Cracking Tutorial for Notizen 98.10.0189
 
 
Target Program: Notizen 98.10.0189
Description: With this program you manage notes, memos, ... It features managing, printing, searching, sorting, password protecting.
Location: http://www.alltag.com
Protection: Name / Code
Tools needed: - SmartCheck 6.0
Ob duh: Do I really have to remind you all that by BUYING and NOT stealing the software you use will ensure that these software houses will continue to produce even *better* software for us to use and more importantly, to continue offering even more challenges to breaking their often weak protection systems.
BTW, It's illegal to use cracked Software!
 
If you're looking for cracks or serial numbers from these pages then your wasting your time, try to search elsewhere on the Web under Warez, Cracks, etc.
Info: Brand and product names are trademarks or registered trademarks of their respective holders.
Level: (X)Beginner (X)Intermediate ( )Advanced ( )Expert
As my 23rd Tutorial, this is also a KeyGEN Tutorial. However this one will be much easier than my last one. Before we can start, I just want to let you know that buying SmartCheck will support NuMega developing useful tools for programmers and crackers. If there's a award for a "Visual Basic Cracking Tool" than SmartCheck will get it ... For this tutorial I assume that you have the knowledge on how to use SmartCheck - if not, read my 19th tutorial. Enough said. Let's start the Cracking Session:

If you haven't already configured SmartCheck, do this now (read what to do in my 19th Tutorial). Then open NOTIZEN.EXE in SmartCheck. After it has been successfully loaded, go to "Hilfe - Freischaltung". Now a dialog box asking for your "Freischalt-Name" and "Freischalt-Nummer" get's displayed. As Name enter "Cr@cking Tutori@l" and as Number "12345". Then press the "OK"-Button. A message box informing you that your Code is incorrect get's displayed. Press "OK" and leave the program. Now we're back in SmartCheck. Click on "mnuFreischaltung_Click". Then click on "befFreischalten_Click". Now click on "Show all events". Now press the "Page Down" Key about 74 times till you see something like this:

  Len returns LONG:14
  __vbaVarForInit returns DWORD:1
  __vbal4Var returns DWORD:1
  Mid$
  __vbaStrMove returns DWORD:4D0DC8
  InStr returns LONG:3
  __vbaVarMul returns DWORD:6EE770

Then click on Len returns LONG:14. Now our Debug Window will display the string crckingtutoril. So it converts our enterd string "Cr@cking Tutori@l" - and erases all *special* chars. Then it converts it to lower case (LCase$).
Just click on __vbaVarForInit returns DWORD:1. Now our Debug Window will display the 'counter' settings. It starts from 1 and ends with 14 - and the step is 1. 14? Yeah - the length of the converted name ("crckingtutorial").
Click on InStr returns LONG:3. Our Debug Window will now display the following info:

  string1="abcdefghijklmnopqrstuvwxyz0123456789."
  string2="c"

So the function InStr returns the position in which the character, defined as the parameter, is found at. For "a" this would be "1" ... Wait a second. Look again at crckingtutoril! All characters of our converted string are a character of string1 - so they were simply ignored for the calculation. After the InStr function, 3 is multiplied by 1. Well, 3 is the String-Position - and 1?? Well, we *don't* know, did we? Now, let's go on with the 'tracing':

  __vbalVar returns DWORD:3
  __vbaFreeStr returns DWORD:0
  __vbaFreeVar returns DWORD:0
  __vbaVarMul returns DWORD:6EE780
  __vbaVarAdd returns DWORD:6EE770
  __vbal4Var returns DWORD:48
  __vbaFreeVar returns DWORD:48
  __vbaVarForNext returns DWORD:1
  __vbal4Var returns DWORD:2

Another multipy? Well in the Debug Window we see that 72 is multiplied by 1. 72? How did we come to that result?? Maybe our String-Position value get's multiplied by something? Just check it: 72 / 3 = 24. Then this is added to a 'new' variable.
After that __vbaVarForNext is called. Now let's go on with the 'tracing':
 
  Mid$
  __vbaStrMove returns DWORD:4D0DC8
  InStr returns LONG:18
  __vbaVarMul returns DWORD:6EE770
  __vbalVar returns DWORD:24
  __vbaFreeStr returns DWORD:0
  __vbaFreeVar returns DWORD:0
  __vbaVarMul returns DWORD:6EE780
  __vbaVarAdd returns DWORD:6EE770
  __vbal4Var returns DWORD:708
  __vbaFreeVar returns DWORD:708
  __vbaVarForNext returns DWORD:1
  __vbal4Var returns DWORD:3

Ok now the next character (r) of our registration name is read in. The StringPosition is 18. Now we want to check that __vbaVarMul returns DWORD:6EE770. Our Debug Window will 'tell' you that 18 is multiplied by 2. Hmm 18 is the StringPosition - and 2? Well kind of a counter, maybe? However, the result is 36. Then 864 is multiplied by 2 = 1728. Now to check if we were right at our previous supposition, we check if 864 / 36 is 24 - and it is our 'hoped' 24. So 24 is used for every calculation. Then the value of this calculation is added to the value of the previous calculation: 72 + 1728 = 1800.
 
Now we need to check if the same things are done with *all* characters of our name. Just check the next calculations - and of course the last one. And as you might already have guessed: they were the same.

So our formula for each calculation looks like the following:
StringPosition * Counter * 24 * Counter

So now code your KeyGEN in your favourite programming language - like C++.
 
 
// This is the C++ Source Code of my KeyGEN. I hope you like it.
// I've compiled it using Symantec C/C++ 6.11

#include <stdio.h>
#include <ctype.h>

int PositionInString(char SChar)
{
short int i;
const char table[37]="abcdefghijklmnopqrstuvwxyz0123456789.";

for (i=0; i < 37; i++)
  {if (table[i] == SChar) return (i+1);}

return 0;
}


int main()
{
unsigned long counter, counter2, code, temp;
char name[100] = {0};

printf("   ____                     __       __\n");
printf("  /  _/_ _  __ _  ___  ____/ /____ _/ /\n");
printf(" _/ //  ' \\/  ' \\/ _ \\/ __/ __/ _ `/ /\n");
printf("/___/_/_/_/_/_/_/\\___/_/  \\__/\\_,_/_/\n");
printf("   ____                          __          __\n");
printf("  / __ \\___ ___ _______ ___  ___/ /__ ____  / /____\n");
printf(" / /_/ / -_|_-</ __/ -_) _ \\/ _  / _ `/ _ \\/ __(_-<\n");
printf("/_____/\\__/___/\\__/\\__/_//_/\\_,_/\\_,_/_//_/\\__/___/\n\n");

for (;;){
printf("\nNotizen 98.10.0189 KeyGEN - d0NE bY TORN@DO in '99\n");
printf("=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n");
printf("Name: ");
gets(name);

if ((strlen(name)<1)) return 0;
else break;
}

counter  = 1;
counter2 = 1;
code     = 0;
temp     = 0;

for (counter=0; counter < strlen(name); counter++)
{
if (isupper(name[counter])) name[counter] = tolower(name[counter]);
}


for (counter=0; counter < strlen(name); counter++)
{
if (PositionInString(name[counter]) != 0)
   { temp = PositionInString(name[counter]) * counter2 * 24 * counter2;
     counter2++;
     code += temp;
   }
}

printf("Code: %lu\n", code);
return 0;
}

 
 
Another target has been Reverse Engineerd. Any questions (no crack requests)?
 

 
If you're USING Notizen BEYOND it's FREE TRIAL PERIOD, then please BUY IT.

Copyright © 1999 by TORN@DO and The Immortal Descendants. All Rights Reserved.