<html>

<head>
<meta http-equiv="Content-Language" content="en-gb">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Title</title>
</head>

<body bgcolor="#000000" text="#FFFFFF">
<p align="center">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<img border="0" src="ahlogo1.gif" align="left" width="351" height="300"></p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  <font face="Arial" size="4">Title:&nbsp;LeapFTP 2.7.1.580</font></p>
<p align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </p>
<p align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  <font face="Arial" size="4">URL: http://www.leapware.com</font></p>
<p>&nbsp;</p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  <font face="Arial" size="4">Type:&nbsp;Patch</font></p>
<p>&nbsp;</p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
  <font face="Arial" size="4">Difficulty:&nbsp;Beginner</font></p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </p>
<p>&nbsp;</p>
<table border="1" width="100%">
  <tr>
    <td width="100%">
      <p align="center"><font face="Arial" size="4">ABOUT</font></td>
  </tr>
</table>
&nbsp;
<p><font face="Arial">File Transfer Protocol (FTP) was created to allow the
transfer of files between a FTP server and a FTP client. LeapFTP is a powerful
Windows 95 FTP client that provides the user an abundance of features in a
simple and easy to use interface that even the seasoned computer user can
understand and use.</font></p>
<p>&nbsp;</p>
<table border="1" width="100%">
  <tr>
    <td width="100%">
      <p align="center"><font face="Arial" color="#FFFFFF" size="4">TOOLS</font></td>
  </tr>
</table>
<p><font face="Arial" size="3">Debugger (Softice or TRW2000)<br>
Dissassembler (eg WDasm32)<br>
Hex Editor (eg Hex Workshop)<br>
Registry Editor (eg Regedit,WinHacker)<br>
</font></p>
<table border="1" width="100%">
  <tr>
    <td width="100%">
      <p align="center"><font size="4" face="Arial">ESSAY</font></td>
  </tr>
</table>
<p class="MsoNormal">&nbsp;</p>
<p class="MsoNormal"><b><u><span style="font-size: 14pt; mso-bidi-font-size: 12.0pt"><font face="Arial">Lets
Start Cracking!<O:P>
</O:P>
</font></span></u></b></p>
<p class="MsoBodyText"><span style="FONT-SIZE: 12pt"><font face="Arial">When we
first run the program after installation, we find there is no nag screen
displaying how many days you have remaining , and we are kicked straight into
the program. Right! Where do we start? Do we start fishing for a serial? Being a
newbie, my preferred method is as follows . In LeapFTP, bring up the
registration entry found in the help menu, type in any old name and serial, and
make a note of the bad cracker message  The license key you entered is not
valid. Blah blah blah  write this down. <O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoBodyText"><span style="FONT-SIZE: 12pt"><font face="Arial">Open up
W32Dasm and disassemble leapftp.exe, then go to the refs menu and select String
Data References. Remember the error message we wrote down? Scroll down the
window and look for that text, and when you find it, double click on it. In the
main window you will see that the code has skipped to that location. If we
scroll up through the code a few lines, you will see;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><font face="Arial"><span style="mso-spacerun: yes">&nbsp;</span><font color="#6600FF">:004872E1
E8AE040000<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>call 00487794<O:P>
</O:P>
</font></font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF"><span style="mso-spacerun: yes">&nbsp;</span>*
Possible StringData Ref from Code Obj -&gt;&quot;Thank You For
Registering!&quot;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial"><font color="#6600FF">:004872E6
B864734800<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>mov eax, 00487364</font><O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial">So we know we are in the right area!
Scroll up a bit further and you will see a reference to a conditional jump at
address 0048728E , so we know that this jump has something to do with what
registration message we get. Scroll up a bit further and we see another
conditional jump referenced to at 00487280. But Wait!! What do we see directly
above? Both jumps within a few lines of each other!<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">:00487271 8D55FC<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span>lea edx, dword ptr
[ebp-04]<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">:00487274 E83718F8FF<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;</span>call 00408AB0<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">:00487279 80BBF402000000<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>cmp byte ptr [ebx+000002F4], 00<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span><O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">:00487280 740E<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span>je
00487290<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;</span></font><span style="mso-spacerun: yes"><font face="Arial" color="#FF0000">&nbsp;</font></span><font face="Arial" color="#FF0000">&lt;Not
sure about this one </font><font face="Arial" color="#6600FF"><O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">:00487282 8B55FC<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span>mov edx, dword ptr [ebp-04]<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span><O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">:00487285 8BC3<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span>mov eax, ebx<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">:00487287 E888030000<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;</span>call 00487614<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span><O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">:0048728C 84C0<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span>test
