|
|
|
|
|
|
||
|
|
||
|
|
||
|
|
|
|
|
|
|
|
|
|
| ..sorry if there's any grammatical errors...hope
you'll understand this piece.... this is my First Tutorial.. any
comment are welcome...
ClipMate enhances the Windows Clipboard, making it a true power tool. The cut / copy / paste capability of Windows works well for transferring single items of data but is not useful if you want to move a lot of data or keep data longer than until your next cut or copy. Because Windows overwrites the Clipboard whether you were ready or not. ClipMate works alongside the regular Windows Clipboard and remembers every piece of data (both text and graphics) that you cut or copy. Once your data is saved in ClipMate, you can select an item and it is automatically placed back on the Clipboard or directly into an application. Within ClipMate you can view, print, edit,reformat, convert to upper/lower case, search, rename, and reorder Clip Items. And more! You can create an unlimited number of collections to store your data,
and you have full control over the retention rules so that your collections
fit your personal work process. For example, you can use a "Short-Term"
Collection as a catch-all and create "Long-Term" collections for topics
like Tips & Tricks, Frequently Used Letter Closings, Clip Art, Hot
Internet Web Pages, Project Research, or whatever you wish.
|
|
|
| Registration is via selecting the 'Help' menu
option then choosing the 'Enter Registration Key' selection. Here you will
be asked to enter:
Licensed to
:
The registration code is based on what you type in for your name/handle. 1. Deep within your System Registry it uses the following branch to store it's program settings and User Registration. HKEY_CURRENT_USER\Software\Thornsoft\ClipMate5\Registration
|
|
|
| Run ClipmaTe - cLick on heLp - Select Enter Registration Key....fill out the entries in registration screen wiTh our name 'n our favorite key .....We'll use these for this essay : |
| Licensed To | : | widYa@cL 2011 |
| Registration Key | : | 0101010 |
| ..press
[validate key]...*boom*...error...This is an invalid...bla..bla..bla...[huh.no
biG deal]...Quit Clipmate, We're gonna do a "fast" serial cracking...fire
up W32Dasm and disassemble Clipmt50.Exe...once it's disassembled, click
STRING DATA REFERENCE, look down for the string : "This Is An Invalid
Name/Number Combination"
..Close SDR window, and we'll see these: |
| * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: | ||
| :04D934F(C), :004D9360(C), :004D9371(C), :004D9382(C) --> these are 4 conditional jump that lead us to invalid message.. | ||
| :004D9483 | 6A00 | push 00000000 |
| :004D9485 | 668B0DCC944D00 | mov cx, word ptr [004D94CC] |
| :004D948C | B201 | mov dl, 01 |
| * Possible StringData Ref from Code Obj | ->"This Is An Invalid Name/Number " |
| ->"Combination" |
| :004D948E | B830974D00 | mov eax, 004D9730 |
| :004D9493 | E8FC0AF8FF | call 00459F94 |
| ...press [SHIFT+12] goto code location 004D934F... we land here ... |
| :004D9342 | A198225000 | mov eax, dword ptr [00502298] | ; hmm..what's this ..!! |
| :004D9347 | E89401F3FF | call 004094E0 | ; last call before comparison |
| :004D934C | 83F80D | cmp eax, 0000000D | ; first comparison.. |
| :004D934F | 0F852E010000 | jne 004D9483 | ; our 1'st bad jump |
| ...we're gonna set a breakpoint at 004D9342......but first we'll have to set some breakpoints to get in clipmate code....now enter the registration screen again ... fill out the entries... DO NOT push [Validate Key] yet.....press [CTRL+D] to get into softice.... |
| BPX | GetWindowTextA | [Enter] | |
| BPX | GetDlgItemTextA | [Enter] | |
| BPX | MessageBoxA | [Enter] | |
| X | [Enter] | ; leave Softice 'n back to Clipmate |
| ..push [VALIDATE KEY]...Huh...nothing happen...!..leT's trY the "Famous" one .... |
| BC* | [Enter] | ; clear all breakpoints | |
| BPX | HMEMCPY | [Enter] | |
| X | [Enter] |
| ..push [VALIDATE KEY]...#BOOM#.....press F12 about 7 times..now we're in Clipmate Code ..clear HMEMCPY breakpoint 'coz we don't need it anymore.. ..Now let's set a breakpoint at 004D9342.. |
| BC* | [Enter] | |
| BPX | 004D9342 | [Enter] |
| X | [Enter] |
| ..#BOOM#...Clipmate is totally under our control... aah..we're here now..let's analyze the code... |
