Cracking for newbies #4 - by woody^drn How to crack Web Weaver 98 at www.mcwebsoftware.com First start the program and let's check what it says. A nag appears, and you have to press okay. Well lets go a little further, choose Help->Unlock Program and write a password. Now it says "Sorry. Wrong Password". Damn ... well lets run gtui and check if the file is packet. Nope it's not .... but it's made in visual basic .. okay now we have to do it a different way. I use SmartCheck or w32dasm which is patched with a patch so it can take vb files. Load up w32dasm og load the file .. and find "Sorry. Wrong password". Found it ?? cewl ;) You don't have the patch for vb programs ?? mail me at cib@get2net.dk Now we could find the right serial or password, but I like to patch everything :) so lets patch it :) * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0060D772(C) | :0060DB1C C745FC25000000 mov [ebp-04], 00000025 :0060DB23 C78578FFFFFF04000280 mov dword ptr [ebp+FFFFFF78], 80020004 :0060DB2D C78570FFFFFF0A000000 mov dword ptr [ebp+FFFFFF70], 0000000A :0060DB37 C7458804000280 mov [ebp-78], 80020004 :0060DB3E C745800A000000 mov [ebp-80], 0000000A :0060DB45 C7459804000280 mov [ebp-68], 80020004 :0060DB4C C745900A000000 mov [ebp-70], 0000000A * Possible StringData Ref from Code Obj ->"Sorry. Wrong password" | :0060DB53 C78568FFFFFF804E4600 mov dword ptr [ebp+FFFFFF68], 00464E80 Okay here it makes the nag appear. As you can see there is a conditional jump from 60D772 to here. So if you nop that jump it wont appear. .... Nop it ! :0060D763 FF1550134000 Call dword ptr [00401350] :0060D769 0FBF8D24FFFFFF movsx ecx, word ptr [ebp+FFFFFF24] :0060D770 85C9 test ecx, ecx :0060D772 0F84A4030000 je 0060DB1C :0060D778 C745FC1B000000 mov [ebp-04], 0000001B 6 bytes to patch. .. 909090909090 Run the program again and write another password. Did it work ? yer .. Run the program once again and what now ... it's still registered! geez what a moron ;) well that's all for now then :) -wOODY^dRN