts in this version. To ALL the crackers: You are welcome to send me your tutors to publish them .. see below for my email address! *** 95 chars per line in textfile please! *** And all the tutors can be found at: http://www.crackersinaction.com (or on IRC, ask CiA ops for urls!) Greetz goto all my friends!! You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action 2000 Compiled with Delphi 5 on 12 November 2000 Cracking Tutorial #108 is dedicated to CiA, all new and old members for the support they gave me all the years!