| :004D9342 | A198225000 | mov eax, [00502298] | ; EAX contain our dummy key ..cool ! |
| :004D9347 | E89401F3FF | call 004094E0 | ; thiz call calculate our key length |
| :004D934C | 83F80D | cmp eax, 0D | ; compare our dummy key length with 13 |
| :004D934F | 0F852E010000 | jne 004D9483 | ; if not equal then jump to hell (1'st jump) |
| ...what do we got from here..to pass the first bad jump the key length must be 13..which means the correct key length is 13.....hura..let's change our key 'n make sure the key length=13... |
| X [ENTER]- [OK] - change key to '0101010101010' - [VALIDATE KEY] - *BOOM* - F10 4X |
| ; aahh..now we pass 1'st bad jump.. | |||
| :004D9355 | 8D45F2 | lea eax,[ebp-0E] | ; hmm..what's in here ? Type D EAX.. |
| ; you'll see G017367056946 in Data Window | |||
| ; it could be our correct key.. let's continue anyway.. | |||
| ; 'coz our target is to bypass those 4 bad jump... | |||
| :004D9358 | E88301F3FF | call 004094E0 | ; calculate our key length ..again.? |
| :004D935D | 83F80D | cmp eax, 0D | ; feel better ??.. |
| :004D9360 | 0F851D010000 | jne 004D9483 | ; if not equal then jump to hell (2'nd jump) |
| ; we pass the 2'nd bad jump... | |||
| :004D9366 | A198225000 | mov eax, [00502298] | ; EAX now contain our key.. |
| :004D936B | 8A4003 | mov al, [eax+03] | ; al contain 3'rd char from our dummy key '1' |
| ; (count start from 0) | |||
| :004D936E | 3A45F5 | cmp al, [ebp-0B] | ; compare it with 3'rd char from correct key '7' |
| 0 | 1 | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 1 | 0 |
| X | X | X | 7 | X | X | X | X | X | X | X | X | X |
| now..let's change 3'rd char our key to '7' - X [ENTER] - [OK] - change key to '0107010101010' - [VALIDATE KEY] - *BOOM* - F10 11X |
| ;..are we here yet.?..good let's continue.. | |||
| :004D9371 | 0F850C010000 | jne 004D9483 | ; if not equal then jump to hell (3'rd jump) |
| ; ..hei..we pass the 3'rd jump..cool.. | |||
| ; ..one more jump to pass...'n we'll be a good buyer..! | |||
| :004D9377 | A198225000 | mov eax, [00502298] | ; EAX now contain our dummy key.. |
| :004D937C | 8A400C | mov al, [eax+0C] | ; al contain 12'th (the last) char from our key : '0' |
| :004D937F | 3A45FE | cmp al, [ebp-02] | ; compare it with 12'th char from correct key : '6' |
| 0 | 1 | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 1 | 0 |
| X | X | X | 7 | X | X | X | X | X | X | X | X | 6 |
| change 12'th char our key with '6' to pass the 4'th jump - X [ENTER]- [OK] - change key to '0107010101016' -[VALIDATE KEY] - *BOOM* - F10 15X |
| :004D9382 | 0F85FB000000 | jne 004D9483 | ; if not equal then jump to hell (4'th jump) |
| ;..hurraa.... |
| ...phew..at last..we have succeded to pass those 4 'stupid' conditional jump....now..let's give 'the control' to clipmate to do the rest....BD* (to disable our breakpoint) - X (to leave sotice..'n leave clipmate with his homework)....aah..there is a message has been waiting 4 us..." You have succesfully registered Clipmate. Thank You " - [OK] - You're Welcome .. |
| ..are you thinking what i'm thinking..?! ....(yeah..we need more coffee 'n some cigar...) |
| ..re-run clipmate and click on Help - About..and we will see thiz... |
| Licensed
To : widYa@cL 2011
16 User License |
| ..!^#*+...where that '16' came from ?!....hmm...remember G017367056946...let's put G017367056946 as Registration Key..perhaps we could see some differences....buT..you have to Un-Registered Clipmate first.... We can do this in 2 ways : |
| 1. Select Config in Clipmate - User Preferences - Click Advanced Tab - Reset All Settings To Defaults - [YES] - [OK] - [OK] |
| 2. Run Regedit - Goto HKEY_CURRENT_USER\Software\Thornsoft\ClipMate5\ - Delete Registration key |
| ..now enter the registration screen..again.... |
| Licensed
To : widYa@cL 2011
Registration Key : G017367056946 |
| " You have succesfully registered Clipmate. Thank You " - [OK]....look again in the help - About.. |
| Licensed
To : widYa@cL 2011
Single User License |
| ..hmmm.....where part of key that make us as a Single or 16 User License.?!...... |
| ..are you thinking what i'm thinkin'..?! (yeah..perhaps...we should be a cop..!!) |
| ..single means 1 (right ?!) 1 in hexadecimal is 01 and 16 in hexadecimal is 10.....look at table below ...*%@$!....ding..dong.. |
| 0 | 1 | 0 | 7 | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 1 | 6 | ; 16 User License |
