LeapFTP 2.7.5.610 Quick Crack Tutorial * written by iqlord | .aware crew * iqlord@awarenetwork.org | www.awarenetwork.org This software has two types of protection. The first protection you will encounter is the nag screen and the second protection is a date lock. There is actually another protection as well* The username and s/n validation check, but we will not go into that this time. If you use the software more then 30 days the nag screen will appear on each startup. There is also an annoying (Unregistered) text in the titlebar, which isn’t very appealing. If you keep on using the software for another 30 days the software will present to you a message on each startup telling you that you won’t be able to use it until you buy it, and then exit. Let’s do it! []------------------------------------------------------------------------------------[] * Referenced by a (U)nconditional or (C)onditional Jump at Address : | :00497E13(C) | :00497E22 8B45FC mov eax, dword ptr [ebp-04] :00497E25 8B8064040000 mov eax, dword ptr [eax+00000464] :00497E2B 80783400 cmp byte ptr [eax+34], 00 :00497E2F 0F84FD000000 je 00497F32 :00497E35 8B5838 mov ebx, dword ptr [eax+38] :00497E38 83FB3C cmp ebx, 0000003C :00497E3B 7D48 jge 00497E85 :00497E3D 6A00 push 00000000 mod -> :00497E2F E9FE00000 jmp 00497F32 mod -> :00497E34 008B583883FB add byte ptr [ebx+FB833858], cl mod -> :00497E3A 3C7D cmp al, 7D mod -> :00497E3C 48 dec eax * Possible StringData Ref from Code Obj ->"You are on day " | :00497E3F 6860904900 push 00499060 :00497E44 8D959CFDFFFF lea edx, dword ptr [ebp+FFFFFD9C] :00497E4A 8BC3 mov eax, ebx :00497E4C E89B0EF7FF call 00408CEC :00497E51 FFB59CFDFFFF push dword ptr [ebp+FFFFFD9C] * Possible StringData Ref from Code Obj ->" of your 30 day trial period. " ->" This program will stop functioning " ->"after 60 days." | :00497E57 6878904900 push 00499078 :00497E5C 8D85A0FDFFFF lea eax, dword ptr [ebp+FFFFFDA0] :00497E62 BA03000000 mov edx, 00000003 :00497E67 E8C8C1F6FF call 00404034 :00497E6C 8B85A0FDFFFF mov eax, dword ptr [ebp+FFFFFDA0] :00497E72 668B0D54904900 mov cx, word ptr [00499054] :00497E79 B202 mov dl, 02 :00497E7B E8182CFCFF call 0045AA98 :00497E80 E9AD000000 jmp 00497F32 []------------------------------------------------------------------------------------[] We will end up here! []------------------------------------------------------------------------------------[] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses : | :00497E1D(U), :00497E2F(C), :00497E80(U), :00497F08(C) | :00497F32 803DE02B4C0000 cmp byte ptr [004C2BE0], 00 :00497F39 750F jne 00497F4A * Possible StringData Ref from Code Obj ->"LeapFTP 2.7.5 - (Unregistered)" | :00497F3B BA58914900 mov edx, 00499158 :00497F40 8B45FC mov eax, dword ptr [ebp-04] :00497F43 E80CBDF9FF call 00433C54 :00497F48 EB0D jmp 00497F57 mod -> :00497F32 803DE02B4C0000 cmp byte ptr [004C2BE0], 00 mod -> :00497F39 E90C000000 jmp 00497F4A mod -> :00497F3E 49 dec ecx mod -> :00497F3F 008B45FCE80C add byte ptr [ebx+0CE8FC45], cl mod -> :00497F45 BDF9FFEB0D mov ebp, 0DEBFFF9 []------------------------------------------------------------------------------------[] It ain't pretty, but it was done in approx. 1min, maybe 2min if you include the disassemble and offset lookup time. File diff: location: org crk ------------------- 0009722F: 0F E9 00097230: 84 FE 00097231: FD 00 00097339: 75 E9 0009733A: 0F 0C 0009733B: BA 00 0009733C: 58 00 0009733D: 91 00 []------------------------------------------------------------------------------------[] Well, that's it! Enjoy! /iqlord | .aware crew