http://realguide.real.com/games/?s=game_download - Webpage.
I've personally hacked 75% of the programs from this company and it had been a while since my last visit. So, I downloaded a few of their new Windows 95 programs to see what they were like. Their previous titles were mostly VB3 & VB4, but this one was not, so as a challenge to myself, I thought I'd have a go.
This one caught my eye as it was one of my favourite types of board games - Animated Chinese Checkers (even though we'd spell it in the UK as chequers ... but we're like that over here!). I remember the original stuff I did as being available in Windows 3.1 and Windows 95 versions. I decompiled the 16-bit versions and 9 times out of 10, the serial number was listed in the source code in the first module..... and for some of the 32-bit only versions, the serial number was visible inside the code using a standard hex viewer.
So, just in case they had not learnt at all ... I dived in with HIEW under DOS. Searching for "reg", I found the text where the program informs the user that the serial is invalid .... I pressed Page Up and there it was .... in 3 locations !. If Ultisoft are never going to put in a decent key-generator routine to stop the programs being downloaded and registered within seconds then how are they ever going to make money for the authors ?.
This one is different to the usual games published by Ultisoft. A so-so arcade game (of the ZX Spectrum era) created using Corel Click and Create .... one small-ish EXE file with the main data being stored in the file "BRICKAN.CCA". Never tried using Click & Create to make any games etc. - let alone hack something written with it.
I looked through the EXE for the usual ASCII references for "reg" and "invalid" etc. but nothing found. So, I try this large data file in case it contains something other than the graphics and sound for the game ..... Well, look what I found :) Searching for "reg", comes up with a number just above it ... *sigh* it can't be that easy, can it ?
Afraid it is ... another one bytes the dust :)
(CrackZ - Here we have a collection of decompiled registration forms, I assume obtained using DoDi's decompiler, read them and weep, especially if you happen to be called CT Software).
'-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' ' The registration code for YahtC v2.6 by CT Software ' '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' FRMREGIN.FRM Option Explicit Sub Command1_Click () Dim l001A As String Dim l001E As Variant Dim l0022 As String l001a = String(255, Chr$(0)) ' Store Windows directory l001E = Left$(l001A, Get_Win_Dir(l001A, Len(l001A))) ' Get it's location l0022$ = l001E + "\win.ini" ' add \WIN.INI to it ' The code below is the key that is checked .... I used a simple ASCII Table HLP file that ' I downloaded to work out this tough protection :) ' gv0032$ = "VCS,*24486" gv0032$ = Chr$(86) + Chr$(67) + Chr$(83) + Chr$(44) + Chr$(42) + Chr$(50) + Chr$(52) + Chr$(52) + Chr$(56) ' If a valid key is entered, but no name, then alert the dumb user and exit form :) If Text2.Text = gv0032$ Then If Text1.Text = "" Then MsgBox "Valid user name is required.", 48 Text1.SetFocus Exit Sub End If ' extfn00CE (when examining the main declarations is WriteProfileString ' Stick users name into YahtC section of WIN.INI gv0022$ = Text1.Text gv0020% = extfn00CE("YahtC", "Name", gv0022$, l0022$) ' Stick users secret (?) code into YahtC section of WIN.INI gv0022$ = Text2.Text gv0020% = extfn00CE("YahtC", "Number", gv0022$, l0022$) ' Thank you for not paying and goodbye :) MsgBox "Registration information verified.", 64 End ' You naughty pirate, you should enter the correct number :) Else MsgBox "Invalid registration information entered!", 48 Text1.Text = "" Text2.Text = "" End If End Sub Sub Command2_Click () frmRegInfo.Hide End Sub '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' ' The registration code for Craps v2.1 by CT Software ' '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' FRMREGIN.FRM Option Explicit Sub Command1_Click () ' ' Well, looky here, he's using the same "protection" as the other titles .... dig out an ASCII ' table and the string works out to be ...... ' ' gv0014$ = "RC,PPT,757" ' gv0014$ = Chr$(82) + Chr$(67) + Chr$(44) + Chr$(80) + Chr$(80) + Chr$(84) + Chr$(44) + Chr$(55) + Chr$(53) + Chr$(55) ' Correct text entered but no name ? If Text2.Text = gv0014$ Then If Text1.Text = "" Then MsgBox "Valid user name is required.", 48 Text1.SetFocus Exit Sub End If ' Number is corrent and person remembered to type in their name this time, so let's write it to ' WIN.INI ........ gv0018$ = Text1.Text gv0012% = extfn00BE("Craps", "Name", gv0018$, gv0028$) gv0018$ = Text2.Text gv0012% = extfn00BE("Craps", "Number", gv0018$, gv0028$) MsgBox "Registration information verified.", 64 End ' For those people unfortunate enough not to know how to use a VB Decompiler ..... Else MsgBox "Invalid registration information entered!", 48 Text1.Text = "" Text2.Text = "" End If End Sub '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' ' The registration code for CT DiskCopy v1.2 by CT Software ' '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' FRMREGIN.FRM Option Explicit Sub Command1_Click () Dim l0028 As String Dim l002E As Integer ' This time, he has defined the "secret code" somewhere else in the code, but I've pasted the line here ' so you can see what he was doing (it was in the main