The Solution for the App of the Week 08/17 - Dropit v 1.0 by YOSHi Some people didnt understand how to do this one, so I figured this could very well help them learn how to crack this awkward (and easy) protection. I will do this in steps for no apparent reason besides to give the reader motion sickness and possibly go color blind. Step One: run the program a few times.... the only 'protection' is in the beginning, with the delayed serial / nag screen Step Two: enter a dummy serial and press "OK", notice how it doesnt say if its good or bad? Maybe its because you've got the right serial!!!! No, its not actually :) Just getting your hopes up. Step Three: restart the program, and the nag is still there. Time to do something about it. BPX getdlgitemtexta (function to get a line of text) Step Four: now that you're in the code, press "f11" to let the program read your serial. Now do a "s 0 l ffffffff 'yourserial'" and bpm on it, if you have Soft-ice 3 or greater you can do this by typing "bpm " in the command line, then right clicking on the address, then selecting "Cut+Paste" and if not, you've got a lot of typing to do Step five: trace through some of the calls that follow, you should see a call to "writeprivateprofilestringa". Now you know what is used to write it, you know what is used to read it too. Step Six: exit the program, and "bpx getprivateprofilestringa". you can use the symbol loader or not, I usually never use it. Step Seven: Soft-Ice breaks at your bpx... press F11 to let it read your code. You will see that you are in mfc40.dll (how? see the part that says "mfc40"? :) Step Eight: search on your reg code. bpm on all occurances. Step Nine: trace into the next call using "t"... this is "the" call, as you will see it contains a compare to the reg code and your code. Step Ten: make sure you have all your bpms set, and dont set any if the offset it above 8000000, its windows temporary memory area Step Eleven: press F5 or G or X or Control+d to exit softice... you will see something like the following: Mov esi, yourcode Mov edi, blankarea cmp esi, edi its looking to see you there is no code... btw all of the conditional jumps that follow will not lead anywhere... anyway, keep tracing until you see the "movsb"... your code will be copied to the area specified in edi, or, the blank area. Step Twelve: Bpm on that, and then f5 or whatever you use :) to exit Soft-Ice. You should see something like the following: mov ah, [edi] mov al, [esi] cmp al, ah Check out the esi and edi.... one should be your regcode, one should be the REAL regcode which coincidentally is "donuts". Step Thirteen: Restart the program, and enter "donuts" as your code. Now you are a registered user for life :) Step Fourteen: if you are not already connected to the internet, do so, and if so, open up mirc or ircii or bitchx or whatever client you use, connect to an EfNet server and come into #cracking4newbies and tell us all about it. You are welcome to come in anytime, any day. Hopefully, the next week there should be a new app of the week, and if anyone has any problems, me and the rest of the MexElite team would be glad to help - its what were there for :) Greets: blorght, FaNt0m, _CbD_, nIabI, joesephCo, drlan, KrAzY_N, ^pain^, mornings, and Manson69 -YOSHi[me/c4n 97]