Cracking Tutorial #1 By SiONiDE

Hi fellow Crackers. I write these tutorials in short amounts of time. Therefore I apologise
for any grammatical  errors in this essay. Enjoy the Tut!

"Basic" ASM Cracking:

Difficulty Level: 	Easy [X] Medium [ ] Hard [ ] Expert [ ]

Toolz Required:
W32Dasm...............A good Cracking Web Site.
HIEW..................A good Cracking Web Site.
BYTE HUNTER V2.0......A good Cracking Web Site.
Brain.................Ummm....Head maybe??
Computer..............You're on one now!

Step 1.

Today we will learn how to patch a file so that you can enter any NAME/SERIAL.
To do this we need a piece of unregistered shareware which is not too complicated. Once 
you have found the target run it and click register. Enter SiONiDE as the name and 
123456 as the serial. What happens??? It comes up with an error message. You shoulf write
this message down as we will need it later.

Step 2.

Fire up W32Dasm and click "Open File to Disassemble" and select your target. After a few
hundred hours it should be disassembled. You should have a screen filled with code. Click 
on "String Data References" or "SDR" and search for the earlier message. Once it is found, 
double click on it and close "SDR". You should see something like this:


* Possible StringData Ref from Code Obj - > "Your Error Message Here"


Scroll up until you see this:


* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:********(C)


The stars will be replaced with numbers and letters eg. 00485D9B(C)
Select the "Goto" menu and select "Goto Code Location", type in the numbers and letters
that replace the stars a few lines up. When you get to that address you should see
something like this:


:00485D95 41           inc ecx
:00485D96 E8B1CFF7FF         call 00402D4C
:********     0F8532010000                      jne 00485ED3


The stars will be replaced with numbers and the above numbers will be different.
The third line is the one we are interested in, but first lets learn a bit more 
about it.

the "jne" means that if the Name and Serial are not equal, it will jump to the earlier 
Error Message. 

Asm:    What it Means:                          Hex:
                                                
jne	jump if not equal			0F85
je	jump if equal				0F84
jmp	jump directly to			EB
nop	no operation				90
ja	jump if above				0F87
jna     jump if not above			0F86
jae	jump if above or equal			0F83
jnae	jump if not above or equal		0F82
jb	jump if below				0F82
jnb	jump if not below			0F83
jbe	jump if below or equal			0F86
jnbe	jump if not below or equal		0F87
jg	jump if greater				0F8F
jng	jump if not greater			0F8E
jge	jump if greater or equal		0F8D
jnge	jump if not greater or equal		0F8C
jl	jump if less				0F8C
jnl	jump if not less			0F8D
jle	jump if less or equal			0F8E
jnle	jump if not less or equal		0F8F

Lets see what will happen if we replace "jne" with "je". Get it??? It will only jump
to the error message if you enter the right NAME and SERIAL. Make sure the line with 
"jne" has the green bar over it and write down the @Offset located at the bar to the 
right. E.G. 0008519Bh, don't write down the "h", it means HEX.

Step 3.

Drag TARGET.EXE onto HIEW.EXE. Make sure that you switch off READ-ONLY in TARGET.EXE's
properties. Press [ENTER] twice to enter decode mode. Press F5 and enter the Offset, without
the "h" remember. Press F3 to EDIT and enter 0F85 (je) and press F9 to update. Press Esc to
exit HIEW. Run TARGET.EXE and click register, enter any NAME/SERIAL and click Okay or Register.
What happens??? It says it that it's valid. Walla, we've patched it. 

Step 4.

Now that we've patched it, we can write a patch which can just be ran instead of all the
above. Run BYTE HUNTER v2.0 Enter the name of the patch and your name. Enter the hex code 
the entire line with "jne" in. E.G. 0F8532010000. Then enter what you want it changed to,
so just replace the "85" with "84" so 0F8432010000. Press "N" twice and then rename 
PATCH.EXE to your choice and there we are. Before you distribute a patch on the internet,
make sure it works!!



	