The author of  Teleport Pro v1.29 says :

   - Completely download a website, enabling you to "offline browse" the site at much greater speeds than if
     you were to browse the site online.
   - Create an exact duplicate, or "mirror" of a website, complete with subdirectory structure and all required
     files.
   - Search a website for files of a certain type (and even size!).
   - Download a list of files from the Internet.
   - Explore every website linked from a central website.
   - Search a website for keywords.
   - Make a list of all pages and files on a website.
 

About this protection system

 This protection routine is based on the user name and company.

 The program keeps its settings at the registry :

   HKCU\Software\Tennyson Maxwell\Teleport Pro\User\Company
   HKCU\Software\Tennyson Maxwell\Teleport Pro\User\Name
   HKCU\Software\Tennyson Maxwell\Teleport Pro\User\Registration
 

The Essay

 I'v heard about this program today, while talking about downloading some REC sites. I heard that this is
 the best tool to create a mirror sites and file-retrieving on the internet. I wonder why the authors didn't spent
 more efforts to protect this great utility.
 Run Teleport Pro, and you'll be welcome with a screen to the new user.
 Go to Help/register and type in name, compny and some registration key.
 We get the message : "We're sorry!  The registration number you entered appears to...".
 I guess that you know what need to be our next step, don't you ?
 Go to w32dasm and create the program's dead list. In the String Data Referances, look for this message.
 found it ?  Good, now look around it, do you see some "good" message ? Yep, but not this one that follows
 the bad one. Go a bit down for this one : "Thank you!  Your copy of Teleport Pro is now registered.  All..."
 Double click on it will take you to the location where this message is coming from tn the program.
 You should see now this snippet of code :

:00425643 E890090000              call 00425FD8
:00425648 3945E8                  cmp dword ptr [ebp-18], eax
:0042564B 59                      pop ecx
:0042564C 753A                    jne 00425688
:0042564E A174B34700              mov eax, dword ptr [0047B374]
:00425653 8945F0                  mov dword ptr [ebp-10], eax

* Possible Reference to String Resource ID=07152: "Thank you!  Your copy of Teleport Pro is
  now  registered.  All"
                                  |
:00425656 68F01B0000              push 00001BF0
:0042565B 8D4DF0                  lea ecx, dword ptr [ebp-10]

 What we can see is a tipical "call" folowed by a "cmp" instruction. So we know now where we want the
 program to break, so we can see what's this cmp is for.
 Enter your details again and Just before you hit the "OK" button, we will fire up Softice (ctrl+D) to "tell" it
 where we want to set a break-point.  Type "bpx getwindowtexta", and "x".
 Now you can click on the "OK". Softice will break, hit "x", Softice will break again, hit "x", Softice will break
 for the 3rd and last time on the API "getwindowtexta".
 Press "F11" once.  Now we are at the program's code, after we return from the last API.
 We want to disable this BP and to set a new one after the call that we saw above.
 Type "bd 00", and then "bpx 425643", and "x" to leave SI.  SI will break immediately here :
 
  :00425643 E890090000              call 00425FD8               ; we land here
 :00425648 3945E8                  cmp dword ptr [ebp-18], eax
 :0042564B 59                      pop ecx
 :0042564C 753A                    jne 00425688
 :0042564E A174B34700              mov eax, dword ptr [0047B374]
 :00425653 8945F0                  mov dword ptr [ebp-10], eax

 * Possible Reference to String Resource ID=07152: "Thank you!  Your copy of Teleport Pro is
   now  registered.  All"
                                  |
 :00425656 68F01B0000              push 00001BF0
 :0042565B 8D4DF0                  lea ecx, dword ptr [ebp-10]

 Press "F10" once, and you'll see that after executing this call, register EAX is highlighted and have some
 Hex value in it. The next instruction is comparing the value of EAX with the value that in location [ebp-18]
 in the memory. To see what's in this location, type "d ebp-18", for me it was "F7 76 E5 42", to see what's
 the decimal value i type "? 42E576F7" - LOOK, in reverse order !! do the same for the value that you got,
 and you can see that this is the *fake* registration you entered.
 So, if it's being compared with the value of EAX, this should be the real registration !!
 I assume that you know by now how to check the decimal value that EAX holds. (see the steps above...).
 At this point, write down the *real* number, and see how the program will jump with this :
 
 0042564C 753A                    jne 00425688          <jump>
 
  Type "x" , get the error message for the last time, and enter the registration that you sniffed.
  You can disable the break-points, you'll not need them anymore here...
 

The Patches

 Nothing needed...

 REMEMBER, i'm doing my cracks as a hobby and challenge, so please, if you like
 this utility and want to keep using it, support the author and pay for it.
 

Final Notes

 My thanks and gratitude goes to:-

The Sandman for all what he is doing for us, newbies.

Rhayader for helping me with Reverse Code Engineering and useful tips