| G | 0 | 1 | 7 | 3 | 6 | 7 | 0 | 5 | 6 | 9 | 4 | 6 | ; Single User License |
| ...let's make a conclusion from our short 'party' above... |
| ...These are some rules for the Correct Registration Key : (Notes: Char(Position)) |
| 1. The correct key length is 13 |
| 2. We're only concern with char (1) , char (2) , char (3) , and char (12) |
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | ; position |
| X | X | X | X | X | X | X | X | X | X | X | X | X | ; key |
| 3. 1'st char and 2'nd char is use for number of User license Syntax: 00h-FFh (0-255 Dec) |
| 4.The rest char is totally free( u can use any char) |
| ..heii...how to generate char (3) and char (12)....?!....hurraa...let's start tracing again......but where do we start..?? |
| :004D9342 | A198225000 | mov eax, [00502298] | ; we see our dummy key in EAX at here right ??.. |
| ..since the correct key is based on what we typed for our name...so we have to be suspicious when we see our name in data window..and it can't be far from here...U can start from .004D92DD... BPX 004D92DD...snip....snip.....snip..... |
| :004D92FC | 8D8DD8FEFFFF | lea ecx, [ebp+FFFFFED8] | ; D ECX here...kewl..it's our name..... |
| :004D9302 | BA01000000 | mov edx, 00000001 | |
| :004D9307 | E8AC65F9FF | call 0046F8B8 | ; key gen routine..F8 at here !!!...snip....snip...snip |
| I'll leave u to trace this 'exciting' call on your own from here ...do u know why ? ..'coz this is the first time i'm using frontpage editor to make my very first World Wide Web pages since i was born ..'n u know what.. i pasted all text to this page from text file type..and it look like a nightmare ... so i start arranging and aligning all text ..*damned* it was harder than cracking Clipmate ..then i opened Moft Word to finish the job ....i pushed [TAB] button ...and.....#ding dong#...Mr. Einstein pop a message 'for best result use a table to...bla...bla...bla'.....'n now i get boring to make more tables .. but i should finished this tutor anyway.... |
| ..here is what i got .... | |
| A. Take all char within "A..Z" : widYacl | |
| B. Change to Uppercase : WIDYACL | |
| C. | - If our name is less than 10 ... make a copy until 10 CHAR : WIDYACLWID |
| - If our name is more than 10 ... cut it until 10 CHAR | |
| 5. Only the first 10 char is calculated to generate our license key | |
| means: either widYa chandRa or widYa chandRa leSmaNa will generate the same key | |
| D. If our name doesn't have char within 'A..Z'...then char (3) is 9 and char (12) is 0 | |
| E. The Calculation for char (3) and char (12) | |
| License To | : widYa@cL 2011 |
| Correct Code Syntax | : G%2x%d%d%d%d%d%d%d%d%d%d |
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | ; position |
| W | I | D | Y | A | C | L | W | I | D | ; |
| 57 | 49 | 44 | 59 | 41 | 43 | 4C | 57 | 49 | 44 | ; hex value |
| Hex Value for Char(0) Mod 0Ah --> the result will be our 3'rd char | ; 57%A = 7 |
| Hex Value for Char(9) * 2 Mod 0Ah --> the result will be our 12'th char | ; (44+44)%A = 6 |
| .....now we are free to generate our favorite registration key | ; OFF7CRACKERZ6 |
| ....G017367056946..is came from : |
| 57%A | = 7 | |
| 49*1%A | = 3 | |
| 44*2%A | = 6 | |
| 59*3%A | = 7 | |
| 41*4%A | = 0 | |
| 43*5%A | = 5 | |
| 4C*6%A | = 6 | |
| 57*7%A | = 9 | |
| 49*8%A | = 4 | |
| (44+44)%A | = 6 |
| ..add it with 'gift' from Cipmate(G01) : G017367056946.....now u can make a key generator in your favourite language... |
| ..party is over..... |
|
|
|
|
| Greetz goes to (no particular order) : | |||||||
| tKC/All
PC members, tHATDUDE, UCF, The SandMan,CrackZ,TORN@DO,
The Immortal Descendants,
+ORC, MiB , Iczelion, GCG, ED!SON, Razzia, +Xoanon, iCECREAM, FraVia, Lord Caligo, Buckaroo Banzai, +gthorne , Mexelite , Corn2, Vizion, Manson69, nIabI, Cyborg, ^pain^, intruder, Yaan, Laxity, JoGy, nIabI [C4N/ME], MR NICK, NaTzGUL [REVOLT], Qapla', The _RudeBoy_ , BigMoM, Aphex Twin [Vandals], vûltû_ë, eXact, YOSHi, Volatility, ZeroDay, Aescu, _CbD_, Gavin Estey, DR. Encryption, Joshua Auerbach, Klee8084, masta_, Chuck Nelson, _HaK_, Nemrod and ReN, R. DeYoung, Hugo Perez, lownoise, Hayras,.....
|
|||||||
| ..huh..you have 2 many greetz.... | |||||||
| Essay by: widYa-cL 2011 | |||||||
| Page Created: January 29, 1999 |