al, al<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">:0048728E 7526<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;</span>jne 004872B6<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font><font face="Arial" color="#FF0000">&lt;Is our serial good? If yes
jump to  Good Boy <span style="mso-spacerun: yes">&nbsp; </span>if no,
carry on to  Bad Cracker </font><font face="Arial" color="#6600FF"><O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial" color="#6600FF">*Referenced by a (U)nconditional
or (C)onditional Jump at Address: <O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial"><font color="#6600FF">|:00487280(C)</font><O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial">The simple solution seems to be that if
we can change the JNE at 0048728E, to a JE, the only serial it wont accept is
the correct one! Note the offset of the line at 0048728E, open your hex editor,
and go to the said offset. There you see your JNE hex value of 7526. Change this
to 7426, which now changes the instruction to a jump if equal, JE. Save the
file, and start up LeapFTP. Enter any old value into the registration fields and
click OK. Boomph! Thank You for registering! If you look in the About.
Section, you will see the program has been registered to you! OR HAS IT?<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial">Exit the program and start it up again.
WHAT THE HELL? Its unregistered again! So we know that although the program has
been changed to except your dodgy serial, your name and said dodgy serial are
copied to the registry, and the program rechecks them everytime the program is
restarted. So the only way to have it registered is to re-enter the serial every
time you start up the program. When the 30 Days is up, your fake serial will
still get you into the program, but THAT SUCKS!<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial">So now we know that we must modify the
code so that it never checks how many days you have left of your trial! The next
thing I did was to set my clock forward past the 30 day limit. Start up the
program, and you get a message saying  This copy of LeapFTP has been
installed for X days,please register your copy, or remove it from your system
 . With the above alteration, any username and serial will be excepted, but
we dont want to do that everytime we use the program. Go back into W32Dasm,
and bring up the String Resources menu, and we find a reference to this
statement, if we double click on it, we will be taken to that portion of the
code. If we scroll up slightly we see some more text  You are on day X of
your evaluation period, this program will stop functioning after 60 days  ,
hmmmmmm looks like we dont want to be seeing that either. Scroll up a bit
more and we see a reference to a conditional jump at 00495AC2, scroll to that
location;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495ABB
E80023FFFF<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>call 00487DC0<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495AC0
84C0<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;</span>test al, al<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495AC2
740D<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp; </span>je 00495AD1<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font><font face="Arial" color="#FF0000">&lt;Our suspect jump command!</font><font face="Arial" color="#6600FF"><O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495AC4
8B45FC<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;</span><span style="mso-spacerun: yes"> </span>mov eax, dword
ptr [ebp-04]<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495AC7
E81C760100<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>call 004AD0E8<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495ACC
E910010000<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;</span>jmp 00495BE1<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">Hmmmm,
the unconditional jump at 00495ACC also looks interesting, but where do it jump
to? 00495BE1, if we look at this section of code.<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495BE1
803DD0FB4B0000<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>cmp byte ptr [004BFBD0], 00<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;
</span></font><font face="Arial" color="#FF0000">&lt;Our unconditional jump
takes us here</font><font face="Arial" color="#6600FF"><O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495BE8
750F<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;</span>jne
00495BF9<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;</span></font><font face="Arial" color="#FF0000">&lt;But where does
this take us?</font><font face="Arial" color="#6600FF"><O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">*
Possible StringData Ref from Code Obj -&gt;&quot;LeapFTP 2.7.1 -
(Unregistered)&quot;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495BEA
BA8C6D4900<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>mov edx, 00496D8C<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495BEF
8B45FC<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span>mov eax, dword ptr [ebp-04]<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495BF2
E801DEF9FF<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;</span>call 004339F8<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495BF7
EB0D<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span>jmp 00495C06<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">*
