How to find the serial# for UltiSoftÆs 3D BlackJack Trainer v1.1.0
!Another VB 5 Program!
By DABERT
Tutorial# 2
Target: UltiSoftÆs 3D BlackJack Trainer v1.1.0
Author: ULTISOFT
Where : http://www.ultisoft.com/3dbj.htm
Size : 5.66 MB [unzipped]
Tools : Softice 3.25/Quickview
Protection: Serial
What the Author say's.
3D BlackJack Trainer uses a realistic-looking Blackjack table with animated cards to make the game as natural as possible.A long list of game options lets you tailor the house rules to your liking.The program's truly unique feature is use of a Wizard to advise you along the way. This tutor includes introductory and basic strategy tours as well as card counting.
3D BlackJack Trainer costs only $20.When you register, you can bet more than the maximum $5, use the training wizard any time, remove all the shareware reminder screens and receive updates free. You will also be able to save statistics, change the house rules and use preset "Play Sets" for many of the popular casinos.
Ok,open 3D/BJ with quickview, we find that it's another VB 5 program.So you have to make sure you have got these two lines in your winice.dat file.
EXP=c:\windows\system\msvbvm50.dll
AF4="^s 0 l ffffffff 56,57,8b,7c,24,10,8b,74,24,0c,8b,4c,24,14,33,c0,f3,66,a7;"
If you have'nt add them now and restart your system.
The 56,57,8b,7c,24,10,8b,74,24,0c,8b,4c,24,14,33,c0,f3,66,a7 is the VB 5 string compare routine.In softice it looks like this below;
014F:0F00D9EA 56 PUSH ESI
014F:0F00D9EB 57 PUSH EDI
014F:0F00D9EC 8B7C2410 MOV EDI,[ESP+10]
014F:0F00D9F0 8B74240C MOV ESI,[ESP+0C]
014F:0F00D9F4 8B4C2414 MOV ECX,[ESP+14]
014F:0F00D9F8 33C0 XOR EAX,EAX
014F:0F00D9FA F366A7 REPZ CMPSW <-- Compare those strings
014F:0F00D9FD 7405 JZ 0F00DA04
Now to find the serial# we start 3D/BJ,click on Register and enter your fake serial#.Don't press REGISTER,enter softice with ctrl-d and place a break point on MultiByteToWideChar like this bpx multibytetowidechar [enter] now F5 or ctrl-d to exit softice and return 3D/BJ.Click REGISTER now and you will pop back into softice.Disable your break point bd 00 or bd * then hit the F11 key once to return to the function that called this routine.Now we will search for the VB 5 string compare routine.Press ALT and F4 at the same time and you will see something like this; Procedure found at:014F:0F00D9EA (0F00D9EA) We do that like this [bpr 30:0f00d9ea 30:0f00d9ea+6 rw] don't use the [].[enter].If you used more than six character's for your serial,instead of +6 it will be the length of the serial you entered.eg; 8# serial +8.Press F5 once and we'll land at the above piece of code.The VB 5 string compare routine.F10 down to
014F:0F00D9F8 33C0 XOR EAX,EAX and do; d esi and you will see your fake serial.Then F10 to 014F:0F00D9FA F366A7 REPZ CMPSW and do; d edi and you will see the correct serial.It's in wide char format so don't enter the points.. . . . . . . .
Clear all break points bc * exit softice F5 and enter the # you found.You will have the full registered copy of 3D/BJ.The only thing left to do is change the registered name.Notice if you restart 3D/BJ or click on the about menu, that it say's Licensed to: Registered User.We can change that to your own name by editing the Registery.Click on the start menu and click on Run,type in regedit.You will find the key at;
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\3DBJ\Evaluation.
Change the value of the key that say's Registered User to your own name and thats it.
So thats it for my fourth tutorial I hope I've helped you out in some way or another.Also if you want to keep this program you should pay for it.This tutorial is for educational purposes only and should not be used to steal software.
Many Thanks
Go to all the Crackers out there who find the time to help people like myself learn the ART of Reverse Engineering.