http://realguide.real.com/games/?s=game_download - Webpage.
I've personally hacked 75% of the programs from this company and it had been a while since my last visit. So, I downloaded a few of their new Windows 95 programs to see what they were like. Their previous titles were mostly VB3 & VB4, but this one was not, so as a challenge to myself, I thought I'd have a go.
This one caught my eye as it was one of my favourite types of board games - Animated Chinese Checkers (even though we'd spell it in the UK as chequers ... but we're like that over here!). I remember the original stuff I did as being available in Windows 3.1 and Windows 95 versions. I decompiled the 16-bit versions and 9 times out of 10, the serial number was listed in the source code in the first module..... and for some of the 32-bit only versions, the serial number was visible inside the code using a standard hex viewer.
So, just in case they had not learnt at all ... I dived in with HIEW under DOS. Searching for "reg", I found the text where the program informs the user that the serial is invalid .... I pressed Page Up and there it was .... in 3 locations !. If Ultisoft are never going to put in a decent key-generator routine to stop the programs being downloaded and registered within seconds then how are they ever going to make money for the authors ?.
This one is different to the usual games published by Ultisoft. A so-so arcade game (of the ZX Spectrum era) created using Corel Click and Create .... one small-ish EXE file with the main data being stored in the file "BRICKAN.CCA". Never tried using Click & Create to make any games etc. - let alone hack something written with it.
I looked through the EXE for the usual ASCII references for "reg" and "invalid" etc. but nothing found. So, I try this large data file in case it contains something other than the graphics and sound for the game ..... Well, look what I found :) Searching for "reg", comes up with a number just above it ... *sigh* it can't be that easy, can it ?
Afraid it is ... another one bytes the dust :)
(CrackZ - Here we have a collection of decompiled registration forms, I assume obtained using DoDi's decompiler, read them and weep, especially if you happen to be called CT Software).
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for YahtC v2.6 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
' FRMREGIN.FRM
Option Explicit
Sub Command1_Click ()
Dim l001A As String
Dim l001E As Variant
Dim l0022 As String
l001a = String(255, Chr$(0)) ' Store Windows directory
l001E = Left$(l001A, Get_Win_Dir(l001A, Len(l001A))) ' Get it's location
l0022$ = l001E + "\win.ini" ' add \WIN.INI to it
' The code below is the key that is checked .... I used a simple ASCII Table HLP file that
' I downloaded to work out this tough protection :)
' gv0032$ = "VCS,*24486"
gv0032$ = Chr$(86) + Chr$(67) + Chr$(83) + Chr$(44) + Chr$(42) + Chr$(50) + Chr$(52) + Chr$(52) + Chr$(56)
' If a valid key is entered, but no name, then alert the dumb user and exit form :)
If Text2.Text = gv0032$ Then
If Text1.Text = "" Then
MsgBox "Valid user name is required.", 48
Text1.SetFocus
Exit Sub
End If
' extfn00CE (when examining the main declarations is WriteProfileString
' Stick users name into YahtC section of WIN.INI
gv0022$ = Text1.Text
gv0020% = extfn00CE("YahtC", "Name", gv0022$, l0022$)
' Stick users secret (?) code into YahtC section of WIN.INI
gv0022$ = Text2.Text
gv0020% = extfn00CE("YahtC", "Number", gv0022$, l0022$)
' Thank you for not paying and goodbye :)
MsgBox "Registration information verified.", 64
End
' You naughty pirate, you should enter the correct number :)
Else MsgBox "Invalid registration information entered!", 48
Text1.Text = ""
Text2.Text = ""
End If
End Sub
Sub Command2_Click ()
frmRegInfo.Hide
End Sub
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for Craps v2.1 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
' FRMREGIN.FRM
Option Explicit
Sub Command1_Click ()
'
' Well, looky here, he's using the same "protection" as the other titles .... dig out an ASCII
' table and the string works out to be ......