Referenced by a (U)nconditional or (C)onditional Jump at Address:<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">|:00495BE8(C)<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">*
Possible StringData Ref from Code Obj -&gt;&quot;LeapFTP 2.7.1&quot;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial"><font color="#6600FF">:00495BF9
BAB46D4900<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>mov edx, 00496DB4<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font><font color="#FF0000">&lt;Here!!! Looks like we are gonna be
registered!!</font><O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">First
thing to to is to NOP out the jump at 00495AC2, we do this by going to that
offset location in our hex editor and entering 9090 where the 740D jump command
is! This removes the conditional jump so the program just carries on to the
unconditional jump at 00495ACC. The section of code now looks like this:<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495ABB
E80023FFFF<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>call 00487DC0<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495AC0
84C0<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>test al, al<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495AC2
90<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;</span>nop<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></font><font face="Arial" color="#FF0000">&lt;Our jump has gone! The
program carries on to the jump at 00495ACC</font><font face="Arial" color="#6600FF"><O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495AC3
90<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;</span>nop<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495AC4
8B45FC<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp; &nbsp;</span>mov eax, dword ptr [ebp-04] <O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial" color="#6600FF">:00495AC7
E81C760100<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="mso-spacerun: yes">
</span>call 004AD0E8<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial"><font color="#6600FF">:00495ACC
E910010000<span style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;</span>jmp 00495BE1</font><O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">If
we now start up LeapFTP, BOOM! Straight into the program! No reference to days
left or anything! The [UNREGISTERED] notice has also gone from the title bar!
Look in the help menu. The Enter Registration Key option has also gone! It looks
like our little code change worked, and we have tricked the program into always
thinking it is registered when it isnt! <O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">So
it looks like job done! NOT SO FAST! Remember that conditional jump at 0049BE8?
It does seem to jump us to the registered section, but why is it conditional?
This makes me think that our job is not yet finished. If it is conditional, it
depends on something being not equal. I dont like that! Why not just make it
an unconditional jump, so that it will jump whatever the circumstances! That
sounds better to me.<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">Go
back into your hex editor and to the location 94FE8 ( this is the offset for
address 00495BE8), and change 750F to EB0F. This changes our conditional jump
JNE to an unconditional jump JMP. Im not sure wether that needed to be done,
but why not?<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">JOB
FINISHED!!!!!! You now have a fully functional program that will never expire! <O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">&nbsp;<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">Hope
this tutorial helped, if it didnt, tough!<span style="mso-spacerun: yes">&nbsp;
</span>I know patching programs is a dirty cracking method, but Im still a
newbie and it works! I havent quite got to grips with the live approach
yet!!!! But Rome wasnt built in a day was it?<O:P>
</O:P>
</font></span></p>
<p class="MsoNormal"><span style="mso-spacerun: yes; font-size: 11pt; mso-bidi-font-size: 12.0pt"><font face="Arial">&nbsp;</font></span><span style="FONT-SIZE: 11pt; FONT-FAMILY: Garamond; mso-bidi-font-size: 12.0pt"><O:P>
</O:P>
</span></p>
<table border="1" width="100%">
  <tr>
    <td width="100%">
      <p align="center"><font face="Arial" size="4">THANKS</font></td>
  </tr>
</table>
<p align="center">&nbsp;</p>
<p align="center"><font face="Arial" size="4">The guys at TRES2000 for giving me
a chance</font></p>
<p align="center"><font face="Arial" size="4">[T]urb0z` - You know why!</font></p>
<p align="center"><font face="Arial" size="4">DaZZler + the Little OnE - For
being ACE</font></p>
<p align="center"><font face="Arial" size="4">Lee + Sarah - The best!</font></p>
<p align="center"><font face="Arial" size="4">All the other ppl that have helped
me through life!</font></p>
<p>&nbsp;</p>
<table border="1" width="100%">
  <tr>
    <td width="100%">
      <p align="center"><font face="Arial" size="4">DISCLAIMER</font></td>
  </tr>
</table>

<p align="center">&nbsp;</p>
<p align="center"><span style="mso-bidi-font-size: 12.0pt"><font face="Arial" color="#ffffff" size="4">The
information in this essay is for educational purpose only!<br>
You are only allow to crack, reverse engineer, modify code and debug programs
that you legaly bought and then for personal use only!!<br>
To ignore this warning is a criminal act and can result in lawful actions!<br>
<br>
So please note!<br>
I take no responsibility for how you use the information in this essay, i take
NO responsibility for what might happen to you or your computer!<br>
You use this information on your own risk!!<br>
<br>
What I mean is: Please buy the software!<br>
</font></span></p>




















<!-- START BASEURL FOOTER CODE -->

<!-- END BASEURL FOOTER CODE -->
</body>

</html>