code file DISK16) ' gv002A$ = Chr$(82) + Chr$(69) + Chr$(65) + Chr$(42) + Chr$(44) + Chr$(57) + Chr$(48) + Chr$(52) + ' Chr$(44) ' Which in reality, equates to:- ' ' gv002A$ = "REA*,904," ' So his code is the same as the other programs, check the code and the name can be anything you like ! If Text2.Text = gv002A$ Then If Text1.Text = "" Then MsgBox "Valid user name is required.", 48 Text1.SetFocus Exit Sub End If ' Paying (?) customer found, dump contents of Name & Number into Registry. l0028$ = Text1.Text l002E% = extfn00D6("DiskCopy", "Name", l0028$, gv001E$) l0028$ = Text2.Text l002E% = extfn00D6("DiskCopy", "Number", l0028$, gv001E$) MsgBox "Registration information verified.", 64 End ' What shall we do with a non-user of VB Discompiler ? Kick him/her out :) Else MsgBox "Invalid registration information entered!", 48 Text1.Text = "" Text2.Text = "" End If End Sub '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' ' The registration code for CT Hotspot v1.02 by CT Software ' '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' FRMREGIN.FRM Option Explicit Sub Command1_Click () ' This time, he has defined the "secret code" somewhere else in the code, but I've pasted the line here ' so you can see what he was doing (it was in the main code file) ' gv0018$ = Chr$(115) + Chr$(52) + Chr$(48) + Chr$(48) + Chr$(44) + Chr$(57) + Chr$(49) + Chr$(51) + ' Chr$(44) + Chr$(42) + Chr$(49) + Chr$(49) + Chr$(51) ' The real code (decryption took a long time to work it out .... hmmm :) ' gv0018$ = "s400,913,*113" If Text2.Text = gv0018$ Then If Text1.Text = "" Then MsgBox "Valid user name is required.", 48 Text1.SetFocus Exit Sub End If gv0008$ = Text1.Text gv0006% = extfn00CB("HotSpot", "Name", gv0008$, gv001C + "\win.ini") gv0008$ = Text2.Text gv0006% = extfn00CB("HotSpot", "Number", gv0008$, gv001C + "\win.ini") MsgBox "Registration information verified.", 64 End Else MsgBox "Invalid registration information entered!", 48 Text1.Text = "" Text2.Text = "" End If End Sub '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' ' The registration code for CT Swapper v1.1 by CT Software ' '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' ' FRMREGIN.FRM Option Explicit Sub Command1_Click () Dim l0028 As String Dim l002E As Integer ' Oh gosh, what a surprise, it's the same routine again.... must go an grab my DES chip ' so that I can work out the code ........ ' gv002C$ = Chr$(50) + Chr$(56) + Chr$(52) + Chr$(51) + Chr$(44) + Chr$(80) + Chr$(66) ' + Chr$(83) + Chr$(44) + Chr$(55) + Chr$(42) ' Which in reality, is really .... ' ' gv002C$ = "2843,PBS,7*" ' Not much point in describing what goes on here as I am tired of finding new ways to ' describe writing to INI files etc. etc. Look at the first of these tutorials/hacks to ' see my comments :) If Text2.Text = gv002C$ Then If Text1.Text = "" Then MsgBox "Valid user name is required.", 48 Text1.SetFocus Exit Sub End If l0028$ = Text1.Text l002E% = extfn009B("Swapper", "Name", l0028$, gv0018$) l0028$ = Text2.Text l002E% = extfn009B("Swapper", "Number", l0028$, gv0018$) MsgBox "Registration information verified.", 64 End Else : MsgBox "Invalid registration information entered!", 48 Text1.Text = "" Text2.Text = "" End If End Sub Sub Command2_Click () frmRegInfo.Hide End Sub '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' ' The registration code for CT Swapper v1.1 by CT Software ' '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' FRMREGIN.FRM Option Explicit Sub Command1_Click () ' Hmmm ...... I think you all know by now what this little line is setting up a variable for ? gv0052$ = Chr$(122) + Chr$(107) + Chr$(105) + Chr$(44) + Chr$(44) + Chr$(50) + Chr$(44) + Chr$(42) + Chr$(56) + Chr$(51) + Chr$(55) + Chr$(52) + Chr$(50) ' Decoded version is:- ' ' gv0052$="zki,,2,*83742" If Text2.Text = gv0052$ Then If Text1.Text = "" Then MsgBox "Valid user name is required.", 48 Text1.SetFocus Exit Sub End If gv0062$ = Text1.Text gv0060% = extfn011A("Notebook", "Name", gv0062$, gv006E$) gv0062$ = Text2.Text gv0060% = extfn011A("Notebook", "Number", gv0062$, gv006E$) MsgBox "Registration information verified.", 64 End Else MsgBox "Invalid registration information entered!", 48 Text1.Text = "" Text2.Text = "" End If End Sub Sub Command2_Click () frmRegInfo.Hide End Sub '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' ' The registration code for CT Swapper v1.1 by CT Software ' '-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o- ' FRMREGIN.FRM Option Explicit Private Sub Command1_Click () Dim l0028 As String Dim l002A As String ' gv0022$ = Chr$(55) + Chr$(49) + Chr$(103) + Chr$(112) + Chr$(44) + Chr$(42) + Chr$(99) ' gv0022$ = gv0022$ + Chr$(109) + Chr$(112) + Chr$(44) + Chr$(52) + Chr$(57) + Chr$(57) + Chr$(52) ' gv0022$ was stored in another module, but I've brought it in here to make it easier :) ' ' gv0022$ = "71gp,*cmp,4994" If Text2.Text = gv0022$ Then If Text1.Text = "" Then MsgBox "Valid user name is required.", 48 Text1.SetFocus Exit Sub End If l0028$ = Text1.Text l002A$ = Text2.Text gv0014% = extfn00C6("Safety Net", "Name", l0028$, gv001E$) gv0014% = extfn00C6("Safety Net", "Number", l002A$, gv001E$) MsgBox "Registration information verified.", 64 End Else : MsgBox "Invalid registration information entered!", 48 Text1.Text = "" Text2.Text = "" End If End Sub Private Sub Command2_Click () frmRegInfo.Hide End Sub Private Sub Form_Load () sub01A1 Me frmRegInfo.Icon = Form1.Icon End Sub