'
' gv0014$ = "RC,PPT,757"
'
gv0014$ = Chr$(82) + Chr$(67) + Chr$(44) + Chr$(80) + Chr$(80) + Chr$(84) + Chr$(44) + Chr$(55) + Chr$(53) + Chr$(55)
' Correct text entered but no name ?
If Text2.Text = gv0014$ Then
If Text1.Text = "" Then
MsgBox "Valid user name is required.", 48
Text1.SetFocus
Exit Sub
End If
' Number is corrent and person remembered to type in their name this time, so let's write it to
' WIN.INI ........
gv0018$ = Text1.Text
gv0012% = extfn00BE("Craps", "Name", gv0018$, gv0028$)
gv0018$ = Text2.Text
gv0012% = extfn00BE("Craps", "Number", gv0018$, gv0028$)
MsgBox "Registration information verified.", 64
End
' For those people unfortunate enough not to know how to use a VB Decompiler .....
Else MsgBox "Invalid registration information entered!", 48
Text1.Text = ""
Text2.Text = ""
End If
End Sub
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for CT DiskCopy v1.2 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
' FRMREGIN.FRM
Option Explicit
Sub Command1_Click ()
Dim l0028 As String
Dim l002E As Integer
' This time, he has defined the "secret code" somewhere else in the code, but I've pasted the line here
' so you can see what he was doing (it was in the main code file DISK16)
' gv002A$ = Chr$(82) + Chr$(69) + Chr$(65) + Chr$(42) + Chr$(44) + Chr$(57) + Chr$(48) + Chr$(52) + ' Chr$(44)
' Which in reality, equates to:-
'
' gv002A$ = "REA*,904,"
' So his code is the same as the other programs, check the code and the name can be anything you like !
If Text2.Text = gv002A$ Then
If Text1.Text = "" Then
MsgBox "Valid user name is required.", 48
Text1.SetFocus
Exit Sub
End If
' Paying (?) customer found, dump contents of Name & Number into Registry.
l0028$ = Text1.Text
l002E% = extfn00D6("DiskCopy", "Name", l0028$, gv001E$)
l0028$ = Text2.Text
l002E% = extfn00D6("DiskCopy", "Number", l0028$, gv001E$)
MsgBox "Registration information verified.", 64
End
' What shall we do with a non-user of VB Discompiler ? Kick him/her out :)
Else MsgBox "Invalid registration information entered!", 48
Text1.Text = ""
Text2.Text = ""
End If
End Sub
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for CT Hotspot v1.02 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
' FRMREGIN.FRM
Option Explicit
Sub Command1_Click ()
' This time, he has defined the "secret code" somewhere else in the code, but I've pasted the line here
' so you can see what he was doing (it was in the main code file)
' gv0018$ = Chr$(115) + Chr$(52) + Chr$(48) + Chr$(48) + Chr$(44) + Chr$(57) + Chr$(49) + Chr$(51) + ' Chr$(44) + Chr$(42) + Chr$(49) + Chr$(49) + Chr$(51)
' The real code (decryption took a long time to work it out .... hmmm :)
' gv0018$ = "s400,913,*113"
If Text2.Text = gv0018$ Then
If Text1.Text = "" Then
MsgBox "Valid user name is required.", 48
Text1.SetFocus
Exit Sub
End If
gv0008$ = Text1.Text
gv0006% = extfn00CB("HotSpot", "Name", gv0008$, gv001C + "\win.ini")
gv0008$ = Text2.Text
gv0006% = extfn00CB("HotSpot", "Number", gv0008$, gv001C + "\win.ini")
MsgBox "Registration information verified.", 64
End
Else MsgBox "Invalid registration information entered!", 48
Text1.Text = ""
Text2.Text = ""
End If
End Sub
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for CT Swapper v1.1 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' FRMREGIN.FRM
Option Explicit
Sub Command1_Click ()
Dim l0028 As String
Dim l002E As Integer
' Oh gosh, what a surprise, it's the same routine again.... must go an grab my DES chip
' so that I can work out the code ........
