Cracking Blackboard CheckBook Budget Version 3.0

This tutorial are coming from

Acid Cool 178

Tutorial Number 52

Target

Program_____________Blackboard CheckBook Budget Version 3.0

Protection___________Time Limit / NAG
Downlaod it at ______http://www.blackboardsoftware.com/
Date________________8 May 2000

Toolz

W32Dasm
HIEW
HexEditor (I use Ultra Edit Version 7.10A Cracked by me)

Essay

Open you windows clock and turn it 1 month forward (i used one year)
Open bbudget.exe in W32Dasm and under "String Data References" so can you fins this string." days. Continue?" try to dubbleclick on that string and now you will land here.

* Possible StringData Ref from Code Obj ->" days. Continue?"
                                  |
:004C3485 6870354C00              push 004C3570
:004C348A 8D45FC                  lea eax, dword ptr [ebp-04]
:004C348D BA03000000              mov edx, 00000003
:004C3492 E8090BF4FF              call 00403FA0
:004C3497 8B45FC                  mov eax, dword ptr [ebp-04]
:004C349A 668B0D84354C00          mov cx, word ptr [004C3584]

Here are the first NAG created, try to scroll some up.. and you will see this code

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004C33B6(C)
|
:004C3427 E88C08F4FF              call 00403CB8
:004C342C 8B06                    mov eax, dword ptr [esi]
:004C342E 8B8038030000            mov eax, dword ptr [eax+00000338]
:004C3434 80782400                cmp byte ptr [eax+24], 00
:004C3438 0F8590000000            jne 004C34CE		<-- Jumping OVER the NAG
:004C343E E801C8FDFF              call 0049FC44
:004C3443 A1648A4C00              mov eax, dword ptr [004C8A64]
:004C3448 BA38354C00              mov edx, 004C3538
:004C344D E89E0BF4FF              call 00403FF0
:004C3452 751F                    jne 004C3473		<-- Jumping TO the NAG
:004C3454 8B06                    mov eax, dword ptr [esi]
:004C3456 8B8038030000            mov eax, dword ptr [eax+00000338]
:004C345C 80782400                cmp byte ptr [eax+24], 00
:004C3460 7511                    jne 004C3473		<-- Jumping TO the NAG
:004C3462 A1F0714C00              mov eax, dword ptr [004C71F0]
:004C3467 8B00                    mov eax, dword ptr [eax]
:004C3469 E89ABFF6FF              call 0042F408
:004C346E E98A000000              jmp 004C34FD		<-- Junmping OVER the NAG

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:004C3452(C), :004C3460(C)				<-- Jumps TO the NSG 
|
:004C3473 6A00                    push 00000000

* Possible StringData Ref from Code Obj ->"UNREGISTERED. This will expire "
                                        ->"in "
                                  |
:004C3475 6844354C00              push 004C3544
:004C347A 8B06                    mov eax, dword ptr [esi]
:004C347C 8B8038030000            mov eax, dword ptr [eax+00000338]
:004C3482 FF7038                  push [eax+38]

Let's rock this code, the 2 jumps TO then NAG are one for the day statys (IE You got 3 days left) and the seccond one are checking of it are over the 30 day limit. I tried to NOP them, it worked bit i also got a fucking error message in the beginning. So then i tried to change the first jump from JNE to JMP and woala, NAG are gone.. Peace oc cake..

Now, in about, you can see "Registered to: Unregistered" well, open bbudget.exe in an HEX editor and search for "unregistered" When it have founded the first hit then press "F3" to find the next one, and just edit that one to ur name. under 12 chareters

Ending

Well, this was my first app that i have cracked for DQG and the did let me write a tut and i had to do it.. Thanx EP-180...

LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do, ^AlX^ , AC|D, Dark Wolf, Marton, DQF and all the other i have forgotten