Multiquence 2.02

Web : http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com

Multiquence 2.02

Type : Multiquence™ is a fast, easy-to-use, multitrack multimedia processor.
Protection : Serial
Tech : Patching & Serial fishing

Crack : This program uses two tire protection ...First it encryptes key and compare it
with inbuilt real encrypted key.Second it makes a password from our name and then
compare it with entered value.Second phase is easy to pass ....But first phase is little
bit harder ....there are two ways

i. To dig deep in to assembly code and study encrypting algorithm --- [very ...very long]
ii. Change inbuilt encrypted key according to our input key --- [very easy]

Anyway two methods give a working program :)
So we will choose easy method ...

Enter fake key and in SICE BPX GETWINDOWTEXTA

0x41E2D1 PUSH 004E570A --- "C2"
0x41E2D6 LEA EDX,[EBP-0124] ---- FAKE KEY
0x41E2DC PUSH EDX
0x41E2DD CALL 4A24BC --- ENCRYPTING ALGO
0x41E2E2 ADD ESP,08
.............................
0x41E307 LEA EDX,[EBP-0124] --- ENCRYPTED FAKE KEY
0x41E30D AND ECX,03
0x41E310 MOV EAX,004E56FC --- REAL ENCRYPTED KEY - "C2smjxwrs7Sj6"
.......................................
0x41E31B CMP CL,[EDX] ---- COMPARE BOTH
................................
0x41E335 SETNZ BL --- SET FLAG
..........................
0x41E40C LEA EAX,[EBP-0178] --- FAKE PASSWORD
0x41E412 LEA EDX,[EBP-0194] --- REAL PASSWORD
0x41E418 MOV CL,[EAX]
0x41E41A CMP CL,[EDX] ---- COMPARE BOTH

So change real encrypted key :

C2smjxwrs7Sj6 => C2.HEKRCFNhaw. -- offset = E3EFC
Hex = 43 32 2E 48 45 4B 52 43 46 4E 68 61 77 00

Registration Info : Change real encrypted key and enter following code in register window

Key = 3254-345-345
First name = DHEERAJ
Last name = MXB
Password = BDPWBYAI

- "Muexplor.exe"
********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = 1531

5. LIBRARIAN - "Librarian.exe"
**********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = ADF1

6. ON DISPLAY - "Mupanel.exe"
***********************
Use API Spy we can see it is reading three registry keys - "Eval1 - Eval2 - Eval3"
starting from address 0x004091E6 ...
So in SICE BPX 4091E6 ...TRACE ....

0x40937D MOV EAX,[0041AD10]
0x409382 JNZ 00409393
0x409384 CMP EAX,1E = 30 DAYS

So it is storing no: of days at 0x0041AD10 ....So in SICE
BPMB 41AD10 RW ---- Restart ....

0x409355 TEST EAX,EAX
0x409357 MOV [0041AD10],EAX --- STORE NO: OF DAYS :)
0x40935C JLE 40936C

So our crack will be :

0x409355 XOR EAX,EAX - 33 C0 - OFFSET = 9355

E86C0A0000 CALL 004111F5
015F:00410789 48 DEC EAX --------> Make EAX = 0
015F:0041078A 7403 JZ 0041078F ---> BAD Boy
015F:0041078C 48 DEC EAX
015F:0041078D 750C JNZ 0041079B ---> Good Boy

Patch : Offset : FB89

015F:00410784 E86C0A0000 CALL 004111F5
015F:00410789 90 NOP
015F:0041078A 90 NOP
015F:0041078B 90 NOP
015F:0041078C 90 NOP
015F:0041078D EB0C JMP 0041079B

Opps this DREAMPOP.EXE is using CRC checking :(