' gv002C$ = Chr$(50) + Chr$(56) + Chr$(52) + Chr$(51) + Chr$(44) + Chr$(80) + Chr$(66)
' + Chr$(83) + Chr$(44) + Chr$(55) + Chr$(42)
' Which in reality, is really ....
'
' gv002C$ = "2843,PBS,7*"
' Not much point in describing what goes on here as I am tired of finding new ways to
' describe writing to INI files etc. etc. Look at the first of these tutorials/hacks to
' see my comments :)
If Text2.Text = gv002C$ Then
If Text1.Text = "" Then
MsgBox "Valid user name is required.", 48
Text1.SetFocus
Exit Sub
End If
l0028$ = Text1.Text
l002E% = extfn009B("Swapper", "Name", l0028$, gv0018$)
l0028$ = Text2.Text
l002E% = extfn009B("Swapper", "Number", l0028$, gv0018$)
MsgBox "Registration information verified.", 64
End
Else : MsgBox "Invalid registration information entered!", 48
Text1.Text = ""
Text2.Text = ""
End If
End Sub
Sub Command2_Click ()
frmRegInfo.Hide
End Sub
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for CT Swapper v1.1 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
' FRMREGIN.FRM
Option Explicit
Sub Command1_Click ()
' Hmmm ...... I think you all know by now what this little line is setting up a variable for ?
gv0052$ = Chr$(122) + Chr$(107) + Chr$(105) + Chr$(44) + Chr$(44) + Chr$(50) + Chr$(44) + Chr$(42) + Chr$(56) + Chr$(51) + Chr$(55) + Chr$(52) + Chr$(50)
' Decoded version is:-
'
' gv0052$="zki,,2,*83742"
If Text2.Text = gv0052$ Then
If Text1.Text = "" Then
MsgBox "Valid user name is required.", 48
Text1.SetFocus
Exit Sub
End If
gv0062$ = Text1.Text
gv0060% = extfn011A("Notebook", "Name", gv0062$, gv006E$)
gv0062$ = Text2.Text
gv0060% = extfn011A("Notebook", "Number", gv0062$, gv006E$)
MsgBox "Registration information verified.", 64
End
Else MsgBox "Invalid registration information entered!", 48
Text1.Text = ""
Text2.Text = ""
End If
End Sub
Sub Command2_Click ()
frmRegInfo.Hide
End Sub
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
'
' The registration code for CT Swapper v1.1 by CT Software
'
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
' FRMREGIN.FRM
Option Explicit
Private Sub Command1_Click ()
Dim l0028 As String
Dim l002A As String
' gv0022$ = Chr$(55) + Chr$(49) + Chr$(103) + Chr$(112) + Chr$(44) + Chr$(42) + Chr$(99)
' gv0022$ = gv0022$ + Chr$(109) + Chr$(112) + Chr$(44) + Chr$(52) + Chr$(57) + Chr$(57) + Chr$(52)
' gv0022$ was stored in another module, but I've brought it in here to make it easier :)
'
' gv0022$ = "71gp,*cmp,4994"
If Text2.Text = gv0022$ Then
If Text1.Text = "" Then
MsgBox "Valid user name is required.", 48
Text1.SetFocus
Exit Sub
End If
l0028$ = Text1.Text
l002A$ = Text2.Text
gv0014% = extfn00C6("Safety Net", "Name", l0028$, gv001E$)
gv0014% = extfn00C6("Safety Net", "Number", l002A$, gv001E$)
MsgBox "Registration information verified.", 64
End
Else : MsgBox "Invalid registration information entered!", 48
Text1.Text = ""
Text2.Text = ""
End If
End Sub
Private Sub Command2_Click ()
frmRegInfo.Hide
End Sub
Private Sub Form_Load ()
sub01A1 Me
frmRegInfo.Icon = Form1.Icon
End Sub