Quake 3 CD-Check tutorial..... by Xcellent for TrickSoft - "Software made free by us" Hi there! Welcome to tutor and this time a new game! Not so fresh but... Follow all instructions and be a happy no Cd_in_drive player! Tools needed: W32Dasm - Disassembler and debugger (www.crackstore.com) Any hex editor (www.crackstore.com have many!) This tool we will use (W32Dasm) is an disassembler and a 32 bit debugger, and using it is the most simple and easy way to kill cd protections. The game I will use to demonstrate is the Quake 3 Arena v1.17, removing the CD check routine. Run Quake3 and select single player, choose any level and click play...Fucking shit!! A message came saying: "INSERT THE CD". Now remember this message for use later and start W32Dasm, click open and select the quake3.exe file, wait the disassembler work and sleep a little........ZZZZZ....zzzzz.. oh, what? ready, well, *ahem*, ok, click on menu refs - String Data Reference, a window will popup with a lot of messages, now what you need to do is search for that message, remember it? it's "INSERT THE CD". Ok, you find it? no? Yep, this time the game will use a different name for that dialog that isn't "INSERT THE CD" so we need to find something related to CD, like "CD not in drive", "CD not ready" or "Game CD not in drive". You'll find the message "Game CD not in drive", so double click on it, and you'll be in the right place, now you will see something like this: * Referenced by a CALL at Address: |:004374FE | :00432460 83EC54 sub esp, 00000054 * Possible StringData Ref from Data Obj ->"fs_restrict" | :00432463 6834364B00 push 004B3634 :00432468 E823CEFEFF call 0041F290 :0043246D D81DF0F34A00 fcomp dword ptr [004AF3F0] :00432473 83C404 add esp, 00000004 :00432476 DFE0 fstsw ax :00432478 F6C440 test ah, 40 :0043247B 7418 je 00432495 :0043247D E8BE2E0100 call 00445340 <-- calls CD check routine :00432482 85C0 test eax, eax <-- check the result :00432484 750F jne 00432495 <-- jump if the result is the expected * Possible StringData Ref from Data Obj ->"Game CD not in drive" <-- else show that fucking dialog | :00432486 68A4BE4B00 push 004BBEA4 :0043248B 6A03 push 00000003 :0043248D E8FE9EFEFF call 0041C390 :00432492 83C408 add esp, 00000008 Look at :00432484, that's the place where you will change the bytes, turning the jne to jmp, doing this, even if the value wasn't the expected (CD not in drive) or with the CD in drive the game will play!! Easy isn't!? But to change the bytes, you must know where they are into the executable, to do this move the bar to the address :00432484, doing this the bar will turn green, so take a look at the bottom of the screen and you will see: Line: 103161 Pg 2063 and 2064 of 6946 Code data @:00432486 @Offset 00032484h <-- that's the offset The address will always be named as Offset and it will be a hexadecimal value, in this case, the offset is 32484. So fire your hexadecimal editor, load the quake3.exe file and search for the offset 32484. Got it? now just change the 75 value to EB and save the file. Run Quake 3, and, wow!! you have cracked it!! If you enjoyed this tutor and want more, send me a e-mail! that's enough folks - wait for more.... Xcellent - The Brazillian cracK3r xcellent@bol.com.br www.tricksoft.net