Name : AntiSniff Version : 1.01 Editor : L0pht Target : antisniff.exe Tools : W32Dasm 8.93 Hacker's View 6.01 PEN & PAPER (old school) ;) Brain Cracker : LW2000 Tutorial : No.2 Where to get it: http://www.l0pht.com/antisniff/ --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- Well, this is my second tutorial *ever* Please excuse my poor english, its not my mother language.... OK guy's, lets crack this bitch of a program. BUT remember if you like it - buy it! Ok lets start: 1. Start Antisniff. *BOOM* A "AntiSniff Registration" window appears and says: "AntiSniff is available for a 15 day trial period only. After your 15 day trial, you must register the software to continue using it...." 2. Lets enter something, i.e. LW2000 as an unlock code and press unlock. 3. *BOOM* You get a messagebox with the header: "Bad unlock code!" and with the following text: "You have entered an invalid unlock code. Registration requires purchasing a valid unlock code." 4. Quit and copy antisniff.exe into try.exe. Disassemble try.exe 5. Click on the SDR button and find the string: "Bad unlock code!" 6. Doubleclick on it and press close in the SDR window 7. Look at this: * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00411B93(C) <-- here we go! | :00411BDD 6840000500 push 00050040 * Possible StringData Ref from Data Obj ->"Bad unlock code!" | :00411BE2 6840844800 push 00488440 * Possible StringData Ref from Data Obj ->"You have entered an invalid unlock " ->"code. Registration requires purchasing " ->"a valid unlock code." :00411BE7 68E0834800 push 004883E0 :00411BEC 53 push ebx 8. Now we go to 00411B93. * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00411B52(C) | :00411B8F 3B742424 cmp esi, dword ptr [esp+24] :00411B93 7548 jne 00411BDD <<--- This is our jump! :00411B95 8B4C2414 mov ecx, dword ptr [esp+14] :00411B99 8D442424 lea eax, dword ptr [esp+24] :00411B9D 6A04 push 00000004 :00411B9F 50 push eax :00411BA0 6A04 push 00000004 :00411BA2 53 push ebx 9. If you look at 00411B93 you see a jump If not equal then we go to 00411BDD which will popup this nasty nag and let the program unregistered! We are going to change this... Place the bar at : 00411B93 7548 jne 00411BDD In the statusbar you will see the offset 11B93h (the h is for hex and you can forget it) Our offset is 11B93. 10. Run Hiew and open antisniff.exe. Press enter twice to go to decode-mode. Press F5 and type 11B93. Place the indicator on 75 and press F3. Change 75 to 74 and press F9 to update. This will change jump-not-equal to jump-equal: The program will be registered with any number, but the real unlock code. Press F10 to save and quit. 11. Run AntiSniff and enter anything for the unlock code, i.e. LW2000 and press unlock! *BOOM* a new "Registration complete!" messagebox appears with the following text: "Your software is now registered. The timeout period has been removed." Congratulation! You are an registered user! FINISH! Easy, or? cu lw2000 Any comments? Mail me lw2000@gmx.net !!! ---- I'd like to thank tKC for his tutors! I started with tutor 1 and i still read them... they are the best!