-----cut here------------------------------------------------------------------- How to crack IconForge 4.6 (crypted program) Target: IconForge 4.6 WWW: http://www.cursorarts.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- (TNT) Protections to be removed: begining nags, exit nag, expiring Tools: Deshrink 1.6, W32Dasm, Hacker's View, Windows Commander 4.03, \ MultiRipper 2.70 & ConfigSafe 3.06.04 --------Motto for my actions:------- I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Real happiness, free and freedom for all! ------------------------------------ *** In this tutorial are some inedited aproaches in cracking! IconForge 4.6 is a tool of many performances in icon thechnology: can build an icon from scratch, import from bmps or clipboard, change rezolutions, reverse or other effects, build cursors (*.ani files), many others. And the other tools from IconForge 4.6 suite are also well. I was conquered by the many posibilities offered by this software. But I was surprised by the fact that I never found a crack for this on all WWW at the time when I was searching (on many crack engines or cracks webpages), and the serials that I found was not working at all, that's because the serial is personalized on each PC, those crackers should observe that. If someone could pick a valid serial from IconForge 4.6, I ask him nicely to make a detailed tutorial (with use of SOFTICE) and send it to tKC. Because I was not so advanced in ASM, I was not able to do it in usefull time and I quitted. So, let's kill this forge my way! 1. First step (my usual): look at the header of file - words like shrink1, shrink34.ldr... It's clear, it's crypted with Shrinker 3.4. We could verify this with File Info 2.20. Let's see. I was right, yes. 2. Decrypt IconForge.Exe with DeShrink 1.6 (thanks to job, great guy). Enable first the option "unpack Shrinker 3.4", decrypt... yes, the new file if.exe has 3229696 bites. If you're wondering (to beginners) how to decrypt, browse with left browse button & select (in Deshrink 1.6) IconForge.Exe and in right press browse and write if.exe, press Save and then press Decompress. OK! 3. Now delete old IconForge.Exe (we don't need it anymore), rename if.exe -> IconForge.Exe and dissasemble with w32dasm this uncrypted file. Ok, make a copy y.exe for cracking. Enter in program and look for protections. We observe 2 nags, one after the other, then with yellow on maroon is writed how much days of trial we have. On getting out we observe the last nag, the bmp with a face who recommands to register the program. Exactly my dear! We will register very soon in a way or other! 4. The first 2 nags. We look in w32dasm after words from them (because in this lucky case, we have some text in w32dasm), like ... "day trial" (titlebar of second nag). Search for these words, this look like the only clue. Bingo! One million bucks for JA! Me, I mean! On w32dasm adress 57219C we found something. From Strn REF window can be found also "of your 30 day trial", same thing. We try first to cancel whole call, so at w32dasm adress (above) 57212C is 55. Let's try 55 -> C3 (load hiew y.exe at 17212C). Bingo from first try! God, I need a bingo in my real life too, come on! Give it to me on next sunday! 5. Next. End nag with old face! Boo! Dissapear now, to old for stay around! At his age maybe will send him home, right? Right! If you don't notice that this exe is in Delphi, you know now. So, I can try my tricks! The ones with canceling to display bmps, works sometimes (my trick 28 -> 29 - same thing on canceling icons). 2ACC64. What?! Ya, this is the start of the face from end nag (bmp). Good, good, but how, my friend? You want to know? Simple, with MultiRipper 2.70 I extracted all bmps and I recognised that face, and in hiew I put a string from bmp start for searching in y.exe, and like I said the begining adress is 2ACC64. And my 28 -> 29 trick starting from 2ACC72. Let's cancel the bmp! So, on adress 2ACC72 replace 28 with 29 and test! Works beatifull, beautifull, my lovely friend! Remember this trick, can help you sometimes! Final old guy just left the party, is gone, dead, buryied! So long, aufwiedersehn! 6. Again next. Hey, (?#!) what the f... is happening? Incredible, a cat is on my screen!!! What?! Ahaa...lemme, just a screenmate was activated by mistake when I was running on my keyboard with turbofingers, this in the same time when was raining with so many kinds of screens on my monitor (w32dasm, wc 4.03, hiew, etc)! Reconnect now! We have still 2 problems: text in titlebar (...trial) and expiring in 30 days! Well, nice! I used ConfigSafe to quickly see from a day to another what changes appear in Registry or else! Only a change detailed in the next reg file. So, make a reg file named if.reg with this inside: --cut here without this line-------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {A6421B4F-3D7C-602C-1543-7D453980F32A}\defaulticon] @="-99999" --cut here without this line-------- You must make only a correction after making this file if.reg (due to 80 char. limit): put cursor in front of acolade {A6421... and reunify all string by pressing Backspace (...CLSID\{A6421...). Save and if.reg is ready. Press Enter on it. Reopen IconForge after the information from if.reg succesfully entered & observe. The program will expire after 99999 days or aprox. 274 years, good enough, ha? If your an yogi practician (like me) maybe will watch together what's happend after this "short" period of time. OK! We still have that yellow text on maroon, hmmm, what if we can make yellow text on yellow background: yellow and maroon have identical number of characters, see? Let's change maroon with yellow. 2C6EFA is the right adress in hiew, I found it fast for you, so change maroon into yellow & test it! OK!!! Looks fascinating! My job is done! By! PS. You can pack now IconForge.Exe with Aspack 2000. It's smaller & better! Enjoy this nice program! ---------------- Greets: tKC (my love too!), CIA, TNT, PC, CORE, all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. Love you all (but you must be a good soul!). Romanian Greets: Salutari tuturor crackerilor din Romania! Daca doriti cu adevarat schimbari in bine, luati ca optiune de vot si pe cei de la Romania Mare! Au aratat prin fapte ca sunt oameni iubitori si de omenie! O sa ne astepte si zile mai bune, ginditi optimist, Dumnezeu e aici cu noi! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time!!! God is love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY!!! E-mail: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ -----cut here-------------------------------------------------------------------way, as you'll see, it has a pretty decent protection scheme, and then deserved to be ... cracked (neither bought nor used of course).