Contact Me : dheeraj_np@usa.net or gl_force@usa.net
             www.glcrackforce.50megs.com
Main | Index

Opera 5.0

Type       : Browser
Protection : Serial
Tech       : Patching

Crack File : Click here to download crack file ...

Crack : Finding  a  serail number  for this baby is now little harder.
But it can be cracked with a simple trick.

           Opera uses serial number . If  you  enter  S/N  it  will
be encrypted and stored in file "OUsr500.dat". So when this program
starts up it will check S/N inside this file.

          If the S/N is correct it will set two flags and the program
runs in registered mode.

          Tracing the program from begining is not a solution to the
problem.We will not reach any where if we do so :(

          Let us take the registration algorithm itself as a path 
finder to our destination.

          Enter  fake  S/N   and  in     SICE       BPX HMEMCPY
When  you  pop  up  into   SICE   use      BPR xxxxxxxx xxxxxxxx
on the S/N .This is very improtant as Opera does not use direct flow
in validating a S/N.Then trace.

One important CALL is shown below :

0x43C83C CALL 0x51C9A9  >> Here our S/N is checked if it is in the
                           form x-xxxxx-xxxxx......

Now our trick : if at startup also the program is using the same
algorithm we can easily reach where the flag is set :)

So in SICE BPX 0x43C83C

Now close Opera and restart it ....Bingo !!
We can see at two place it is called and if we trace back we can
see the flag set :)

0x41C750 CALL 0x412179
0x41C755 CMP EAX,EDI            >> MAKE EAX = 1 TO CRACK THIS
0x41C757 MOV [0x5938D0],EAX     >> SAVE FLAG
...........................
0x4D7A5E CALL 0x412179
0x4D7A63 MOV [EDI+0x8B0],EAX    >> MAKE EAX = 1 TO CRACK THIS

Patch : [PERFECT FIT]

0x41C750 MOV EAX,00000001 | B8 01 00 00 00 - OFFSET = 0x1C750

0x4D7A5E MOV EAX,00000001 | B8 01 00 00 00 - OFFSET = 0xD7A5E