Web
: http://mxb.cjb.net
Contact Me : [email protected] or [email protected]
LSX-MPEG Encoder 3.5 Demo
Type : MPEG Encoder
Protection : Nag Box-60 Sec Encoder limit-Water Marking....
Tech : Patching
Crack : Well many protections to crack ....we will deal section by section
:
1. Nag Box At start up :
In SICE BPX LOADLIBRARYA ..... and then start the program ...when we break in
to its code section
trace.
0x436D19 CALL 4B2873 >> NAG BOX
0x436D1E CMP EAX,EBX
0x436D20 JZ 436D37
Crack : 0x436D19 JMP 436D37 | EB 1C OFFSET = 36D19
2. Water Marking :
While encoding it water marks encoded stream with text "LSX-Encoder Demo"
after 150 frames.
So while encoding,in SICE BPX LOADBITMAPA and wait till it reaches 150 frame.When
we pop
into SICE ...trace back ...
0x46E459 CALL LOADBITMAPA | FF 15 DC 75 4C 00
0x46E45F MOV ESI,EAX =====> MAKE EAX = -1
Crack : 0x46E459 MOV EAX,FFFFFFFF | B8 FF FF FF FF OFFSET = 6E459
..........0x46E45E NOP | 90
3. 60 Second Time Limit :
Load an AVI file with play back time >> 60 Seconds...In SICE BPX MESSAGEBOXA
When we break in to SICE trace ....
look up ....
0x43991C CALL 46B7E0
0x439921 MOV ECX,[005DBABC] ==>> NO: FRAMES
0x439927 MOV EAX,[005DA648] ==>> CONSTANT
0x43992E JLE 439992 ==> GOOD BOY
But bypassing this alone will not give us desired result ...
So in SICE BPMB 5DBABC RW .....Now load AVI file again .....
when we break trace ...
0x439212 MOV ECX,[5DA648]
0x439218 MOV [5DBABC],ECX
.......................................
0x4392FC FSTSW AX
0x4392FE TEST AH,41
0x439301 JNZ 439314 | 75 11 ==> GOOD BOY
.............................
0x43967C CMP EDX,C8 => 200
0x439682 JLE 43968F | 7E 0B ==>> JMP TO 43969D --- MUST JUMP
0x439684 MOV ESI,7D0 =>2000
0x439689 MOV [5D730C],ESI ==>> MAKE FRAMES CONSTANT ---DANGER !!!
0x43968F MOV EAX,[5D8740]
0x439694 CMP EAX,ESI
0x439696 JGE 43969D
Crack :
0x439301 JMP 439314 | EB 11 OFFSET = 39301
.............................
0x439682 JMP 43969D | EB 19 OFFSET = 39682
This will fix 60 Second time limit ...but it popups nag at end .....to crack
this ..
BPX MESSAGEBOXA ...wait till encoding reaches its last stage .....
0x45F544 CMP EDX,01
0x45F547 JNZ 45F5B3 | 75 6A ==> GOOD BOY
.............................
0x45F5AD CALL MESSAGEBOXA
Crack : 0x45F547 JMP 45F5B3 | EB 6A OFFSET = 5F547
Patch :
OFFSET :
6E459 ----- B8 FF FF FF FF 90
39301 ----- EB 11
39682 ----- EB 19
5F547 ----- EB 6A
36D19 ----- EB 1C